ActionItem901: unpublished articles can be viewed by those who can edit

it.

ActionItem901: unpublished articles can be viewed by those who can edit
it.
Antonio Terceiro
1 parent 694bd7e5
Showing 2 changed files with 20 additions and 2 deletions Show diff stats
app/controllers/public/content_viewer_controller.rb
test/functional/content_viewer_controller_test.rb
@@ -28,8 +28,8 @@ class ContentViewerController &lt; ApplicationController
         end
       end
  
-      # do not show unpublished articles
-      if @page && !@page.published
+      # only show unpublished articles to those who can edit then
+      if @page && !@page.published && (!user || !user.has_permission?('post_content', profile))
         @page = nil
       end
  
@@ -311,6 +311,24 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     assert_response 404
   end
  
+  should 'show unpublished articles to the user himself' do
+    profile.articles.create!(:name => 'test', :published => false)
+
+    login_as(profile.identifier)
+    get :view_page, :profile => profile.identifier, :page => [ 'test' ]
+    assert_response :success
+  end
+
+  should 'show unpublished articles to members' do
+    community = Community.create!(:name => 'testcomm')
+    community.articles.create!(:name => 'test', :published => false)
+    community.add_member(profile)
+
+    login_as(profile.identifier)
+    get :view_page, :profile => community.identifier, :page => [ 'test' ]
+    assert_response :success
+  end
+
   should 'show message for disabled enterprises' do
     login_as(@profile.identifier)
     ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false)
...	...	@@ -28,8 +28,8 @@ class ContentViewerController < ApplicationController
28	28	end
29	29	end
30	30
31		- # do not show unpublished articles
32		- if @page && !@page.published
	31	+ # only show unpublished articles to those who can edit then
	32	+ if @page && !@page.published && (!user \|\| !user.has_permission?('post_content', profile))
33	33	@page = nil
34	34	end
35	35
...	...
...	...	@@ -311,6 +311,24 @@ class ContentViewerControllerTest < Test::Unit::TestCase
311	311	assert_response 404
312	312	end
313	313
	314	+ should 'show unpublished articles to the user himself' do
	315	+ profile.articles.create!(:name => 'test', :published => false)
	316	+
	317	+ login_as(profile.identifier)
	318	+ get :view_page, :profile => profile.identifier, :page => [ 'test' ]
	319	+ assert_response :success
	320	+ end
	321	+
	322	+ should 'show unpublished articles to members' do
	323	+ community = Community.create!(:name => 'testcomm')
	324	+ community.articles.create!(:name => 'test', :published => false)
	325	+ community.add_member(profile)
	326	+
	327	+ login_as(profile.identifier)
	328	+ get :view_page, :profile => community.identifier, :page => [ 'test' ]
	329	+ assert_response :success
	330	+ end
	331	+
314	332	should 'show message for disabled enterprises' do
315	333	login_as(@profile.identifier)
316	334	ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false)
...	...