Commit 5fb6373172b0660cfe51254d511020c1e484366a
1 parent
f6185329
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
consider permission to close tasks
Showing
2 changed files
with
31 additions
and
3 deletions
Show diff stats
app/controllers/my_profile/tasks_controller.rb
| 1 | 1 | class TasksController < MyProfileController |
| 2 | 2 | |
| 3 | - protect [:perform_task, :view_tasks], :profile, :only => [:index] | |
| 4 | - protect :perform_task, :profile, :except => [:index] | |
| 3 | + protect [:perform_task, :view_tasks], :profile, :only => [:index, :save_tags] | |
| 4 | + protect :perform_task, :profile, :except => [:index, :save_tags] | |
| 5 | 5 | |
| 6 | 6 | def index |
| 7 | 7 | @filter_type = params[:filter_type].presence |
| ... | ... | @@ -103,7 +103,7 @@ class TasksController < MyProfileController |
| 103 | 103 | |
| 104 | 104 | ActsAsTaggableOn.remove_unused_tags = true |
| 105 | 105 | |
| 106 | - task = Task.find_by_id params[:task_id] | |
| 106 | + task = profile.tasks.find_by_id params[:task_id] | |
| 107 | 107 | save = user.tag(task, with: params[:tag_list], on: :tags) |
| 108 | 108 | |
| 109 | 109 | if save | ... | ... |
test/functional/tasks_controller_test.rb
| ... | ... | @@ -671,4 +671,32 @@ class TasksControllerTest < ActionController::TestCase |
| 671 | 671 | assert_not_includes task_two.tags_from(nil), 'noosfero' |
| 672 | 672 | end |
| 673 | 673 | |
| 674 | + should 'not tag task without permission' do | |
| 675 | + Role.delete_all | |
| 676 | + requestor = fast_create(Person) | |
| 677 | + community = fast_create(Community) | |
| 678 | + community.add_member(person) | |
| 679 | + | |
| 680 | + @controller.stubs(:profile).returns(community) | |
| 681 | + task_one = Task.create!(:requestor => requestor, :target => community, :data => {:name => 'Task Test'}) | |
| 682 | + | |
| 683 | + post :save_tags, :task_id => task_one.id, :tag_list => 'test' | |
| 684 | + | |
| 685 | + assert_not_includes task_one.tags_from(nil), 'test' | |
| 686 | + end | |
| 687 | +#region_validators_controller_test.rb: give_permission('ze', 'manage_environment_validators', environment) | |
| 688 | +#profile_editor_controller_test.rb: user2.stubs(:has_permission?).with('edit_profile', anything).returns(true) | |
| 689 | +#profile_editor_controller_test.rb: user2.expects(:has_permission?).with(:manage_friends, anything).returns(true) | |
| 690 | + | |
| 691 | + should 'not tag task with permission but another user' do | |
| 692 | + requestor = fast_create(Person) | |
| 693 | + target = fast_create(Person) | |
| 694 | + | |
| 695 | + task_one = Task.create!(:requestor => requestor, :target => target, :data => {:name => 'Task Test'}) | |
| 696 | + | |
| 697 | + post :save_tags, :task_id => task_one.id, :tag_list => 'test' | |
| 698 | + | |
| 699 | + assert_not_includes task_one.tags_from(nil), 'test' | |
| 700 | + end | |
| 701 | + | |
| 674 | 702 | end | ... | ... |