Merge branch 'AI3191-private_environment' into rails3_stable

Conflicts: app/models/environment.rb

Merge branch 'AI3191-private_environment' into rails3_stable
Conflicts: app/models/environment.rb
Victor Costa
2 parents cb4a7a6b a250f05f
Showing 9 changed files with 103 additions and 6 deletions Show diff stats
Gemfile.lock
app/controllers/admin/features_controller.rb
app/controllers/application_controller.rb
app/helpers/token_helper.rb
app/models/environment.rb
app/views/features/index.html.erb
script/quick-start
test/functional/application_controller_test.rb
test/functional/features_controller_test.rb
@@ -61,7 +61,7 @@ GEM
     database_cleaner (1.2.0)
     diff-lcs (1.1.3)
     erubis (2.7.0)
-    eventmachine (1.0.3)
+    eventmachine (0.12.11)
     fast_gettext (0.6.8)
     ffi (1.0.11)
     gherkin (2.4.21)
@@ -75,7 +75,7 @@ GEM
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    metaclass (0.0.4)
+    metaclass (0.0.1)
     mime-types (1.19)
     mocha (0.11.3)
       metaclass (~> 0.0.1)
@@ -91,4 +91,10 @@ class FeaturesController &lt; AdminController
     redirect_to :action => 'manage_fields'
   end
  
+  def search_members
+    arg = params[:q].downcase
+    result = environment.people.find(:all, :conditions => ['LOWER(name) LIKE ?', "%#{arg}%"])
+    render :text => prepare_to_token_input(result).to_json
+  end
+
 end
@@ -7,6 +7,12 @@ class ApplicationController &lt; ActionController::Base
   before_filter :detect_stuff_by_domain
   before_filter :init_noosfero_plugins
   before_filter :allow_cross_domain_access
+  before_filter :login_required, :if => :private_environment?
+  before_filter :verify_members_whitelist, :if => :user
+
+  def verify_members_whitelist
+    render_access_denied unless user.is_admin? || environment.in_whitelist?(user)
+  end
  
   after_filter :set_csrf_cookie
  
@@ -187,4 +193,8 @@ class ApplicationController &lt; ActionController::Base
     {:results => scope.paginate(paginate_options)}
   end
  
+  def private_environment?
+    @environment.enabled?(:restrict_to_members)
+  end
+
 end
@@ -18,6 +18,7 @@ module TokenHelper
     options[:on_add] ||= 'null'
     options[:on_delete] ||= 'null'
     options[:on_ready] ||= 'null'
+    options[:query_param] ||= 'q'
  
     result = text_field_tag(name, nil, text_field_options.merge(html_options.merge({:id => element_id})))
     result += javascript_tag("jQuery('##{element_id}')
@@ -30,7 +31,7 @@ module TokenHelper
         searchDelay: #{options[:search_delay].to_json},
         preventDuplicates: #{options[:prevent_duplicates].to_json},
         backspaceDeleteItem: #{options[:backspace_delete_item].to_json},
-        queryParam: #{name.to_json},
+        queryParam: #{options[:query_param].to_json},
         tokenLimit: #{options[:token_limit].to_json},
         onResult: #{options[:on_result]},
         onAdd: #{options[:on_add]},
@@ -48,4 +49,4 @@ module TokenHelper
     result
   end
  
-end
 \ No newline at end of file
+end
@@ -3,7 +3,7 @@
 # domains.
 class Environment < ActiveRecord::Base
  
-  attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :disabled_blocks, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body
+  attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :disabled_blocks, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body, :members_whitelist_enabled, :members_whitelist
  
   has_many :users
  
@@ -132,7 +132,8 @@ class Environment &lt; ActiveRecord::Base
       'send_welcome_email_to_new_users' => _('Send welcome e-mail to new users'),
       'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'),
       'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'),
-      'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage')
+      'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'),
+      'restrict_to_members' => _('Show content only to members')
     }
   end
  
@@ -305,6 +306,17 @@ class Environment &lt; ActiveRecord::Base
     settings[:signup_welcome_screen_body].present?
   end
  
+  settings_items :members_whitelist_enabled, :type => :boolean, :default => false
+  settings_items :members_whitelist, :type => Array, :default => []
+
+  def in_whitelist?(person)
+    !members_whitelist_enabled || members_whitelist.include?(person.id)
+  end
+
+  def members_whitelist=(members)
+    settings[:members_whitelist] = members.split(',').map(&:to_i)
+  end
+
   def news_amount_by_folder=(amount)
     settings[:news_amount_by_folder] = amount.to_i
   end
@@ -37,6 +37,18 @@ Check all the features you want to enable for your environment, uncheck all the 
   <%= select_organization_approval_method('environment', 'organization_approval_method') %>
 <hr/>
  
+<h3><%= _('Members Whitelist') %></h3>
+  <div class="option">
+    <%= check_box :environment, :members_whitelist_enabled %>
+    <label><%= _('Enable whitelist') %></label>
+  </div>
+  <div class="input">
+    <div class="info"><%= _('Allow these people to access this environment:') %></div>
+    <% tokenized_members = prepare_to_token_input(environment.people.find(:all, :conditions => {:id => environment.members_whitelist})) %>
+    <%= token_input_field_tag('environment[members_whitelist]', 'search-members', {:action => 'search_members'}, {:focus => false, :hint_text => _('Type in a search term for a user'), :pre_populate => tokenized_members}) %>
+  </div>
+<hr/>
+
 <div>
   <% button_bar do %>
     <%= submit_button('save', _('Save changes')) %>
@@ -52,6 +52,7 @@ else
     # special case Debian-based systems; in others people will have to install
     # lsb-release by themselves
     if which apt-get >/dev/null 2>&1; then
+      sudo apt-get update
       sudo apt-get -y install lsb-release
     else
       complain "E: lsb_release not available! (Try installing the lsb-release package)"
@@ -557,4 +557,51 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_no_tag :tag => 'meta', :attributes => { :property => 'article:published_time' }
     assert_no_tag :tag => 'meta', :attributes => { :property => 'og:image' }
   end
+
+  should 'redirect to login if environment is restrict to members' do
+    Environment.default.enable(:restrict_to_members)
+    get :index
+    assert_redirected_to :controller => 'account', :action => 'login'
+  end
+
+  should 'do not allow member not included in whitelist to access an environment' do
+    user = create_user
+    e = Environment.default
+    e.members_whitelist_enabled = true
+    e.save!
+    login_as(user.login)
+    get :index
+    assert_response :forbidden
+  end
+
+  should 'allow member in whitelist to access an environment' do
+    user = create_user
+    e = Environment.default
+    e.members_whitelist_enabled = true
+    e.members_whitelist = "#{user.person.id}"
+    e.save!
+    login_as(user.login)
+    get :index
+    assert_response :success
+  end
+
+  should 'allow members to access an environment if whitelist is disabled' do
+    user = create_user
+    e = Environment.default
+    e.members_whitelist_enabled = false
+    e.save!
+    login_as(user.login)
+    get :index
+    assert_response :success
+  end
+
+  should 'allow admin to access an environment if whitelist is enabled' do
+    e = Environment.default
+    e.members_whitelist_enabled = true
+    e.save!
+    login_as(create_admin_user(e))
+    get :index
+    assert_response :success
+  end
+
 end
@@ -146,4 +146,12 @@ class FeaturesControllerTest &lt; ActionController::TestCase
     assert_equal true, e.custom_community_fields['contact_person']['required']
   end
  
+  should 'search members' do
+    uses_host 'anhetegua.net'
+    person = fast_create(Person, :environment_id => Environment.find(2).id)
+    xhr :get, :search_members, :q => person.name[0..2]
+    json_response = ActiveSupport::JSON.decode(@response.body)
+    assert_includes json_response, {"id"=>person.id, "name"=>person.name}
+  end
+
 end
...	...	@@ -61,7 +61,7 @@ GEM
61	61	database_cleaner (1.2.0)
62	62	diff-lcs (1.1.3)
63	63	erubis (2.7.0)
64		- eventmachine (1.0.3)
	64	+ eventmachine (0.12.11)
65	65	fast_gettext (0.6.8)
66	66	ffi (1.0.11)
67	67	gherkin (2.4.21)
...	...	@@ -75,7 +75,7 @@ GEM
75	75	i18n (>= 0.4.0)
76	76	mime-types (~> 1.16)
77	77	treetop (~> 1.4.8)
78		- metaclass (0.0.4)
	78	+ metaclass (0.0.1)
79	79	mime-types (1.19)
80	80	mocha (0.11.3)
81	81	metaclass (~> 0.0.1)
...	...
...	...	@@ -91,4 +91,10 @@ class FeaturesController < AdminController
91	91	redirect_to :action => 'manage_fields'
92	92	end
93	93
	94	+ def search_members
	95	+ arg = params[:q].downcase
	96	+ result = environment.people.find(:all, :conditions => ['LOWER(name) LIKE ?', "%#{arg}%"])
	97	+ render :text => prepare_to_token_input(result).to_json
	98	+ end
	99	+
94	100	end
...	...
...	...	@@ -7,6 +7,12 @@ class ApplicationController < ActionController::Base
7	7	before_filter :detect_stuff_by_domain
8	8	before_filter :init_noosfero_plugins
9	9	before_filter :allow_cross_domain_access
	10	+ before_filter :login_required, :if => :private_environment?
	11	+ before_filter :verify_members_whitelist, :if => :user
	12	+
	13	+ def verify_members_whitelist
	14	+ render_access_denied unless user.is_admin? \|\| environment.in_whitelist?(user)
	15	+ end
10	16
11	17	after_filter :set_csrf_cookie
12	18
...	...	@@ -187,4 +193,8 @@ class ApplicationController < ActionController::Base
187	193	{:results => scope.paginate(paginate_options)}
188	194	end
189	195
	196	+ def private_environment?
	197	+ @environment.enabled?(:restrict_to_members)
	198	+ end
	199	+
190	200	end
...	...
...	...	@@ -18,6 +18,7 @@ module TokenHelper
18	18	options[:on_add] \|\|= 'null'
19	19	options[:on_delete] \|\|= 'null'
20	20	options[:on_ready] \|\|= 'null'
	21	+ options[:query_param] \|\|= 'q'
21	22
22	23	result = text_field_tag(name, nil, text_field_options.merge(html_options.merge({:id => element_id})))
23	24	result += javascript_tag("jQuery('##{element_id}')
...	...	@@ -30,7 +31,7 @@ module TokenHelper
30	31	searchDelay: #{options[:search_delay].to_json},
31	32	preventDuplicates: #{options[:prevent_duplicates].to_json},
32	33	backspaceDeleteItem: #{options[:backspace_delete_item].to_json},
33		- queryParam: #{name.to_json},
	34	+ queryParam: #{options[:query_param].to_json},
34	35	tokenLimit: #{options[:token_limit].to_json},
35	36	onResult: #{options[:on_result]},
36	37	onAdd: #{options[:on_add]},
...	...	@@ -48,4 +49,4 @@ module TokenHelper
48	49	result
49	50	end
50	51
51		-end
52	52	\ No newline at end of file
	53	+end
...	...
...	...	@@ -3,7 +3,7 @@
3	3	# domains.
4	4	class Environment < ActiveRecord::Base
5	5
6		- attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :disabled_blocks, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body
	6	+ attr_accessible :name, :is_default, :signup_welcome_text_subject, :signup_welcome_text_body, :terms_of_use, :message_for_disabled_enterprise, :news_amount_by_folder, :default_language, :languages, :description, :organization_approval_method, :enabled_plugins, :enabled_features, :disabled_blocks, :redirection_after_login, :redirection_after_signup, :contact_email, :theme, :reports_lower_bound, :noreply_email, :signup_welcome_screen_body, :members_whitelist_enabled, :members_whitelist
7	7
8	8	has_many :users
9	9
...	...	@@ -132,7 +132,8 @@ class Environment < ActiveRecord::Base
132	132	'send_welcome_email_to_new_users' => _('Send welcome e-mail to new users'),
133	133	'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'),
134	134	'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'),
135		- 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage')
	135	+ 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'),
	136	+ 'restrict_to_members' => _('Show content only to members')
136	137	}
137	138	end
138	139
...	...	@@ -305,6 +306,17 @@ class Environment < ActiveRecord::Base
305	306	settings[:signup_welcome_screen_body].present?
306	307	end
307	308
	309	+ settings_items :members_whitelist_enabled, :type => :boolean, :default => false
	310	+ settings_items :members_whitelist, :type => Array, :default => []
	311	+
	312	+ def in_whitelist?(person)
	313	+ !members_whitelist_enabled \|\| members_whitelist.include?(person.id)
	314	+ end
	315	+
	316	+ def members_whitelist=(members)
	317	+ settings[:members_whitelist] = members.split(',').map(&:to_i)
	318	+ end
	319	+
308	320	def news_amount_by_folder=(amount)
309	321	settings[:news_amount_by_folder] = amount.to_i
310	322	end
...	...
...	...	@@ -37,6 +37,18 @@ Check all the features you want to enable for your environment, uncheck all the
37	37	<%= select_organization_approval_method('environment', 'organization_approval_method') %>
38	38	<hr/>
39	39
	40	+<h3><%= _('Members Whitelist') %></h3>
	41	+ <div class="option">
	42	+ <%= check_box :environment, :members_whitelist_enabled %>
	43	+ <label><%= _('Enable whitelist') %></label>
	44	+ </div>
	45	+ <div class="input">
	46	+ <div class="info"><%= _('Allow these people to access this environment:') %></div>
	47	+ <% tokenized_members = prepare_to_token_input(environment.people.find(:all, :conditions => {:id => environment.members_whitelist})) %>
	48	+ <%= token_input_field_tag('environment[members_whitelist]', 'search-members', {:action => 'search_members'}, {:focus => false, :hint_text => _('Type in a search term for a user'), :pre_populate => tokenized_members}) %>
	49	+ </div>
	50	+<hr/>
	51	+
40	52	<div>
41	53	<% button_bar do %>
42	54	<%= submit_button('save', _('Save changes')) %>
...	...
...	...	@@ -52,6 +52,7 @@ else
52	52	# special case Debian-based systems; in others people will have to install
53	53	# lsb-release by themselves
54	54	if which apt-get >/dev/null 2>&1; then
	55	+ sudo apt-get update
55	56	sudo apt-get -y install lsb-release
56	57	else
57	58	complain "E: lsb_release not available! (Try installing the lsb-release package)"
...	...
...	...	@@ -557,4 +557,51 @@ class ApplicationControllerTest < ActionController::TestCase
557	557	assert_no_tag :tag => 'meta', :attributes => { :property => 'article:published_time' }
558	558	assert_no_tag :tag => 'meta', :attributes => { :property => 'og:image' }
559	559	end
	560	+
	561	+ should 'redirect to login if environment is restrict to members' do
	562	+ Environment.default.enable(:restrict_to_members)
	563	+ get :index
	564	+ assert_redirected_to :controller => 'account', :action => 'login'
	565	+ end
	566	+
	567	+ should 'do not allow member not included in whitelist to access an environment' do
	568	+ user = create_user
	569	+ e = Environment.default
	570	+ e.members_whitelist_enabled = true
	571	+ e.save!
	572	+ login_as(user.login)
	573	+ get :index
	574	+ assert_response :forbidden
	575	+ end
	576	+
	577	+ should 'allow member in whitelist to access an environment' do
	578	+ user = create_user
	579	+ e = Environment.default
	580	+ e.members_whitelist_enabled = true
	581	+ e.members_whitelist = "#{user.person.id}"
	582	+ e.save!
	583	+ login_as(user.login)
	584	+ get :index
	585	+ assert_response :success
	586	+ end
	587	+
	588	+ should 'allow members to access an environment if whitelist is disabled' do
	589	+ user = create_user
	590	+ e = Environment.default
	591	+ e.members_whitelist_enabled = false
	592	+ e.save!
	593	+ login_as(user.login)
	594	+ get :index
	595	+ assert_response :success
	596	+ end
	597	+
	598	+ should 'allow admin to access an environment if whitelist is enabled' do
	599	+ e = Environment.default
	600	+ e.members_whitelist_enabled = true
	601	+ e.save!
	602	+ login_as(create_admin_user(e))
	603	+ get :index
	604	+ assert_response :success
	605	+ end
	606	+
560	607	end
...	...
...	...	@@ -146,4 +146,12 @@ class FeaturesControllerTest < ActionController::TestCase
146	146	assert_equal true, e.custom_community_fields['contact_person']['required']
147	147	end
148	148
	149	+ should 'search members' do
	150	+ uses_host 'anhetegua.net'
	151	+ person = fast_create(Person, :environment_id => Environment.find(2).id)
	152	+ xhr :get, :search_members, :q => person.name[0..2]
	153	+ json_response = ActiveSupport::JSON.decode(@response.body)
	154	+ assert_includes json_response, {"id"=>person.id, "name"=>person.name}
	155	+ end
	156	+
149	157	end
...	...