Commit f834320de22159de30ad51c4b0f18b454913076e
Exists in
staging
and in
1 other branch
Merge branch 'master' into staging
Showing
8 changed files
with
125 additions
and
1 deletions
Show diff stats
app/api/entities.rb
| ... | ... | @@ -124,6 +124,7 @@ module Api |
| 124 | 124 | expose :type |
| 125 | 125 | expose :custom_header |
| 126 | 126 | expose :custom_footer |
| 127 | + expose :layout_template | |
| 127 | 128 | expose :permissions do |profile, options| |
| 128 | 129 | Entities.permissions_for_entity(profile, options[:current_person], |
| 129 | 130 | :allow_post_content?, :allow_edit?, :allow_destroy?) |
| ... | ... | @@ -264,6 +265,7 @@ module Api |
| 264 | 265 | expose :name |
| 265 | 266 | expose :id |
| 266 | 267 | expose :description |
| 268 | + expose :layout_template | |
| 267 | 269 | expose :settings, if: lambda { |instance, options| options[:is_admin] } |
| 268 | 270 | end |
| 269 | 271 | ... | ... |
app/api/v1/people.rb
| ... | ... | @@ -119,6 +119,20 @@ module Api |
| 119 | 119 | members = select_filtered_collection_of(profile, 'members', params) |
| 120 | 120 | present members, :with => Entities::Person, :current_person => current_person |
| 121 | 121 | end |
| 122 | + | |
| 123 | + post do | |
| 124 | + authenticate! | |
| 125 | + profile = environment.profiles.find_by id: params[:profile_id] | |
| 126 | + profile.add_member(current_person) rescue forbidden! | |
| 127 | + {pending: !current_person.is_member_of?(profile)} | |
| 128 | + end | |
| 129 | + | |
| 130 | + delete do | |
| 131 | + authenticate! | |
| 132 | + profile = environment.profiles.find_by id: params[:profile_id] | |
| 133 | + profile.remove_member(current_person) | |
| 134 | + present current_person, :with => Entities::Person, :current_person => current_person | |
| 135 | + end | |
| 122 | 136 | end |
| 123 | 137 | end |
| 124 | 138 | end | ... | ... |
app/models/profile.rb
| ... | ... | @@ -787,7 +787,7 @@ private :generate_url, :url_options |
| 787 | 787 | |
| 788 | 788 | # Adds a person as member of this Profile. |
| 789 | 789 | def add_member(person, attributes={}) |
| 790 | - if self.has_members? | |
| 790 | + if self.has_members? && !self.secret | |
| 791 | 791 | if self.closed? && members.count > 0 |
| 792 | 792 | AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person) |
| 793 | 793 | else | ... | ... |
plugins/organization_ratings/lib/create_organization_rating_comment.rb
| ... | ... | @@ -14,6 +14,12 @@ class CreateOrganizationRatingComment < Task |
| 14 | 14 | settings_items field.to_sym |
| 15 | 15 | end |
| 16 | 16 | |
| 17 | + scope :with_rating, -> (user_rating){ | |
| 18 | + CreateOrganizationRatingComment.find_each do |task| | |
| 19 | + return task if(task.organization_rating_id == user_rating.id) | |
| 20 | + end | |
| 21 | + } | |
| 22 | + | |
| 17 | 23 | def perform |
| 18 | 24 | if (self.body && !self.body.blank?) |
| 19 | 25 | comment = Comment.create!(:source => self.target, :body => self.body, :author => self.requestor) | ... | ... |
plugins/organization_ratings/test/functional/organization_ratings_plugin_profile_controller_test.rb
| ... | ... | @@ -148,6 +148,39 @@ class OrganizationRatingsPluginProfileControllerTest < ActionController::TestCas |
| 148 | 148 | |
| 149 | 149 | get :new_rating, profile: @community.identifier |
| 150 | 150 | assert_tag :tag => 'p', :content => /Report waiting for approval/, :attributes => {:class =>/moderation-msg/} |
| 151 | + assert_tag :tag => 'p', :attributes => {:class =>/comment-body/} | |
| 152 | + end | |
| 153 | + | |
| 154 | + test "display rejected comment to env admin" do | |
| 155 | + post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3 | |
| 156 | + | |
| 157 | + @admin = create_admin_user(@environment) | |
| 158 | + login_as @admin | |
| 159 | + @controller.stubs(:current_user).returns(Profile[@admin].user) | |
| 160 | + | |
| 161 | + CreateOrganizationRatingComment.last.cancel | |
| 162 | + | |
| 163 | + get :new_rating, profile: @community.identifier | |
| 164 | + assert_tag :tag => 'p', :attributes => {:class =>/comment-body/}, :content => /rejected comment/ | |
| 165 | + end | |
| 166 | + | |
| 167 | + test "not display rejected comment to regular user" do | |
| 168 | + p1 = create_user('regularUser').person | |
| 169 | + @community.add_member p1 | |
| 170 | + login_as(p1.identifier) | |
| 171 | + @controller.stubs(:logged_in?).returns(true) | |
| 172 | + @controller.stubs(:current_user).returns(p1.user) | |
| 173 | + | |
| 174 | + post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3 | |
| 175 | + CreateOrganizationRatingComment.last.cancel | |
| 176 | + get :new_rating, profile: @community.identifier | |
| 177 | + assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/} | |
| 178 | + end | |
| 179 | + | |
| 180 | + test "not display rejected comment to community admin" do | |
| 181 | + post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3 | |
| 182 | + CreateOrganizationRatingComment.last.cancel | |
| 183 | + get :new_rating, profile: @community.identifier | |
| 151 | 184 | assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/} |
| 152 | 185 | end |
| 153 | 186 | ... | ... |
plugins/organization_ratings/views/shared/_user_rating_container.html.erb
| ... | ... | @@ -29,6 +29,9 @@ |
| 29 | 29 | <%= status_message_for(user, user_rate) %> |
| 30 | 30 | <% if user_rate.comment.present? %> |
| 31 | 31 | <p class="comment-body"> <%= user_rate.comment.body %> </p> |
| 32 | + <% elsif user && user.is_admin? %> | |
| 33 | + <% rating_task = CreateOrganizationRatingComment.with_rating(user_rate) %> | |
| 34 | + <p class="comment-body"> <%= rating_task.body %> </p> | |
| 32 | 35 | <% end %> |
| 33 | 36 | </div> |
| 34 | 37 | <%= @plugins.dispatch(:organization_ratings_plugin_container_extra_fields, user_rate).collect { |content| instance_exec(&content) }.join("") %> | ... | ... |
test/api/people_test.rb
| ... | ... | @@ -398,4 +398,62 @@ class PeopleTest < ActiveSupport::TestCase |
| 398 | 398 | assert_not_nil person.image |
| 399 | 399 | assert_equal person.image.filename, base64_image[:filename] |
| 400 | 400 | end |
| 401 | + | |
| 402 | + should 'add logged person as member of a profile' do | |
| 403 | + login_api | |
| 404 | + profile = fast_create(Community) | |
| 405 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
| 406 | + json = JSON.parse(last_response.body) | |
| 407 | + assert_equal json['pending'], false | |
| 408 | + assert person.is_member_of?(profile) | |
| 409 | + end | |
| 410 | + | |
| 411 | + should 'create task when add logged person as member of a moderated profile' do | |
| 412 | + login_api | |
| 413 | + profile = fast_create(Community, public_profile: false) | |
| 414 | + profile.add_member(create_user.person) | |
| 415 | + profile.closed = true | |
| 416 | + profile.save! | |
| 417 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
| 418 | + json = JSON.parse(last_response.body) | |
| 419 | + assert_equal json['pending'], true | |
| 420 | + assert !person.is_member_of?(profile) | |
| 421 | + end | |
| 422 | + | |
| 423 | + should 'remove logged person as member of a profile' do | |
| 424 | + login_api | |
| 425 | + profile = fast_create(Community) | |
| 426 | + profile.add_member(person) | |
| 427 | + delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
| 428 | + json = JSON.parse(last_response.body) | |
| 429 | + assert_equal person.identifier, json['person']['identifier'] | |
| 430 | + assert !person.is_member_of?(profile) | |
| 431 | + end | |
| 432 | + | |
| 433 | + should 'forbid access to add members for non logged user' do | |
| 434 | + profile = fast_create(Community) | |
| 435 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
| 436 | + assert_equal 401, last_response.status | |
| 437 | + end | |
| 438 | + | |
| 439 | + should 'forbid access to remove members for non logged user' do | |
| 440 | + profile = fast_create(Community) | |
| 441 | + delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
| 442 | + assert_equal 401, last_response.status | |
| 443 | + end | |
| 444 | + | |
| 445 | + should 'forbid to add person as member when the profile does not allow' do | |
| 446 | + login_api | |
| 447 | + profile = fast_create(Person) | |
| 448 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
| 449 | + assert_equal 403, last_response.status | |
| 450 | + end | |
| 451 | + | |
| 452 | + should 'forbid to add person as member when the profile is secret' do | |
| 453 | + login_api | |
| 454 | + profile = fast_create(Community, secret: true) | |
| 455 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
| 456 | + assert !person.is_member_of?(profile) | |
| 457 | + assert_equal 403, last_response.status | |
| 458 | + end | |
| 401 | 459 | end | ... | ... |
test/unit/profile_test.rb
| ... | ... | @@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase |
| 2224 | 2224 | assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil) |
| 2225 | 2225 | end |
| 2226 | 2226 | end |
| 2227 | + | |
| 2228 | + should 'not allow to add members in secret profiles' do | |
| 2229 | + c = fast_create(Community, secret: true) | |
| 2230 | + p = create_user('mytestuser').person | |
| 2231 | + assert_raise RuntimeError do | |
| 2232 | + c.add_member(p) | |
| 2233 | + end | |
| 2234 | + end | |
| 2227 | 2235 | end | ... | ... |