Commit dc74649b6f88e52e7f15b0561181a5c5a60fb173
1 parent
921b88f8
Exists in
staging
and in
42 other branches
ActionItem616: made private articles non reachable
made article respond to its private/public status instead of the profile so we can have private folders inside public profiles git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2397 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
3 changed files
with
83 additions
and
56 deletions
Show diff stats
app/models/article.rb
test/functional/content_viewer_controller_test.rb
| ... | ... | @@ -22,11 +22,11 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 22 | 22 | page.save! |
| 23 | 23 | assert_local_files_reference :get, :view_page, :profile => profile.identifier, :page => [ 'test' ] |
| 24 | 24 | end |
| 25 | - | |
| 25 | + | |
| 26 | 26 | def test_valid_xhtml |
| 27 | 27 | assert_valid_xhtml |
| 28 | 28 | end |
| 29 | - | |
| 29 | + | |
| 30 | 30 | def test_should_display_page |
| 31 | 31 | page = profile.articles.build(:name => 'test') |
| 32 | 32 | page.save! |
| ... | ... | @@ -69,7 +69,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 69 | 69 | Profile.delete_all |
| 70 | 70 | uses_host 'anhetegua' |
| 71 | 71 | get :view_page, :profile => 'some_unexisting_profile', :page => [] |
| 72 | - assert_response :missing | |
| 72 | + assert_response :missing | |
| 73 | 73 | end |
| 74 | 74 | |
| 75 | 75 | def test_should_be_able_to_post_comment_while_authenticated |
| ... | ... | @@ -97,7 +97,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 97 | 97 | |
| 98 | 98 | should 'produce a download-like when article is not text/html' do |
| 99 | 99 | |
| 100 | - # for example, RSS feeds | |
| 100 | + # for example, RSS feeds | |
| 101 | 101 | profile = create_user('someone').person |
| 102 | 102 | page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text') |
| 103 | 103 | page.save! |
| ... | ... | @@ -126,38 +126,36 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 126 | 126 | post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id |
| 127 | 127 | assert_response :redirect |
| 128 | 128 | end |
| 129 | - | |
| 130 | 129 | end |
| 131 | - | |
| 130 | + | |
| 132 | 131 | should "not be able to remove other people's comments if not moderator or admin" do |
| 133 | 132 | create_user('normaluser') |
| 134 | 133 | profile = create_user('testuser').person |
| 135 | 134 | article = profile.articles.build(:name => 'test') |
| 136 | 135 | article.save! |
| 137 | - | |
| 136 | + | |
| 138 | 137 | commenter = create_user('otheruser').person |
| 139 | 138 | comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala') |
| 140 | 139 | comment.save! |
| 141 | 140 | |
| 142 | 141 | login_as 'normaluser' # normaluser cannot remove other people's comments |
| 143 | - assert_no_difference Comment, :count do | |
| 142 | + assert_no_difference Comment, :count do | |
| 144 | 143 | post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id |
| 145 | 144 | assert_response :redirect |
| 146 | 145 | end |
| 147 | - | |
| 148 | 146 | end |
| 149 | 147 | |
| 150 | 148 | should 'be able to remove comments on their articles' do |
| 151 | 149 | profile = create_user('testuser').person |
| 152 | 150 | article = profile.articles.build(:name => 'test') |
| 153 | 151 | article.save! |
| 154 | - | |
| 152 | + | |
| 155 | 153 | commenter = create_user('otheruser').person |
| 156 | 154 | comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala') |
| 157 | 155 | comment.save! |
| 158 | 156 | |
| 159 | 157 | login_as 'testuser' # testuser must be able to remove comments in his articles |
| 160 | - assert_difference Comment, :count, -1 do | |
| 158 | + assert_difference Comment, :count, -1 do | |
| 161 | 159 | post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id |
| 162 | 160 | assert_response :redirect |
| 163 | 161 | end |
| ... | ... | @@ -181,7 +179,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 181 | 179 | comment = article.comments.create!(:author => commenter, :title => 'a comment', :body => 'lalala') |
| 182 | 180 | community.add_moderator(profile) |
| 183 | 181 | login_as profile.identifier |
| 184 | - assert_difference Comment, :count, -1 do | |
| 182 | + assert_difference Comment, :count, -1 do | |
| 185 | 183 | post :view_page, :profile => community.identifier, :page => [ 'test' ], :remove_comment => comment.id |
| 186 | 184 | assert_response :redirect |
| 187 | 185 | end |
| ... | ... | @@ -209,7 +207,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 209 | 207 | post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], :comment => { :title => '', :body => '' } |
| 210 | 208 | assert_tag :tag => 'div', :attributes => { :class => 'post_comment_box opened' } |
| 211 | 209 | end |
| 212 | - | |
| 210 | + | |
| 213 | 211 | should 'filter html content from body' do |
| 214 | 212 | login_as @profile.identifier |
| 215 | 213 | page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text') |
| ... | ... | @@ -345,4 +343,34 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 345 | 343 | assert_tag :tag => 'div', :attributes => { :class => /main-block/ }, :descendant => { :tag => 'a', :attributes => { :href => "/myprofile/testinguser/cms/new?parent_id=#{folder.id}" } } |
| 346 | 344 | end |
| 347 | 345 | |
| 346 | + should 'not give access to private articles if logged off' do | |
| 347 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 348 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | |
| 349 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | |
| 350 | + | |
| 351 | + assert_template 'access_denied' | |
| 352 | + end | |
| 353 | + | |
| 354 | + should 'not give access to private articles if logged in but not member' do | |
| 355 | + login_as('testinguser') | |
| 356 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 357 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | |
| 358 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | |
| 359 | + | |
| 360 | + assert_template 'access_denied' | |
| 361 | + end | |
| 362 | + | |
| 363 | + should 'give access to private articles if logged in and member' do | |
| 364 | + person = create_user('test_user').person | |
| 365 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 366 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | |
| 367 | + profile.affiliate(person, Profile::Roles.member) | |
| 368 | + login_as('test_user') | |
| 369 | + | |
| 370 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | |
| 371 | + | |
| 372 | + assert_template 'view_page' | |
| 373 | + end | |
| 374 | + | |
| 375 | + | |
| 348 | 376 | end | ... | ... |
test/unit/article_test.rb
| ... | ... | @@ -230,47 +230,6 @@ class ArticleTest < Test::Unit::TestCase |
| 230 | 230 | assert_equal true, a.display_to?(person) |
| 231 | 231 | end |
| 232 | 232 | |
| 233 | - should 'not display to other unauthenticated user if private' do | |
| 234 | - # a person with private contents ... | |
| 235 | - person = create_user('testuser').person | |
| 236 | - person.update_attributes!(:public_content => false) | |
| 237 | - | |
| 238 | - # ... has an article ... | |
| 239 | - a1 = person.articles.create!(:name => 'test article') | |
| 240 | - | |
| 241 | - # ... which anonymous users cannot view | |
| 242 | - assert_equal false, a1.display_to?(nil) | |
| 243 | - end | |
| 244 | - | |
| 245 | - should 'not display to another user if private' do | |
| 246 | - # a person with private contents ... | |
| 247 | - person = create_user('testuser').person | |
| 248 | - person.update_attributes!(:public_content => false) | |
| 249 | - | |
| 250 | - # ... has an article ... | |
| 251 | - a1 = person.articles.create!(:name => 'test article') | |
| 252 | - | |
| 253 | - # ... which another user cannot see | |
| 254 | - another_user = create_user('another_user').person | |
| 255 | - assert_equal false, a1.display_to?(another_user) | |
| 256 | - end | |
| 257 | - | |
| 258 | - should 'display for members of profile' do | |
| 259 | - # a community with private content ... | |
| 260 | - community = Community.create!(:name => 'test community') | |
| 261 | - community.update_attributes!(:public_content => false) | |
| 262 | - | |
| 263 | - # ... has an article ... | |
| 264 | - a1 = community.articles.create!(:name => 'test article') | |
| 265 | - | |
| 266 | - # ... and its members ... | |
| 267 | - member = create_user('testuser').person | |
| 268 | - community.add_member(member) | |
| 269 | - | |
| 270 | - # ... can view that article | |
| 271 | - assert_equal true, a1.display_to?(member) | |
| 272 | - end | |
| 273 | - | |
| 274 | 233 | should 'reindex when comments are changed' do |
| 275 | 234 | a = Article.new |
| 276 | 235 | a.expects(:ferret_update) |
| ... | ... | @@ -365,4 +324,44 @@ class ArticleTest < Test::Unit::TestCase |
| 365 | 324 | assert !Article.new.accept_category?(ProductCategory.new) |
| 366 | 325 | end |
| 367 | 326 | |
| 327 | + should 'accept public_article attribute' do | |
| 328 | + assert_respond_to Article.new, :public_article | |
| 329 | + assert_respond_to Article.new, :public_article= | |
| 330 | + end | |
| 331 | + | |
| 332 | + should 'say that logged off user cannot see private article' do | |
| 333 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 334 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | |
| 335 | + | |
| 336 | + assert !article.display_to?(nil) | |
| 337 | + end | |
| 338 | + | |
| 339 | + should 'say that not member of profile cannot see private article' do | |
| 340 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 341 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | |
| 342 | + person = create_user('test_user').person | |
| 343 | + | |
| 344 | + assert !article.display_to?(person) | |
| 345 | + end | |
| 346 | + | |
| 347 | + should 'say that member user can see private article' do | |
| 348 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 349 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | |
| 350 | + person = create_user('test_user').person | |
| 351 | + profile.affiliate(person, Profile::Roles.member) | |
| 352 | + | |
| 353 | + assert article.display_to?(person) | |
| 354 | + end | |
| 355 | + | |
| 356 | + should 'not show article to non member if article public but profile private' do | |
| 357 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile', :public_profile => false) | |
| 358 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => true) | |
| 359 | + person1 = create_user('test_user1').person | |
| 360 | + profile.affiliate(person1, Profile::Roles.member) | |
| 361 | + person2 = create_user('test_user2').person | |
| 362 | + | |
| 363 | + assert !article.display_to?(nil) | |
| 364 | + assert !article.display_to?(person2) | |
| 365 | + assert article.display_to?(person1) | |
| 366 | + end | |
| 368 | 367 | end | ... | ... |