Commit 5fb6373172b0660cfe51254d511020c1e484366a
1 parent
f6185329
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
consider permission to close tasks
Showing
2 changed files
with
31 additions
and
3 deletions
Show diff stats
app/controllers/my_profile/tasks_controller.rb
1 | 1 | class TasksController < MyProfileController |
2 | 2 | |
3 | - protect [:perform_task, :view_tasks], :profile, :only => [:index] | |
4 | - protect :perform_task, :profile, :except => [:index] | |
3 | + protect [:perform_task, :view_tasks], :profile, :only => [:index, :save_tags] | |
4 | + protect :perform_task, :profile, :except => [:index, :save_tags] | |
5 | 5 | |
6 | 6 | def index |
7 | 7 | @filter_type = params[:filter_type].presence |
... | ... | @@ -103,7 +103,7 @@ class TasksController < MyProfileController |
103 | 103 | |
104 | 104 | ActsAsTaggableOn.remove_unused_tags = true |
105 | 105 | |
106 | - task = Task.find_by_id params[:task_id] | |
106 | + task = profile.tasks.find_by_id params[:task_id] | |
107 | 107 | save = user.tag(task, with: params[:tag_list], on: :tags) |
108 | 108 | |
109 | 109 | if save | ... | ... |
test/functional/tasks_controller_test.rb
... | ... | @@ -671,4 +671,32 @@ class TasksControllerTest < ActionController::TestCase |
671 | 671 | assert_not_includes task_two.tags_from(nil), 'noosfero' |
672 | 672 | end |
673 | 673 | |
674 | + should 'not tag task without permission' do | |
675 | + Role.delete_all | |
676 | + requestor = fast_create(Person) | |
677 | + community = fast_create(Community) | |
678 | + community.add_member(person) | |
679 | + | |
680 | + @controller.stubs(:profile).returns(community) | |
681 | + task_one = Task.create!(:requestor => requestor, :target => community, :data => {:name => 'Task Test'}) | |
682 | + | |
683 | + post :save_tags, :task_id => task_one.id, :tag_list => 'test' | |
684 | + | |
685 | + assert_not_includes task_one.tags_from(nil), 'test' | |
686 | + end | |
687 | +#region_validators_controller_test.rb: give_permission('ze', 'manage_environment_validators', environment) | |
688 | +#profile_editor_controller_test.rb: user2.stubs(:has_permission?).with('edit_profile', anything).returns(true) | |
689 | +#profile_editor_controller_test.rb: user2.expects(:has_permission?).with(:manage_friends, anything).returns(true) | |
690 | + | |
691 | + should 'not tag task with permission but another user' do | |
692 | + requestor = fast_create(Person) | |
693 | + target = fast_create(Person) | |
694 | + | |
695 | + task_one = Task.create!(:requestor => requestor, :target => target, :data => {:name => 'Task Test'}) | |
696 | + | |
697 | + post :save_tags, :task_id => task_one.id, :tag_list => 'test' | |
698 | + | |
699 | + assert_not_includes task_one.tags_from(nil), 'test' | |
700 | + end | |
701 | + | |
674 | 702 | end | ... | ... |