Merge branch 'master' into staging

Leandro Santos
2 parents 2562d9fe ee9a46b6
Showing 8 changed files with 125 additions and 1 deletions Show diff stats
app/api/entities.rb
app/api/v1/people.rb
app/models/profile.rb
plugins/organization_ratings/lib/create_organization_rating_comment.rb
plugins/organization_ratings/test/functional/organization_ratings_plugin_profile_controller_test.rb
plugins/organization_ratings/views/shared/_user_rating_container.html.erb
test/api/people_test.rb
test/unit/profile_test.rb
@@ -124,6 +124,7 @@ module Api
       expose :type
       expose :custom_header
       expose :custom_footer
+      expose :layout_template
       expose :permissions do |profile, options|
         Entities.permissions_for_entity(profile, options[:current_person],
         :allow_post_content?, :allow_edit?, :allow_destroy?)
@@ -264,6 +265,7 @@ module Api
       expose :name
       expose :id
       expose :description
+      expose :layout_template
       expose :settings, if: lambda { |instance, options| options[:is_admin] }
     end
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end
@@ -787,7 +787,7 @@ private :generate_url, :url_options
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
@@ -14,6 +14,12 @@ class CreateOrganizationRatingComment &lt; Task
     settings_items field.to_sym
   end
+  scope :with_rating, -> (user_rating){
+    CreateOrganizationRatingComment.find_each do |task|
+      return task if(task.organization_rating_id == user_rating.id)
+    end
+  }
+
   def perform
     if (self.body && !self.body.blank?)
       comment = Comment.create!(:source => self.target, :body => self.body, :author => self.requestor)
@@ -148,6 +148,39 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
     get :new_rating, profile: @community.identifier
     assert_tag :tag => 'p', :content => /Report waiting for approval/, :attributes => {:class =>/moderation-msg/}
+    assert_tag :tag => 'p', :attributes => {:class =>/comment-body/}
+  end
+
+  test "display rejected comment to env admin" do
+    post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
+
+    @admin = create_admin_user(@environment)
+    login_as @admin
+    @controller.stubs(:current_user).returns(Profile[@admin].user)
+
+    CreateOrganizationRatingComment.last.cancel
+
+    get :new_rating, profile: @community.identifier
+    assert_tag :tag => 'p', :attributes => {:class =>/comment-body/}, :content => /rejected comment/
+  end
+
+  test "not display rejected comment to regular user" do
+    p1 = create_user('regularUser').person
+    @community.add_member p1
+    login_as(p1.identifier)
+    @controller.stubs(:logged_in?).returns(true)
+    @controller.stubs(:current_user).returns(p1.user)
+
+    post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
+    CreateOrganizationRatingComment.last.cancel
+    get :new_rating, profile: @community.identifier
+    assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/}
+  end
+
+  test "not display rejected comment to community admin" do
+    post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
+    CreateOrganizationRatingComment.last.cancel
+    get :new_rating, profile: @community.identifier
     assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/}
   end
@@ -29,6 +29,9 @@
       <%= status_message_for(user, user_rate) %>
       <% if user_rate.comment.present? %>
         <p class="comment-body"> <%= user_rate.comment.body %> </p>
+      <% elsif user && user.is_admin? %>
+        <% rating_task = CreateOrganizationRatingComment.with_rating(user_rate) %>
+        <p class="comment-body"> <%= rating_task.body %> </p>
       <% end %>
     </div>
     <%= @plugins.dispatch(:organization_ratings_plugin_container_extra_fields, user_rate).collect { |content| instance_exec(&content) }.join("") %>
@@ -398,4 +398,62 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_not_nil person.image
     assert_equal person.image.filename, base64_image[:filename]
   end
+
+  should 'add logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], false
+    assert person.is_member_of?(profile)
+  end
+
+  should 'create task when add logged person as member of a moderated profile' do
+    login_api
+    profile = fast_create(Community, public_profile: false)
+    profile.add_member(create_user.person)
+    profile.closed = true
+    profile.save!
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], true
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'remove logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    profile.add_member(person)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.identifier, json['person']['identifier']
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'forbid access to add members for non logged user' do
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid access to remove members for non logged user' do
+    profile = fast_create(Community)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile does not allow' do
+    login_api
+    profile = fast_create(Person)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile is secret' do
+    login_api
+    profile = fast_create(Community, secret: true)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert !person.is_member_of?(profile)
+    assert_equal 403, last_response.status
+  end
 end
@@ -2224,4 +2224,12 @@ class ProfileTest &lt; ActiveSupport::TestCase
       assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
     end
   end
+
+  should 'not allow to add members in secret profiles' do
+    c = fast_create(Community, secret: true)
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_member(p)
+    end
+  end
 end
	@@ -119,6 +119,20 @@ module Api		@@ -119,6 +119,20 @@ module Api
119	members = select_filtered_collection_of(profile, 'members', params)	119	members = select_filtered_collection_of(profile, 'members', params)
120	present members, :with => Entities::Person, :current_person => current_person	120	present members, :with => Entities::Person, :current_person => current_person
121	end	121	end
		122	+
		123	+ post do
		124	+ authenticate!
		125	+ profile = environment.profiles.find_by id: params[:profile_id]
		126	+ profile.add_member(current_person) rescue forbidden!
		127	+ {pending: !current_person.is_member_of?(profile)}
		128	+ end
		129	+
		130	+ delete do
		131	+ authenticate!
		132	+ profile = environment.profiles.find_by id: params[:profile_id]
		133	+ profile.remove_member(current_person)
		134	+ present current_person, :with => Entities::Person, :current_person => current_person
		135	+ end
122	end	136	end
123	end	137	end
124	end	138	end
	@@ -787,7 +787,7 @@ private :generate_url, :url_options		@@ -787,7 +787,7 @@ private :generate_url, :url_options
787		787
788	# Adds a person as member of this Profile.	788	# Adds a person as member of this Profile.
789	def add_member(person, attributes={})	789	def add_member(person, attributes={})
790	- if self.has_members?	790	+ if self.has_members? && !self.secret
791	if self.closed? && members.count > 0	791	if self.closed? && members.count > 0
792	AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)	792	AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
793	else	793	else
	@@ -14,6 +14,12 @@ class CreateOrganizationRatingComment < Task		@@ -14,6 +14,12 @@ class CreateOrganizationRatingComment < Task
14	settings_items field.to_sym	14	settings_items field.to_sym
15	end	15	end
16		16
		17	+ scope :with_rating, -> (user_rating){
		18	+ CreateOrganizationRatingComment.find_each do \|task\|
		19	+ return task if(task.organization_rating_id == user_rating.id)
		20	+ end
		21	+ }
		22	+
17	def perform	23	def perform
18	if (self.body && !self.body.blank?)	24	if (self.body && !self.body.blank?)
19	comment = Comment.create!(:source => self.target, :body => self.body, :author => self.requestor)	25	comment = Comment.create!(:source => self.target, :body => self.body, :author => self.requestor)
	@@ -148,6 +148,39 @@ class OrganizationRatingsPluginProfileControllerTest < ActionController::TestCas		@@ -148,6 +148,39 @@ class OrganizationRatingsPluginProfileControllerTest < ActionController::TestCas
148		148
149	get :new_rating, profile: @community.identifier	149	get :new_rating, profile: @community.identifier
150	assert_tag :tag => 'p', :content => /Report waiting for approval/, :attributes => {:class =>/moderation-msg/}	150	assert_tag :tag => 'p', :content => /Report waiting for approval/, :attributes => {:class =>/moderation-msg/}
		151	+ assert_tag :tag => 'p', :attributes => {:class =>/comment-body/}
		152	+ end
		153	+
		154	+ test "display rejected comment to env admin" do
		155	+ post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
		156	+
		157	+ @admin = create_admin_user(@environment)
		158	+ login_as @admin
		159	+ @controller.stubs(:current_user).returns(Profile[@admin].user)
		160	+
		161	+ CreateOrganizationRatingComment.last.cancel
		162	+
		163	+ get :new_rating, profile: @community.identifier
		164	+ assert_tag :tag => 'p', :attributes => {:class =>/comment-body/}, :content => /rejected comment/
		165	+ end
		166	+
		167	+ test "not display rejected comment to regular user" do
		168	+ p1 = create_user('regularUser').person
		169	+ @community.add_member p1
		170	+ login_as(p1.identifier)
		171	+ @controller.stubs(:logged_in?).returns(true)
		172	+ @controller.stubs(:current_user).returns(p1.user)
		173	+
		174	+ post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
		175	+ CreateOrganizationRatingComment.last.cancel
		176	+ get :new_rating, profile: @community.identifier
		177	+ assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/}
		178	+ end
		179	+
		180	+ test "not display rejected comment to community admin" do
		181	+ post :new_rating, profile: @community.identifier, :comments => {:body => "rejected comment"}, :organization_rating_value => 3
		182	+ CreateOrganizationRatingComment.last.cancel
		183	+ get :new_rating, profile: @community.identifier
151	assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/}	184	assert_no_tag :tag => 'p', :attributes => {:class =>/comment-body/}
152	end	185	end
153		186
	@@ -398,4 +398,62 @@ class PeopleTest < ActiveSupport::TestCase		@@ -398,4 +398,62 @@ class PeopleTest < ActiveSupport::TestCase
398	assert_not_nil person.image	398	assert_not_nil person.image
399	assert_equal person.image.filename, base64_image[:filename]	399	assert_equal person.image.filename, base64_image[:filename]
400	end	400	end
		401	+
		402	+ should 'add logged person as member of a profile' do
		403	+ login_api
		404	+ profile = fast_create(Community)
		405	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		406	+ json = JSON.parse(last_response.body)
		407	+ assert_equal json['pending'], false
		408	+ assert person.is_member_of?(profile)
		409	+ end
		410	+
		411	+ should 'create task when add logged person as member of a moderated profile' do
		412	+ login_api
		413	+ profile = fast_create(Community, public_profile: false)
		414	+ profile.add_member(create_user.person)
		415	+ profile.closed = true
		416	+ profile.save!
		417	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		418	+ json = JSON.parse(last_response.body)
		419	+ assert_equal json['pending'], true
		420	+ assert !person.is_member_of?(profile)
		421	+ end
		422	+
		423	+ should 'remove logged person as member of a profile' do
		424	+ login_api
		425	+ profile = fast_create(Community)
		426	+ profile.add_member(person)
		427	+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		428	+ json = JSON.parse(last_response.body)
		429	+ assert_equal person.identifier, json['person']['identifier']
		430	+ assert !person.is_member_of?(profile)
		431	+ end
		432	+
		433	+ should 'forbid access to add members for non logged user' do
		434	+ profile = fast_create(Community)
		435	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		436	+ assert_equal 401, last_response.status
		437	+ end
		438	+
		439	+ should 'forbid access to remove members for non logged user' do
		440	+ profile = fast_create(Community)
		441	+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		442	+ assert_equal 401, last_response.status
		443	+ end
		444	+
		445	+ should 'forbid to add person as member when the profile does not allow' do
		446	+ login_api
		447	+ profile = fast_create(Person)
		448	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		449	+ assert_equal 403, last_response.status
		450	+ end
		451	+
		452	+ should 'forbid to add person as member when the profile is secret' do
		453	+ login_api
		454	+ profile = fast_create(Community, secret: true)
		455	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		456	+ assert !person.is_member_of?(profile)
		457	+ assert_equal 403, last_response.status
		458	+ end
401	end	459	end
	@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase		@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase
2224	assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)	2224	assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
2225	end	2225	end
2226	end	2226	end
		2227	+
		2228	+ should 'not allow to add members in secret profiles' do
		2229	+ c = fast_create(Community, secret: true)
		2230	+ p = create_user('mytestuser').person
		2231	+ assert_raise RuntimeError do
		2232	+ c.add_member(p)
		2233	+ end
		2234	+ end
2227	end	2235	end