fix permision authorize for app packages (#596)

* fix permision authorize for app packages * fix app packages spec, authorize
chaskiq · Jan 19, 2022 · 4833b28 · 4833b28
1 parent fde998f
commit 4833b28
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 4 deletions.
diff --git a/app/graphql/types/app_type.rb b/app/graphql/types/app_type.rb
@@ -159,7 +159,7 @@ def register_visits
 
     def app_packages
       # authorize! object, to: :manage?, with: AppPolicy
-      authorize! object, to: :manage_app_packages?, with: AppPolicy
+      authorize! object, to: :can_manage_app_packages?, with: AppPolicy
 
       integrations = object.app_package_integrations.map(&:app_package_id)
       if integrations.any?
@@ -171,7 +171,7 @@ def app_packages
 
     def agent_app_packages
       # authorize! object, to: :manage?, with: AppPolicy
-      authorize! object, to: :manage_app_packages?, with: AppPolicy
+      authorize! object, to: :can_manage_app_packages?, with: AppPolicy
       current_user.app_packages
     end
 
@@ -180,7 +180,7 @@ def agent_app_packages
     def app_package_integrations
       # object.plan.allow_feature!('Integrations')
       # authorize! object, to: :manage?, with: AppPolicy
-      authorize! object, to: :manage_app_packages?, with: AppPolicy
+      authorize! object, to: :can_manage_app_packages?, with: AppPolicy
 
       object.app_package_integrations
     end

diff --git a/spec/cypress/integration/app/app_packages_spec.js b/spec/cypress/integration/app/app_packages_spec.js
@@ -14,8 +14,29 @@ describe('AppPackages', function () {
 
   it('Manage AppPackages', function () {
     login()
+
+    cy.appEval(`
+      app = Agent.find_by(email: 'test@test.cl')
+      app.roles.map{|o| o.update(role: "agent")}
+    `)
+
     cy.visit('/apps')
+    cy.contains('my app').click()
+    cy.get("a[aria-label='Settings']")
+      .click({ force: true }).then(() => {
+        cy.contains('Access denied')
+      })
+  })
+
+  it('Manage AppPackages', function () {
+    login()
 
+    cy.appEval(`
+      app = Agent.find_by(email: 'test@test.cl')
+      app.roles.map{|o| o.update(role: "admin_only")}
+    `)
+
+    cy.visit('/apps')
     cy.contains('my app').click()
 
     cy.get("a[aria-label='Settings']")
@@ -25,7 +46,7 @@ describe('AppPackages', function () {
         cy.get('body').should('contain', 'Integrations')
 
         cy.contains('Integrations').click()
-        cy.contains('You are not authorized to perform this action')
+        cy.contains('Third party integrations')
       })
   })