From c29a524e2312e06830e8658a2f82299d4b87d9e2 Mon Sep 17 00:00:00 2001
From: Hadi Cheaito <38328371+hadicheaito1@users.noreply.github.com>
Date: Fri, 25 Nov 2022 03:11:43 -0500
Subject: [PATCH] SuperAdmin permission check (#4179)

* SuperAdmin permission checker

* spelling
---
 .rubocop.yml                              |  2 +-
 app/services/permissions_checker.rb       |  2 ++
 spec/services/permissions_checker_spec.rb | 12 ++++++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index 96d82be6..b6908154 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -76,7 +76,7 @@ RSpec/AnyInstance:
   Enabled: false
 
 Metrics/CyclomaticComplexity:
-  Max: 13
+  Max: 14
 
 Metrics/PerceivedComplexity:
   Max: 13
diff --git a/app/services/permissions_checker.rb b/app/services/permissions_checker.rb
index 03e40aa4..cb169c76 100644
--- a/app/services/permissions_checker.rb
+++ b/app/services/permissions_checker.rb
@@ -10,6 +10,8 @@ class PermissionsChecker
   end
 
   def call
+    return true if @current_user.role == Role.find_by(name: 'SuperAdmin', provider: 'bn')
+
     return true if RolePermission.joins(:permission).exists?(
       role_id: @current_user.role_id,
       permission: { name: @permission_names },
diff --git a/spec/services/permissions_checker_spec.rb b/spec/services/permissions_checker_spec.rb
index 20ff3589..21cb986b 100644
--- a/spec/services/permissions_checker_spec.rb
+++ b/spec/services/permissions_checker_spec.rb
@@ -66,6 +66,18 @@ describe PermissionsChecker, type: :service do
           record_id: ''
         ).call).to be(true)
       end
+
+      it 'checks the users role and returns true since user has SuperAdmin role' do
+        super_admin_role = create(:role, name: 'SuperAdmin', provider: 'bn')
+        super_admin_user = create(:user, provider: 'bn', role: super_admin_role)
+        expect(described_class.new(
+          current_user: super_admin_user,
+          permission_names: [],
+          user_id: super_admin_user.id,
+          friendly_id: '',
+          record_id: ''
+        ).call).to be(true)
+      end
     end
   end
 end
-- 
GitLab