Merge branch 'allow_admin_change_homepage' into 'master'

Always allow admin to change profiles homepage See merge request !412

Merge branch 'allow_admin_change_homepage' into 'master'
Always allow admin to change profiles homepage See merge request !412
Leandro Santos
2 parents 358e1f31 cd15a410
Showing 5 changed files with 36 additions and 2 deletions Show diff stats
app/controllers/my_profile/cms_controller.rb
app/models/person.rb
app/views/cms/view.html.erb
test/functional/cms_controller_test.rb
test/unit/person_test.rb
@@ -174,6 +174,8 @@ class CmsController &lt; MyProfileController
  
   post_only :set_home_page
   def set_home_page
+    return render_access_denied unless user.can_change_homepage?
+
     article = params[:id].nil? ? nil : profile.articles.find(params[:id])
     profile.update_attribute(:home_page, article)
  
@@ -80,6 +80,10 @@ roles] }
  
   belongs_to :user, :dependent => :delete
  
+  def can_change_homepage?
+    !environment.enabled?('cant_change_homepage') || is_admin?
+  end
+
   def can_control_scrap?(scrap)
     begin
       !self.scraps(scrap).nil?
@@ -2,7 +2,7 @@
   <%= _('Content management') %>
 </h1>
  
-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+<% if user.can_change_homepage? && !remove_content_button(:home) %>
   <div class="cms-homepage">
     <%= _('Profile homepage:') %>
     <% if profile.home_page %>
@@ -69,7 +69,7 @@
         <%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
         <%= button_without_text :eyes, _('Public view'), article.view_url %>
         <%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
-        <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+        <% if user.can_change_homepage? && !remove_content_button(:home) %>
           <% if profile.home_page != article %>
             <%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
           <% else %>
@@ -101,12 +101,26 @@ class CmsControllerTest &lt; ActionController::TestCase
     assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
  
+  should 'display the profile homepage if logged user is an environment admin' do
+    env = Environment.default; env.enable('cant_change_homepage'); env.save!
+    env.add_admin(profile)
+    get :index, :profile => profile.identifier
+    assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
+  end
+
   should 'not display the profile homepage if cannot change homepage' do
     env = Environment.default; env.enable('cant_change_homepage')
     get :index, :profile => profile.identifier
     assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
  
+  should 'not allow profile homepage changes if cannot change homepage' do
+    env = Environment.default; env.enable('cant_change_homepage')
+    a = profile.articles.create!(:name => 'my new home page')
+    post :set_home_page, :profile => profile.identifier, :id => a.id
+    assert_response 403
+  end
+
   should 'be able to set home page' do
     a = profile.articles.build(:name => 'my new home page')
     a.save!
@@ -1470,4 +1470,18 @@ class PersonTest &lt; ActiveSupport::TestCase
       person.reload
     end
   end
+
+  should 'allow homepage change if user is an environment admin' do
+    person = create_user('person').person
+    person.environment.expects(:enabled?).with('cant_change_homepage').returns(true)
+    person.expects(:is_admin?).returns(true)
+    assert person.can_change_homepage?
+  end
+
+  should 'allow homepage change if environment feature permit it' do
+    person = create_user('person').person
+    person.environment.expects(:enabled?).with('cant_change_homepage').returns(false)
+    assert person.can_change_homepage?
+  end
+
 end
...	...	@@ -174,6 +174,8 @@ class CmsController < MyProfileController
174	174
175	175	post_only :set_home_page
176	176	def set_home_page
	177	+ return render_access_denied unless user.can_change_homepage?
	178	+
177	179	article = params[:id].nil? ? nil : profile.articles.find(params[:id])
178	180	profile.update_attribute(:home_page, article)
179	181
...	...
...	...	@@ -80,6 +80,10 @@ roles] }
80	80
81	81	belongs_to :user, :dependent => :delete
82	82
	83	+ def can_change_homepage?
	84	+ !environment.enabled?('cant_change_homepage') \|\| is_admin?
	85	+ end
	86	+
83	87	def can_control_scrap?(scrap)
84	88	begin
85	89	!self.scraps(scrap).nil?
...	...
...	...	@@ -2,7 +2,7 @@
2	2	<%= _('Content management') %>
3	3	</h1>
4	4
5		-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
	5	+<% if user.can_change_homepage? && !remove_content_button(:home) %>
6	6	<div class="cms-homepage">
7	7	<%= _('Profile homepage:') %>
8	8	<% if profile.home_page %>
...	...	@@ -69,7 +69,7 @@
69	69	<%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
70	70	<%= button_without_text :eyes, _('Public view'), article.view_url %>
71	71	<%= display_spread_button(profile, article) unless article.folder? \|\| remove_content_button(:spread)%>
72		- <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
	72	+ <% if user.can_change_homepage? && !remove_content_button(:home) %>
73	73	<% if profile.home_page != article %>
74	74	<%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
75	75	<% else %>
...	...
...	...	@@ -101,12 +101,26 @@ class CmsControllerTest < ActionController::TestCase
101	101	assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
102	102	end
103	103
	104	+ should 'display the profile homepage if logged user is an environment admin' do
	105	+ env = Environment.default; env.enable('cant_change_homepage'); env.save!
	106	+ env.add_admin(profile)
	107	+ get :index, :profile => profile.identifier
	108	+ assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
	109	+ end
	110	+
104	111	should 'not display the profile homepage if cannot change homepage' do
105	112	env = Environment.default; env.enable('cant_change_homepage')
106	113	get :index, :profile => profile.identifier
107	114	assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
108	115	end
109	116
	117	+ should 'not allow profile homepage changes if cannot change homepage' do
	118	+ env = Environment.default; env.enable('cant_change_homepage')
	119	+ a = profile.articles.create!(:name => 'my new home page')
	120	+ post :set_home_page, :profile => profile.identifier, :id => a.id
	121	+ assert_response 403
	122	+ end
	123	+
110	124	should 'be able to set home page' do
111	125	a = profile.articles.build(:name => 'my new home page')
112	126	a.save!
...	...
...	...	@@ -1470,4 +1470,18 @@ class PersonTest < ActiveSupport::TestCase
1470	1470	person.reload
1471	1471	end
1472	1472	end
	1473	+
	1474	+ should 'allow homepage change if user is an environment admin' do
	1475	+ person = create_user('person').person
	1476	+ person.environment.expects(:enabled?).with('cant_change_homepage').returns(true)
	1477	+ person.expects(:is_admin?).returns(true)
	1478	+ assert person.can_change_homepage?
	1479	+ end
	1480	+
	1481	+ should 'allow homepage change if environment feature permit it' do
	1482	+ person = create_user('person').person
	1483	+ person.environment.expects(:enabled?).with('cant_change_homepage').returns(false)
	1484	+ assert person.can_change_homepage?
	1485	+ end
	1486	+
1473	1487	end
...	...