Commit 5fb6373172b0660cfe51254d511020c1e484366a

Authored by Leandro Santos
1 parent f6185329

consider permission to close tasks

app/controllers/my_profile/tasks_controller.rb
1 1 class TasksController < MyProfileController
2 2  
3   - protect [:perform_task, :view_tasks], :profile, :only => [:index]
4   - protect :perform_task, :profile, :except => [:index]
  3 + protect [:perform_task, :view_tasks], :profile, :only => [:index, :save_tags]
  4 + protect :perform_task, :profile, :except => [:index, :save_tags]
5 5  
6 6 def index
7 7 @filter_type = params[:filter_type].presence
... ... @@ -103,7 +103,7 @@ class TasksController &lt; MyProfileController
103 103  
104 104 ActsAsTaggableOn.remove_unused_tags = true
105 105  
106   - task = Task.find_by_id params[:task_id]
  106 + task = profile.tasks.find_by_id params[:task_id]
107 107 save = user.tag(task, with: params[:tag_list], on: :tags)
108 108  
109 109 if save
... ...
test/functional/tasks_controller_test.rb
... ... @@ -671,4 +671,32 @@ class TasksControllerTest &lt; ActionController::TestCase
671 671 assert_not_includes task_two.tags_from(nil), 'noosfero'
672 672 end
673 673  
  674 + should 'not tag task without permission' do
  675 + Role.delete_all
  676 + requestor = fast_create(Person)
  677 + community = fast_create(Community)
  678 + community.add_member(person)
  679 +
  680 + @controller.stubs(:profile).returns(community)
  681 + task_one = Task.create!(:requestor => requestor, :target => community, :data => {:name => 'Task Test'})
  682 +
  683 + post :save_tags, :task_id => task_one.id, :tag_list => 'test'
  684 +
  685 + assert_not_includes task_one.tags_from(nil), 'test'
  686 + end
  687 +#region_validators_controller_test.rb: give_permission('ze', 'manage_environment_validators', environment)
  688 +#profile_editor_controller_test.rb: user2.stubs(:has_permission?).with('edit_profile', anything).returns(true)
  689 +#profile_editor_controller_test.rb: user2.expects(:has_permission?).with(:manage_friends, anything).returns(true)
  690 +
  691 + should 'not tag task with permission but another user' do
  692 + requestor = fast_create(Person)
  693 + target = fast_create(Person)
  694 +
  695 + task_one = Task.create!(:requestor => requestor, :target => target, :data => {:name => 'Task Test'})
  696 +
  697 + post :save_tags, :task_id => task_one.id, :tag_list => 'test'
  698 +
  699 + assert_not_includes task_one.tags_from(nil), 'test'
  700 + end
  701 +
674 702 end
... ...