Download as
Browse Code »

Commit 8d610ddd3702c06b9762f7830c183a009ecb19c5

Authored by Luciano Prestes
Committed by Daniela Feitosa
1 parent 301af8d7
Exists in master and in 9 other branches add_sisp_to_chef, add_super_archives_plugin, colab_automated_login, fix_categories_software_link, fix_software_communities_translations, fix_style_create_institution_admin_panel, spb_to_rails4, stable-4.2, update_search_by_categories

Fix protection of create_institution_admin 

Signed-off-by: Luciano Prestes Cavalcanti <lucianopcbr@gmail.com>
Showing 2 changed files with 27 additions and 1 deletions   Show diff stats
src/noosfero-spb/gov_user/controllers/gov_user_plugin_controller.rb
  Diff comments   View file @8d610dd
... ... @@ -5,6 +5,8 @@ class GovUserPluginController &lt; ApplicationController
5 5 :governmental_sphere, :governmental_power, :juridical_nature, :sisp
6 6 ]
7 7  
  8 + protect "create_institution_admin", :environment
  9 +
8 10 def hide_registration_incomplete_percentage
9 11 response = false
10 12  
... ...
src/noosfero-spb/gov_user/test/functional/gov_user_plugin_controller_test.rb
  Diff comments   View file @8d610dd
... ... @@ -9,7 +9,7 @@ class GovUserPluginControllerTest &lt; ActionController::TestCase
9 9 def setup
10 10 @admin = create_user("adminuser").person
11 11 @admin.stubs(:has_permission?).returns("true")
12   - @controller.stubs(:current_user).returns(@admin.user)
  12 + login_as(@admin.user_login)
13 13  
14 14 @environment = Environment.default
15 15 @environment.enabled_plugins = ['SoftwareCommunitiesPlugin']
... ... @@ -255,4 +255,28 @@ class GovUserPluginControllerTest &lt; ActionController::TestCase
255 255 assert(Institution.last.community.is_admin?(admin2) )
256 256 end
257 257  
  258 + should "admin user can access action create_institution_admin" do
  259 + login_as(@admin.user_login)
  260 +
  261 + post :create_institution_admin
  262 +
  263 + assert_response 200
  264 + end
  265 +
  266 + should "disconnected user can not access action create_institution_admin" do
  267 + logout
  268 +
  269 + post :create_institution_admin
  270 +
  271 + assert_response 403
  272 + end
  273 +
  274 + should "regular user can not access action create_institution_admin" do
  275 + disconnected_user = create_user("another_admin").person
  276 + login_as(disconnected_user.user_login)
  277 +
  278 + post :create_institution_admin
  279 +
  280 + assert_response 403
  281 + end
258 282 end
... ...