Commit 0c69cdb144b96f7c69826c1d07fbf393d77c910d
Exists in
staging
and in
42 other branches
Merge branch 'stable'
Conflicts: test/functional/profile_controller_test.rb
Showing
26 changed files
with
334 additions
and
52 deletions
Show diff stats
app/controllers/my_profile/cms_controller.rb
| @@ -149,7 +149,7 @@ class CmsController < MyProfileController | @@ -149,7 +149,7 @@ class CmsController < MyProfileController | ||
| 149 | def set_home_page | 149 | def set_home_page |
| 150 | @article = profile.articles.find(params[:id]) | 150 | @article = profile.articles.find(params[:id]) |
| 151 | profile.home_page = @article | 151 | profile.home_page = @article |
| 152 | - profile.save! | 152 | + profile.save(false) |
| 153 | flash[:notice] = _('"%s" configured as home page.') % @article.name | 153 | flash[:notice] = _('"%s" configured as home page.') % @article.name |
| 154 | redirect_to :action => 'view', :id => @article.id | 154 | redirect_to :action => 'view', :id => @article.id |
| 155 | end | 155 | end |
app/controllers/public/profile_controller.rb
| @@ -3,7 +3,7 @@ class ProfileController < PublicController | @@ -3,7 +3,7 @@ class ProfileController < PublicController | ||
| 3 | needs_profile | 3 | needs_profile |
| 4 | before_filter :check_access_to_profile, :except => [:join, :refuse_join, :refuse_for_now, :index] | 4 | before_filter :check_access_to_profile, :except => [:join, :refuse_join, :refuse_for_now, :index] |
| 5 | before_filter :store_before_join, :only => [:join] | 5 | before_filter :store_before_join, :only => [:join] |
| 6 | - before_filter :login_required, :only => [:join, :refuse_join, :leave] | 6 | + before_filter :login_required, :only => [:join, :refuse_join, :leave, :unblock] |
| 7 | 7 | ||
| 8 | helper TagsHelper | 8 | helper TagsHelper |
| 9 | 9 | ||
| @@ -127,8 +127,14 @@ class ProfileController < PublicController | @@ -127,8 +127,14 @@ class ProfileController < PublicController | ||
| 127 | end | 127 | end |
| 128 | 128 | ||
| 129 | def unblock | 129 | def unblock |
| 130 | - profile.unblock | ||
| 131 | - redirect_to :controller => 'profile', :action => 'index' | 130 | + if current_user.person.is_admin?(profile.environment) |
| 131 | + profile.unblock | ||
| 132 | + flash[:notice] = _("You have unblocked %s successfully. ") % profile.name | ||
| 133 | + redirect_to :controller => 'profile', :action => 'index' | ||
| 134 | + else | ||
| 135 | + message = _('You are not allowed to unblock enterprises in this environment.') | ||
| 136 | + render_access_denied(message) | ||
| 137 | + end | ||
| 132 | end | 138 | end |
| 133 | 139 | ||
| 134 | protected | 140 | protected |
app/models/block.rb
| @@ -20,7 +20,7 @@ class Block < ActiveRecord::Base | @@ -20,7 +20,7 @@ class Block < ActiveRecord::Base | ||
| 20 | # | 20 | # |
| 21 | # * <tt>:article</tt>: the article being viewed currently | 21 | # * <tt>:article</tt>: the article being viewed currently |
| 22 | def visible?(context = nil) | 22 | def visible?(context = nil) |
| 23 | - if settings[:visible] == false || display == 'never' | 23 | + if display == 'never' |
| 24 | return false | 24 | return false |
| 25 | end | 25 | end |
| 26 | if context && context[:article] && display == 'home_page_only' | 26 | if context && context[:article] && display == 'home_page_only' |
| @@ -35,21 +35,7 @@ class Block < ActiveRecord::Base | @@ -35,21 +35,7 @@ class Block < ActiveRecord::Base | ||
| 35 | # * <tt>'never'</tt>: the block is hidden (it does not appear for visitors) | 35 | # * <tt>'never'</tt>: the block is hidden (it does not appear for visitors) |
| 36 | # * <tt>'home_page_only'</tt> the block is displayed only when viewing the | 36 | # * <tt>'home_page_only'</tt> the block is displayed only when viewing the |
| 37 | # homepage of its owner. | 37 | # homepage of its owner. |
| 38 | - def display | ||
| 39 | - if settings[:visible] == false | ||
| 40 | - 'never' | ||
| 41 | - else | ||
| 42 | - settings[:display] || 'always' | ||
| 43 | - end | ||
| 44 | - end | ||
| 45 | - | ||
| 46 | - # Sets the <tt>value</tt> attribute. | ||
| 47 | - def display=(value) | ||
| 48 | - settings[:display] = value | ||
| 49 | - # clear the old setting | ||
| 50 | - settings[:visible] = nil | ||
| 51 | - end | ||
| 52 | - | 38 | + settings_items :display, :type => :string, :default => 'always' |
| 53 | 39 | ||
| 54 | # returns the description of the block, used when the user sees a list of | 40 | # returns the description of the block, used when the user sees a list of |
| 55 | # blocks to choose one to include in the design. | 41 | # blocks to choose one to include in the design. |
app/views/shared/tiny_mce.rhtml
| @@ -22,7 +22,7 @@ tinyMCE.init({ | @@ -22,7 +22,7 @@ tinyMCE.init({ | ||
| 22 | paste_insert_word_content_callback : "convertWord", | 22 | paste_insert_word_content_callback : "convertWord", |
| 23 | paste_use_dialog: false, | 23 | paste_use_dialog: false, |
| 24 | apply_source_formatting : true, | 24 | apply_source_formatting : true, |
| 25 | - extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder]", | 25 | + extended_valid_elements : "applet[style|archive|codebase|code|height|width],comment,iframe[src|style|allowtransparency|frameborder|width|height]", |
| 26 | content_css: '/stylesheets/tinymce.css', | 26 | content_css: '/stylesheets/tinymce.css', |
| 27 | language: <%= tinymce_language.inspect %>, | 27 | language: <%= tinymce_language.inspect %>, |
| 28 | entity_encoding: 'raw' | 28 | entity_encoding: 'raw' |
app/views/tasks/_add_friend.rhtml
| @@ -2,7 +2,7 @@ | @@ -2,7 +2,7 @@ | ||
| 2 | 2 | ||
| 3 | <%= link_to( profile_image(task.requestor, :minor, :border => 0), task.requestor.public_profile_url ) %> | 3 | <%= link_to( profile_image(task.requestor, :minor, :border => 0), task.requestor.public_profile_url ) %> |
| 4 | 4 | ||
| 5 | -<%= _('%s wants to connect to you as a friend.') % | 5 | +<%= _('%s wants to be your friend.') % |
| 6 | content_tag('strong', link_to( task.requestor.name, task.requestor.public_profile_url ) ) %> | 6 | content_tag('strong', link_to( task.requestor.name, task.requestor.public_profile_url ) ) %> |
| 7 | 7 | ||
| 8 | <% form_for('task', task, :url => { :action => 'close', :id => task.id } ) do |f| %> | 8 | <% form_for('task', task, :url => { :action => 'close', :id => task.id } ) do |f| %> |
| @@ -0,0 +1 @@ | @@ -0,0 +1 @@ | ||
| 1 | +<%= render :partial => 'add_friend', :locals => {:task => task} %> |
| @@ -0,0 +1,29 @@ | @@ -0,0 +1,29 @@ | ||
| 1 | +<h2><%= _('Join community') %></h2> | ||
| 2 | + | ||
| 3 | +<%= link_to( profile_image(task.requestor, :minor, :border => 0), task.requestor.public_profile_url ) %> | ||
| 4 | + | ||
| 5 | +<%= _('%s invites you to join the community %s.') % | ||
| 6 | + [content_tag('strong', link_to( task.requestor.name, task.requestor.public_profile_url ) ), | ||
| 7 | + content_tag('strong', link_to( task.community.name, task.community.public_profile_url ) )] %> | ||
| 8 | + | ||
| 9 | +<% form_for('task', task, :url => { :action => 'close', :id => task.id } ) do |f| %> | ||
| 10 | + | ||
| 11 | + <div> | ||
| 12 | + <%= radio_button_tag(:decision, 'finish', true, | ||
| 13 | + :id => "decision-finish-#{task.id}", | ||
| 14 | + :onclick => "Element.show('group-for-friend-#{task.id}')") %> | ||
| 15 | + <label for="<%= "decision-finish-#{task.id}" %>"><b><%= _('Accept') %></b></label> | ||
| 16 | + | ||
| 17 | + | ||
| 18 | + | ||
| 19 | + <%= radio_button_tag(:decision, 'cancel', false, | ||
| 20 | + :id => "decision-cancel-#{task.id}", | ||
| 21 | + :onclick => "Element.hide('group-for-friend-#{task.id}')") %> | ||
| 22 | + <label for="<%= "decision-cancel-#{task.id}" %>"><b><%= _('Reject') %></b></label> | ||
| 23 | + | ||
| 24 | + </div> | ||
| 25 | + | ||
| 26 | + <% button_bar do %> | ||
| 27 | + <%= submit_button(:ok, _('Ok!')) %> | ||
| 28 | + <% end %> | ||
| 29 | +<% end %> |
db/migrate/20100514133346_move_values_of_visible_field_to_display_field.rb
0 → 100644
| @@ -0,0 +1,20 @@ | @@ -0,0 +1,20 @@ | ||
| 1 | +class MoveValuesOfVisibleFieldToDisplayField < ActiveRecord::Migration | ||
| 2 | + def self.up | ||
| 3 | + Block.all.each do |block| | ||
| 4 | + visible = block.settings.delete(:visible) | ||
| 5 | + if visible == false | ||
| 6 | + block.settings[:display] = 'never' | ||
| 7 | + block.save! | ||
| 8 | + else | ||
| 9 | + if block.settings[:display].blank? | ||
| 10 | + block.settings[:display] = 'always' | ||
| 11 | + block.save! | ||
| 12 | + end | ||
| 13 | + end | ||
| 14 | + end | ||
| 15 | + end | ||
| 16 | + | ||
| 17 | + def self.down | ||
| 18 | + say "Nothing to do!" | ||
| 19 | + end | ||
| 20 | +end |
db/schema.rb
| @@ -9,7 +9,7 @@ | @@ -9,7 +9,7 @@ | ||
| 9 | # | 9 | # |
| 10 | # It's strongly recommended to check this file into your version control system. | 10 | # It's strongly recommended to check this file into your version control system. |
| 11 | 11 | ||
| 12 | -ActiveRecord::Schema.define(:version => 20100413231206) do | 12 | +ActiveRecord::Schema.define(:version => 20100514133346) do |
| 13 | 13 | ||
| 14 | create_table "article_versions", :force => true do |t| | 14 | create_table "article_versions", :force => true do |t| |
| 15 | t.integer "article_id" | 15 | t.integer "article_id" |
features/invitation.feature
| @@ -4,9 +4,9 @@ Feature: invitation | @@ -4,9 +4,9 @@ Feature: invitation | ||
| 4 | 4 | ||
| 5 | Background: | 5 | Background: |
| 6 | Given the following users | 6 | Given the following users |
| 7 | - | login | | ||
| 8 | - | josesilva | | ||
| 9 | - | josesantos | | 7 | + | login | email | |
| 8 | + | josesilva | silva@invalid.br | | ||
| 9 | + | josesantos | santos@invalid.br | | ||
| 10 | And the following communities | 10 | And the following communities |
| 11 | | owner | identifier | name | | 11 | | owner | identifier | name | |
| 12 | | josesilva | 26-bsslines | 26 Bsslines | | 12 | | josesilva | 26-bsslines | 26 Bsslines | |
| @@ -72,14 +72,89 @@ Feature: invitation | @@ -72,14 +72,89 @@ Feature: invitation | ||
| 72 | Then I should see "Access denied" | 72 | Then I should see "Access denied" |
| 73 | 73 | ||
| 74 | Scenario: not see link to invite members to enterprise in manage members | 74 | Scenario: not see link to invite members to enterprise in manage members |
| 75 | - Given I am on /myprofile/beatles-for-sale/profile_members | 75 | + Given I am on Beatles For Sale's members management |
| 76 | Then I should not see "Invite your friends to join Beatles For Sale" link | 76 | Then I should not see "Invite your friends to join Beatles For Sale" link |
| 77 | 77 | ||
| 78 | Scenario: back to manage members after invite friends | 78 | Scenario: back to manage members after invite friends |
| 79 | - Given I am on /myprofile/26-bsslines/profile_members | 79 | + Given I am on 26 Bsslines's members management |
| 80 | And I follow "Invite your friends to join 26 Bsslines" | 80 | And I follow "Invite your friends to join 26 Bsslines" |
| 81 | And I press "Next" | 81 | And I press "Next" |
| 82 | And I fill in "manual_import_addresses" with "misfits@devil.doll" | 82 | And I fill in "manual_import_addresses" with "misfits@devil.doll" |
| 83 | And I fill in "mail_template" with "Follow this link <url>" | 83 | And I fill in "mail_template" with "Follow this link <url>" |
| 84 | When I press "Invite my friends!" | 84 | When I press "Invite my friends!" |
| 85 | Then I should be on /myprofile/26-bsslines/profile_members | 85 | Then I should be on /myprofile/26-bsslines/profile_members |
| 86 | + | ||
| 87 | + Scenario: noosfero user receives a task when a user invites to join a community | ||
| 88 | + Given I am on 26 Bsslines's members management | ||
| 89 | + And I follow "Invite your friends to join 26 Bsslines" | ||
| 90 | + And I press "Next" | ||
| 91 | + And I fill in "manual_import_addresses" with "santos@invalid.br" | ||
| 92 | + And I fill in "mail_template" with "Follow this link <url>" | ||
| 93 | + And I press "Invite my friends!" | ||
| 94 | + When I am logged in as "josesantos" | ||
| 95 | + And I follow "Control Panel" | ||
| 96 | + And I should see "josesilva invites you to join the community 26 Bsslines." | ||
| 97 | + | ||
| 98 | + Scenario: noosfero user accepts to join community | ||
| 99 | + Given I invite email "santos@invalid.br" to join community "26 Bsslines" | ||
| 100 | + When I am logged in as "josesantos" | ||
| 101 | + And I follow "Control panel" | ||
| 102 | + And I follow "Process requests" | ||
| 103 | + And I should see "josesilva invites you to join the community 26 Bsslines." | ||
| 104 | + And I choose "Accept" | ||
| 105 | + When I press "Ok!" | ||
| 106 | + Then I should not see "josesilva invites you to join the community 26 Bsslines." | ||
| 107 | + When I follow "Control panel" | ||
| 108 | + And I follow "Manage my groups" | ||
| 109 | + Then I should see "26 Bsslines" | ||
| 110 | + | ||
| 111 | + Scenario: noosfero user rejects to join community | ||
| 112 | + Given I invite email "santos@invalid.br" to join community "26 Bsslines" | ||
| 113 | + When I am logged in as "josesantos" | ||
| 114 | + And I follow "Control panel" | ||
| 115 | + And I follow "Process requests" | ||
| 116 | + And I should see "josesilva invites you to join the community 26 Bsslines." | ||
| 117 | + And I choose "Reject" | ||
| 118 | + When I press "Ok!" | ||
| 119 | + Then I should not see "josesilva invites you to join the community 26 Bsslines." | ||
| 120 | + When I follow "Control panel" | ||
| 121 | + And I follow "Manage my groups" | ||
| 122 | + Then I should not see "26 Bsslines" | ||
| 123 | + | ||
| 124 | + Scenario: noosfero user receives a task when a user invites to be friend | ||
| 125 | + Given I am on josesilva's control panel | ||
| 126 | + And I follow "Manage Friends" | ||
| 127 | + And I follow "Invite people from my e-mail contacts" | ||
| 128 | + And I press "Next" | ||
| 129 | + And I fill in "manual_import_addresses" with "santos@invalid.br" | ||
| 130 | + And I fill in "mail_template" with "Follow this link <url>" | ||
| 131 | + And I press "Invite my friends!" | ||
| 132 | + When I am logged in as "josesantos" | ||
| 133 | + And I follow "Control Panel" | ||
| 134 | + And I should see "josesilva wants to be your friend." | ||
| 135 | + | ||
| 136 | + Scenario: noosfero user accepts to be friend | ||
| 137 | + Given I invite email "santos@invalid.br" to be my friend | ||
| 138 | + When I am logged in as "josesantos" | ||
| 139 | + And I follow "Control panel" | ||
| 140 | + And I follow "Process requests" | ||
| 141 | + And I should see "josesilva wants to be your friend." | ||
| 142 | + And I choose "Accept" | ||
| 143 | + When I press "Ok!" | ||
| 144 | + And I should not see "josesilva wants to be your friend." | ||
| 145 | + When I follow "Control panel" | ||
| 146 | + And I follow "Manage friends" | ||
| 147 | + Then I should see "josesilva" | ||
| 148 | + | ||
| 149 | + Scenario: noosfero user rejects to be friend | ||
| 150 | + Given I invite email "santos@invalid.br" to be my friend | ||
| 151 | + When I am logged in as "josesantos" | ||
| 152 | + And I follow "Control panel" | ||
| 153 | + And I follow "Process requests" | ||
| 154 | + And I should see "josesilva wants to be your friend." | ||
| 155 | + And I choose "Ignore" | ||
| 156 | + When I press "Ok!" | ||
| 157 | + And I should not see "josesilva wants to be your friend." | ||
| 158 | + When I follow "Control panel" | ||
| 159 | + And I follow "Manage friends" | ||
| 160 | + Then I should not see "josesilva" |
| @@ -0,0 +1,19 @@ | @@ -0,0 +1,19 @@ | ||
| 1 | +Given /^I invite email "(.+)" to join community "(.+)"$/ do |email, community| | ||
| 2 | + identifier = Community.find_by_name(community).identifier | ||
| 3 | + visit("/myprofile/#{identifier}/profile_members") | ||
| 4 | + click_link('Invite your friends to join 26 Bsslines') | ||
| 5 | + click_button('Next') | ||
| 6 | + fill_in('manual_import_addresses', :with => "#{email}") | ||
| 7 | + fill_in('mail_template', :with => 'Follow this link <url>') | ||
| 8 | + click_button("Invite my friends!") | ||
| 9 | +end | ||
| 10 | + | ||
| 11 | +Given /^I invite email "(.+)" to be my friend$/ do |email| | ||
| 12 | + click_link('Control panel') | ||
| 13 | + click_link('Manage friends') | ||
| 14 | + click_link('Invite people from my e-mail contacts') | ||
| 15 | + click_button('Next') | ||
| 16 | + fill_in('manual_import_addresses', :with => "#{email}") | ||
| 17 | + fill_in('mail_template', :with => 'Follow this link <url>') | ||
| 18 | + click_button("Invite my friends!") | ||
| 19 | +end |
features/support/paths.rb
| @@ -48,6 +48,9 @@ module NavigationHelpers | @@ -48,6 +48,9 @@ module NavigationHelpers | ||
| 48 | when /^(.+)'s cms/ | 48 | when /^(.+)'s cms/ |
| 49 | '/myprofile/%s/cms' % Profile.find_by_name($1).identifier | 49 | '/myprofile/%s/cms' % Profile.find_by_name($1).identifier |
| 50 | 50 | ||
| 51 | + when /^(.+)'s members management/ | ||
| 52 | + '/myprofile/%s/profile_members' % Profile.find_by_name($1).identifier | ||
| 53 | + | ||
| 51 | # Add more mappings here. | 54 | # Add more mappings here. |
| 52 | # Here is a more fancy example: | 55 | # Here is a more fancy example: |
| 53 | # | 56 | # |
test/factories.rb
| @@ -296,4 +296,11 @@ module Noosfero::Factory | @@ -296,4 +296,11 @@ module Noosfero::Factory | ||
| 296 | defaults_for_category | 296 | defaults_for_category |
| 297 | end | 297 | end |
| 298 | 298 | ||
| 299 | + ############################################### | ||
| 300 | + # Box | ||
| 301 | + ############################################### | ||
| 302 | + def defaults_for_box | ||
| 303 | + { } | ||
| 304 | + end | ||
| 305 | + | ||
| 299 | end | 306 | end |
test/functional/cms_controller_test.rb
| @@ -121,6 +121,25 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -121,6 +121,25 @@ class CmsControllerTest < Test::Unit::TestCase | ||
| 121 | assert_equal a, profile.home_page | 121 | assert_equal a, profile.home_page |
| 122 | end | 122 | end |
| 123 | 123 | ||
| 124 | + should 'be able to set home page even when profile description is invalid' do | ||
| 125 | + a = profile.articles.build(:name => 'my new home page') | ||
| 126 | + a.save! | ||
| 127 | + | ||
| 128 | + profile.description = 'a' * 600 | ||
| 129 | + profile.save(false) | ||
| 130 | + | ||
| 131 | + assert !profile.valid? | ||
| 132 | + assert_not_equal a, profile.home_page | ||
| 133 | + | ||
| 134 | + post :set_home_page, :profile => profile.identifier, :id => a.id | ||
| 135 | + | ||
| 136 | + assert_redirected_to :action => 'view', :id => a.id | ||
| 137 | + | ||
| 138 | + profile = Profile.find(@profile.id) | ||
| 139 | + assert_equal a, profile.home_page | ||
| 140 | + end | ||
| 141 | + | ||
| 142 | + | ||
| 124 | should 'set last_changed_by when creating article' do | 143 | should 'set last_changed_by when creating article' do |
| 125 | login_as(profile.identifier) | 144 | login_as(profile.identifier) |
| 126 | 145 |
test/functional/profile_controller_test.rb
| @@ -683,5 +683,25 @@ class ProfileControllerTest < Test::Unit::TestCase | @@ -683,5 +683,25 @@ class ProfileControllerTest < Test::Unit::TestCase | ||
| 683 | assert_tag :tag => 'div', :attributes => { :class => 'public-profile-description' }, :content => /Person\'s description/ | 683 | assert_tag :tag => 'div', :attributes => { :class => 'public-profile-description' }, :content => /Person\'s description/ |
| 684 | end | 684 | end |
| 685 | 685 | ||
| 686 | + should 'ask for login if user not logged' do | ||
| 687 | + enterprise = fast_create(Enterprise) | ||
| 688 | + get :unblock, :profile => enterprise.identifier | ||
| 689 | + assert_redirected_to :controller => 'account', :action => 'login' | ||
| 690 | + end | ||
| 691 | + | ||
| 692 | + should ' not allow ordinary users to unblock enterprises' do | ||
| 693 | + login_as(profile.identifier) | ||
| 694 | + enterprise = fast_create(Enterprise) | ||
| 695 | + get :unblock, :profile => enterprise.identifier | ||
| 696 | + assert_response 403 | ||
| 697 | + end | ||
| 698 | + | ||
| 699 | + should 'allow environment admin to unblock enteprises' do | ||
| 700 | + login_as(profile.identifier) | ||
| 701 | + enterprise = fast_create(Enterprise) | ||
| 702 | + enterprise.environment.add_admin(profile) | ||
| 703 | + get :unblock, :profile => enterprise.identifier | ||
| 704 | + assert_response 302 | ||
| 705 | + end | ||
| 686 | 706 | ||
| 687 | end | 707 | end |
test/unit/block_test.rb
| @@ -46,20 +46,6 @@ class BlockTest < Test::Unit::TestCase | @@ -46,20 +46,6 @@ class BlockTest < Test::Unit::TestCase | ||
| 46 | assert_equal 'my title', b.view_title | 46 | assert_equal 'my title', b.view_title |
| 47 | end | 47 | end |
| 48 | 48 | ||
| 49 | - should 'be backwards compatible with old "visible" setting' do | ||
| 50 | - b = Block.new | ||
| 51 | - b.settings[:visible] = false | ||
| 52 | - assert !b.visible? | ||
| 53 | - assert_equal 'never', b.display | ||
| 54 | - end | ||
| 55 | - | ||
| 56 | - should 'clean old "visible setting" when display is set' do | ||
| 57 | - b = Block.new | ||
| 58 | - b.settings[:visible] = false | ||
| 59 | - b.display = 'never' | ||
| 60 | - assert_nil b.settings[:visible] | ||
| 61 | - end | ||
| 62 | - | ||
| 63 | should 'be cacheable' do | 49 | should 'be cacheable' do |
| 64 | b = Block.new | 50 | b = Block.new |
| 65 | assert b.cacheable? | 51 | assert b.cacheable? |
| @@ -100,4 +86,21 @@ class BlockTest < Test::Unit::TestCase | @@ -100,4 +86,21 @@ class BlockTest < Test::Unit::TestCase | ||
| 100 | assert_equal false, block.visible?(:article => Article.new) | 86 | assert_equal false, block.visible?(:article => Article.new) |
| 101 | end | 87 | end |
| 102 | 88 | ||
| 89 | + should 'be able to save display setting' do | ||
| 90 | + user = create_user('testinguser').person | ||
| 91 | + box = fast_create(Box, :owner_id => user.id) | ||
| 92 | + block = Block.create!(:display => 'never', :box => box) | ||
| 93 | + block.reload | ||
| 94 | + assert_equal 'never', block.display | ||
| 95 | + end | ||
| 96 | + | ||
| 97 | + should 'be able to update display setting' do | ||
| 98 | + user = create_user('testinguser').person | ||
| 99 | + box = fast_create(Box, :owner_id => user.id) | ||
| 100 | + block = Block.create!(:display => 'never', :box => box) | ||
| 101 | + assert block.update_attributes!(:display => 'always') | ||
| 102 | + block.reload | ||
| 103 | + assert_equal 'always', block.display | ||
| 104 | + end | ||
| 105 | + | ||
| 103 | end | 106 | end |
test/unit/environment_test.rb
| @@ -894,4 +894,12 @@ class EnvironmentTest < Test::Unit::TestCase | @@ -894,4 +894,12 @@ class EnvironmentTest < Test::Unit::TestCase | ||
| 894 | assert_no_match /[<>]/, environment.message_for_disabled_enterprise | 894 | assert_no_match /[<>]/, environment.message_for_disabled_enterprise |
| 895 | end | 895 | end |
| 896 | 896 | ||
| 897 | + should 'not sanitize html comments' do | ||
| 898 | + environment = Environment.new | ||
| 899 | + environment.message_for_disabled_enterprise = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | ||
| 900 | + environment.valid? | ||
| 901 | + | ||
| 902 | + assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, environment.message_for_disabled_enterprise | ||
| 903 | + end | ||
| 904 | + | ||
| 897 | end | 905 | end |
test/unit/event_test.rb
| @@ -250,4 +250,14 @@ class EventTest < ActiveSupport::TestCase | @@ -250,4 +250,14 @@ class EventTest < ActiveSupport::TestCase | ||
| 250 | assert_no_match /[<>]/, event.address | 250 | assert_no_match /[<>]/, event.address |
| 251 | end | 251 | end |
| 252 | 252 | ||
| 253 | + should 'not sanitize html comments' do | ||
| 254 | + event = Event.new | ||
| 255 | + event.description = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | ||
| 256 | + event.address = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | ||
| 257 | + event.valid? | ||
| 258 | + | ||
| 259 | + assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, event.description | ||
| 260 | + assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, event.address | ||
| 261 | + end | ||
| 262 | + | ||
| 253 | end | 263 | end |
test/unit/folder_test.rb
| @@ -140,6 +140,14 @@ class FolderTest < ActiveSupport::TestCase | @@ -140,6 +140,14 @@ class FolderTest < ActiveSupport::TestCase | ||
| 140 | assert_equal "<h1> Body </h1>", folder.body | 140 | assert_equal "<h1> Body </h1>", folder.body |
| 141 | end | 141 | end |
| 142 | 142 | ||
| 143 | + should 'not sanitize html comments' do | ||
| 144 | + folder = Folder.new | ||
| 145 | + folder.body = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | ||
| 146 | + folder.valid? | ||
| 147 | + | ||
| 148 | + assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, folder.body | ||
| 149 | + end | ||
| 150 | + | ||
| 143 | should 'escape malformed html tags' do | 151 | should 'escape malformed html tags' do |
| 144 | folder = Folder.new | 152 | folder = Folder.new |
| 145 | folder.body = "<h1<< Description >>/h1>" | 153 | folder.body = "<h1<< Description >>/h1>" |
test/unit/link_list_block_test.rb
| @@ -74,4 +74,13 @@ class LinkListBlockTest < ActiveSupport::TestCase | @@ -74,4 +74,13 @@ class LinkListBlockTest < ActiveSupport::TestCase | ||
| 74 | end | 74 | end |
| 75 | end | 75 | end |
| 76 | 76 | ||
| 77 | + should 'be able to update display setting' do | ||
| 78 | + user = create_user('testinguser').person | ||
| 79 | + box = fast_create(Box, :owner_id => user.id) | ||
| 80 | + block = LinkListBlock.create!(:display => 'never', :box => box) | ||
| 81 | + assert block.update_attributes!(:display => 'always') | ||
| 82 | + block.reload | ||
| 83 | + assert_equal 'always', block.display | ||
| 84 | + end | ||
| 85 | + | ||
| 77 | end | 86 | end |
test/unit/my_network_block_test.rb
| @@ -27,4 +27,13 @@ class MyNetworkBlockTest < ActiveSupport::TestCase | @@ -27,4 +27,13 @@ class MyNetworkBlockTest < ActiveSupport::TestCase | ||
| 27 | instance_eval(& block.content) | 27 | instance_eval(& block.content) |
| 28 | end | 28 | end |
| 29 | 29 | ||
| 30 | + should 'be able to update display setting' do | ||
| 31 | + user = create_user('testinguser').person | ||
| 32 | + box = fast_create(Box, :owner_id => user.id) | ||
| 33 | + block = MyNetworkBlock.create!(:display => 'never', :box => box) | ||
| 34 | + assert block.update_attributes!(:display => 'always') | ||
| 35 | + block.reload | ||
| 36 | + assert_equal 'always', block.display | ||
| 37 | + end | ||
| 38 | + | ||
| 30 | end | 39 | end |
test/unit/profile_test.rb
| @@ -1553,6 +1553,16 @@ class ProfileTest < Test::Unit::TestCase | @@ -1553,6 +1553,16 @@ class ProfileTest < Test::Unit::TestCase | ||
| 1553 | assert_no_match /[<>]/, profile.custom_footer | 1553 | assert_no_match /[<>]/, profile.custom_footer |
| 1554 | end | 1554 | end |
| 1555 | 1555 | ||
| 1556 | + should 'not sanitize html comments' do | ||
| 1557 | + profile = Profile.new | ||
| 1558 | + profile.custom_header = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | ||
| 1559 | + profile.custom_footer = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | ||
| 1560 | + profile.valid? | ||
| 1561 | + | ||
| 1562 | + assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, profile.custom_header | ||
| 1563 | + assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, profile.custom_footer | ||
| 1564 | + end | ||
| 1565 | + | ||
| 1556 | private | 1566 | private |
| 1557 | 1567 | ||
| 1558 | def assert_invalid_identifier(id) | 1568 | def assert_invalid_identifier(id) |
test/unit/recent_documents_block_test.rb
| @@ -69,4 +69,13 @@ class RecentDocumentsBlockTest < Test::Unit::TestCase | @@ -69,4 +69,13 @@ class RecentDocumentsBlockTest < Test::Unit::TestCase | ||
| 69 | assert_equal nil, block.footer | 69 | assert_equal nil, block.footer |
| 70 | end | 70 | end |
| 71 | 71 | ||
| 72 | + should 'be able to update display setting' do | ||
| 73 | + user = create_user('testinguser').person | ||
| 74 | + box = fast_create(Box, :owner_id => user.id) | ||
| 75 | + block = RecentDocumentsBlock.create!(:display => 'never', :box => box) | ||
| 76 | + assert block.update_attributes!(:display => 'always') | ||
| 77 | + block.reload | ||
| 78 | + assert_equal 'always', block.display | ||
| 79 | + end | ||
| 80 | + | ||
| 72 | end | 81 | end |
test/unit/tiny_mce_article_test.rb
| @@ -59,14 +59,28 @@ class TinyMceArticleTest < Test::Unit::TestCase | @@ -59,14 +59,28 @@ class TinyMceArticleTest < Test::Unit::TestCase | ||
| 59 | assert_equal "<iframe src=\"http://itheora.org\"></iframe>", article.body | 59 | assert_equal "<iframe src=\"http://itheora.org\"></iframe>", article.body |
| 60 | end | 60 | end |
| 61 | 61 | ||
| 62 | - should 'remove iframe if it is not from itheora' do | 62 | + should 'remove iframe if it is not from itheora or softwarelivre' do |
| 63 | article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='anything'></iframe>") | 63 | article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='anything'></iframe>") |
| 64 | assert_equal "", article.body | 64 | assert_equal "", article.body |
| 65 | end | 65 | end |
| 66 | 66 | ||
| 67 | + should 'allow iframe if it is from stream.softwarelivre.org' do | ||
| 68 | + article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<iframe src='http://stream.softwarelivre.org'></iframe>") | ||
| 69 | + assert_equal "<iframe src=\"http://stream.softwarelivre.org\"></iframe>", article.body | ||
| 70 | + end | ||
| 71 | + | ||
| 67 | #TinymMCE convert config={"key":(.*)} in config={"key":(.*)} | 72 | #TinymMCE convert config={"key":(.*)} in config={"key":(.*)} |
| 68 | should 'not replace " with &quot; when adding an Archive.org video' do | 73 | should 'not replace " with &quot; when adding an Archive.org video' do |
| 69 | article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={"key":"\#$b6eb72a0f2f1e29f3d4"}'> </embed>") | 74 | article = TinyMceArticle.create!(:profile => profile, :name => 'article', :abstract => 'abstract', :body => "<embed flashvars='config={"key":"\#$b6eb72a0f2f1e29f3d4"}'> </embed>") |
| 70 | assert_equal "<embed flashvars=\"config={"key":"\#$b6eb72a0f2f1e29f3d4"}\"> </embed>", article.body | 75 | assert_equal "<embed flashvars=\"config={"key":"\#$b6eb72a0f2f1e29f3d4"}\"> </embed>", article.body |
| 71 | end | 76 | end |
| 77 | + | ||
| 78 | + should 'not sanitize html comments' do | ||
| 79 | + article = TinyMceArticle.new | ||
| 80 | + article.body = '<p><!-- <asdf> << aasdfa >>> --> <h1> Wellformed html code </h1>' | ||
| 81 | + article.valid? | ||
| 82 | + | ||
| 83 | + assert_match /<!-- .* --> <h1> Wellformed html code <\/h1>/, article.body | ||
| 84 | + end | ||
| 85 | + | ||
| 72 | end | 86 | end |
vendor/plugins/white_list_sanitizer_unescape_before_reescape/init.rb
| @@ -12,7 +12,9 @@ HTML::WhiteListSanitizer.module_eval do | @@ -12,7 +12,9 @@ HTML::WhiteListSanitizer.module_eval do | ||
| 12 | final_text = final_text.gsub(/<!--.*\[if IE\]-->(.*)<!--\[endif\]-->/, '<!–-[if IE]>\1<![endif]-–>') #FIX for itheora comments | 12 | final_text = final_text.gsub(/<!--.*\[if IE\]-->(.*)<!--\[endif\]-->/, '<!–-[if IE]>\1<![endif]-–>') #FIX for itheora comments |
| 13 | 13 | ||
| 14 | if final_text =~ /iframe/ | 14 | if final_text =~ /iframe/ |
| 15 | - unless final_text =~ /<iframe(.*)src=(.*)itheora.org(.*)<\/iframe>/ | 15 | + itheora_video = /<iframe(.*)src=(.*)itheora.org(.*)<\/iframe>/ |
| 16 | + sl_video = /<iframe(.*)src=\"http:\/\/stream.softwarelivre.org(.*)<\/iframe>/ | ||
| 17 | + unless (final_text =~ itheora_video || final_text =~ sl_video) | ||
| 16 | final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '') | 18 | final_text = final_text.gsub(/<iframe(.*)<\/iframe>/, '') |
| 17 | end | 19 | end |
| 18 | end | 20 | end |
vendor/plugins/xss_terminate/lib/xss_terminate.rb
| @@ -53,7 +53,7 @@ module XssTerminate | @@ -53,7 +53,7 @@ module XssTerminate | ||
| 53 | if with == :full | 53 | if with == :full |
| 54 | self[field] = CGI.escapeHTML(self[field]) | 54 | self[field] = CGI.escapeHTML(self[field]) |
| 55 | elsif with == :white_list | 55 | elsif with == :white_list |
| 56 | - self[field] = CGI.escapeHTML(self[field]) if !wellformed_html_tag?(self[field]) | 56 | + self[field] = CGI.escapeHTML(self[field]) if !wellformed_html_code?(self[field]) |
| 57 | end | 57 | end |
| 58 | 58 | ||
| 59 | else | 59 | else |
| @@ -62,7 +62,7 @@ module XssTerminate | @@ -62,7 +62,7 @@ module XssTerminate | ||
| 62 | if with == :full | 62 | if with == :full |
| 63 | self.send("#{field}=", CGI.escapeHTML(self.send("#{field}"))) | 63 | self.send("#{field}=", CGI.escapeHTML(self.send("#{field}"))) |
| 64 | elsif with == :white_list | 64 | elsif with == :white_list |
| 65 | - self.send("#{field}=", CGI.escapeHTML(self.send("#{field}"))) if !wellformed_html_tag?(self.send("#{field}")) | 65 | + self.send("#{field}=", CGI.escapeHTML(self.send("#{field}"))) if !wellformed_html_code?(self.send("#{field}")) |
| 66 | end | 66 | end |
| 67 | 67 | ||
| 68 | end | 68 | end |
| @@ -103,14 +103,29 @@ module XssTerminate | @@ -103,14 +103,29 @@ module XssTerminate | ||
| 103 | end | 103 | end |
| 104 | end | 104 | end |
| 105 | 105 | ||
| 106 | - def wellformed_html_tag?(field) | 106 | + def wellformed_html_code?(field) |
| 107 | return true if !field | 107 | return true if !field |
| 108 | - | ||
| 109 | counter = 0 | 108 | counter = 0 |
| 110 | - field.split(//).each do |letter| | ||
| 111 | - counter += 1 if letter == '<' | ||
| 112 | - counter -= 1 if letter == '>' | ||
| 113 | - if counter < 0 || 1 < counter | 109 | + in_comment = false |
| 110 | + field=field.split(//) | ||
| 111 | + for i in 0..field.length-1 | ||
| 112 | + if !in_comment | ||
| 113 | + if field[i] == '<' | ||
| 114 | + if field[i+1..i+3] == ["!","-","-"] | ||
| 115 | + in_comment = true | ||
| 116 | + else | ||
| 117 | + counter += 1 | ||
| 118 | + end | ||
| 119 | + elsif field[i] == '>' | ||
| 120 | + counter -= 1 | ||
| 121 | + end | ||
| 122 | + else | ||
| 123 | + if field[i-2..i] == ["-","-",">"] | ||
| 124 | + in_comment = false | ||
| 125 | + end | ||
| 126 | + end | ||
| 127 | + | ||
| 128 | + if counter < 0 || 1 < counter | ||
| 114 | return false | 129 | return false |
| 115 | end | 130 | end |
| 116 | end | 131 | end |