From dc4912dfaf4d51d47ddc88967f5b6965b5221b5f Mon Sep 17 00:00:00 2001 From: Marcos Ronaldo Date: Mon, 16 Nov 2015 19:57:06 -0200 Subject: [PATCH] Only admin can edit if software is public --- src/noosfero-spb/software_communities/controllers/software_communities_plugin_myprofile_controller.rb | 37 ++++++++++++++++++++++++------------- src/noosfero-spb/software_communities/test/functional/software_communities_plugin_myprofile_controller_test.rb | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------- src/noosfero-spb/software_communities/views/software_communities_plugin_myprofile/_public_software_info.html.erb | 29 ++++++++++++----------------- 3 files changed, 104 insertions(+), 41 deletions(-) diff --git a/src/noosfero-spb/software_communities/controllers/software_communities_plugin_myprofile_controller.rb b/src/noosfero-spb/software_communities/controllers/software_communities_plugin_myprofile_controller.rb index 256539a..582d788 100644 --- a/src/noosfero-spb/software_communities/controllers/software_communities_plugin_myprofile_controller.rb +++ b/src/noosfero-spb/software_communities/controllers/software_communities_plugin_myprofile_controller.rb @@ -33,7 +33,8 @@ class SoftwareCommunitiesPluginMyprofileController < MyProfileController software_info_insert_models.call(@list_operating_systems, 'operating_systems') begin - @software_info.save! + raise NotAdminException unless can_change_public_software? + @software_info.update_attributes!(params[:software]) @community = @software_info.community @community.update_attributes!(params[:community]) @@ -44,18 +45,29 @@ class SoftwareCommunitiesPluginMyprofileController < MyProfileController redirect_to :controller => 'profile_editor', :action => 'index' session[:notice] = _('Software updated successfully') end - rescue ActiveRecord::RecordInvalid => invalid + rescue NotAdminException, ActiveRecord::RecordInvalid => invalid update_new_software_errors session[:notice] = _('Could not update software') end end - def disabled_public_software_field - !environment.admins.include?(current_user.person) - end - private + def can_change_public_software? + if !user.is_admin?(environment) + if params[:software][:public_software] + @software_info.errors.add(:public_software, _("You don't have permission to change public software status")) + return false + end + + if params[:software].keys.any?{|key| ["e_ping","e_mag","icp_brasil","e_arq","intern"].include?(key)} + @software_info.errors.add(:base, _("You don't have permission to change public software attributes")) + return false + end + end + return true + end + def add_software_erros @errors = [] @errors |= @community.errors.full_messages if @community @@ -81,14 +93,12 @@ class SoftwareCommunitiesPluginMyprofileController < MyProfileController def constroy_software @software_info = @profile.software_info - params[:software][:public_software] ||= false unless @software_info.public_software? - @license = LicenseInfo.find(params[:license][:license_infos_id]) - @software_info.license_info = @license - @software_info.update_attributes(params[:software]) - another_license_version = nil another_license_link = nil if params[:license] + @license = LicenseInfo.find(params[:license][:license_infos_id]) + @software_info.license_info = @license + another_license_version = params[:license][:version] another_license_link = params[:license][:link] end @@ -143,7 +153,7 @@ class SoftwareCommunitiesPluginMyprofileController < MyProfileController @list_databases = @software_info.software_databases @list_languages = @software_info.software_languages @list_operating_systems = @software_info.operating_systems - @disabled_public_software_field = disabled_public_software_field + @non_admin_status = 'disabled' unless user.is_admin?(environment) @license_version = @software_info.license_info.version @license_id = @software_info.license_info.id @@ -184,7 +194,6 @@ class SoftwareCommunitiesPluginMyprofileController < MyProfileController add_software_erros end - @error_community_name = @community.errors.include?(:name) ? "highlight-error" : "" if @community @error_software_acronym = @software_info.errors.include?(:acronym) ? "highlight-error" : "" if @software_info @error_software_domain = @community.errors.include?(:identifier) ? "highlight-error" : "" if @community @@ -192,3 +201,5 @@ class SoftwareCommunitiesPluginMyprofileController < MyProfileController @error_software_license = @license_info.errors.include?(:version) ? "highlight-error" : "" if @license_info end end + +class NotAdminException < Exception; end diff --git a/src/noosfero-spb/software_communities/test/functional/software_communities_plugin_myprofile_controller_test.rb b/src/noosfero-spb/software_communities/test/functional/software_communities_plugin_myprofile_controller_test.rb index bb72b8a..6c8a70a 100644 --- a/src/noosfero-spb/software_communities/test/functional/software_communities_plugin_myprofile_controller_test.rb +++ b/src/noosfero-spb/software_communities/test/functional/software_communities_plugin_myprofile_controller_test.rb @@ -1,8 +1,7 @@ -require File.dirname(__FILE__) + '/../../../../test/test_helper' -require File.dirname(__FILE__) + '/../helpers/software_test_helper' -require( - File.dirname(__FILE__) + - '/../../controllers/software_communities_plugin_myprofile_controller' +require 'test_helper' +require_relative '../helpers/software_test_helper' +require_relative( + '../../controllers/software_communities_plugin_myprofile_controller' ) class SoftwareCommunitiesPluginMyprofileController; def rescue_action(e) raise e end; @@ -93,7 +92,11 @@ class SoftwareCommunitiesPluginMyprofileControllerTest < ActionController::TestC assert_equal SoftwareInfo.last.acronym, "test" end - should 'upgrade a generic software to a public software' do + should 'only admin upgrade a generic software to a public software' do + admin_person = create_user('admin').person + @environment.add_admin(admin_person) + + login_as(admin_person.user_login) fields_software = software_fields fields = software_edit_specific_fields @@ -103,15 +106,69 @@ class SoftwareCommunitiesPluginMyprofileControllerTest < ActionController::TestC post( :edit_software, :profile => software.community.identifier, - :library => fields[0], - :language => fields[1], - :database => fields[2], :operating_system => fields[3], :software => fields[4], - :license => fields[5] ) - assert_equal true, SoftwareInfo.last.public_software? + assert SoftwareInfo.last.public_software? + end + + should 'not upgrade a generic software to a public software if user is not an admin' do + fields_software = software_fields + fields = software_edit_specific_fields + + fields[4]['public_software'] = true + software = create_software fields_software + + post( + :edit_software, + :profile => software.community.identifier, + :software => fields[4] + ) + + refute SoftwareInfo.last.public_software? + end + + ["e_ping","e_mag","icp_brasil","e_arq","intern"].map do |attr| + define_method "test_should_#{attr}_not_be_changed_by_not_admin" do + fields_software = software_fields + fields = software_edit_specific_fields + + fields[4][attr]=true + + software = create_software fields_software + + post( + :edit_software, + :profile => software.community.identifier, + :software => fields[4] + ) + + refute SoftwareInfo.last.send(attr) + end + end + + ["e_ping","e_mag","icp_brasil","e_arq","intern"].map do |attr| + define_method "test_should_#{attr}_be_changed_by_admin" do + admin_person = create_user('admin').person + @environment.add_admin(admin_person) + login_as(admin_person.user_login) + + fields_software = software_fields + fields = software_edit_specific_fields + + fields[4][attr]=true + + software = create_software fields_software + + post( + :edit_software, + :profile => software.community.identifier, + :software => fields[4] + ) + + assert SoftwareInfo.last.send(attr) + end end should "create software_info with existing license_info" do diff --git a/src/noosfero-spb/software_communities/views/software_communities_plugin_myprofile/_public_software_info.html.erb b/src/noosfero-spb/software_communities/views/software_communities_plugin_myprofile/_public_software_info.html.erb index 1f3466c..86f218d 100644 --- a/src/noosfero-spb/software_communities/views/software_communities_plugin_myprofile/_public_software_info.html.erb +++ b/src/noosfero-spb/software_communities/views/software_communities_plugin_myprofile/_public_software_info.html.erb @@ -1,56 +1,51 @@
- <% if @disabled_public_software_field == true %> - <%= check_box_tag("software[public_software]", "true", @software_info.public_software?, :disabled => "disabled") %> - <%= label_tag _("Public Software"), _("Public software"), :class => "public_software_disabled" %> - <% else %> - <%= check_box_tag("software[public_software]", "true", @software_info.public_software?) %> - <%= label_tag _("Public Software"), _("Public software"), :class => "public_software_enabled" %> - <% end %> + <%= check_box_tag("software[public_software]", "true", @software_info.public_software?, :disabled => @non_admin_status) %> + <%= label_tag _("Public Software"), _("Public software") %>

<%= _("Public Software") %>

<%= label_tag _("Adherent to e-PING ?") %> <%= label_tag "e_ping_true", "Yes" %> - <%= radio_button_tag("software[e_ping]", true, @software_info.e_ping)%> + <%= radio_button_tag("software[e_ping]", true, @software_info.e_ping, :disabled => @non_admin_status) %> <%= label_tag "e_ping_false", "No"%> - <%= radio_button_tag("software[e_ping]", false, !@software_info.e_ping)%> + <%= radio_button_tag("software[e_ping]", false, !@software_info.e_ping, :disabled => @non_admin_status) %>
<%= label_tag _("Adherent to e-MAG ?") %> <%= label_tag "e_mag_true", "Yes"%> - <%= radio_button_tag("software[e_mag]", true, @software_info.e_mag)%> + <%= radio_button_tag("software[e_mag]", true, @software_info.e_mag, :disabled => @non_admin_status) %> <%= label_tag "e_mag_false", "No"%> - <%= radio_button_tag("software[e_mag]", false, !@software_info.e_mag)%> + <%= radio_button_tag("software[e_mag]", false, !@software_info.e_mag, :disabled => @non_admin_status) %>
<%= label_tag _("Adherent to ICP-Brasil ?") %> <%= label_tag "icp_brasil_true", "Yes"%> - <%= radio_button_tag("software[icp_brasil]", true, @software_info.icp_brasil)%> + <%= radio_button_tag("software[icp_brasil]", true, @software_info.icp_brasil, :disabled => @non_admin_status) %> <%= label_tag "icp_brasil_false", "No"%> - <%= radio_button_tag("software[icp_brasil]", false, !@software_info.icp_brasil)%> + <%= radio_button_tag("software[icp_brasil]", false, !@software_info.icp_brasil, :disabled => @non_admin_status) %>
<%= label_tag _("Adherent to e-ARQ ?") %> <%= label_tag "e_arq_true", "Yes"%> - <%= radio_button_tag("software[e_arq]", true, @software_info.e_arq)%> + <%= radio_button_tag("software[e_arq]", true, @software_info.e_arq, :disabled => @non_admin_status) %> <%= label_tag "e_arq_false", "No"%> - <%= radio_button_tag("software[e_arq]", false, !@software_info.e_arq)%> + <%= radio_button_tag("software[e_arq]", false, !@software_info.e_arq, :disabled => @non_admin_status) %>
<%= label_tag _("Internacionalizable ?") %> <%= label_tag "intern_true", "Yes" %> - <%= radio_button_tag("software[intern]", true, @software_info.intern)%> + <%= radio_button_tag("software[intern]", true, @software_info.intern, :disabled => @non_admin_status) %> <%= label_tag "intern_false", "No"%> - <%= radio_button_tag("software[intern]", false, !@software_info.intern)%> + <%= radio_button_tag("software[intern]", false, !@software_info.intern, :disabled => @non_admin_status) %>
-- libgit2 0.21.2