Commit 2dbb8586db43409cc630c1ada1efcbfea5b5a7dd
Committed by
Gabriela Navarro
Gabriela Navarro
1 parent
320bcfbb
Exists in
master
and in
29 other branches
Move privace methods of profile_controller to public_controller
- Create tests for private and invisible communities using the privace methods - Executing filters for events and contact pages in private profiles Signed-off-by: Arthur Del Esposte <arthurmde@gmail.com> Signed-off-by: Gabriela Navarro <navarro1703@gmail.com> Signed-off-by: Luciano Prestes <lucianopcbr@gmail.com> Signed-off-by: Tallys Martins <tallysmartins@yahoo.com.br>
Showing
6 changed files
with
81 additions
and
18 deletions
Show diff stats
app/controllers/public/contact_controller.rb
app/controllers/public/events_controller.rb
app/controllers/public/profile_controller.rb
| ... | ... | @@ -16,13 +16,7 @@ class ProfileController < PublicController |
| 16 | 16 | @activities = @profile.activities.paginate(:per_page => 15, :page => params[:page]) |
| 17 | 17 | end |
| 18 | 18 | @tags = profile.article_tags |
| 19 | - unless profile.display_info_to?(user) | |
| 20 | - if profile.visible? | |
| 21 | - private_profile | |
| 22 | - else | |
| 23 | - invisible_profile | |
| 24 | - end | |
| 25 | - end | |
| 19 | + allow_access_to_page | |
| 26 | 20 | end |
| 27 | 21 | |
| 28 | 22 | def tags |
| ... | ... | @@ -396,17 +390,6 @@ class ProfileController < PublicController |
| 396 | 390 | end |
| 397 | 391 | end |
| 398 | 392 | |
| 399 | - def private_profile | |
| 400 | - private_profile_partial_parameters | |
| 401 | - render :action => 'index', :status => 403 | |
| 402 | - end | |
| 403 | - | |
| 404 | - def invisible_profile | |
| 405 | - unless profile.is_template? | |
| 406 | - render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here")) | |
| 407 | - end | |
| 408 | - end | |
| 409 | - | |
| 410 | 393 | def per_page |
| 411 | 394 | Noosfero::Constants::PROFILE_PER_PAGE |
| 412 | 395 | end | ... | ... |
app/controllers/public_controller.rb
| 1 | 1 | class PublicController < ApplicationController |
| 2 | + protected | |
| 3 | + | |
| 4 | + def allow_access_to_page | |
| 5 | + unless profile.display_info_to?(user) | |
| 6 | + if profile.visible? | |
| 7 | + private_profile | |
| 8 | + else | |
| 9 | + invisible_profile | |
| 10 | + end | |
| 11 | + end | |
| 12 | + end | |
| 13 | + | |
| 14 | + def private_profile | |
| 15 | + private_profile_partial_parameters | |
| 16 | + render :template => 'shared/access_denied.html.erb', :status => 403 | |
| 17 | + end | |
| 18 | + | |
| 19 | + def invisible_profile | |
| 20 | + unless profile.is_template? | |
| 21 | + render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here")) | |
| 22 | + end | |
| 23 | + end | |
| 2 | 24 | end | ... | ... |
test/functional/contact_controller_test.rb
| ... | ... | @@ -125,4 +125,31 @@ class ContactControllerTest < ActionController::TestCase |
| 125 | 125 | assert_equal 'Bahia', assigns(:contact).state |
| 126 | 126 | end |
| 127 | 127 | |
| 128 | + should 'not show send e-mail page to non members of private community' do | |
| 129 | + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) | |
| 130 | + | |
| 131 | + post :new, :profile => community.identifier | |
| 132 | + | |
| 133 | + assert_response :forbidden | |
| 134 | + assert_template :access_denied | |
| 135 | + end | |
| 136 | + | |
| 137 | + should 'not show send e-mail page to non members of invisible community' do | |
| 138 | + community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false) | |
| 139 | + | |
| 140 | + post :new, :profile => community.identifier | |
| 141 | + | |
| 142 | + assert_response :forbidden | |
| 143 | + assert_template :access_denied | |
| 144 | + end | |
| 145 | + | |
| 146 | + should 'show send e-mail page to members of private community' do | |
| 147 | + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) | |
| 148 | + community.add_member(@profile) | |
| 149 | + | |
| 150 | + post :new, :profile => community.identifier | |
| 151 | + | |
| 152 | + assert_response :success | |
| 153 | + end | |
| 154 | + | |
| 128 | 155 | end | ... | ... |
test/functional/events_controller_test.rb
| ... | ... | @@ -54,4 +54,33 @@ class EventsControllerTest < ActionController::TestCase |
| 54 | 54 | assert_tag :tag => 'a', :content => /Joao Birthday/ |
| 55 | 55 | end |
| 56 | 56 | |
| 57 | + should 'not show events page to non members of private community' do | |
| 58 | + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) | |
| 59 | + | |
| 60 | + post :events, :profile => community.identifier | |
| 61 | + | |
| 62 | + assert_response :forbidden | |
| 63 | + assert_template :access_denied | |
| 64 | + end | |
| 65 | + | |
| 66 | + should 'not show events page to non members of invisible community' do | |
| 67 | + community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false) | |
| 68 | + | |
| 69 | + post :events, :profile => community.identifier | |
| 70 | + | |
| 71 | + assert_response :forbidden | |
| 72 | + assert_template :access_denied | |
| 73 | + end | |
| 74 | + | |
| 75 | + should 'show events page to members of private community' do | |
| 76 | + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) | |
| 77 | + community.add_member(@profile) | |
| 78 | + | |
| 79 | + login_as('testuser') | |
| 80 | + | |
| 81 | + post :events, :profile => community.identifier | |
| 82 | + | |
| 83 | + assert_response :success | |
| 84 | + end | |
| 85 | + | |
| 57 | 86 | end | ... | ... |