Merge branch 'master' into stable

Victor Costa
2 parents 230eab09 cc9cebd9
Showing 25 changed files with 134 additions and 34 deletions Show diff stats
app/controllers/my_profile/profile_members_controller.rb
app/helpers/application_helper.rb
app/helpers/tinymce_helper.rb
app/models/environment.rb
app/models/profile.rb
app/views/cms/_general_fields.html.erb
app/views/enterprise_registration/basic_information.html.erb
app/views/layouts/application-ng.html.erb
app/views/layouts/application.html.erb
config/application.rb
config/initializers/noosfero_urls.rb
db/schema.rb
etc/pound.cfg
features/step_definitions/activate_enterprise_steps.rb
lib/tasks/ci.rake
lib/tasks/plugins_tests.rake
plugins/bsc/views/shared/_fields.html.erb
plugins/statistics/lib/statistics_block.rb
plugins/statistics/test/unit/statistics_block_test.rb
public/designs/themes/noosfero/site_title.html.erb
@@ -20,7 +20,7 @@ class ProfileMembersController &lt; MyProfileController
         redirect_to :action => :last_admin
       elsif @person.define_roles(@roles, profile)
         session[:notice] = _('Roles successfuly updated')
-        redirect_to :controller => 'profile_editor'
+        redirect_to :action => 'index'
       else
         session[:notice] = _('Couldn\'t change the roles')
         redirect_to :action => 'index'
@@ -862,8 +862,9 @@ module ApplicationHelper
   end
   def base_url
-    environment.top_url
+    environment.top_url(request.scheme)
   end
+  alias :top_url :base_url
   def helper_for_article(article)
     article_helper = ActionView::Base.new
@@ -11,7 +11,7 @@ module TinymceHelper
   end
   def tinymce_init_js options = {}
-    options.merge! :document_base_url => environment.top_url,
+    options.merge! :document_base_url => top_url,
       :content_css => "/stylesheets/tinymce.css,#{macro_css_files}",
       :plugins => %w[compat3x advlist autolink lists link image charmap print preview hr anchor pagebreak
         searchreplace wordcount visualblocks visualchars code fullscreen
@@ -663,8 +663,8 @@ class Environment &lt; ActiveRecord::Base
     { :controller => 'admin_panel', :action => 'index' }
   end
-  def top_url
-    url = 'http://'
+  def top_url(scheme = 'http')
+    url = scheme + '://'
     url << (Noosfero.url_options.key?(:host) ? Noosfero.url_options[:host] : default_hostname)
     url << ':' << Noosfero.url_options[:port].to_s if Noosfero.url_options.key?(:port)
     url << Noosfero.root('')
@@ -943,6 +943,10 @@ class Environment &lt; ActiveRecord::Base
     locales_list
   end
+  def has_license?
+    self.licenses.any?
+  end
+
   private
   def default_language_available
@@ -161,6 +161,7 @@ class Profile &lt; ActiveRecord::Base
   scope :visible, :conditions => { :visible => true }
   scope :disabled, :conditions => { :visible => false }
   scope :public, :conditions => { :visible => true, :public_profile => true }
+  scope :enabled, :conditions => { :enabled => true }
   # Subclasses must override this method
   scope :more_popular
@@ -430,7 +431,7 @@ class Profile &lt; ActiveRecord::Base
   end
   xss_terminate :only => [ :name, :nickname, :address, :contact_phone, :description ], :on => 'validation'
-  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list', :on => 'validation'
+  xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list'
   include WhiteListFilter
   filter_iframes :custom_header, :custom_footer
 <%= select_profile_folder(_('Parent folder:'), 'article[parent_id]', profile, @article.parent_id) %>
-<%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {|license| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>
+<% if profile.environment.has_license? %>
+  <%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {|license| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>
+<% end %>
@@ -20,7 +20,7 @@
   <%= labelled_form_for :create_enterprise do |f| %>
     <%= required f.text_field 'name', :onchange => "updateUrlField(this, 'create_enterprise_identifier')", :size => 40 %>
-    <%= required labelled_form_field(_('Address'), content_tag('code', environment.top_url + "/" + text_field(:create_enterprise, 'identifier', :size => 26))) %>
+    <%= required labelled_form_field(_('Address'), content_tag('code', top_url + "/" + text_field(:create_enterprise, 'identifier', :size => 26))) %>
     <%= render :partial => 'shared/organization_custom_fields', :locals => { :f => f, :object_name => :create_enterprise, :profile => @create_enterprise } %>
     <%= required labelled_form_field(_('Region'), f.select('region_id', @regions)) if @validation == :region %>
@@ -14,7 +14,7 @@
     <!-- Open Graph -->
     <meta property="og:type" content="<%= @page ? 'article' : 'website' %>">
-    <meta property="og:url" content="<%= @page ? url_for(@page.url) : @environment.top_url %>">
+    <meta property="og:url" content="<%= @page ? url_for(@page.url) : top_url %>">
     <meta property="og:title" content="<%= h page_title %>">
     <meta property="og:site_name" content="<%= profile ? profile.name : @environment.name %>">
     <meta property="og:description" content="<%= meta_description_tag(@page) %>">
@@ -68,7 +68,7 @@
         <div id="navigation_bar">
           <%= link_to "<span>"+ @environment.name() +"</span>",
-                      @environment.top_url,
+                        top_url,
                         :id=>"menu_link_to_envhome",
                         :title=>@environment.name  %>
           <% unless environment.enabled?(:disable_categories) %>
@@ -113,9 +113,6 @@ module Noosfero
     config.secret_token = noosfero_session_secret
     config.session_store :cookie_store, :key => '_noosfero_session'
-    config.time_zone = File.read('/etc/timezone').split("\n").first
-    config.active_record.default_timezone = :local
-
     config.paths['db/migrate'] += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/db/migrate"
     config.i18n.load_path += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/locales/*.{rb,yml}"
@@ -0,0 +1,13 @@
+if Rails.env == 'development'
+  ActionController::Base.send(:prepend_before_filter) do |controller|
+    # XXX note that this is not thread-safe! Accessing a Noosfero instance in
+    # development mode under different ports concurrently _will_ lead to weird
+    # things happening.
+    if [80,443].include?(controller.request.port)
+      url_options = {}
+    else
+      url_options = { :port => controller.request.port }
+    end
+    Noosfero.instance_variable_set('@development_url_options', url_options)
+  end
+end
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20150113131617) do
+ActiveRecord::Schema.define(:version => 20150122165042) do
   create_table "abuse_reports", :force => true do |t|
     t.integer  "reporter_id"
@@ -23,6 +23,7 @@ End
 ListenHTTPS
   Address    0.0.0.0
+  AddHeader  "X-Forwarded-Proto: https"
   Port       443
   Cert       "/etc/noosfero/ssl/noosfero.pem"
   Ciphers    "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
@@ -19,7 +19,7 @@ Given /^&quot;([^\&quot;]*)&quot; is the active enterprise template$/ do |enterprise|
   template.save!
   e = Environment.default
-  e.enterprise_template = template
+  e.enterprise_default_template = template
   e.save
 end
@@ -5,7 +5,13 @@ namespace :ci do
     current_branch = `git rev-parse --abbrev-ref HEAD`.strip
     from = ENV['PREV_HEAD'] || "origin/#{current_branch}"
+    if !system("git show-ref --verify --quiet refs/remotes/#{from}")
+      from = 'origin/master'
+    end
     to = ENV['HEAD'] || current_branch
+
+    puts "Testing changes between #{from} and #{to} ..."
+
     changed_files = `git diff --name-only #{from}..#{to}`.split.select do |f|
       File.exist?(f) && f.split(File::SEPARATOR).first != 'vendor'
     end
@@ -33,14 +39,23 @@ namespace :ci do
       end
     end
+    if tests.empty? && features.empty? && changed_plugins.empty?
+      puts "Could not figure out specific changes to be tested in isolation!"
+    end
+    puts
+
     sh 'testrb', '-Itest', *tests unless tests.empty?
     sh 'cucumber', *features unless features.empty?
     sh 'xvfb-run', 'cucumber', '-p', 'selenium', *features unless features.empty?
     changed_plugins.each do |plugin|
-      task = "test:noosfero_plugins:#{plugin}"
-      puts "Running #{task}"
-      Rake::Task[task].execute
+      if $broken_plugins.include?(plugin)
+        puts "Skipping plugins/#{plugin}: marked as broken"
+      else
+        task = "test:noosfero_plugins:#{plugin}"
+        puts "Running #{task}"
+        Rake::Task[task].execute
+      end
     end
   end
-@broken_plugins = %w[
+$broken_plugins = %w[
   anti_spam
   bsc
   comment_classification
   ldap
   solr
+  stoa
 ]
 @all_plugins = Dir.glob('plugins/*').map { |f| File.basename(f) } - ['template']
@@ -204,14 +205,14 @@ namespace :test do
     @all_tasks.each do |taskname|
       desc "Run #{taskname} tests for all plugins"
       task taskname do
-        test_sequence(@all_plugins - @broken_plugins, taskname)
+        test_sequence(@all_plugins - $broken_plugins, taskname)
       end
     end
   end
   desc "Run all tests for all plugins"
   task :noosfero_plugins do
-    test_sequence(@all_plugins - @broken_plugins, @all_tasks) do |failed|
+    test_sequence(@all_plugins - $broken_plugins, @all_tasks) do |failed|
       plugins_status_report(failed)
     end
   end
@@ -228,7 +229,7 @@ def plugins_status_report(failed)
   printf ('-' * w) + ' ' + ('-' * 20) + "\n"
   @all_plugins.each do |plugin|
-    if @broken_plugins.include?(plugin)
+    if $broken_plugins.include?(plugin)
       status = "SKIP"
     elsif !failed[plugin] || failed[plugin].empty?
       status = "PASS"
@@ -31,7 +31,7 @@
   <%= hidden_field_tag 'old_bsc_identifier', profile.identifier %>
   <div id="bsc-formitem">
     <%=   content_tag('code',
-            environment.top_url + '/ ' +
+            top_url + '/ ' +
             text_field(:profile_data, :identifier, :onchange => "warn_value_change()", :size => 25)
           ) +
           content_tag('div',
@@ -85,7 +85,7 @@ class StatisticsBlock &lt; Block
   def enterprises
     if owner.kind_of?(Environment) || owner.kind_of?(Person)
-      owner.enterprises.visible.count
+      owner.enterprises.visible.enabled.count
     else
       0
     end
@@ -126,6 +126,19 @@ class StatisticsBlockTest &lt; ActiveSupport::TestCase
     assert_equal 2, b.enterprises
   end
+  should 'return the amount of enabled enterprises' do
+    b = StatisticsBlock.new
+    e = fast_create(Environment)
+
+    fast_create(Enterprise, :environment_id => e.id)
+    fast_create(Enterprise, :environment_id => e.id)
+    fast_create(Enterprise, :enabled => false, :environment_id => e.id)
+
+    b.expects(:owner).at_least_once.returns(e)
+
+    assert_equal 2, b.enterprises
+  end
+
   should 'categories return the amount of categories of the Environment' do
     b = StatisticsBlock.new
     e = fast_create(Environment)
-<%= link_to(image_tag("/designs/themes/noosfero/images/logo-noosfero.png"), environment.top_url) %>
+<%= link_to(image_tag("/designs/themes/noosfero/images/logo-noosfero.png"), top_url) %>
 <% if File.exists?(File.join(Rails.root, 'public', "/designs/themes/#{environment.theme}/images/thin-logo.png")) %>
-  <%= link_to(image_tag("/designs/themes/#{environment.theme}/images/thin-logo.png"), environment.top_url) %>
+  <%= link_to(image_tag("/designs/themes/#{environment.theme}/images/thin-logo.png"), top_url) %>
 <% else %>
-  <%= link_to(image_tag("/designs/themes/noosfero/images/thin-logo.png"), environment.top_url) %>
+  <%= link_to(image_tag("/designs/themes/noosfero/images/thin-logo.png"), top_url) %>
 <% end %>
@@ -1678,6 +1678,15 @@ class CmsControllerTest &lt; ActionController::TestCase
     assert_equal license, article.license
   end
+  should 'not display license field if there is no license availabe in environment' do
+    article = fast_create(Article, :profile_id => profile.id)
+    License.delete_all
+    login_as(profile.identifier)
+
+    get :new, :profile => profile.identifier, :type => 'TinyMceArticle'
+    assert_no_tag :tag => 'select', :attributes => {:id => 'article_license_id'}
+  end
+
   should 'list folders options to move content' do
     article = fast_create(Article, :profile_id => profile.id)
     f1 = fast_create(Folder, :profile_id => profile.id)
@@ -1627,4 +1627,26 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     assert_equal 'Welcome to the environment', environment.signup_welcome_screen_body
   end
+
+  should 'has_license be true if there is one license in enviroment' do
+    e = fast_create(Environment)
+    fast_create(License, :name => 'Some', :environment_id => e.id)
+
+    assert e.has_license?
+  end
+
+  should 'has_license be true if there is many licenses in enviroment' do
+    e = fast_create(Environment)
+    fast_create(License, :name => 'Some', :environment_id => e.id)
+    fast_create(License, :name => 'Another', :environment_id => e.id)
+
+    assert e.has_license?
+  end
+
+  should 'has_license be false if there is no license in enviroment' do
+    e = fast_create(Environment)
+
+    assert !e.has_license?
+  end
+
 end
@@ -840,6 +840,14 @@ class ProfileTest &lt; ActiveSupport::TestCase
     assert_equal 'environment footer', profile.custom_footer
   end
+  should 'sanitize custom header and footer' do
+    p = fast_create(Profile)
+    script_kiddie_code = '<script>alert("look mom, I am a hacker!")</script>'
+    p.update_header_and_footer(script_kiddie_code, script_kiddie_code)
+    assert_no_tag_in_string p.custom_header, tag: 'script'
+    assert_no_tag_in_string p.custom_footer, tag: 'script'
+  end
+
   should 'store theme' do
     p = build(Profile, :theme => 'my-shiny-theme')
     assert_equal 'my-shiny-theme', p.theme
@@ -1555,8 +1563,6 @@ class ProfileTest &lt; ActiveSupport::TestCase
     profile.address = "<h1><</h2< Malformed >> html >< tag"
     profile.contact_phone = "<h1<< Malformed ><>>> html >< tag"
     profile.description = "<h1<a> Malformed >> html ></a>< tag"
-    profile.custom_header = "<h1<a>><<> Malformed >> html ></a>< tag"
-    profile.custom_footer = "<h1> Malformed <><< html ></a>< tag"
     profile.valid?
     assert_no_match /[<>]/, profile.name
@@ -1568,6 +1574,16 @@ class ProfileTest &lt; ActiveSupport::TestCase
     assert_no_match /[<>]/, profile.custom_footer
   end
+  should 'escape malformed html tags in header and footer' do
+    profile = fast_create(Profile)
+    profile.custom_header = "<h1<a>><<> Malformed >> html ></a>< tag"
+    profile.custom_footer = "<h1> Malformed <><< html ></a>< tag"
+    profile.save
+
+    assert_no_match /[<>]/, profile.custom_header
+    assert_no_match /[<>]/, profile.custom_footer
+  end
+
   should 'not sanitize html comments' do
     profile = Profile.new
     profile.custom_header = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>'
@@ -1973,4 +1989,14 @@ class ProfileTest &lt; ActiveSupport::TestCase
     assert_equal true, profile.disable
     assert_equal false, profile.visible?
   end
+
+  should 'fetch enabled profiles' do
+    p1 = fast_create(Profile, :enabled => true)
+    p2 = fast_create(Profile, :enabled => true)
+    p3 = fast_create(Profile, :enabled => false)
+
+    assert_includes Profile.enabled, p1
+    assert_includes Profile.enabled, p2
+    assert_not_includes Profile.enabled, p3
+  end
 end
@@ -1,5 +0,0 @@
-if Rails.env == 'development'
-  ActionController::Base.send(:prepend_before_filter) do |controller|
-    Noosfero.instance_variable_set('@development_url_options', { :port => controller.request.port })
-  end
-end
	@@ -20,7 +20,7 @@ class ProfileMembersController < MyProfileController		@@ -20,7 +20,7 @@ class ProfileMembersController < MyProfileController
20	redirect_to :action => :last_admin	20	redirect_to :action => :last_admin
21	elsif @person.define_roles(@roles, profile)	21	elsif @person.define_roles(@roles, profile)
22	session[:notice] = _('Roles successfuly updated')	22	session[:notice] = _('Roles successfuly updated')
23	- redirect_to :controller => 'profile_editor'	23	+ redirect_to :action => 'index'
24	else	24	else
25	session[:notice] = _('Couldn\'t change the roles')	25	session[:notice] = _('Couldn\'t change the roles')
26	redirect_to :action => 'index'	26	redirect_to :action => 'index'
	@@ -11,7 +11,7 @@ module TinymceHelper		@@ -11,7 +11,7 @@ module TinymceHelper
11	end	11	end
12		12
13	def tinymce_init_js options = {}	13	def tinymce_init_js options = {}
14	- options.merge! :document_base_url => environment.top_url,	14	+ options.merge! :document_base_url => top_url,
15	:content_css => "/stylesheets/tinymce.css,#{macro_css_files}",	15	:content_css => "/stylesheets/tinymce.css,#{macro_css_files}",
16	:plugins => %w[compat3x advlist autolink lists link image charmap print preview hr anchor pagebreak	16	:plugins => %w[compat3x advlist autolink lists link image charmap print preview hr anchor pagebreak
17	searchreplace wordcount visualblocks visualchars code fullscreen	17	searchreplace wordcount visualblocks visualchars code fullscreen
1	<%= select_profile_folder(_('Parent folder:'), 'article[parent_id]', profile, @article.parent_id) %>	1	<%= select_profile_folder(_('Parent folder:'), 'article[parent_id]', profile, @article.parent_id) %>
2	-<%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {\|license\| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>	2	+<% if profile.environment.has_license? %>
		3	+ <%= labelled_form_field(_('License'), select(:article, :license_id, options_for_select_with_title([[_('None'), nil]] + profile.environment.licenses.map {\|license\| [license.name, license.id]}, @article.license ? @article.license.id : nil))) %>
		4	+<% end %>
	@@ -20,7 +20,7 @@		@@ -20,7 +20,7 @@
20		20
21	<%= labelled_form_for :create_enterprise do \|f\| %>	21	<%= labelled_form_for :create_enterprise do \|f\| %>
22	<%= required f.text_field 'name', :onchange => "updateUrlField(this, 'create_enterprise_identifier')", :size => 40 %>	22	<%= required f.text_field 'name', :onchange => "updateUrlField(this, 'create_enterprise_identifier')", :size => 40 %>
23	- <%= required labelled_form_field(_('Address'), content_tag('code', environment.top_url + "/" + text_field(:create_enterprise, 'identifier', :size => 26))) %>	23	+ <%= required labelled_form_field(_('Address'), content_tag('code', top_url + "/" + text_field(:create_enterprise, 'identifier', :size => 26))) %>
24	<%= render :partial => 'shared/organization_custom_fields', :locals => { :f => f, :object_name => :create_enterprise, :profile => @create_enterprise } %>	24	<%= render :partial => 'shared/organization_custom_fields', :locals => { :f => f, :object_name => :create_enterprise, :profile => @create_enterprise } %>
25	<%= required labelled_form_field(_('Region'), f.select('region_id', @regions)) if @validation == :region %>	25	<%= required labelled_form_field(_('Region'), f.select('region_id', @regions)) if @validation == :region %>
26		26
	@@ -14,7 +14,7 @@		@@ -14,7 +14,7 @@
14		14
15	<!-- Open Graph -->	15	<!-- Open Graph -->
16	<meta property="og:type" content="<%= @page ? 'article' : 'website' %>">	16	<meta property="og:type" content="<%= @page ? 'article' : 'website' %>">
17	- <meta property="og:url" content="<%= @page ? url_for(@page.url) : @environment.top_url %>">	17	+ <meta property="og:url" content="<%= @page ? url_for(@page.url) : top_url %>">
18	<meta property="og:title" content="<%= h page_title %>">	18	<meta property="og:title" content="<%= h page_title %>">
19	<meta property="og:site_name" content="<%= profile ? profile.name : @environment.name %>">	19	<meta property="og:site_name" content="<%= profile ? profile.name : @environment.name %>">
20	<meta property="og:description" content="<%= meta_description_tag(@page) %>">	20	<meta property="og:description" content="<%= meta_description_tag(@page) %>">
	@@ -68,7 +68,7 @@		@@ -68,7 +68,7 @@
68		68
69	<div id="navigation_bar">	69	<div id="navigation_bar">
70	<%= link_to "<span>"+ @environment.name() +"</span>",	70	<%= link_to "<span>"+ @environment.name() +"</span>",
71	- @environment.top_url,	71	+ top_url,
72	:id=>"menu_link_to_envhome",	72	:id=>"menu_link_to_envhome",
73	:title=>@environment.name %>	73	:title=>@environment.name %>
74	<% unless environment.enabled?(:disable_categories) %>	74	<% unless environment.enabled?(:disable_categories) %>
@@ -0,0 +1,13 @@		@@ -0,0 +1,13 @@
	1	+if Rails.env == 'development'
	2	+ ActionController::Base.send(:prepend_before_filter) do \|controller\|
	3	+ # XXX note that this is not thread-safe! Accessing a Noosfero instance in
	4	+ # development mode under different ports concurrently _will_ lead to weird
	5	+ # things happening.
	6	+ if [80,443].include?(controller.request.port)
	7	+ url_options = {}
	8	+ else
	9	+ url_options = { :port => controller.request.port }
	10	+ end
	11	+ Noosfero.instance_variable_set('@development_url_options', url_options)
	12	+ end
	13	+end
	@@ -11,7 +11,7 @@		@@ -11,7 +11,7 @@
11	#	11	#
12	# It's strongly recommended to check this file into your version control system.	12	# It's strongly recommended to check this file into your version control system.
13		13
14	-ActiveRecord::Schema.define(:version => 20150113131617) do	14	+ActiveRecord::Schema.define(:version => 20150122165042) do
15		15
16	create_table "abuse_reports", :force => true do \|t\|	16	create_table "abuse_reports", :force => true do \|t\|
17	t.integer "reporter_id"	17	t.integer "reporter_id"
	@@ -23,6 +23,7 @@ End		@@ -23,6 +23,7 @@ End
23		23
24	ListenHTTPS	24	ListenHTTPS
25	Address 0.0.0.0	25	Address 0.0.0.0
		26	+ AddHeader "X-Forwarded-Proto: https"
26	Port 443	27	Port 443
27	Cert "/etc/noosfero/ssl/noosfero.pem"	28	Cert "/etc/noosfero/ssl/noosfero.pem"
28	Ciphers "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"	29	Ciphers "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
	@@ -19,7 +19,7 @@ Given /^"([^\"]*)" is the active enterprise template$/ do \|enterprise\|		@@ -19,7 +19,7 @@ Given /^"([^\"]*)" is the active enterprise template$/ do \|enterprise\|
19	template.save!	19	template.save!
20		20
21	e = Environment.default	21	e = Environment.default
22	- e.enterprise_template = template	22	+ e.enterprise_default_template = template
23	e.save	23	e.save
24	end	24	end
25		25