Check whitelist members only if environment is restricted

(ActionItem3191)

Check whitelist members only if environment is restricted
(ActionItem3191)
Joenio Costa
1 parent 3f489bc4
Showing 2 changed files with 14 additions and 2 deletions Show diff stats
app/controllers/application_controller.rb
test/functional/application_controller_test.rb
@@ -8,7 +8,7 @@ class ApplicationController &lt; ActionController::Base
   before_filter :init_noosfero_plugins
   before_filter :allow_cross_domain_access
   before_filter :login_required, :if => :private_environment?
-  before_filter :verify_members_whitelist, :if => :user
+  before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
  
   def verify_members_whitelist
     render_access_denied unless user.is_admin? || environment.in_whitelist?(user)
@@ -564,9 +564,10 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
  
-  should 'do not allow member not included in whitelist to access an environment' do
+  should 'do not allow member not included in whitelist to access an restricted environment' do
     user = create_user
     e = Environment.default
+    e.enable(:restrict_to_members)
     e.members_whitelist_enabled = true
     e.save!
     login_as(user.login)
@@ -604,4 +605,15 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_response :success
   end
  
+  should 'not check whitelist members if the environment is not restrict to members' do
+    e = Environment.default
+    e.disable(:restrict_to_members)
+    e.members_whitelist_enabled = true
+    e.save!
+    @controller.expects(:verify_members_whitelist).never
+    login_as create_user.login
+    get :index
+    assert_response :success
+  end
+
 end
...	...	@@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base
8	8	before_filter :init_noosfero_plugins
9	9	before_filter :allow_cross_domain_access
10	10	before_filter :login_required, :if => :private_environment?
11		- before_filter :verify_members_whitelist, :if => :user
	11	+ before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
12	12
13	13	def verify_members_whitelist
14	14	render_access_denied unless user.is_admin? \|\| environment.in_whitelist?(user)
...	...
...	...	@@ -564,9 +564,10 @@ class ApplicationControllerTest < ActionController::TestCase
564	564	assert_redirected_to :controller => 'account', :action => 'login'
565	565	end
566	566
567		- should 'do not allow member not included in whitelist to access an environment' do
	567	+ should 'do not allow member not included in whitelist to access an restricted environment' do
568	568	user = create_user
569	569	e = Environment.default
	570	+ e.enable(:restrict_to_members)
570	571	e.members_whitelist_enabled = true
571	572	e.save!
572	573	login_as(user.login)
...	...	@@ -604,4 +605,15 @@ class ApplicationControllerTest < ActionController::TestCase
604	605	assert_response :success
605	606	end
606	607
	608	+ should 'not check whitelist members if the environment is not restrict to members' do
	609	+ e = Environment.default
	610	+ e.disable(:restrict_to_members)
	611	+ e.members_whitelist_enabled = true
	612	+ e.save!
	613	+ @controller.expects(:verify_members_whitelist).never
	614	+ login_as create_user.login
	615	+ get :index
	616	+ assert_response :success
	617	+ end
	618	+
607	619	end
...	...