Commit 623a401dbd8855e8b96d37d5795d75b29c62082d
1 parent
abde9210
Exists in
master
and in
22 other branches
Allow only members in a whitelist to access an anvironment
Showing
4 changed files
with
59 additions
and
0 deletions
Show diff stats
app/controllers/application_controller.rb
| ... | ... | @@ -5,6 +5,11 @@ class ApplicationController < ActionController::Base |
| 5 | 5 | before_filter :init_noosfero_plugins_controller_filters |
| 6 | 6 | before_filter :allow_cross_domain_access |
| 7 | 7 | before_filter :login_required, :if => :private_environment? |
| 8 | + before_filter :verify_members_whitelist, :if => :user | |
| 9 | + | |
| 10 | + def verify_members_whitelist | |
| 11 | + render_access_denied unless user.is_admin? || environment.members_whitelist.blank? || environment.in_whitelist?(user) | |
| 12 | + end | |
| 8 | 13 | |
| 9 | 14 | def allow_cross_domain_access |
| 10 | 15 | origin = request.headers['Origin'] | ... | ... |
app/models/environment.rb
| ... | ... | @@ -295,6 +295,16 @@ class Environment < ActiveRecord::Base |
| 295 | 295 | settings_items :access_control_allow_origin, :type => Array, :default => [] |
| 296 | 296 | settings_items :access_control_allow_methods, :type => String |
| 297 | 297 | |
| 298 | + settings_items :members_whitelist, :type => Array, :default => [] | |
| 299 | + | |
| 300 | + def in_whitelist?(person) | |
| 301 | + members_whitelist.include?(person.identifier) | |
| 302 | + end | |
| 303 | + | |
| 304 | + def members_whitelist=(members) | |
| 305 | + settings[:members_whitelist] = members.split(',').map(&:strip).reject(&:blank?) | |
| 306 | + end | |
| 307 | + | |
| 298 | 308 | def news_amount_by_folder=(amount) |
| 299 | 309 | settings[:news_amount_by_folder] = amount.to_i |
| 300 | 310 | end | ... | ... |
app/views/features/index.rhtml
| ... | ... | @@ -37,6 +37,11 @@ Check all the features you want to enable for your environment, uncheck all the |
| 37 | 37 | <%= select_organization_approval_method('environment', 'organization_approval_method') %> |
| 38 | 38 | <hr/> |
| 39 | 39 | |
| 40 | +<h3><%= _('Members Whitelist') %></h3> | |
| 41 | + <div class="info"><%= _('Allow these people to access this environment (separate with commas):') %></div> | |
| 42 | + <%= text_field :environment, :members_whitelist, :value => environment.members_whitelist.join(',') %> | |
| 43 | +<hr/> | |
| 44 | + | |
| 40 | 45 | <div> |
| 41 | 46 | <% button_bar do %> |
| 42 | 47 | <%= submit_button('save', _('Save changes')) %> | ... | ... |
test/functional/application_controller_test.rb
| ... | ... | @@ -581,4 +581,43 @@ class ApplicationControllerTest < ActionController::TestCase |
| 581 | 581 | assert_redirected_to :controller => 'account', :action => 'login' |
| 582 | 582 | end |
| 583 | 583 | |
| 584 | + should 'do allow member in whitelist to access an environment' do | |
| 585 | + user = create_user | |
| 586 | + e = Environment.default | |
| 587 | + e.members_whitelist = 'admin' | |
| 588 | + e.save! | |
| 589 | + login_as(user.login) | |
| 590 | + get :index | |
| 591 | + assert_response :forbidden | |
| 592 | + end | |
| 593 | + | |
| 594 | + should 'allow member in whitelist to access an environment' do | |
| 595 | + user = create_user | |
| 596 | + e = Environment.default | |
| 597 | + e.members_whitelist = user.person.identifier | |
| 598 | + e.save! | |
| 599 | + login_as(user.login) | |
| 600 | + get :index | |
| 601 | + assert_response :success | |
| 602 | + end | |
| 603 | + | |
| 604 | + should 'allow members to access an environment if whitelist is blank' do | |
| 605 | + user = create_user | |
| 606 | + e = Environment.default | |
| 607 | + e.members_whitelist = '' | |
| 608 | + e.save! | |
| 609 | + login_as(user.login) | |
| 610 | + get :index | |
| 611 | + assert_response :success | |
| 612 | + end | |
| 613 | + | |
| 614 | + should 'allow admin to access an environment' do | |
| 615 | + e = Environment.default | |
| 616 | + e.members_whitelist = 'ze' | |
| 617 | + e.save! | |
| 618 | + login_as(create_admin_user(e)) | |
| 619 | + get :index | |
| 620 | + assert_response :success | |
| 621 | + end | |
| 622 | + | |
| 584 | 623 | end | ... | ... |