Merge branch 'allow_admin_change_homepage' into 'master'

Always allow admin to change profiles homepage See merge request !412

Merge branch 'allow_admin_change_homepage' into 'master'
Always allow admin to change profiles homepage See merge request !412
Leandro Santos
2 parents 358e1f31 cd15a410
Showing 5 changed files with 36 additions and 2 deletions Show diff stats
app/controllers/my_profile/cms_controller.rb
app/models/person.rb
app/views/cms/view.html.erb
test/functional/cms_controller_test.rb
test/unit/person_test.rb
@@ -174,6 +174,8 @@ class CmsController &lt; MyProfileController
   post_only :set_home_page
   def set_home_page
+    return render_access_denied unless user.can_change_homepage?
+
     article = params[:id].nil? ? nil : profile.articles.find(params[:id])
     profile.update_attribute(:home_page, article)
@@ -80,6 +80,10 @@ roles] }
   belongs_to :user, :dependent => :delete
+  def can_change_homepage?
+    !environment.enabled?('cant_change_homepage') || is_admin?
+  end
+
   def can_control_scrap?(scrap)
     begin
       !self.scraps(scrap).nil?
@@ -2,7 +2,7 @@
   <%= _('Content management') %>
 </h1>
-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+<% if user.can_change_homepage? && !remove_content_button(:home) %>
   <div class="cms-homepage">
     <%= _('Profile homepage:') %>
     <% if profile.home_page %>
@@ -69,7 +69,7 @@
         <%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
         <%= button_without_text :eyes, _('Public view'), article.view_url %>
         <%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
-        <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+        <% if user.can_change_homepage? && !remove_content_button(:home) %>
           <% if profile.home_page != article %>
             <%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
           <% else %>
@@ -101,12 +101,26 @@ class CmsControllerTest &lt; ActionController::TestCase
     assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
+  should 'display the profile homepage if logged user is an environment admin' do
+    env = Environment.default; env.enable('cant_change_homepage'); env.save!
+    env.add_admin(profile)
+    get :index, :profile => profile.identifier
+    assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
+  end
+
   should 'not display the profile homepage if cannot change homepage' do
     env = Environment.default; env.enable('cant_change_homepage')
     get :index, :profile => profile.identifier
     assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
+  should 'not allow profile homepage changes if cannot change homepage' do
+    env = Environment.default; env.enable('cant_change_homepage')
+    a = profile.articles.create!(:name => 'my new home page')
+    post :set_home_page, :profile => profile.identifier, :id => a.id
+    assert_response 403
+  end
+
   should 'be able to set home page' do
     a = profile.articles.build(:name => 'my new home page')
     a.save!
@@ -1470,4 +1470,18 @@ class PersonTest &lt; ActiveSupport::TestCase
       person.reload
     end
   end
+
+  should 'allow homepage change if user is an environment admin' do
+    person = create_user('person').person
+    person.environment.expects(:enabled?).with('cant_change_homepage').returns(true)
+    person.expects(:is_admin?).returns(true)
+    assert person.can_change_homepage?
+  end
+
+  should 'allow homepage change if environment feature permit it' do
+    person = create_user('person').person
+    person.environment.expects(:enabled?).with('cant_change_homepage').returns(false)
+    assert person.can_change_homepage?
+  end
+
 end
	@@ -174,6 +174,8 @@ class CmsController < MyProfileController		@@ -174,6 +174,8 @@ class CmsController < MyProfileController
174		174
175	post_only :set_home_page	175	post_only :set_home_page
176	def set_home_page	176	def set_home_page
		177	+ return render_access_denied unless user.can_change_homepage?
		178	+
177	article = params[:id].nil? ? nil : profile.articles.find(params[:id])	179	article = params[:id].nil? ? nil : profile.articles.find(params[:id])
178	profile.update_attribute(:home_page, article)	180	profile.update_attribute(:home_page, article)
179		181
	@@ -2,7 +2,7 @@		@@ -2,7 +2,7 @@
2	<%= _('Content management') %>	2	<%= _('Content management') %>
3	</h1>	3	</h1>
4		4
5	-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>	5	+<% if user.can_change_homepage? && !remove_content_button(:home) %>
6	<div class="cms-homepage">	6	<div class="cms-homepage">
7	<%= _('Profile homepage:') %>	7	<%= _('Profile homepage:') %>
8	<% if profile.home_page %>	8	<% if profile.home_page %>
	@@ -69,7 +69,7 @@		@@ -69,7 +69,7 @@
69	<%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>	69	<%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
70	<%= button_without_text :eyes, _('Public view'), article.view_url %>	70	<%= button_without_text :eyes, _('Public view'), article.view_url %>
71	<%= display_spread_button(profile, article) unless article.folder? \|\| remove_content_button(:spread)%>	71	<%= display_spread_button(profile, article) unless article.folder? \|\| remove_content_button(:spread)%>
72	- <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>	72	+ <% if user.can_change_homepage? && !remove_content_button(:home) %>
73	<% if profile.home_page != article %>	73	<% if profile.home_page != article %>
74	<%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>	74	<%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
75	<% else %>	75	<% else %>
	@@ -101,12 +101,26 @@ class CmsControllerTest < ActionController::TestCase		@@ -101,12 +101,26 @@ class CmsControllerTest < ActionController::TestCase
101	assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}	101	assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
102	end	102	end
103		103
		104	+ should 'display the profile homepage if logged user is an environment admin' do
		105	+ env = Environment.default; env.enable('cant_change_homepage'); env.save!
		106	+ env.add_admin(profile)
		107	+ get :index, :profile => profile.identifier
		108	+ assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
		109	+ end
		110	+
104	should 'not display the profile homepage if cannot change homepage' do	111	should 'not display the profile homepage if cannot change homepage' do
105	env = Environment.default; env.enable('cant_change_homepage')	112	env = Environment.default; env.enable('cant_change_homepage')
106	get :index, :profile => profile.identifier	113	get :index, :profile => profile.identifier
107	assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}	114	assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
108	end	115	end
109		116
		117	+ should 'not allow profile homepage changes if cannot change homepage' do
		118	+ env = Environment.default; env.enable('cant_change_homepage')
		119	+ a = profile.articles.create!(:name => 'my new home page')
		120	+ post :set_home_page, :profile => profile.identifier, :id => a.id
		121	+ assert_response 403
		122	+ end
		123	+
110	should 'be able to set home page' do	124	should 'be able to set home page' do
111	a = profile.articles.build(:name => 'my new home page')	125	a = profile.articles.build(:name => 'my new home page')
112	a.save!	126	a.save!
	@@ -1470,4 +1470,18 @@ class PersonTest < ActiveSupport::TestCase		@@ -1470,4 +1470,18 @@ class PersonTest < ActiveSupport::TestCase
1470	person.reload	1470	person.reload
1471	end	1471	end
1472	end	1472	end
		1473	+
		1474	+ should 'allow homepage change if user is an environment admin' do
		1475	+ person = create_user('person').person
		1476	+ person.environment.expects(:enabled?).with('cant_change_homepage').returns(true)
		1477	+ person.expects(:is_admin?).returns(true)
		1478	+ assert person.can_change_homepage?
		1479	+ end
		1480	+
		1481	+ should 'allow homepage change if environment feature permit it' do
		1482	+ person = create_user('person').person
		1483	+ person.environment.expects(:enabled?).with('cant_change_homepage').returns(false)
		1484	+ assert person.can_change_homepage?
		1485	+ end
		1486	+
1473	end	1487	end