Download as
Browse Code »

Commit da0396de56254f90861d5567cffb6fb22a0ae35d

Authored by Rodrigo Souto
1 parent ede53a92
Exists in master and in 22 other branches angular_poc, api-article-archived, article-readonly, backup-7-jan-2016, captcha_serpro_plugin, content-manager-hostspot, export-comment-paragraph, fix_event_date_issue, login-captcha, master_rails3, new_video_plugin, pg_search_rank, production, refactor_with_role, refactor_with_role_scope, remove_profile_cat_icons, resend_confirmation_email, staging, staging_rails3, tasks_keep_filter_params, theme-brasil-digital-from-staging, travis

admins: avoid problems with empty roles or environment on resources

Showing 3 changed files with 15 additions and 9 deletions   Show diff stats
app/models/environment.rb
  Diff comments   View file @da0396d
... ... @@ -86,7 +86,9 @@ class Environment < ActiveRecord::Base
86 86 end
87 87  
88 88 def admins
89   - Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', Environment::Roles.admin(self).id])
  89 + admin_role = Environment::Roles.admin(self)
  90 + return [] if admin_role.blank?
  91 + Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', admin_role.id])
90 92 end
91 93  
92 94 # returns the available features for a Environment, in the form of a
... ...
app/models/person.rb
  Diff comments   View file @da0396d
... ... @@ -33,16 +33,17 @@ class Person < Profile
33 33 { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
34 34 }
35 35  
36   - def has_permission_with_admin?(permission, profile)
37   - return true if profile.admins.include?(self) || profile.environment.admins.include?(self)
38   - has_permission_without_admin?(permission, profile)
  36 + def has_permission_with_admin?(permission, resource)
  37 + return true if resource.blank? || resource.admins.include?(self)
  38 + return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
  39 + has_permission_without_admin?(permission, resource)
39 40 end
40 41 alias_method_chain :has_permission?, :admin
41 42  
42   - def has_permission_with_plugins?(permission, profile)
43   - permissions = [has_permission_without_plugins?(permission, profile)]
  43 + def has_permission_with_plugins?(permission, resource)
  44 + permissions = [has_permission_without_plugins?(permission, resource)]
44 45 permissions += plugins.map do |plugin|
45   - plugin.has_permission?(self, permission, profile)
  46 + plugin.has_permission?(self, permission, resource)
46 47 end
47 48 permissions.include?(true)
48 49 end
... ...
app/models/profile.rb
  Diff comments   View file @da0396d
... ... @@ -795,7 +795,10 @@ private :generate_url, :url_options
795 795 end
796 796  
797 797 def admins
798   - self.members_by_role(Profile::Roles.admin(environment.id))
  798 + return [] if environment.blank?
  799 + admin_role = Profile::Roles.admin(environment.id)
  800 + return [] if admin_role.blank?
  801 + self.members_by_role(admin_role)
799 802 end
800 803  
801 804 def enable_contact?
... ... @@ -803,7 +806,7 @@ private :generate_url, :url_options
803 806 end
804 807  
805 808 include Noosfero::Plugin::HotSpot
806   -
  809 +
807 810 def folder_types
808 811 types = Article.folder_types
809 812 plugins.dispatch(:content_types).each {|type|
... ...