Commit 5d65aadb46ba12238f405e3dffaef2b727517af5
Committed by
Antonio Terceiro
Antonio Terceiro
1 parent
1ab18c97
Exists in
master
and in
23 other branches
ActionItem968: admins and moderators can view private content
* Adding migrate with new permission to admin and moderators * not allowing members to view private content
Showing
6 changed files
with
124 additions
and
19 deletions
Show diff stats
app/models/article.rb
| @@ -197,7 +197,7 @@ class Article < ActiveRecord::Base | @@ -197,7 +197,7 @@ class Article < ActiveRecord::Base | ||
| 197 | if user.nil? | 197 | if user.nil? |
| 198 | false | 198 | false |
| 199 | else | 199 | else |
| 200 | - (user == self.profile) || user.memberships.include?(self.profile) || (profile.kind_of?(Person) && profile.friends.include?(user)) || user.has_permission?('post_content', self.profile) | 200 | + (user == self.profile) || user.has_permission?('view_private_content', self.profile) |
| 201 | end | 201 | end |
| 202 | end | 202 | end |
| 203 | end | 203 | end |
app/models/profile.rb
| @@ -25,17 +25,18 @@ class Profile < ActiveRecord::Base | @@ -25,17 +25,18 @@ class Profile < ActiveRecord::Base | ||
| 25 | end | 25 | end |
| 26 | 26 | ||
| 27 | PERMISSIONS['Profile'] = { | 27 | PERMISSIONS['Profile'] = { |
| 28 | - 'edit_profile' => N_('Edit profile'), | ||
| 29 | - 'destroy_profile' => N_('Destroy profile'), | ||
| 30 | - 'manage_memberships' => N_('Manage memberships'), | ||
| 31 | - 'post_content' => N_('Post content'), | ||
| 32 | - 'edit_profile_design' => N_('Edit profile design'), | ||
| 33 | - 'manage_products' => N_('Manage products'), | ||
| 34 | - 'manage_friends' => N_('Manage friends'), | ||
| 35 | - 'validate_enterprise' => N_('Validate enterprise'), | ||
| 36 | - 'perform_task' => N_('Perform task'), | ||
| 37 | - 'moderate_comments' => N_('Moderate comments'), | ||
| 38 | - 'edit_appearance' => N_('Edit appearance'), | 28 | + 'edit_profile' => N_('Edit profile'), |
| 29 | + 'destroy_profile' => N_('Destroy profile'), | ||
| 30 | + 'manage_memberships' => N_('Manage memberships'), | ||
| 31 | + 'post_content' => N_('Post content'), | ||
| 32 | + 'edit_profile_design' => N_('Edit profile design'), | ||
| 33 | + 'manage_products' => N_('Manage products'), | ||
| 34 | + 'manage_friends' => N_('Manage friends'), | ||
| 35 | + 'validate_enterprise' => N_('Validate enterprise'), | ||
| 36 | + 'perform_task' => N_('Perform task'), | ||
| 37 | + 'moderate_comments' => N_('Moderate comments'), | ||
| 38 | + 'edit_appearance' => N_('Edit appearance'), | ||
| 39 | + 'view_private_content' => N_('View private content'), | ||
| 39 | } | 40 | } |
| 40 | 41 | ||
| 41 | acts_as_accessible | 42 | acts_as_accessible |
| @@ -0,0 +1,21 @@ | @@ -0,0 +1,21 @@ | ||
| 1 | +class FixSomeRolesPermission < ActiveRecord::Migration | ||
| 2 | + def self.up | ||
| 3 | + admin = Profile::Roles.admin | ||
| 4 | + admin.permissions += ['view_private_content'] | ||
| 5 | + admin.save | ||
| 6 | + | ||
| 7 | + moderator = Profile::Roles.moderator | ||
| 8 | + moderator.permissions += ['view_private_content'] | ||
| 9 | + moderator.save | ||
| 10 | + end | ||
| 11 | + | ||
| 12 | + def self.down | ||
| 13 | + admin = Profile::Roles.admin | ||
| 14 | + admin.permissions -= ['view_private_content'] | ||
| 15 | + admin.save | ||
| 16 | + | ||
| 17 | + moderator = Profile::Roles.moderator | ||
| 18 | + moderator.permissions -= ['view_private_content'] | ||
| 19 | + moderator.save | ||
| 20 | + end | ||
| 21 | +end |
test/fixtures/roles.yml
| @@ -39,6 +39,8 @@ profile_admin: | @@ -39,6 +39,8 @@ profile_admin: | ||
| 39 | - moderate_comments | 39 | - moderate_comments |
| 40 | - destroy_profile | 40 | - destroy_profile |
| 41 | - perform_task | 41 | - perform_task |
| 42 | + - post_content | ||
| 43 | + - view_private_content | ||
| 42 | profile_member: | 44 | profile_member: |
| 43 | id: 6 | 45 | id: 6 |
| 44 | key: 'profile_member' | 46 | key: 'profile_member' |
| @@ -55,6 +57,7 @@ profile_moderator: | @@ -55,6 +57,7 @@ profile_moderator: | ||
| 55 | system: true | 57 | system: true |
| 56 | permissions: | 58 | permissions: |
| 57 | - moderate_comments | 59 | - moderate_comments |
| 60 | + - view_private_content | ||
| 58 | environment_administrator: | 61 | environment_administrator: |
| 59 | id: 8 | 62 | id: 8 |
| 60 | key: 'environment_administrator' | 63 | key: 'environment_administrator' |
test/functional/content_viewer_controller_test.rb
| @@ -329,6 +329,43 @@ class ContentViewerControllerTest < Test::Unit::TestCase | @@ -329,6 +329,43 @@ class ContentViewerControllerTest < Test::Unit::TestCase | ||
| 329 | assert_response :success | 329 | assert_response :success |
| 330 | end | 330 | end |
| 331 | 331 | ||
| 332 | + should 'not show private content to members' do | ||
| 333 | + community = Community.create!(:name => 'testcomm') | ||
| 334 | + Folder.create!(:name => 'test', :profile => community, :public_article => false) | ||
| 335 | + community.add_member(profile) | ||
| 336 | + | ||
| 337 | + login_as(profile.identifier) | ||
| 338 | + | ||
| 339 | + @request.stubs(:ssl?).returns(true) | ||
| 340 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | ||
| 341 | + | ||
| 342 | + assert_template 'access_denied.rhtml' | ||
| 343 | + end | ||
| 344 | + | ||
| 345 | + should 'show private content to profile moderators' do | ||
| 346 | + community = Community.create!(:name => 'testcomm') | ||
| 347 | + community.articles.create!(:name => 'test', :public_article => false) | ||
| 348 | + community.add_moderator(profile) | ||
| 349 | + | ||
| 350 | + login_as(profile.identifier) | ||
| 351 | + | ||
| 352 | + @request.stubs(:ssl?).returns(true) | ||
| 353 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | ||
| 354 | + assert_response :success | ||
| 355 | + end | ||
| 356 | + | ||
| 357 | + should 'show private content to profile admins' do | ||
| 358 | + community = Community.create!(:name => 'testcomm') | ||
| 359 | + community.articles.create!(:name => 'test', :public_article => false) | ||
| 360 | + community.add_admin(profile) | ||
| 361 | + | ||
| 362 | + login_as(profile.identifier) | ||
| 363 | + | ||
| 364 | + @request.stubs(:ssl?).returns(true) | ||
| 365 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | ||
| 366 | + assert_response :success | ||
| 367 | + end | ||
| 368 | + | ||
| 332 | should 'show message for disabled enterprises' do | 369 | should 'show message for disabled enterprises' do |
| 333 | login_as(@profile.identifier) | 370 | login_as(@profile.identifier) |
| 334 | ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false) | 371 | ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false) |
| @@ -424,7 +461,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase | @@ -424,7 +461,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase | ||
| 424 | assert_template 'access_denied.rhtml' | 461 | assert_template 'access_denied.rhtml' |
| 425 | end | 462 | end |
| 426 | 463 | ||
| 427 | - should 'give access to private articles if logged in and member' do | 464 | + should 'not give access to private articles if logged in and only member' do |
| 428 | person = create_user('test_user').person | 465 | person = create_user('test_user').person |
| 429 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | 466 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') |
| 430 | intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | 467 | intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) |
| @@ -434,6 +471,32 @@ class ContentViewerControllerTest < Test::Unit::TestCase | @@ -434,6 +471,32 @@ class ContentViewerControllerTest < Test::Unit::TestCase | ||
| 434 | @request.stubs(:ssl?).returns(true) | 471 | @request.stubs(:ssl?).returns(true) |
| 435 | get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | 472 | get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] |
| 436 | 473 | ||
| 474 | + assert_template 'access_denied.rhtml' | ||
| 475 | + end | ||
| 476 | + | ||
| 477 | + should 'give access to private articles if logged in and moderator' do | ||
| 478 | + person = create_user('test_user').person | ||
| 479 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | ||
| 480 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | ||
| 481 | + profile.affiliate(person, Profile::Roles.moderator) | ||
| 482 | + login_as('test_user') | ||
| 483 | + | ||
| 484 | + @request.stubs(:ssl?).returns(true) | ||
| 485 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | ||
| 486 | + | ||
| 487 | + assert_template 'view_page' | ||
| 488 | + end | ||
| 489 | + | ||
| 490 | + should 'give access to private articles if logged in and admin' do | ||
| 491 | + person = create_user('test_user').person | ||
| 492 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | ||
| 493 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | ||
| 494 | + profile.affiliate(person, Profile::Roles.admin) | ||
| 495 | + login_as('test_user') | ||
| 496 | + | ||
| 497 | + @request.stubs(:ssl?).returns(true) | ||
| 498 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | ||
| 499 | + | ||
| 437 | assert_template 'view_page' | 500 | assert_template 'view_page' |
| 438 | end | 501 | end |
| 439 | 502 |
test/unit/article_test.rb
| @@ -437,12 +437,30 @@ class ArticleTest < Test::Unit::TestCase | @@ -437,12 +437,30 @@ class ArticleTest < Test::Unit::TestCase | ||
| 437 | assert !article.display_to?(person) | 437 | assert !article.display_to?(person) |
| 438 | end | 438 | end |
| 439 | 439 | ||
| 440 | - should 'say that member user can see private article' do | 440 | + should 'say that member user can not see private article' do |
| 441 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | 441 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') |
| 442 | article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | 442 | article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) |
| 443 | person = create_user('test_user').person | 443 | person = create_user('test_user').person |
| 444 | profile.affiliate(person, Profile::Roles.member) | 444 | profile.affiliate(person, Profile::Roles.member) |
| 445 | 445 | ||
| 446 | + assert !article.display_to?(person) | ||
| 447 | + end | ||
| 448 | + | ||
| 449 | + should 'say that profile admin can see private article' do | ||
| 450 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | ||
| 451 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | ||
| 452 | + person = create_user('test_user').person | ||
| 453 | + profile.affiliate(person, Profile::Roles.admin) | ||
| 454 | + | ||
| 455 | + assert article.display_to?(person) | ||
| 456 | + end | ||
| 457 | + | ||
| 458 | + should 'say that profile moderator can see private article' do | ||
| 459 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | ||
| 460 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | ||
| 461 | + person = create_user('test_user').person | ||
| 462 | + profile.affiliate(person, Profile::Roles.moderator) | ||
| 463 | + | ||
| 446 | assert article.display_to?(person) | 464 | assert article.display_to?(person) |
| 447 | end | 465 | end |
| 448 | 466 | ||
| @@ -496,7 +514,7 @@ class ArticleTest < Test::Unit::TestCase | @@ -496,7 +514,7 @@ class ArticleTest < Test::Unit::TestCase | ||
| 496 | assert !article.public_article | 514 | assert !article.public_article |
| 497 | end | 515 | end |
| 498 | 516 | ||
| 499 | - should 'allow friends of private person see the article' do | 517 | + should 'not allow friends of private person see the article' do |
| 500 | person = create_user('test_user').person | 518 | person = create_user('test_user').person |
| 501 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) | 519 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) |
| 502 | friend = create_user('test_friend').person | 520 | friend = create_user('test_friend').person |
| @@ -504,16 +522,15 @@ class ArticleTest < Test::Unit::TestCase | @@ -504,16 +522,15 @@ class ArticleTest < Test::Unit::TestCase | ||
| 504 | person.save! | 522 | person.save! |
| 505 | friend.save! | 523 | friend.save! |
| 506 | 524 | ||
| 507 | - assert article.display_to?(friend) | 525 | + assert !article.display_to?(friend) |
| 508 | end | 526 | end |
| 509 | 527 | ||
| 510 | - | ||
| 511 | - should 'display articles to people who can edit them' do | 528 | + should 'display private articles to people who can view private content' do |
| 512 | person = create_user('test_user').person | 529 | person = create_user('test_user').person |
| 513 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) | 530 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) |
| 514 | 531 | ||
| 515 | admin_user = create_user('admin_user').person | 532 | admin_user = create_user('admin_user').person |
| 516 | - admin_user.stubs(:has_permission?).with('post_content', article.profile).returns('true') | 533 | + admin_user.stubs(:has_permission?).with('view_private_content', article.profile).returns('true') |
| 517 | 534 | ||
| 518 | assert article.display_to?(admin_user) | 535 | assert article.display_to?(admin_user) |
| 519 | end | 536 | end |