Download as
Browse Code »

Commit 2be5a656af9c53340e7fc5b91b72596c03b69fde

Authored by AntonioTerceiro
1 parent 0b6af513
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

ActionItem295: checking access to article 


git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1825 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 3 changed files with 18 additions and 18 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @2be5a65
@@ -21,6 +21,10 @@ class ContentViewerController < PublicController @@ -21,6 +21,10 @@ class ContentViewerController < PublicController
21 end 21 end
22 end 22 end
23 23
  24 + if !@page.display_to?(user)
  25 + render :action => 'access_denied', :status => 403
  26 + end
  27 +
24 if @page.mime_type != 'text/html' 28 if @page.mime_type != 'text/html'
25 headers['Content-Type'] = @page.mime_type 29 headers['Content-Type'] = @page.mime_type
26 data = @page.data 30 data = @page.data
app/views/content_viewer/access_denied.rhtml 0 → 100644
  Diff comments   View file @2be5a65
@@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@
  1 +<h1><%= _('Access denied') %></h1>
  2 +
  3 +<p>
  4 +<%= _('You are not allowed to view this content.') %>
  5 +</p>
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @2be5a65
@@ -229,31 +229,22 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase @@ -229,31 +229,22 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
229 assert_tag :tag => 'div', :attributes => { :class => 'article-tags' }, :descendant => { :content => /This article's tags:/ } 229 assert_tag :tag => 'div', :attributes => { :class => 'article-tags' }, :descendant => { :content => /This article's tags:/ }
230 end 230 end
231 231
232 - should 'not display articles from private content' do 232 + should 'not display forbidden articles' do
233 profile.articles.create!(:name => 'test') 233 profile.articles.create!(:name => 'test')
234 profile.update_attributes!(:public_content => false) 234 profile.update_attributes!(:public_content => false)
235 235
  236 + Article.any_instance.expects(:display_to?).with(anything).returns(false)
236 get :view_page, :profile => profile.identifier, :page => [ 'test' ] 237 get :view_page, :profile => profile.identifier, :page => [ 'test' ]
237 assert_response 403 238 assert_response 403
238 end 239 end
239 240
240 - #should 'display articles to its owner' do  
241 - #profile.articles.create!(:name => 'test')  
242 - #profile.update_attributes!(:public_content => false)  
243 -  
244 - #login_as(@profile.identifier)  
245 - #get :view_page, :profile => profile.identifier, :page => [ 'test' ]  
246 - #assert_response 200  
247 - #end  
248 -  
249 - #should 'display articles to profile members' do  
250 - #c = Community.create!(:name => 'my community')  
251 - #c.update_attributes!(:public_content => false)  
252 - #c.add_member(@profile) 241 + should 'display allowed articles' do
  242 + profile.articles.create!(:name => 'test')
  243 + profile.update_attributes!(:public_content => false)
253 244
254 - #login_as(@profile.identifier)  
255 - #get :view_page, :profile => profile.identifier, :page => [ 'test' ]  
256 - #assert_response 200  
257 - #end 245 + Article.any_instance.expects(:display_to?).with(anything).returns(true)
  246 + get :view_page, :profile => profile.identifier, :page => [ 'test' ]
  247 + assert_response 200
  248 + end
258 249
259 end 250 end