ActionItem438: enabling "New publication" popup without SSL

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2474 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem438: enabling "New publication" popup without SSL
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2474 3f533792-8f58-4932-b0fe-aaf55b0a4547
AntonioTerceiro
1 parent 2b571b6d
Showing 2 changed files with 28 additions and 0 deletions Show diff stats
app/controllers/my_profile/cms_controller.rb
test/functional/cms_controller_test.rb
@@ -3,6 +3,16 @@ class CmsController &lt; MyProfileController
   protect 'post_content', :profile, :except => [:set_home_page]
   protect 'edit_profile', :profile, :only => [:set_home_page]
  
+  alias :check_ssl_orig :check_ssl
+  # Redefines the SSL checking to avoid requiring SSL when creating the "New
+  # publication" button on article's public view.
+  def check_ssl
+    if ((params[:action] == 'new') && (!request.xhr?)) || (params[:action] != 'new')
+      #raise 'bli'
+      check_ssl_orig
+    end
+  end
+
   def boxes_holder
     profile
   end
@@ -592,4 +592,22 @@ class CmsControllerTest &lt; Test::Unit::TestCase
     end
   end
  
+  should 'require ssl in general' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :index, :profile => 'testinguser'
+    assert_redirected_to :protocol => 'https://'
+  end
+
+  should 'accept ajax connections to new action without ssl' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    xml_http_request :get, :new, :profile => 'testinguser'
+    assert_response :success
+  end
+
+  should 'not accept non-ajax connections to new action without ssl' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :new, :profile => 'testinguser'
+    assert_redirected_to :protocol => 'https://'
+  end
+
 end
...	...	@@ -3,6 +3,16 @@ class CmsController < MyProfileController
3	3	protect 'post_content', :profile, :except => [:set_home_page]
4	4	protect 'edit_profile', :profile, :only => [:set_home_page]
5	5
	6	+ alias :check_ssl_orig :check_ssl
	7	+ # Redefines the SSL checking to avoid requiring SSL when creating the "New
	8	+ # publication" button on article's public view.
	9	+ def check_ssl
	10	+ if ((params[:action] == 'new') && (!request.xhr?)) \|\| (params[:action] != 'new')
	11	+ #raise 'bli'
	12	+ check_ssl_orig
	13	+ end
	14	+ end
	15	+
6	16	def boxes_holder
7	17	profile
8	18	end
...	...
...	...	@@ -592,4 +592,22 @@ class CmsControllerTest < Test::Unit::TestCase
592	592	end
593	593	end
594	594
	595	+ should 'require ssl in general' do
	596	+ @request.expects(:ssl?).returns(false).at_least_once
	597	+ get :index, :profile => 'testinguser'
	598	+ assert_redirected_to :protocol => 'https://'
	599	+ end
	600	+
	601	+ should 'accept ajax connections to new action without ssl' do
	602	+ @request.expects(:ssl?).returns(false).at_least_once
	603	+ xml_http_request :get, :new, :profile => 'testinguser'
	604	+ assert_response :success
	605	+ end
	606	+
	607	+ should 'not accept non-ajax connections to new action without ssl' do
	608	+ @request.expects(:ssl?).returns(false).at_least_once
	609	+ get :new, :profile => 'testinguser'
	610	+ assert_redirected_to :protocol => 'https://'
	611	+ end
	612	+
595	613	end
...	...