Move `nobody` position in `UserRole` magic number to constant (#29465)

main-rebase-security-fix
Matt Jankowski 2024-03-01 06:05:24 -05:00 committed by GitHub
parent ec953bf378
commit 3389c41b58
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 4 deletions

View File

@ -39,6 +39,7 @@ class UserRole < ApplicationRecord
}.freeze
EVERYONE_ROLE_ID = -99
NOBODY_POSITION = -1
module Flags
NONE = 0
@ -104,7 +105,7 @@ class UserRole < ApplicationRecord
has_many :users, inverse_of: :role, foreign_key: 'role_id', dependent: :nullify
def self.nobody
@nobody ||= UserRole.new(permissions: Flags::NONE, position: -1)
@nobody ||= UserRole.new(permissions: Flags::NONE, position: NOBODY_POSITION)
end
def self.everyone
@ -173,7 +174,7 @@ class UserRole < ApplicationRecord
end
def set_position
self.position = -1 if everyone?
self.position = NOBODY_POSITION if everyone?
end
def validate_own_role_edition

View File

@ -139,7 +139,7 @@ RSpec.describe UserRole do
end
it 'has negative position' do
expect(subject.position).to eq(-1)
expect(subject.position).to eq(described_class::NOBODY_POSITION)
end
end
@ -159,7 +159,7 @@ RSpec.describe UserRole do
end
it 'has negative position' do
expect(subject.position).to eq(-1)
expect(subject.position).to eq(described_class::NOBODY_POSITION)
end
end