codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2025-03-29 14:19:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix AccountSettingsView to only try to change permissions in development

Browse source
This commit is contained in:
Scott Erickson 2016-03-11 15:00:55 -08:00
parent 9d315a4848
commit 464430200c
3 changed files with 17 additions and 12 deletions
app/views/account
AccountSettingsView.coffee
server/users
user_handler.coffee
spec/server/functional
user.spec.coffee

17
app/views/account/AccountSettingsView.coffee
View file

@ -265,12 +265,11 @@ module.exports = class AccountSettingsView extends CocoView
permissions = []
adminCheckbox = @$el.find('#admin')
if adminCheckbox.length
permissions.push 'admin' if adminCheckbox.prop('checked')
godmodeCheckbox = @$el.find('#godmode')
if godmodeCheckbox.length
permissions.push 'godmode' if godmodeCheckbox.prop('checked')
me.set('permissions', permissions)
unless application.isProduction()
adminCheckbox = @$el.find('#admin')
if adminCheckbox.length
permissions.push 'admin' if adminCheckbox.prop('checked')
godmodeCheckbox = @$el.find('#godmode')
if godmodeCheckbox.length
permissions.push 'godmode' if godmodeCheckbox.prop('checked')
me.set('permissions', permissions)

2
server/users/user_handler.coffee
View file

@ -39,7 +39,7 @@ UserHandler = class UserHandler extends Handler
getEditableProperties: (req, document) ->
props = super req, document
props.push 'permissions' unless config.isProduction
props.push 'permissions' unless config.isProduction or global.testing
props.push 'jobProfileApproved', 'jobProfileNotes','jobProfileApprovedDate' if req.user.isAdmin() # Admins naturally edit these
props.push @privateProperties... if req.user.isAdmin() # Admins are mad with power
props

10
spec/server/functional/user.spec.coffee
View file

@ -1,6 +1,5 @@
require '../common'
User = require '../../../server/users/User'
utils = require '../utils'
urlUser = '/db/user'
@ -154,6 +153,13 @@ describe 'PUT /db/user', ->
form.append('_id', joe.id)
form.append('email', 'farghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlar
ghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghl')
it 'does not allow normals to edit their permissions', utils.wrap (done) ->
user = yield utils.initUser()
yield utils.loginUser(user)
[res, body] = yield request.putAsync { uri: getURL('/db/user/'+user.id), json: { permissions: ['admin'] }}
expect(_.contains(body.permissions, 'admin')).toBe(false)
done()
it 'logs in as admin', (done) ->
loginAdmin -> done()