Commit 9b52574e54aea1335ff58bc99cd7980b0f78648e
1 parent
084b6fda
Exists in
master
and in
22 other branches
ActionItem85: implementing restriction of profile type for profile_admin-based controllers
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@604 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
2 changed files
with
43 additions
and
3 deletions
Show diff stats
app/controllers/profile_admin_controller.rb
| 1 | 1 | class ProfileAdminController < ApplicationController |
| 2 | + | |
| 3 | + # declares that the controller needs an specific type of profile. Example: | |
| 4 | + # | |
| 5 | + # class PersonDetailControlles < ProfileAdminController | |
| 6 | + # requires_profile_class Person | |
| 7 | + # end | |
| 8 | + # | |
| 9 | + # The above controller will reject every request to it unless the current | |
| 10 | + # profile (as indicated by the first URL component) is of class Person (or of | |
| 11 | + # a subclass of Person) | |
| 12 | + def self.requires_profile_class(some_class) | |
| 13 | + before_filter do |controller| | |
| 14 | + unless controller.profile.kind_of?(some_class) | |
| 15 | + controller.instance_variable_set('@message', _("This action is not available for \"%s\".") % controller.profile.name) | |
| 16 | + controller.render :file => 'app/views/shared/access_denied.rhtml' , :layout => true, :status => 403 | |
| 17 | + end | |
| 18 | + end | |
| 19 | + end | |
| 20 | + | |
| 2 | 21 | end | ... | ... |
test/functional/profile_admin_controller_test.rb
| ... | ... | @@ -4,15 +4,36 @@ require 'profile_admin_controller' |
| 4 | 4 | # Re-raise errors caught by the controller. |
| 5 | 5 | class ProfileAdminController; def rescue_action(e) raise e end; end |
| 6 | 6 | |
| 7 | +class OnlyForPersonTestController < ProfileAdminController | |
| 8 | + requires_profile_class Person | |
| 9 | + def index | |
| 10 | + render :text => '<div>something</div>' | |
| 11 | + end | |
| 12 | +end | |
| 13 | + | |
| 7 | 14 | class ProfileAdminControllerTest < Test::Unit::TestCase |
| 15 | + | |
| 8 | 16 | def setup |
| 9 | 17 | @controller = ProfileAdminController.new |
| 10 | 18 | @request = ActionController::TestRequest.new |
| 11 | 19 | @response = ActionController::TestResponse.new |
| 12 | 20 | end |
| 13 | 21 | |
| 14 | - # Replace this with your real tests. | |
| 15 | - def test_truth | |
| 16 | - assert true | |
| 22 | + def test_should_allow_person | |
| 23 | + @controller = OnlyForPersonTestController.new | |
| 24 | + person = Person.new(:name => 'Random Joe') | |
| 25 | + @controller.stubs(:profile).returns(person) | |
| 26 | + | |
| 27 | + get :index | |
| 28 | + assert_response :success | |
| 29 | + end | |
| 30 | + | |
| 31 | + def test_should_not_allow_bare_profile | |
| 32 | + @controller = OnlyForPersonTestController.new | |
| 33 | + org = Organization.new(:name => 'Hacking Institute') | |
| 34 | + @controller.stubs(:profile).returns(org) | |
| 35 | + | |
| 36 | + get :index | |
| 37 | + assert_response 403 # forbidden | |
| 17 | 38 | end |
| 18 | 39 | end | ... | ... |