Commit 36d9601b8d3684bf4b87bbb00f4e025e70f44850
1 parent
96a2e91e
Exists in
staging
and in
42 other branches
provide interface to manage trusted sites
ActionItem2675
Showing
9 changed files
with
223 additions
and
1 deletions
Show diff stats
| ... | ... | @@ -0,0 +1,82 @@ |
| 1 | +class TrustedSitesController < AdminController | |
| 2 | + protect 'manage_environment_trusted_sites', :environment | |
| 3 | + | |
| 4 | + def index | |
| 5 | + @sites = environment.trusted_sites_for_iframe | |
| 6 | + end | |
| 7 | + | |
| 8 | + def new | |
| 9 | + @site = "" | |
| 10 | + end | |
| 11 | + | |
| 12 | + def create | |
| 13 | + if add_trusted_site(params[:site]) | |
| 14 | + session[:notice] = _('New trusted site added.') | |
| 15 | + redirect_to :action => 'index' | |
| 16 | + else | |
| 17 | + session[:notice] = _('Failed to add trusted site.') | |
| 18 | + render :action => 'new' | |
| 19 | + end | |
| 20 | + end | |
| 21 | + | |
| 22 | + def edit | |
| 23 | + if is_trusted_site? params[:site] | |
| 24 | + @site = params[:site] | |
| 25 | + else | |
| 26 | + session[:notice] = _('Trusted site was not found') | |
| 27 | + redirect_to :action => 'index' | |
| 28 | + end | |
| 29 | + end | |
| 30 | + | |
| 31 | + def update | |
| 32 | + site = params[:site] | |
| 33 | + orig_site = params[:orig_site] | |
| 34 | + if rename_trusted_site(orig_site, site) | |
| 35 | + redirect_to :action => 'edit', :site => @site | |
| 36 | + else | |
| 37 | + session[:notice] = _('Failed to edit trusted site.') | |
| 38 | + render :action => 'edit' | |
| 39 | + end | |
| 40 | + end | |
| 41 | + | |
| 42 | + def destroy | |
| 43 | + if delete_trusted_site(params[:site]) | |
| 44 | + session[:notice] = _('Trusted site removed') | |
| 45 | + else | |
| 46 | + session[:notice] = _('Trusted site could not be removed') | |
| 47 | + end | |
| 48 | + redirect_to :action => 'index' | |
| 49 | + end | |
| 50 | + | |
| 51 | + protected | |
| 52 | + def add_trusted_site (site) | |
| 53 | + trusted_sites = environment.trusted_sites_for_iframe | |
| 54 | + trusted_sites << site | |
| 55 | + environment.trusted_sites_for_iframe = trusted_sites | |
| 56 | + environment.save | |
| 57 | + end | |
| 58 | + | |
| 59 | + def rename_trusted_site(orig_site, site) | |
| 60 | + trusted_sites = environment.trusted_sites_for_iframe | |
| 61 | + i = trusted_sites.index orig_site | |
| 62 | + if i.nil? | |
| 63 | + return false | |
| 64 | + else | |
| 65 | + trusted_sites[i] = site | |
| 66 | + environment.trusted_sites_for_iframe = trusted_sites | |
| 67 | + environment.save | |
| 68 | + end | |
| 69 | + end | |
| 70 | + | |
| 71 | + | |
| 72 | + def delete_trusted_site (site) | |
| 73 | + trusted_sites = environment.trusted_sites_for_iframe | |
| 74 | + trusted_sites.delete site | |
| 75 | + environment.trusted_sites_for_iframe = trusted_sites | |
| 76 | + environment.save | |
| 77 | + end | |
| 78 | + | |
| 79 | + def is_trusted_site? (site) | |
| 80 | + environment.trusted_sites_for_iframe.include? site | |
| 81 | + end | |
| 82 | +end | ... | ... |
app/models/environment.rb
| ... | ... | @@ -26,6 +26,7 @@ class Environment < ActiveRecord::Base |
| 26 | 26 | 'manage_environment_users' => N_('Manage environment users'), |
| 27 | 27 | 'manage_environment_templates' => N_('Manage environment templates'), |
| 28 | 28 | 'manage_environment_licenses' => N_('Manage environment licenses'), |
| 29 | + 'manage_environment_trusted_sites' => N_('Manage_environment_trusted_sites') | |
| 29 | 30 | } |
| 30 | 31 | |
| 31 | 32 | module Roles | ... | ... |
app/views/admin_panel/index.rhtml
| ... | ... | @@ -9,6 +9,7 @@ |
| 9 | 9 | <tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr> |
| 10 | 10 | <tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr> |
| 11 | 11 | <tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr> |
| 12 | + <tr><td><%= link_to _('Trusted sites'), :controller =>'trusted_sites' %></td></tr> | |
| 12 | 13 | </table> |
| 13 | 14 | |
| 14 | 15 | <h2><%= _('Profiles') %></h2> | ... | ... |
| ... | ... | @@ -0,0 +1,15 @@ |
| 1 | +<h2> <%= _("Editing trusted site") %> </h2> | |
| 2 | + | |
| 3 | +<% form_tag :action => :update do %> | |
| 4 | + | |
| 5 | + <%= text_field_tag :site, @site %> | |
| 6 | + <%= hidden_field_tag :orig_site, @site %> | |
| 7 | + | |
| 8 | + <% button_bar do %> | |
| 9 | + <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'} ) %> | |
| 10 | + <% end %> | |
| 11 | +<% end %> | |
| 12 | + | |
| 13 | +<script> | |
| 14 | + jQuery(function() { jQuery('input#site').focus(); } ); | |
| 15 | +</script> | ... | ... |
| ... | ... | @@ -0,0 +1,28 @@ |
| 1 | +<h1><%= _('Manage trusted sites') %></h1> | |
| 2 | + | |
| 3 | +<p> | |
| 4 | +<%= _('Here you can manage the list of trusted sites of your environment. A trusted site is a site that you consider safe enough to incorporate their content through <em>iframes</em>.') %> | |
| 5 | +</p> | |
| 6 | + | |
| 7 | +<table> | |
| 8 | + <tr> | |
| 9 | + <th><%= _('Site') %></th> | |
| 10 | + <th><%= _('Actions') %></th> | |
| 11 | + </tr> | |
| 12 | + <% @sites.each do |site| %> | |
| 13 | + <tr> | |
| 14 | + <td> | |
| 15 | + <%= link_to site, :action => 'show', :site => site %> | |
| 16 | + </td> | |
| 17 | + <td style='white-space: nowrap;'> | |
| 18 | + <%= button_without_text :edit, _('Edit'), :action => 'edit', :site => site %> | |
| 19 | + <%= button_without_text :remove, _('Remove'), {:action => :destroy, :site => site}, :method => :delete, :confirm => _('Are you sure you want to remove this site from the list of trusted sites?') %> | |
| 20 | + </td> | |
| 21 | + </tr> | |
| 22 | + <% end %> | |
| 23 | +</table> | |
| 24 | + | |
| 25 | +<% button_bar do %> | |
| 26 | + <%= button :add, _('Add a trusted site'), :action => 'new' %> | |
| 27 | + <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %> | |
| 28 | +<% end %> | ... | ... |
| ... | ... | @@ -0,0 +1,14 @@ |
| 1 | +<h2> <%= _("Add a new trusted site") %> </h2> | |
| 2 | + | |
| 3 | +<% form_tag :action => :create do %> | |
| 4 | + | |
| 5 | + <%= text_field_tag :site, @site %> | |
| 6 | + | |
| 7 | + <% button_bar do %> | |
| 8 | + <%= submit_button('save', _('Add trusted site'), :cancel => {:action => 'index'} ) %> | |
| 9 | + <% end %> | |
| 10 | +<% end %> | |
| 11 | + | |
| 12 | +<script> | |
| 13 | + jQuery(function() { jQuery('input#site').focus(); } ); | |
| 14 | +</script> | ... | ... |
test/factories.rb
| ... | ... | @@ -55,7 +55,7 @@ module Noosfero::Factory |
| 55 | 55 | ###### old stuff to be rearranged |
| 56 | 56 | def create_admin_user(env) |
| 57 | 57 | admin_user = User.find_by_login('adminuser') || create_user('adminuser', :email => 'adminuser@noosfero.org', :password => 'adminuser', :password_confirmation => 'adminuser', :environment => env) |
| 58 | - admin_role = Role.find_by_name('admin_role') || Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_templates', 'manage_environment_licenses']) | |
| 58 | + admin_role = Role.find_by_name('admin_role') || Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_trusted_sites', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_templates', 'manage_environment_licenses']) | |
| 59 | 59 | RoleAssignment.create!(:accessor => admin_user.person, :role => admin_role, :resource => env) unless admin_user.person.role_assignments.map{|ra|[ra.role, ra.accessor, ra.resource]}.include?([admin_role, admin_user, env]) |
| 60 | 60 | admin_user.login |
| 61 | 61 | end | ... | ... |
test/fixtures/roles.yml
| ... | ... | @@ -30,6 +30,7 @@ four: |
| 30 | 30 | - edit_environment_design |
| 31 | 31 | - manage_environment_categories |
| 32 | 32 | - manage_environment_roles |
| 33 | + - manage_environment_trusted_sites | |
| 33 | 34 | - manage_environment_validators |
| 34 | 35 | - moderate_comments |
| 35 | 36 | - perform_task |
| ... | ... | @@ -85,6 +86,7 @@ environment_administrator: |
| 85 | 86 | - edit_environment_design |
| 86 | 87 | - manage_environment_categories |
| 87 | 88 | - manage_environment_roles |
| 89 | + - manage_environment_trusted_sites | |
| 88 | 90 | - manage_environment_validators |
| 89 | 91 | - moderate_comments |
| 90 | 92 | - manage_environment_users | ... | ... |
| ... | ... | @@ -0,0 +1,79 @@ |
| 1 | +require File.dirname(__FILE__) + '/../test_helper' | |
| 2 | +require 'trusted_sites_controller' | |
| 3 | + | |
| 4 | +# Re-raise errors caught by the controller. | |
| 5 | +class TrustedSitesController; def rescue_action(e) raise e end; end | |
| 6 | + | |
| 7 | +class TrustedSitesControllerTest < ActionController::TestCase | |
| 8 | + all_fixtures | |
| 9 | + | |
| 10 | + def setup | |
| 11 | + @controller = TrustedSitesController.new | |
| 12 | + @request = ActionController::TestRequest.new | |
| 13 | + @response = ActionController::TestResponse.new | |
| 14 | + @role = Role.find(:first) | |
| 15 | + @environment = Environment.default | |
| 16 | + @environment.trusted_sites_for_iframe = ['existing.site.com'] | |
| 17 | + @environment.save! | |
| 18 | + | |
| 19 | + login_as(:ze) | |
| 20 | + end | |
| 21 | + | |
| 22 | + should 'get index' do | |
| 23 | + get :index | |
| 24 | + assert_response :success | |
| 25 | + assert_not_nil assigns(:sites) | |
| 26 | + end | |
| 27 | + | |
| 28 | + should 'get new' do | |
| 29 | + get :new | |
| 30 | + assert_response :success | |
| 31 | + end | |
| 32 | + | |
| 33 | + should 'create site' do | |
| 34 | + post :create, :site => 'new.site.com' | |
| 35 | + assert_redirected_to :action => :index | |
| 36 | + assert @controller.environment.trusted_sites_for_iframe.include?('new.site.com'), 'Site was not included in the trusted_sites' | |
| 37 | + end | |
| 38 | + | |
| 39 | + should 'fail creation gracefully' do | |
| 40 | + @controller.stubs(:add_trusted_site).returns(false) | |
| 41 | + post :create, :site => 'new.site.com' | |
| 42 | + assert_response :success # it actually failed, but was not redirected | |
| 43 | + assert !@controller.environment.trusted_sites_for_iframe.include?('new.site.com'), 'Site was included in the trusted_sites!?' | |
| 44 | + end | |
| 45 | + | |
| 46 | + should 'destroy site' do | |
| 47 | + post :create, :site => 'todel.site.com' | |
| 48 | + delete :destroy, :site => 'todel.site.com' | |
| 49 | + assert_redirected_to :action => :index | |
| 50 | + assert ! @controller.environment.trusted_sites_for_iframe.include?('todel.site.com'), 'Site was not removed from trusted_sites' | |
| 51 | + end | |
| 52 | + | |
| 53 | + should "get edit" do | |
| 54 | + get :edit, :site => 'existing.site.com' | |
| 55 | + assert_response :success | |
| 56 | + end | |
| 57 | + | |
| 58 | + should "not get edit" do | |
| 59 | + get :edit, :site => 'nonexistent.site.com' | |
| 60 | + assert_redirected_to :action => :index | |
| 61 | + end | |
| 62 | + | |
| 63 | + should 'update site' do | |
| 64 | + post :create, :site => 'toedit.site.com' | |
| 65 | + post :update, :orig_site => 'toedit.site.com', :site => 'edited.site.com' | |
| 66 | + assert_redirected_to :action => :edit | |
| 67 | + assert ! @controller.environment.trusted_sites_for_iframe.include?('toedit.site.com'), 'Original site found. Site was not updated?' | |
| 68 | + assert @controller.environment.trusted_sites_for_iframe.include?('edited.site.com'), 'New name for site not found. Site was not updated?' | |
| 69 | + end | |
| 70 | + | |
| 71 | + should 'fail update gracefully' do | |
| 72 | + @controller.stubs(:rename_trusted_site).returns(false) | |
| 73 | + post :create, :site => 'toedit.site.com' | |
| 74 | + post :update, :orig_site => 'toedit.site.com', :site => 'edited.site.com' | |
| 75 | + assert_response :success # it actually failed, but was not redirected | |
| 76 | + assert @controller.environment.trusted_sites_for_iframe.include?('toedit.site.com'), 'Original site not found. Site was updated?' | |
| 77 | + assert !@controller.environment.trusted_sites_for_iframe.include?('edited.site.com'), 'New name for site found. Site was updated?' | |
| 78 | + end | |
| 79 | +end | ... | ... |