Skip to content

Commit 8667da9

Browse files
ChristophWurstChristophWurst
committed
Fix KdB, SoSi update permissions for non-admins
Signed-off-by: Christoph Wurst <[email protected]>
1 parent 644b6ef commit 8667da9

File tree

2 files changed

+38
-4
lines changed

2 files changed

+38
-4
lines changed

app/Auth/Abilities/WineAbilities.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ private function updatesExcluded(Wine $wine, array $data) {
102102
* @return boolean
103103
*/
104104
private function mayUpdateKdb(User $user, Wine $wine) {
105-
return $wine->administrates($user);
105+
return $wine->competition->administrates($user);
106106
}
107107

108108
/**
@@ -111,7 +111,7 @@ private function mayUpdateKdb(User $user, Wine $wine) {
111111
* @return boolean
112112
*/
113113
private function mayUpdateSosi(User $user, Wine $wine) {
114-
return $wine->administrates($user);
114+
return $wine->competition->administrates($user);
115115
}
116116

117117
/**

tests/Unit/Auth/Abilities/WineAbilitiesTest.php

+36-2
Original file line numberDiff line numberDiff line change
@@ -92,9 +92,10 @@ public function testCreateWithWrongCompetitionState() {
9292
/**
9393
* Simulate a user updating the sosi state (kdb remains)
9494
*/
95-
public function testUpdateAllowedForWineAdministrator() {
95+
public function testUpdateNotAllowedForWineAdministrator() {
9696
$user = $this->getUserMock();
9797
$wine = Mockery::mock(Wine::class);
98+
$competition = Mockery::mock(Competition::class);
9899
$data = [
99100
'id' => 23,
100101
'kdb' => true,
@@ -106,7 +107,40 @@ public function testUpdateAllowedForWineAdministrator() {
106107
$wine->shouldReceive('getAttribute')
107108
->with('sosi')
108109
->andReturn(false);
109-
$wine->shouldReceive('administrates')
110+
$wine->shouldReceive('getAttribute')
111+
->with('competition')
112+
->andReturn($competition);
113+
$competition->shouldReceive('administrates')
114+
->with($user)
115+
->andReturn(false);
116+
117+
$allowed = $this->abilities->update($user, $wine, $data);
118+
119+
$this->assertFalse($allowed);
120+
}
121+
122+
/**
123+
* Simulate a user updating the sosi state (kdb remains)
124+
*/
125+
public function testUpdateAllowedForCompetitionAdministrator() {
126+
$user = $this->getUserMock();
127+
$wine = Mockery::mock(Wine::class);
128+
$competition = Mockery::mock(Competition::class);
129+
$data = [
130+
'id' => 23,
131+
'kdb' => true,
132+
'sosi' => true,
133+
];
134+
$wine->shouldReceive('getAttribute')
135+
->with('kdb')
136+
->andReturn(true);
137+
$wine->shouldReceive('getAttribute')
138+
->with('sosi')
139+
->andReturn(false);
140+
$wine->shouldReceive('getAttribute')
141+
->with('competition')
142+
->andReturn($competition);
143+
$competition->shouldReceive('administrates')
110144
->with($user)
111145
->andReturn(true);
112146

0 commit comments

Comments
 (0)