Fix missing value limits for UserRole position (#33172)

2024-12-22 12:55:56 +01:00 · 2024-12-18 03:29:27 -05:00 · 2024-12-18 03:29:27 -05:00 · ca2a7d66b8
commit ca2a7d66b8
parent 1992c2a4fa
2 changed files with 13 additions and 0 deletions
--- a/app/models/user_role.rb
+++ b/app/models/user_role.rb
@ -41,6 +41,8 @@ class UserRole < ApplicationRecord
  EVERYONE_ROLE_ID = -99
  NOBODY_POSITION = -1
  POSITION_LIMIT = 2**31
  module Flags
    NONE = 0
    ALL  = FLAGS.values.reduce(&:|)
@ -89,6 +91,7 @@ class UserRole < ApplicationRecord
  validates :name, presence: true, unless: :everyone?
  validates :color, format: { with: /\A#?(?:[A-F0-9]{3}){1,2}\z/i }, unless: -> { color.blank? }
  validates :position, numericality: { greater_than_or_equal_to: -POSITION_LIMIT, less_than_or_equal_to: POSITION_LIMIT }
  validate :validate_permissions_elevation
  validate :validate_position_elevation
--- a/spec/models/user_role_spec.rb
+++ b/spec/models/user_role_spec.rb
@ -18,6 +18,16 @@ RSpec.describe UserRole do
      end
    end
    describe 'position' do
      subject { Fabricate.build :user_role }
      let(:excess) { 2**32 }
      let(:limit) { 2**31 }
      it { is_expected.to_not allow_values(-excess, excess).for(:position) }
      it { is_expected.to allow_values(-limit, limit).for(:position) }
    end
    describe 'color' do
      it { is_expected.to allow_values('#112233', '#aabbcc', '').for(:color) }
      it { is_expected.to_not allow_values('x', '112233445566', '#xxyyzz').for(:color) }