From c1e933f5e24da62e4e793e96e770f2d724cbea51 Mon Sep 17 00:00:00 2001
From: Arthur Del Esposte <arthurmde@gmail.com>
Date: Thu, 21 Aug 2014 16:06:35 -0300
Subject: [PATCH] Disable non admin user to edit institution sisp field

---
 lib/mpog_software_plugin.rb              | 34 +++++++++++++++++++++++++++-------
 views/institution_editor_extras.html.erb | 18 +++++++++---------
 2 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/lib/mpog_software_plugin.rb b/lib/mpog_software_plugin.rb
index 535629c..ceb2f0f 100644
--- a/lib/mpog_software_plugin.rb
+++ b/lib/mpog_software_plugin.rb
@@ -16,11 +16,6 @@ class MpogSoftwarePlugin < Noosfero::Plugin
     _("Add Public Software and MPOG features.")
   end
 
-  def show_sisp_field current_user
-    @show_sisp_field = current_user.login == "adminuser"
-    @show_sisp_field
-  end
-
   def signup_extra_contents
     institutions = Institution.all
 
@@ -65,13 +60,13 @@ class MpogSoftwarePlugin < Noosfero::Plugin
     end
   end
 
-  def profile_editor_extras show_sisp_field=true
-    @show_sisp_field = show_sisp_field
+  def profile_editor_extras
     if context.profile.person?
       expanded_template('person_editor_extras.html.erb')
     elsif context.profile.respond_to? :software_info and !context.profile.software_info.nil?
       expanded_template('software_editor_extras.html.erb')
     elsif context.profile.respond_to? :institution and !context.profile.institution.nil?
+      @show_sisp_field = show_sisp_field
       expanded_template('institution_editor_extras.html.erb')
     end
   end
@@ -115,6 +110,26 @@ class MpogSoftwarePlugin < Noosfero::Plugin
     end
   end
 
+  def profile_editor_controller_filters
+    block = proc do
+      if request.post? && params[:institution]
+        is_admin = environment.admins.include?(current_user.person)
+
+        unless is_admin
+          institution = profile.institution
+          params[:institution][:sisp] = institution.sisp if params[:institution][:sisp] != institution.sisp
+        end
+      end
+    end
+
+    [{
+      :type => "before_filter",
+      :method_name => "validate_institution_sisp_field_access",
+      :options => { :only=>:edit },
+      :block => block
+    }]
+  end
+
   def profile_tabs
     if context.profile.person?
       { :title => _("Mpog"),
@@ -418,4 +433,9 @@ class MpogSoftwarePlugin < Noosfero::Plugin
       user.institutions << community.institution
     end
   end
+
+  def show_sisp_field
+    current_person = User.find(context.session[:user]).person
+    context.environment.admins.include?(current_person)
+  end
 end
diff --git a/views/institution_editor_extras.html.erb b/views/institution_editor_extras.html.erb
index c1f827c..70d7e5c 100644
--- a/views/institution_editor_extras.html.erb
+++ b/views/institution_editor_extras.html.erb
@@ -36,13 +36,13 @@
   </div>
 </span>
 
-<% if @show_sisp_field  %>
-  <span class= 'public-institutions-fields'>
-  <div class="formfieldline">
-    <%= _("SISP?") %>
-    <%= labelled_radio_button(_('Yes'), 'institution[sisp]', 'true', context.profile.institution.sisp)%>
-    <%= labelled_radio_button(_('No'), 'institution[sisp]', 'false', !context.profile.institution.sisp)%>
-  </div>
-</span>
-<% end %>
+  <% if @show_sisp_field  %>
+    <span class= 'public-institutions-fields'>
+      <div class="formfieldline">
+        <%= _("SISP?") %>
+        <%= labelled_radio_button(_('Yes'), 'institution[sisp]', 'true', context.profile.institution.sisp)%>
+        <%= labelled_radio_button(_('No'), 'institution[sisp]', 'false', !context.profile.institution.sisp)%>
+      </div>
+    </span>
+  <% end %>
 <% end %>
--
libgit2 0.21.2