From 10ffb4d17933c56b36909c256694cad94e6bfc61 Mon Sep 17 00:00:00 2001 From: André Bernardes Date: Wed, 1 Jul 2015 17:33:48 -0300 Subject: [PATCH] Added validation for profile types of target and requestor --- app/models/add_friend.rb | 15 +++++++++++++++ app/models/add_member.rb | 15 +++++++++++++++ app/models/approve_article.rb | 21 +++++++++++++++++++++ app/models/change_password.rb | 7 +++++++ app/models/create_community.rb | 15 +++++++++++++++ app/models/create_enterprise.rb | 15 +++++++++++++++ app/models/email_activation.rb | 22 ++++++++++++++++++++-- app/models/enterprise_activation.rb | 15 +++++++++++++++ app/models/invitation.rb | 23 ++++++++++++++++++++--- app/models/moderate_user_registration.rb | 8 ++++++++ app/models/suggest_article.rb | 8 ++++++++ 11 files changed, 159 insertions(+), 5 deletions(-) diff --git a/app/models/add_friend.rb b/app/models/add_friend.rb index 3f1206a..6ebd8c4 100644 --- a/app/models/add_friend.rb +++ b/app/models/add_friend.rb @@ -14,6 +14,9 @@ class AddFriend < Task alias :friend :target alias :friend= :target= + validate :requestor_is_person + validate :target_is_person + after_create do |task| TaskMailer.invitation_notification(task).deliver unless task.friend remove_from_suggestion_list(task) @@ -24,6 +27,18 @@ class AddFriend < Task requestor.add_friend(target, group_for_person) end + def requestor_is_person + unless requestor.person? + errors.add(:add_friend, N_('Requestor must be a person.')) + end + end + + def target_is_person + unless target.person? + errors.add(:add_friend, N_('Target must be a person.')) + end + end + def permission :manage_friends end diff --git a/app/models/add_member.rb b/app/models/add_member.rb index bd20dfb..8f5ca13 100644 --- a/app/models/add_member.rb +++ b/app/models/add_member.rb @@ -2,6 +2,9 @@ class AddMember < Task validates_presence_of :requestor_id, :target_id + validate :requestor_is_person + validate :target_is_organization + alias :person :requestor alias :person= :requestor= @@ -55,4 +58,16 @@ class AddMember < Task suggestion.disable if suggestion end + def requestor_is_person + unless requestor.person? + errors.add(:add_member, N_('Requestor must be a person.')) + end + end + + def target_is_organization + unless target.organization? + errors.add(:add_member, N_('Target must be an organization.')) + end + end + end diff --git a/app/models/approve_article.rb b/app/models/approve_article.rb index 1a468c3..02dc104 100644 --- a/app/models/approve_article.rb +++ b/app/models/approve_article.rb @@ -1,6 +1,10 @@ class ApproveArticle < Task validates_presence_of :requestor_id, :target_id + validate :requestor_is_person + validate :target_is_organization + validate :request_is_member_of_target + def article_title article ? article.title : _('(The original text was removed)') end @@ -128,4 +132,21 @@ class ApproveArticle < Task message end + def requestor_is_person + unless requestor.person? + errors.add(:approve_article, N_('Requestor must be a person.')) + end + end + + def target_is_organization + unless target.organization? + errors.add(:approve_article, N_('Target must be an organization.')) + end + end + + def request_is_member_of_target + unless requestor.is_member_of?(target) + errors.add(:approve_article, N_('Requestor must be a member of target.')) + end + end end diff --git a/app/models/change_password.rb b/app/models/change_password.rb index f3c7a9a..b0d380a 100644 --- a/app/models/change_password.rb +++ b/app/models/change_password.rb @@ -18,6 +18,8 @@ class ChangePassword < Task validates_presence_of :requestor + validate :requestor_is_person + ################################################### # validations for updating a ChangePassword task @@ -72,4 +74,9 @@ class ChangePassword < Task end end + def requestor_is_person + unless requestor.person? + errors.add(:change_password, N_('Requestor must be a person.')) + end + end end diff --git a/app/models/create_community.rb b/app/models/create_community.rb index 214145f..96f5539 100644 --- a/app/models/create_community.rb +++ b/app/models/create_community.rb @@ -3,6 +3,9 @@ class CreateCommunity < Task validates_presence_of :requestor_id, :target_id validates_presence_of :name + validate :requestor_is_person + validate :target_is_environment + alias :environment :target alias :environment= :target= @@ -92,4 +95,16 @@ class CreateCommunity < Task _('Your request for registering the community "%{community}" was approved. You can access %{environment} now and start using your new community.') % { :community => self.name, :environment => self.environment } end + def requestor_is_person + unless requestor.person? + errors.add(:create_community, N_('Requestor must be a person.')) + end + end + + def target_is_environment + unless target.class == Environment + errors.add(:create_community, N_('Target must be an environment.')) + end + end + end diff --git a/app/models/create_enterprise.rb b/app/models/create_enterprise.rb index a2a63d4..6184216 100644 --- a/app/models/create_enterprise.rb +++ b/app/models/create_enterprise.rb @@ -27,6 +27,9 @@ class CreateEnterprise < Task # checks for actual attributes validates_presence_of :requestor_id, :target_id + validate :requestor_is_person + validate :target_is_environment + # checks for admins required attributes DATA_FIELDS.each do |attribute| validates_presence_of attribute, :if => lambda { |obj| obj.environment.required_enterprise_fields.include?(attribute) } @@ -214,4 +217,16 @@ class CreateEnterprise < Task :validate_enterprise end + def requestor_is_person + unless requestor.person? + errors.add(:create_enterprise, N_('Requestor must be a person.')) + end + end + + def target_is_environment + unless target.class == Environment + errors.add(:create_enterprise, N_('Target must be an environment.')) + end + end + end diff --git a/app/models/email_activation.rb b/app/models/email_activation.rb index fc9e06a..0ed18cb 100644 --- a/app/models/email_activation.rb +++ b/app/models/email_activation.rb @@ -1,14 +1,20 @@ class EmailActivation < Task validates_presence_of :requestor_id, :target_id + + validate :requestor_is_person + validate :target_is_environment + validate :already_requested, :on => :create alias :environment :target alias :person :requestor def already_requested - if !self.requestor.nil? && self.requestor.user.email_activation_pending? - self.errors.add(:base, _('You have already requested activation of your mailbox.')) + if self.requestor.person? + if !self.requestor.nil? && self.requestor.user.email_activation_pending? + self.errors.add(:base, _('You have already requested activation of your mailbox.')) + end end end @@ -41,4 +47,16 @@ class EmailActivation < Task false end + def requestor_is_person + unless requestor.person? + errors.add(:email_activation, N_('Requestor must be a person.')) + end + end + + def target_is_environment + unless target.class == Environment + errors.add(:email_activation, N_('Target must be an environment.')) + end + end + end diff --git a/app/models/enterprise_activation.rb b/app/models/enterprise_activation.rb index 5ab9d1c..96739d0 100644 --- a/app/models/enterprise_activation.rb +++ b/app/models/enterprise_activation.rb @@ -8,6 +8,9 @@ class EnterpriseActivation < Task validates_presence_of :enterprise + validate :requestor_is_person + validate :target_is_enterprise + def perform self.enterprise.enable self.requestor end @@ -44,4 +47,16 @@ class EnterpriseActivation < Task end end + def requestor_is_person + unless requestor.person? + errors.add(:enterprise_activation, N_('Requestor must be a person.')) + end + end + + def target_is_enterprise + unless target.enterprise? + errors.add(:enterprise_activation, N_('Target must be an enterprise.')) + end + end + end diff --git a/app/models/invitation.rb b/app/models/invitation.rb index 3b8b21e..2eae3d8 100644 --- a/app/models/invitation.rb +++ b/app/models/invitation.rb @@ -6,6 +6,9 @@ class Invitation < Task validates_presence_of :target_id, :if => Proc.new{|invite| invite.friend_email.blank?} + validate :requestor_is_person + validate :target_is_person + validates_presence_of :friend_email, :if => Proc.new{|invite| invite.target_id.blank?} validates_format_of :friend_email, :with => Noosfero::Constants::EMAIL_FORMAT, :if => Proc.new{|invite| invite.target_id.blank?} @@ -34,9 +37,11 @@ class Invitation < Task end def not_invite_yourself - email = friend ? friend.user.email : friend_email - if person && email && person.user.email == email - self.errors.add(:base, _("You can't invite youself")) + if friend.person? && person.person? + email = friend ? friend.user.email : friend_email + if person && email && person.user.email == email + self.errors.add(:base, _("You can't invite youself")) + end end end @@ -139,4 +144,16 @@ class Invitation < Task self.requestor.environment end + def requestor_is_person + unless requestor.person? + errors.add(:invitation, N_('Requestor must be a person.')) + end + end + + def target_is_person + unless target.person? + errors.add(:invitation, N_('Target must be a person.')) + end + end + end diff --git a/app/models/moderate_user_registration.rb b/app/models/moderate_user_registration.rb index 818a2d6..0f0cb37 100644 --- a/app/models/moderate_user_registration.rb +++ b/app/models/moderate_user_registration.rb @@ -7,6 +7,8 @@ class ModerateUserRegistration < Task after_create :schedule_spam_checking + validate :target_is_environment + alias :environment :target alias :environment= :target= @@ -56,4 +58,10 @@ class ModerateUserRegistration < Task _("User \"%{user}\" just requested to register. You have to approve or reject it through the \"Pending Validations\" section in your control panel.\n") % { :user => self.name } end + def target_is_environment + unless environment.class == Environment + errors.add(:moderate_user_registration, N_('Target must be an environment.')) + end + end + end \ No newline at end of file diff --git a/app/models/suggest_article.rb b/app/models/suggest_article.rb index 840fc4d..768f461 100644 --- a/app/models/suggest_article.rb +++ b/app/models/suggest_article.rb @@ -4,6 +4,8 @@ class SuggestArticle < Task validates_presence_of :email, :name, :if => Proc.new { |task| task.requestor.blank? } validates_associated :article_object + validate :target_is_organization + settings_items :email, :type => String settings_items :name, :type => String settings_items :ip_address, :type => String @@ -92,4 +94,10 @@ class SuggestArticle < Task def after_ham! self.delay.marked_as_ham end + + def target_is_organization + unless target.organization? + errors.add(:suggest_article, N_('Target must be an organization.')) + end + end end -- libgit2 0.21.2