Commit f25e4c1b48c0d3309442fa80eb0a0a7801ed53f0
Exists in
staging
and in
42 other branches
Merge remote-tracking branch 'origin/master'
Showing
4 changed files
with
119 additions
and
9 deletions
Show diff stats
app/models/article.rb
| ... | ... | @@ -487,15 +487,16 @@ class Article < ActiveRecord::Base |
| 487 | 487 | scope :more_recent, :order => "created_at DESC" |
| 488 | 488 | |
| 489 | 489 | scope :display_filter, lambda {|user, profile| |
| 490 | - user.nil? ? | |
| 491 | - {:conditions => ['articles.published = ?', true]} : | |
| 492 | - {:conditions => [" articles.published = ? OR | |
| 493 | - articles.last_changed_by_id = ? OR | |
| 494 | - articles.profile_id = ? OR | |
| 495 | - ? OR articles.show_to_followers = ? AND ? ", | |
| 496 | - true, user.id, user.id, user.has_permission?(:view_private_content, profile), | |
| 497 | - true, user.follows?(profile)] | |
| 498 | - } | |
| 490 | + return published if (user.nil? && profile && profile.public?) | |
| 491 | + return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile)) | |
| 492 | + where( | |
| 493 | + [ | |
| 494 | + "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ? | |
| 495 | + OR (show_to_followers = ? AND ?)", true, user.id, user.id, | |
| 496 | + profile.nil? ? false : user.has_permission?(:view_private_content, profile), | |
| 497 | + true, user.follows?(profile) | |
| 498 | + ] | |
| 499 | + ) | |
| 499 | 500 | } |
| 500 | 501 | |
| 501 | 502 | ... | ... |
app/models/person.rb
test/unit/article_test.rb
| ... | ... | @@ -2018,4 +2018,107 @@ class ArticleTest < ActiveSupport::TestCase |
| 2018 | 2018 | assert_equal [a], Article.display_filter(user, p) |
| 2019 | 2019 | end |
| 2020 | 2020 | |
| 2021 | + should 'display_filter do not show person private content to non friends passing nil as profile parameter' do | |
| 2022 | + user = create_user('someuser').person | |
| 2023 | + p = fast_create(Person) | |
| 2024 | + assert !p.is_a_friend?(user) | |
| 2025 | + assert !user.is_admin? | |
| 2026 | + Article.delete_all | |
| 2027 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2028 | + assert_equal [], Article.display_filter(user, nil) | |
| 2029 | + end | |
| 2030 | + | |
| 2031 | + should 'display_filter do not show community private content to non members passing nil as profile parameter' do | |
| 2032 | + user = create_user('someuser').person | |
| 2033 | + p = fast_create(Community) | |
| 2034 | + assert !user.is_member_of?(p) | |
| 2035 | + Article.delete_all | |
| 2036 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2037 | + assert_equal [], Article.display_filter(user, nil) | |
| 2038 | + end | |
| 2039 | + | |
| 2040 | + should 'display_filter show community public content of private community for user members' do | |
| 2041 | + user = create_user('someuser').person | |
| 2042 | + p = fast_create(Community, :public_profile => false) | |
| 2043 | + p.add_member(user) | |
| 2044 | + assert user.is_member_of?(p) | |
| 2045 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2046 | + Article.delete_all | |
| 2047 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2048 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2049 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2050 | + assert_equal [a], Article.display_filter(user, p) | |
| 2051 | + end | |
| 2052 | + | |
| 2053 | + should 'display_filter not show public content of private community for non members' do | |
| 2054 | + user = create_user('someuser').person | |
| 2055 | + p = fast_create(Community, :public_profile => false) | |
| 2056 | + assert !user.is_member_of?(p) | |
| 2057 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2058 | + Article.delete_all | |
| 2059 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2060 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2061 | + assert_equal [], Article.display_filter(user, p) | |
| 2062 | + end | |
| 2063 | + | |
| 2064 | + should 'display_filter not show public content of private community for non members when user is nil' do | |
| 2065 | + p = fast_create(Community, :public_profile => false) | |
| 2066 | + Article.delete_all | |
| 2067 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2068 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2069 | + assert_equal [], Article.display_filter(nil, p) | |
| 2070 | + end | |
| 2071 | + | |
| 2072 | + should 'display_filter show public content for non members when profile is nil' do | |
| 2073 | + user = create_user('someuser').person | |
| 2074 | + p = fast_create(Community, :public_profile => true) | |
| 2075 | + Article.delete_all | |
| 2076 | + a1 = fast_create(Article, :published => true, :profile_id => user.id) | |
| 2077 | + a2 = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2078 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2079 | + assert_equivalent [a1,a2], Article.display_filter(user, nil) | |
| 2080 | + end | |
| 2081 | + | |
| 2082 | + should 'display_filter show person public content of private person profile for user friends' do | |
| 2083 | + user = create_user('someuser').person | |
| 2084 | + p = fast_create(Person, :public_profile => false) | |
| 2085 | + p.add_friend(user) | |
| 2086 | + assert p.is_a_friend?(user) | |
| 2087 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2088 | + Article.delete_all | |
| 2089 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2090 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2091 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2092 | + assert_equal [a], Article.display_filter(user, p) | |
| 2093 | + end | |
| 2094 | + | |
| 2095 | + should 'display_filter not show public content of private person for non friends' do | |
| 2096 | + user = create_user('someuser').person | |
| 2097 | + p = fast_create(Person, :public_profile => false) | |
| 2098 | + assert !user.is_a_friend?(p) | |
| 2099 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2100 | + Article.delete_all | |
| 2101 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2102 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2103 | + assert_equal [], Article.display_filter(user, p) | |
| 2104 | + end | |
| 2105 | + | |
| 2106 | + should 'display_filter not show public content of private person for non friends when user is nil' do | |
| 2107 | + p = fast_create(Person, :public_profile => false) | |
| 2108 | + Article.delete_all | |
| 2109 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2110 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2111 | + assert_equal [], Article.display_filter(nil, p) | |
| 2112 | + end | |
| 2113 | + | |
| 2114 | + should 'display_filter show public content for non friends when profile is nil' do | |
| 2115 | + user = create_user('someuser').person | |
| 2116 | + p = fast_create(Person, :public_profile => true) | |
| 2117 | + Article.delete_all | |
| 2118 | + a1 = fast_create(Article, :published => true, :profile_id => user.id) | |
| 2119 | + a2 = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2120 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2121 | + assert_equivalent [a1,a2], Article.display_filter(user, nil) | |
| 2122 | + end | |
| 2123 | + | |
| 2021 | 2124 | end | ... | ... |
test/unit/person_test.rb
| ... | ... | @@ -1631,4 +1631,9 @@ class PersonTest < ActiveSupport::TestCase |
| 1631 | 1631 | assert person.can_change_homepage? |
| 1632 | 1632 | end |
| 1633 | 1633 | |
| 1634 | + should 'follow? return false when no profile is passed as parameter' do | |
| 1635 | + person = Person.new | |
| 1636 | + assert_equal false, person.follows?(nil) | |
| 1637 | + end | |
| 1638 | + | |
| 1634 | 1639 | end | ... | ... |