diff --git a/ui/app/models/capabilities.js b/ui/app/models/capabilities.js index 2fea24ba7703..04b91b146c93 100644 --- a/ui/app/models/capabilities.js +++ b/ui/app/models/capabilities.js @@ -33,7 +33,7 @@ const computedCapability = function(capability) { return false; } // if the path is sudo protected, they'll need sudo + the appropriate capability - if (SUDO_PATHS.includes(path) || SUDO_PATH_PREFIXES.find(item => item.startsWith(path))) { + if (SUDO_PATHS.includes(path) || SUDO_PATH_PREFIXES.find(item => path.startsWith(item))) { return capabilities.includes('sudo') && capabilities.includes(capability); } return capabilities.includes(capability); diff --git a/ui/tests/unit/models/capabilities-test.js b/ui/tests/unit/models/capabilities-test.js index fdd545022858..65c01048d5f5 100644 --- a/ui/tests/unit/models/capabilities-test.js +++ b/ui/tests/unit/models/capabilities-test.js @@ -81,4 +81,18 @@ module('Unit | Model | capabilities', function(hooks) { assert.notOk(model.get('canDelete')); assert.notOk(model.get('canList')); }); + + test('it does not require sudo on sys/leases/revoke if update capability is present', function(assert) { + let model = run(() => + this.owner.lookup('service:store').createRecord('capabilities', { + path: 'sys/leases/revoke', + capabilities: ['update', 'read'], + }) + ); + assert.ok(model.get('canRead')); + assert.notOk(model.get('canCreate'), 'sudo requires the capability to be set as well'); + assert.ok(model.get('canUpdate'), 'should not require sudo if it has update'); + assert.notOk(model.get('canDelete')); + assert.notOk(model.get('canList')); + }); });