Fix missing value limits for UserRole position (#33172)

This commit is contained in:
Matt Jankowski 2024-12-18 03:29:27 -05:00 committed by GitHub
parent 1992c2a4fa
commit ca2a7d66b8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 0 deletions

View file

@ -41,6 +41,8 @@ class UserRole < ApplicationRecord
EVERYONE_ROLE_ID = -99 EVERYONE_ROLE_ID = -99
NOBODY_POSITION = -1 NOBODY_POSITION = -1
POSITION_LIMIT = 2**31
module Flags module Flags
NONE = 0 NONE = 0
ALL = FLAGS.values.reduce(&:|) ALL = FLAGS.values.reduce(&:|)
@ -89,6 +91,7 @@ class UserRole < ApplicationRecord
validates :name, presence: true, unless: :everyone? validates :name, presence: true, unless: :everyone?
validates :color, format: { with: /\A#?(?:[A-F0-9]{3}){1,2}\z/i }, unless: -> { color.blank? } validates :color, format: { with: /\A#?(?:[A-F0-9]{3}){1,2}\z/i }, unless: -> { color.blank? }
validates :position, numericality: { greater_than_or_equal_to: -POSITION_LIMIT, less_than_or_equal_to: POSITION_LIMIT }
validate :validate_permissions_elevation validate :validate_permissions_elevation
validate :validate_position_elevation validate :validate_position_elevation

View file

@ -18,6 +18,16 @@ RSpec.describe UserRole do
end end
end end
describe 'position' do
subject { Fabricate.build :user_role }
let(:excess) { 2**32 }
let(:limit) { 2**31 }
it { is_expected.to_not allow_values(-excess, excess).for(:position) }
it { is_expected.to allow_values(-limit, limit).for(:position) }
end
describe 'color' do describe 'color' do
it { is_expected.to allow_values('#112233', '#aabbcc', '').for(:color) } it { is_expected.to allow_values('#112233', '#aabbcc', '').for(:color) }
it { is_expected.to_not allow_values('x', '112233445566', '#xxyyzz').for(:color) } it { is_expected.to_not allow_values('x', '112233445566', '#xxyyzz').for(:color) }