diff options
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/user_role.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/app/models/user_role.rb b/app/models/user_role.rb index 833b96d71..57a56c0b0 100644 --- a/app/models/user_role.rb +++ b/app/models/user_role.rb @@ -90,6 +90,7 @@ class UserRole < ApplicationRecord validate :validate_permissions_elevation validate :validate_position_elevation validate :validate_dangerous_permissions + validate :validate_own_role_edition before_validation :set_position @@ -165,6 +166,12 @@ class UserRole < ApplicationRecord self.position = -1 if everyone? end + def validate_own_role_edition + return unless defined?(@current_account) && @current_account.user_role.id == id + errors.add(:permissions_as_keys, :own_role) if permissions_changed? + errors.add(:position, :own_role) if position_changed? + end + def validate_permissions_elevation errors.add(:permissions_as_keys, :elevated) if defined?(@current_account) && @current_account.user_role.computed_permissions & permissions != permissions end |