Commit c19683992bbaebf575aea2e1a437f383570a713e
1 parent
694bd7e5
Exists in
master
and in
22 other branches
ActionItem901: unpublished articles can be viewed by those who can edit
it.
Showing
2 changed files
with
20 additions
and
2 deletions
Show diff stats
app/controllers/public/content_viewer_controller.rb
@@ -28,8 +28,8 @@ class ContentViewerController < ApplicationController | @@ -28,8 +28,8 @@ class ContentViewerController < ApplicationController | ||
28 | end | 28 | end |
29 | end | 29 | end |
30 | 30 | ||
31 | - # do not show unpublished articles | ||
32 | - if @page && !@page.published | 31 | + # only show unpublished articles to those who can edit then |
32 | + if @page && !@page.published && (!user || !user.has_permission?('post_content', profile)) | ||
33 | @page = nil | 33 | @page = nil |
34 | end | 34 | end |
35 | 35 |
test/functional/content_viewer_controller_test.rb
@@ -311,6 +311,24 @@ class ContentViewerControllerTest < Test::Unit::TestCase | @@ -311,6 +311,24 @@ class ContentViewerControllerTest < Test::Unit::TestCase | ||
311 | assert_response 404 | 311 | assert_response 404 |
312 | end | 312 | end |
313 | 313 | ||
314 | + should 'show unpublished articles to the user himself' do | ||
315 | + profile.articles.create!(:name => 'test', :published => false) | ||
316 | + | ||
317 | + login_as(profile.identifier) | ||
318 | + get :view_page, :profile => profile.identifier, :page => [ 'test' ] | ||
319 | + assert_response :success | ||
320 | + end | ||
321 | + | ||
322 | + should 'show unpublished articles to members' do | ||
323 | + community = Community.create!(:name => 'testcomm') | ||
324 | + community.articles.create!(:name => 'test', :published => false) | ||
325 | + community.add_member(profile) | ||
326 | + | ||
327 | + login_as(profile.identifier) | ||
328 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | ||
329 | + assert_response :success | ||
330 | + end | ||
331 | + | ||
314 | should 'show message for disabled enterprises' do | 332 | should 'show message for disabled enterprises' do |
315 | login_as(@profile.identifier) | 333 | login_as(@profile.identifier) |
316 | ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false) | 334 | ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false) |