Merge pull request #15640 from opf/chore/make-delete-permission-required

Make delete_permission required in the DeleteService
opf · May 22, 2024 · bb757ed · bb757ed
2 parents a51984a + 6686b4f
commit bb757ed
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/app/contracts/delete_contract.rb b/app/contracts/delete_contract.rb
@@ -59,8 +59,10 @@ def authorized?
       user.admin? && user.active?
     when Proc
       instance_exec(&permission)
+    when Symbol
+      model.project && user.allowed_in_project?(permission, model.project)
     else
-      !model.project || user.allowed_in_project?(permission, model.project)
+      raise ArgumentError, "#{self.class} used without delete_permission. Set a  Proc, or project-based permission symbol"
     end
   end
 end
diff --git a/app/contracts/project_custom_field_project_mappings/delete_contract.rb b/app/contracts/project_custom_field_project_mappings/delete_contract.rb
@@ -27,6 +27,7 @@
 #++
 
 module ProjectCustomFieldProjectMappings
-  class DeleteContract < BaseContract
+  class DeleteContract < ::DeleteContract
+    delete_permission :select_project_custom_fields
   end
 end