Download as
Browse Code »

Commit 498e40b7b47bcafc8988cc6943193c5a6e91528b

Authored by Joenio Costa
1 parent 5b9b6c8f
Exists in staging and in 42 other branches all_pending_tasks_api, api-articles-period, api_roles, caching-rails4, captcha_serpro_plugin, comments_permissions, content-manager-hostspot, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export-comment-paragraph, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_event_date_issue, fix_notification_email, fix_string_downcase_and_upcase, follower_permition, json_cookie_serializer, login-captcha, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, production-vendorized, profile_api_improvements, tasks_keep_filter_params, user_mention, webfinger_server

HTML forms with id #ajax-form will be submited by ajax automatically 

- fixing some bugfixes
 - all controllers under admin/ should require login
 - plugins admin interface should require at least one permission

(ActionItem2056)
Showing 8 changed files with 25 additions and 4 deletions   Show diff stats
app/controllers/admin/admin_panel_controller.rb
  Diff comments   View file @498e40b
1 class AdminPanelController < AdminController 1 class AdminPanelController < AdminController
2 2
3 - before_filter :login_required  
4 -  
5 protect 'view_environment_admin_panel', :environment 3 protect 'view_environment_admin_panel', :environment
6 4
7 def boxes_holder 5 def boxes_holder
app/controllers/admin/plugins_controller.rb
  Diff comments   View file @498e40b
1 class PluginsController < AdminController 1 class PluginsController < AdminController
  2 + protect 'edit_environment_features', :environment
2 3
3 def index 4 def index
4 @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact 5 @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact
app/controllers/admin_controller.rb
  Diff comments   View file @498e40b
1 class AdminController < ApplicationController 1 class AdminController < ApplicationController
2 require_ssl 2 require_ssl
  3 + before_filter :login_required
3 end 4 end
features/send_email_to_environment_members.feature
  Diff comments   View file @498e40b
@@ -5,7 +5,7 @@ Feature: send emails to environment members users @@ -5,7 +5,7 @@ Feature: send emails to environment members users
5 Scenario: Cant access if not logged in 5 Scenario: Cant access if not logged in
6 Given I am not logged in 6 Given I am not logged in
7 When I go to /admin/users/send_mail 7 When I go to /admin/users/send_mail
8 - Then I should see "Access denied" 8 + Then I should be on login page
9 9
10 Scenario: Cant access as normal user 10 Scenario: Cant access as normal user
11 Given the following user 11 Given the following user
public/javascripts/application.js
  Diff comments   View file @498e40b
@@ -677,3 +677,18 @@ function original_image_dimensions(src) { @@ -677,3 +677,18 @@ function original_image_dimensions(src) {
677 img.src = src; 677 img.src = src;
678 return { 'width' : img.width, 'height' : img.height }; 678 return { 'width' : img.width, 'height' : img.height };
679 } 679 }
  680 +
  681 +jQuery(function() {
  682 + jQuery("#ajax-form").before("<div id='ajax-form-loading-area' style='display:block;width:16px;height:16px;'></div>");
  683 + jQuery("#ajax-form").before("<div id='ajax-form-message-area'></div>");
  684 + jQuery("#ajax-form").ajaxForm({
  685 + beforeSubmit: function(a,f,o) {
  686 + jQuery('#ajax-form-message-area').html('');
  687 + o.loading = small_loading('ajax-form-loading-area');
  688 + },
  689 + success: function() {
  690 + loading_done('ajax-form-loading-area');
  691 + },
  692 + target: "#ajax-form-message-area"
  693 + })
  694 +});
test/functional/admin_controller_test.rb
  Diff comments   View file @498e40b
@@ -25,6 +25,7 @@ class AdminControllerTest &lt; Test::Unit::TestCase @@ -25,6 +25,7 @@ class AdminControllerTest &lt; Test::Unit::TestCase
25 end 25 end
26 26
27 should 'detect ssl' do 27 should 'detect ssl' do
  28 + login_as 'ze'
28 @request.expects(:ssl?).returns(true).at_least_once 29 @request.expects(:ssl?).returns(true).at_least_once
29 get :index 30 get :index
30 assert_response :success 31 assert_response :success
test/functional/cms_controller_test.rb
  Diff comments   View file @498e40b
@@ -16,6 +16,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -16,6 +16,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
16 16
17 @profile = create_user_with_permission('testinguser', 'post_content') 17 @profile = create_user_with_permission('testinguser', 'post_content')
18 login_as :testinguser 18 login_as :testinguser
  19 + @controller.stubs(:user).returns(@profile)
19 end 20 end
20 21
21 attr_reader :profile 22 attr_reader :profile
@@ -614,7 +615,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -614,7 +615,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
614 end 615 end
615 616
616 should 'not make enterprise homepage available to person' do 617 should 'not make enterprise homepage available to person' do
617 - @controller.stubs(:profile).returns(create_user('test_user').person) 618 + @controller.stubs(:profile).returns(profile)
618 assert_not_includes @controller.available_article_types, EnterpriseHomepage 619 assert_not_includes @controller.available_article_types, EnterpriseHomepage
619 end 620 end
620 621
@@ -1278,6 +1279,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -1278,6 +1279,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
1278 c = Community.create!(:name => 'test_comm', :identifier => 'test_comm') 1279 c = Community.create!(:name => 'test_comm', :identifier => 'test_comm')
1279 u = create_user_with_permission('test_user', 'publish_content', c) 1280 u = create_user_with_permission('test_user', 'publish_content', c)
1280 login_as :test_user 1281 login_as :test_user
  1282 + @controller.stubs(:user).returns(u)
1281 1283
1282 get :new, :profile => c.identifier, :type => 'TinyMceArticle' 1284 get :new, :profile => c.identifier, :type => 'TinyMceArticle'
1283 assert_response :success 1285 assert_response :success
@@ -1311,6 +1313,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -1311,6 +1313,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
1311 u = create_user_with_permission('test_user', 'publish_content', c) 1313 u = create_user_with_permission('test_user', 'publish_content', c)
1312 a = c.articles.create!(:name => 'test_article', :last_changed_by => u) 1314 a = c.articles.create!(:name => 'test_article', :last_changed_by => u)
1313 login_as :test_user 1315 login_as :test_user
  1316 + @controller.stubs(:user).returns(u)
1314 1317
1315 get :edit, :profile => c.identifier, :id => a.id 1318 get :edit, :profile => c.identifier, :id => a.id
1316 1319
test/functional/users_controller_test.rb
  Diff comments   View file @498e40b
@@ -15,6 +15,8 @@ class UsersControllerTest &lt; Test::Unit::TestCase @@ -15,6 +15,8 @@ class UsersControllerTest &lt; Test::Unit::TestCase
15 end 15 end
16 16
17 should 'not access without right permission' do 17 should 'not access without right permission' do
  18 + create_user('guest')
  19 + login_as 'guest'
18 get :index 20 get :index
19 assert_response 403 # forbidden 21 assert_response 403 # forbidden
20 end 22 end