consider permission to close tasks

Leandro Santos
1 parent f6185329
Showing 2 changed files with 31 additions and 3 deletions Show diff stats
app/controllers/my_profile/tasks_controller.rb
test/functional/tasks_controller_test.rb
 class TasksController < MyProfileController
-  protect [:perform_task, :view_tasks], :profile, :only => [:index]
-  protect :perform_task, :profile, :except => [:index]
+  protect [:perform_task, :view_tasks], :profile, :only => [:index, :save_tags]
+  protect :perform_task, :profile, :except => [:index, :save_tags]
   def index
     @filter_type = params[:filter_type].presence
@@ -103,7 +103,7 @@ class TasksController &lt; MyProfileController
       ActsAsTaggableOn.remove_unused_tags = true
-      task = Task.find_by_id params[:task_id]
+      task = profile.tasks.find_by_id params[:task_id]
       save = user.tag(task, with: params[:tag_list], on: :tags)
       if save
@@ -671,4 +671,32 @@ class TasksControllerTest &lt; ActionController::TestCase
     assert_not_includes task_two.tags_from(nil), 'noosfero'
   end
+  should 'not tag task without permission' do
+    Role.delete_all
+    requestor = fast_create(Person)
+    community = fast_create(Community)
+    community.add_member(person)
+
+    @controller.stubs(:profile).returns(community)
+    task_one = Task.create!(:requestor => requestor, :target => community, :data => {:name => 'Task Test'})
+
+    post :save_tags, :task_id => task_one.id, :tag_list => 'test'
+
+    assert_not_includes task_one.tags_from(nil), 'test'
+  end
+#region_validators_controller_test.rb:    give_permission('ze', 'manage_environment_validators', environment)
+#profile_editor_controller_test.rb:    user2.stubs(:has_permission?).with('edit_profile', anything).returns(true)
+#profile_editor_controller_test.rb:    user2.expects(:has_permission?).with(:manage_friends, anything).returns(true)
+
+  should 'not tag task with permission but another user' do
+    requestor = fast_create(Person)
+    target = fast_create(Person)
+
+    task_one = Task.create!(:requestor => requestor, :target => target, :data => {:name => 'Task Test'})
+
+    post :save_tags, :task_id => task_one.id, :tag_list => 'test'
+
+    assert_not_includes task_one.tags_from(nil), 'test'
+  end
+
 end
	@@ -671,4 +671,32 @@ class TasksControllerTest < ActionController::TestCase		@@ -671,4 +671,32 @@ class TasksControllerTest < ActionController::TestCase
671	assert_not_includes task_two.tags_from(nil), 'noosfero'	671	assert_not_includes task_two.tags_from(nil), 'noosfero'
672	end	672	end
673		673
		674	+ should 'not tag task without permission' do
		675	+ Role.delete_all
		676	+ requestor = fast_create(Person)
		677	+ community = fast_create(Community)
		678	+ community.add_member(person)
		679	+
		680	+ @controller.stubs(:profile).returns(community)
		681	+ task_one = Task.create!(:requestor => requestor, :target => community, :data => {:name => 'Task Test'})
		682	+
		683	+ post :save_tags, :task_id => task_one.id, :tag_list => 'test'
		684	+
		685	+ assert_not_includes task_one.tags_from(nil), 'test'
		686	+ end
		687	+#region_validators_controller_test.rb: give_permission('ze', 'manage_environment_validators', environment)
		688	+#profile_editor_controller_test.rb: user2.stubs(:has_permission?).with('edit_profile', anything).returns(true)
		689	+#profile_editor_controller_test.rb: user2.expects(:has_permission?).with(:manage_friends, anything).returns(true)
		690	+
		691	+ should 'not tag task with permission but another user' do
		692	+ requestor = fast_create(Person)
		693	+ target = fast_create(Person)
		694	+
		695	+ task_one = Task.create!(:requestor => requestor, :target => target, :data => {:name => 'Task Test'})
		696	+
		697	+ post :save_tags, :task_id => task_one.id, :tag_list => 'test'
		698	+
		699	+ assert_not_includes task_one.tags_from(nil), 'test'
		700	+ end
		701	+
674	end	702	end