Download as
Browse Code »

Commit 8791558a0575b50946a09ab197a157b91f701443

Authored by Joenio Costa
Committed by Antonio Terceiro
1 parent 8a9f6087
Exists in master and in 22 other branches angular_poc, api-article-archived, article-readonly, backup-7-jan-2016, captcha_serpro_plugin, content-manager-hostspot, export-comment-paragraph, fix_event_date_issue, login-captcha, master_rails3, new_video_plugin, pg_search_rank, production, refactor_with_role, refactor_with_role_scope, remove_profile_cat_icons, resend_confirmation_email, staging, staging_rails3, tasks_keep_filter_params, theme-brasil-digital-from-staging, travis

ActionItem1034: access denied page should not use blocks of the current profile 

* not show sideboxes when render access denied
 * fix tests for access_control plugin
 * remove unused helper UsesDesignBlocksHelper
 * profile design needs login
Showing 7 changed files with 38 additions and 14 deletions   Show diff stats
app/controllers/application.rb
  Diff comments   View file @8791558
@@ -37,12 +37,6 @@ class ApplicationController < ActionController::Base @@ -37,12 +37,6 @@ class ApplicationController < ActionController::Base
37 def uses_design_blocks? 37 def uses_design_blocks?
38 !@no_design_blocks && self.class.uses_design_blocks? 38 !@no_design_blocks && self.class.uses_design_blocks?
39 end 39 end
40 - module UsesDesignBlocksHelper  
41 - def uses_design_blocks?  
42 - @controller.uses_design_blocks?  
43 - end  
44 - end  
45 - helper UsesDesignBlocksHelper  
46 40
47 # Be sure to include AuthenticationSystem in Application Controller instead 41 # Be sure to include AuthenticationSystem in Application Controller instead
48 include AuthenticatedSystem 42 include AuthenticatedSystem
app/controllers/box_organizer_controller.rb
  Diff comments   View file @8791558
1 class BoxOrganizerController < ApplicationController 1 class BoxOrganizerController < ApplicationController
2 2
  3 + before_filter :login_required
  4 +
3 def index 5 def index
4 end 6 end
5 7
app/helpers/boxes_helper.rb
  Diff comments   View file @8791558
1 module BoxesHelper 1 module BoxesHelper
2 2
3 def insert_boxes(content) 3 def insert_boxes(content)
4 - if @controller.send(:boxes_editor?) 4 + if @controller.send(:boxes_editor?) && @controller.send(:uses_design_blocks?)
5 content + display_boxes_editor(@controller.boxes_holder) 5 content + display_boxes_editor(@controller.boxes_holder)
6 else 6 else
7 if @controller.send(:uses_design_blocks?) 7 if @controller.send(:uses_design_blocks?)
test/functional/profile_design_controller_test.rb
  Diff comments   View file @8791558
@@ -12,7 +12,7 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase @@ -12,7 +12,7 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase
12 @request.stubs(:ssl?).returns(true) 12 @request.stubs(:ssl?).returns(true)
13 @response = ActionController::TestResponse.new 13 @response = ActionController::TestResponse.new
14 14
15 - @holder = create_user('designtestuser').person 15 + @profile = @holder = create_user('designtestuser').person
16 holder.save! 16 holder.save!
17 17
18 @box1 = Box.new 18 @box1 = Box.new
@@ -65,6 +65,7 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase @@ -65,6 +65,7 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase
65 @controller.stubs(:boxes_holder).returns(holder) 65 @controller.stubs(:boxes_holder).returns(holder)
66 login_as 'designtestuser' 66 login_as 'designtestuser'
67 end 67 end
  68 + attr_reader :profile
68 69
69 def test_local_files_reference 70 def test_local_files_reference
70 assert_local_files_reference :get, :index, :profile => 'designtestuser' 71 assert_local_files_reference :get, :index, :profile => 'designtestuser'
@@ -319,4 +320,17 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase @@ -319,4 +320,17 @@ class ProfileDesignControllerTest &lt; Test::Unit::TestCase
319 assert_equal 20, @box1.blocks[-1].limit 320 assert_equal 20, @box1.blocks[-1].limit
320 end 321 end
321 322
  323 + should 'require login' do
  324 + logout
  325 + get :index, :profile => profile.identifier
  326 + assert_redirected_to :controller => 'account', :action => 'login'
  327 + end
  328 +
  329 + should 'not show sideboxes when render access denied' do
  330 + another_profile = create_user('bobmarley').person
  331 + get :index, :profile => another_profile.identifier
  332 + assert_tag :tag => 'div', :attributes => {:class => 'no-boxes'}
  333 + assert_tag :tag => 'div', :attributes => {:id => 'access-denied'}
  334 + end
  335 +
322 end 336 end
vendor/plugins/access_control/lib/permission_check.rb
  Diff comments   View file @8791558
@@ -20,12 +20,19 @@ module PermissionCheck @@ -20,12 +20,19 @@ module PermissionCheck
20 target = target_method.kind_of?(Symbol) ? c.send(target_method) : target_method 20 target = target_method.kind_of?(Symbol) ? c.send(target_method) : target_method
21 accessor = accessor_method.kind_of?(Symbol) ? c.send(accessor_method) : accessor_method 21 accessor = accessor_method.kind_of?(Symbol) ? c.send(accessor_method) : accessor_method
22 unless accessor && accessor.has_permission?(permission.to_s, target) 22 unless accessor && accessor.has_permission?(permission.to_s, target)
23 -# c.instance_variable_set('@b', [accessor, permission, target])  
24 - c.send(:render, :template => access_denied_template_path, :status => 403) && false 23 + render_access_denied(c) && false
25 end 24 end
26 end 25 end
27 end 26 end
28 27
  28 + def render_access_denied(c)
  29 + if c.respond_to?(:render_access_denied)
  30 + c.send(:render_access_denied)
  31 + else
  32 + c.send(:render, :template => access_denied_template_path, :status => 403)
  33 + end
  34 + end
  35 +
29 def access_denied_template_path 36 def access_denied_template_path
30 if File.exists?(File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml')) 37 if File.exists?(File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml'))
31 File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml') 38 File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml')
vendor/plugins/access_control/test/schema.rb
  Diff comments   View file @8791558
@@ -3,10 +3,11 @@ ActiveRecord::Migration.verbose = false @@ -3,10 +3,11 @@ ActiveRecord::Migration.verbose = false
3 ActiveRecord::Schema.define(:version => 0) do 3 ActiveRecord::Schema.define(:version => 0) do
4 4
5 create_table :access_control_test_roles, :force => true do |t| 5 create_table :access_control_test_roles, :force => true do |t|
6 - t.column :name, :string  
7 - t.column :permissions, :string  
8 - t.column :key, :string  
9 - t.column :system, :boolean, :default => false 6 + t.column :name, :string
  7 + t.column :permissions, :string
  8 + t.column :key, :string
  9 + t.column :system, :boolean, :default => false
  10 + t.column :environment_id, :integer
10 end 11 end
11 12
12 create_table :access_control_test_role_assignments, :force => true do |t| 13 create_table :access_control_test_role_assignments, :force => true do |t|
vendor/plugins/access_control/test/test_helper.rb
  Diff comments   View file @8791558
@@ -18,6 +18,12 @@ RoleAssignment.set_table_name &#39;access_control_test_role_assignments&#39; @@ -18,6 +18,12 @@ RoleAssignment.set_table_name &#39;access_control_test_role_assignments&#39;
18 class AccessControlTestAccessor < ActiveRecord::Base 18 class AccessControlTestAccessor < ActiveRecord::Base
19 set_table_name 'access_control_test_accessors' 19 set_table_name 'access_control_test_accessors'
20 acts_as_accessor 20 acts_as_accessor
  21 + def cache_keys
  22 + []
  23 + end
  24 + def blocks_to_expire_cache
  25 + []
  26 + end
21 end 27 end
22 28
23 # resource example class to be accessed by some accessor 29 # resource example class to be accessed by some accessor