From 21d26ac6689e65bda3e1014f2985e4ed604e2d39 Mon Sep 17 00:00:00 2001 From: Nicola Chiapolini Date: Mon, 16 Sep 2024 13:19:45 +0200 Subject: [PATCH] fix hitobito/hitobito_cevi/issues/133 and hitobito/hitobito_cevi/issues/134 --- app/models/group/dachverband.rb | 1 + app/models/group/dachverband_geschaeftsstelle.rb | 3 +++ app/models/group/dachverband_gremium.rb | 5 +++++ app/models/group/dachverband_vorstand.rb | 3 +++ app/models/group/mitgliederorganisation.rb | 1 + app/models/group/mitgliederorganisation_geschaeftsstelle.rb | 4 ++++ app/models/group/mitgliederorganisation_gremium.rb | 6 ++++++ app/models/group/mitgliederorganisation_vorstand.rb | 3 +++ app/models/group/sektion.rb | 1 + 9 files changed, 27 insertions(+) diff --git a/app/models/group/dachverband.rb b/app/models/group/dachverband.rb index ce49f01..d496249 100644 --- a/app/models/group/dachverband.rb +++ b/app/models/group/dachverband.rb @@ -20,6 +20,7 @@ class Group::Dachverband < Group class Administrator < ::Role self.permissions = [:admin, :layer_and_below_full, :impersonation] + self.two_factor_authentication_enforced = true end roles Administrator diff --git a/app/models/group/dachverband_geschaeftsstelle.rb b/app/models/group/dachverband_geschaeftsstelle.rb index 4be9ee7..8c49b27 100644 --- a/app/models/group/dachverband_geschaeftsstelle.rb +++ b/app/models/group/dachverband_geschaeftsstelle.rb @@ -8,14 +8,17 @@ class Group::DachverbandGeschaeftsstelle < Group::Geschaeftsstelle class Geschaeftsleiter < ::Role self.permissions = [:layer_full, :contact_data, :finance] + self.two_factor_authentication_enforced = true end class Angestellter < ::Role self.permissions = [:layer_full, :contact_data, :finance] + self.two_factor_authentication_enforced = true end class Finanzverantwortlicher < ::Role self.permissions = [:layer_full, :finance, :financials, :contact_data] + self.two_factor_authentication_enforced = true end roles Geschaeftsleiter, diff --git a/app/models/group/dachverband_gremium.rb b/app/models/group/dachverband_gremium.rb index a966473..d7f86ba 100644 --- a/app/models/group/dachverband_gremium.rb +++ b/app/models/group/dachverband_gremium.rb @@ -5,26 +5,31 @@ class Group::DachverbandGremium < Group::Gremium children Group::DachverbandGremium + children Group::DachverbandExterne ### ROLES class Leitung < ::Role self.permissions = [:layer_read, :group_and_below_full, :contact_data] + self.two_factor_authentication_enforced = true end # get the group_and_below_full permission as they should also be able to create events class Mitglied < ::Role self.permissions = [:layer_read, :group_and_below_full] + self.two_factor_authentication_enforced = true end # get the group_and_below_full permission as they should also be able to create events class AktiverKursleiter < ::Role self.permissions = [:layer_read, :group_and_below_full] + self.two_factor_authentication_enforced = true end # get the group_and_below_full permission as they should also be able to create events class Kassier < ::Role self.permissions = [:layer_read, :group_and_below_full, :finance] + self.two_factor_authentication_enforced = true end roles Leitung, diff --git a/app/models/group/dachverband_vorstand.rb b/app/models/group/dachverband_vorstand.rb index a0f0be4..8582a93 100644 --- a/app/models/group/dachverband_vorstand.rb +++ b/app/models/group/dachverband_vorstand.rb @@ -8,14 +8,17 @@ class Group::DachverbandVorstand < Group::Vorstand class Praesidium < ::Role self.permissions = [:layer_read, :group_and_below_full, :contact_data] + self.two_factor_authentication_enforced = true end class Finanzverantwortlicher < ::Role self.permissions = [:layer_read, :finance, :financials, :contact_data] + self.two_factor_authentication_enforced = true end class Mitglied < ::Role self.permissions = [:layer_read, :contact_data] + self.two_factor_authentication_enforced = true end roles Praesidium, diff --git a/app/models/group/mitgliederorganisation.rb b/app/models/group/mitgliederorganisation.rb index efaa266..80e5c04 100644 --- a/app/models/group/mitgliederorganisation.rb +++ b/app/models/group/mitgliederorganisation.rb @@ -23,6 +23,7 @@ class Group::Mitgliederorganisation < Group class Administrator < ::Role self.permissions = [:layer_and_below_full] + self.two_factor_authentication_enforced = true end roles Administrator diff --git a/app/models/group/mitgliederorganisation_geschaeftsstelle.rb b/app/models/group/mitgliederorganisation_geschaeftsstelle.rb index d553e4b..7d9a614 100644 --- a/app/models/group/mitgliederorganisation_geschaeftsstelle.rb +++ b/app/models/group/mitgliederorganisation_geschaeftsstelle.rb @@ -8,18 +8,22 @@ class Group::MitgliederorganisationGeschaeftsstelle < Group::Geschaeftsstelle class Geschaeftsleiter < ::Role self.permissions = [:layer_and_below_full, :contact_data, :finance] + self.two_factor_authentication_enforced = true end class Angestellter < ::Role self.permissions = [:layer_and_below_full, :contact_data, :finance] + self.two_factor_authentication_enforced = true end class Finanzverantwortlicher < ::Role self.permissions = [:layer_and_below_full, :finance, :financials, :contact_data] + self.two_factor_authentication_enforced = true end class AdminOrtsgruppen < ::Role self.permissions = [:layer_and_below_full, :see_invisible_from_above, :finance] + self.two_factor_authentication_enforced = true end roles Geschaeftsleiter, diff --git a/app/models/group/mitgliederorganisation_gremium.rb b/app/models/group/mitgliederorganisation_gremium.rb index d436698..e06bf57 100644 --- a/app/models/group/mitgliederorganisation_gremium.rb +++ b/app/models/group/mitgliederorganisation_gremium.rb @@ -5,27 +5,33 @@ class Group::MitgliederorganisationGremium < Group::Gremium children Group::MitgliederorganisationGremium + children Group::MitgliederorganisationExterne ### ROLES class Leitung < ::Role self.permissions = [:layer_and_below_read, :group_and_below_full, :contact_data] + self.two_factor_authentication_enforced = true end class Mitglied < ::Role self.permissions = [:layer_and_below_read] + self.two_factor_authentication_enforced = true end class AktiverKursleiter < ::Role self.permissions = [:layer_and_below_read] + self.two_factor_authentication_enforced = true end class Ausbildungsmitglied < ::Role self.permissions = [:layer_and_below_read] + self.two_factor_authentication_enforced = true end class Kassier < ::Role self.permissions = [:layer_and_below_read, :finance] + self.two_factor_authentication_enforced = true end roles Leitung, diff --git a/app/models/group/mitgliederorganisation_vorstand.rb b/app/models/group/mitgliederorganisation_vorstand.rb index b214f3e..30f5d33 100644 --- a/app/models/group/mitgliederorganisation_vorstand.rb +++ b/app/models/group/mitgliederorganisation_vorstand.rb @@ -8,14 +8,17 @@ class Group::MitgliederorganisationVorstand < Group::Vorstand class Praesidium < ::Role self.permissions = [:layer_and_below_read, :group_and_below_full, :contact_data] + self.two_factor_authentication_enforced = true end class Finanzverantwortlicher < ::Role self.permissions = [:layer_and_below_read, :finance, :financials, :contact_data] + self.two_factor_authentication_enforced = true end class Mitglied < ::Role self.permissions = [:layer_and_below_read, :contact_data] + self.two_factor_authentication_enforced = true end roles Praesidium, diff --git a/app/models/group/sektion.rb b/app/models/group/sektion.rb index 0c6d9f8..1bd8153 100644 --- a/app/models/group/sektion.rb +++ b/app/models/group/sektion.rb @@ -12,6 +12,7 @@ class Group::Sektion < Group class Administrator < ::Role self.permissions = [:layer_and_below_full, :contact_data] + self.two_factor_authentication_enforced = true end roles Administrator