Download as
Browse Code »

Commit ad4168270e404f539af297b5f6c68c50b00784bd

Authored by Larissa Reis
1 parent d3d8d79a
Exists in master and in 21 other branches angular_poc, api-article-archived, article-readonly, backup-7-jan-2016, captcha_serpro_plugin, content-manager-hostspot, export-comment-paragraph, fix_event_date_issue, login-captcha, master_rails3, new_video_plugin, pg_search_rank, production, refactor_with_role, refactor_with_role_scope, remove_profile_cat_icons, resend_confirmation_email, staging, staging_rails3, theme-brasil-digital-from-staging, travis

api: consider admin role when querying visible organizations for person

Showing 2 changed files with 62 additions and 11 deletions   Show diff stats
app/models/organization.rb
  Diff comments   View file @ad41682
@@ -8,11 +8,28 @@ class Organization < Profile @@ -8,11 +8,28 @@ class Organization < Profile
8 :display => %w[compact] 8 :display => %w[compact]
9 } 9 }
10 10
  11 + # An Organization is considered visible to a given person if one of the
  12 + # following conditions are met:
  13 + # 1) The user is an environment administrator.
  14 + # 2) The user is an administrator of the organization.
  15 + # 3) The user is a member of the organization and the organization is
  16 + # visible.
  17 + # 4) The user is not a member of the organization but the organization is
  18 + # visible, public and enabled.
11 scope :visible_for_person, lambda { |person| 19 scope :visible_for_person, lambda { |person|
12 - joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'') 20 + joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id"
  21 + AND "role_assignments"."resource_type" = \'Profile\') OR (
  22 + "role_assignments"."resource_id" = "profiles"."environment_id" AND
  23 + "role_assignments"."resource_type" = \'Environment\' )')
  24 + .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
13 .where( 25 .where(
14 - ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR  
15 - (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true] 26 + ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? )
  27 + OR
  28 + ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
  29 + ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND
  30 + ( profiles.visible = ? ) )',
  31 + 'profile_admin', 'environment_administrator', Profile.name, person.id,
  32 + Profile.name, person.id, true, true, true]
16 ).uniq 33 ).uniq
17 } 34 }
18 35
test/unit/organization_test.rb
  Diff comments   View file @ad41682
@@ -479,23 +479,57 @@ class OrganizationTest < ActiveSupport::TestCase @@ -479,23 +479,57 @@ class OrganizationTest < ActiveSupport::TestCase
479 479
480 should 'fetch organizations there are visible for a user' do 480 should 'fetch organizations there are visible for a user' do
481 person = create_user('some-person').person 481 person = create_user('some-person').person
  482 + admin = create_user('some-admin').person
  483 + env_admin = create_user('env-admin').person
  484 +
482 o1 = fast_create(Organization, :public_profile => true , :visible => true ) 485 o1 = fast_create(Organization, :public_profile => true , :visible => true )
  486 + o1.add_admin(admin)
483 o1.add_member(person) 487 o1.add_member(person)
  488 +
484 o2 = fast_create(Organization, :public_profile => true , :visible => true ) 489 o2 = fast_create(Organization, :public_profile => true , :visible => true )
485 o3 = fast_create(Organization, :public_profile => false, :visible => true ) 490 o3 = fast_create(Organization, :public_profile => false, :visible => true )
  491 +
486 o4 = fast_create(Organization, :public_profile => false, :visible => true) 492 o4 = fast_create(Organization, :public_profile => false, :visible => true)
  493 + o4.add_admin(admin)
487 o4.add_member(person) 494 o4.add_member(person)
  495 +
488 o5 = fast_create(Organization, :public_profile => true , :visible => false) 496 o5 = fast_create(Organization, :public_profile => true , :visible => false)
489 - o6 = fast_create(Organization, :public_profile => false, :visible => false) 497 + o5.add_admin(admin)
  498 + o5.add_member(person)
  499 +
  500 + o6 = fast_create(Enterprise, :enabled => false, :visible => true)
  501 + o6.add_admin(admin)
  502 +
  503 + o7 = fast_create(Organization, :public_profile => false, :visible => false)
  504 +
  505 + Environment.default.add_admin(env_admin)
  506 +
  507 + person_orgs = Organization.visible_for_person(person)
  508 + admin_orgs = Organization.visible_for_person(admin)
  509 + env_admin_orgs = Organization.visible_for_person(env_admin)
  510 +
  511 + assert_includes person_orgs, o1
  512 + assert_includes admin_orgs, o1
  513 + assert_includes env_admin_orgs, o1
  514 +
  515 + assert_includes person_orgs, o2
  516 + assert_includes env_admin_orgs, o2
  517 + assert_not_includes person_orgs, o3
  518 + assert_includes env_admin_orgs, o3
  519 +
  520 + assert_includes person_orgs, o4
  521 + assert_includes admin_orgs, o4
  522 + assert_includes env_admin_orgs, o4
  523 +
  524 + assert_not_includes person_orgs, o5
  525 + assert_includes admin_orgs, o5
  526 + assert_includes env_admin_orgs, o5
490 527
491 - organizations = Organization.visible_for_person(person) 528 + assert_not_includes person_orgs, o6
  529 + assert_includes admin_orgs, o6
492 530
493 - assert_includes organizations, o1  
494 - assert_includes organizations, o2  
495 - assert_not_includes organizations, o3  
496 - assert_includes organizations, o4  
497 - assert_not_includes organizations, o5  
498 - assert_not_includes organizations, o6 531 + assert_not_includes person_orgs, o7
  532 + assert_includes env_admin_orgs, o7
499 end 533 end
500 534
501 end 535 end