mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-28 05:55:04 +01:00
Fix missing value limits for UserRole
position (#33172)
This commit is contained in:
parent
1992c2a4fa
commit
ca2a7d66b8
@ -41,6 +41,8 @@ class UserRole < ApplicationRecord
|
||||
EVERYONE_ROLE_ID = -99
|
||||
NOBODY_POSITION = -1
|
||||
|
||||
POSITION_LIMIT = 2**31
|
||||
|
||||
module Flags
|
||||
NONE = 0
|
||||
ALL = FLAGS.values.reduce(&:|)
|
||||
@ -89,6 +91,7 @@ class UserRole < ApplicationRecord
|
||||
|
||||
validates :name, presence: true, unless: :everyone?
|
||||
validates :color, format: { with: /\A#?(?:[A-F0-9]{3}){1,2}\z/i }, unless: -> { color.blank? }
|
||||
validates :position, numericality: { greater_than_or_equal_to: -POSITION_LIMIT, less_than_or_equal_to: POSITION_LIMIT }
|
||||
|
||||
validate :validate_permissions_elevation
|
||||
validate :validate_position_elevation
|
||||
|
@ -18,6 +18,16 @@ RSpec.describe UserRole do
|
||||
end
|
||||
end
|
||||
|
||||
describe 'position' do
|
||||
subject { Fabricate.build :user_role }
|
||||
|
||||
let(:excess) { 2**32 }
|
||||
let(:limit) { 2**31 }
|
||||
|
||||
it { is_expected.to_not allow_values(-excess, excess).for(:position) }
|
||||
it { is_expected.to allow_values(-limit, limit).for(:position) }
|
||||
end
|
||||
|
||||
describe 'color' do
|
||||
it { is_expected.to allow_values('#112233', '#aabbcc', '').for(:color) }
|
||||
it { is_expected.to_not allow_values('x', '112233445566', '#xxyyzz').for(:color) }
|
||||
|
Loading…
Reference in New Issue
Block a user