From 2dbb8586db43409cc630c1ada1efcbfea5b5a7dd Mon Sep 17 00:00:00 2001 From: Tallys Martins Date: Tue, 27 Jan 2015 14:24:11 -0200 Subject: [PATCH] Move privace methods of profile_controller to public_controller - Create tests for private and invisible communities using the privace methods - Executing filters for events and contact pages in private profiles --- app/controllers/public/contact_controller.rb | 1 + app/controllers/public/events_controller.rb | 1 + app/controllers/public/profile_controller.rb | 19 +------------------ app/controllers/public_controller.rb | 22 ++++++++++++++++++++++ test/functional/contact_controller_test.rb | 27 +++++++++++++++++++++++++++ test/functional/events_controller_test.rb | 29 +++++++++++++++++++++++++++++ 6 files changed, 81 insertions(+), 18 deletions(-) diff --git a/app/controllers/public/contact_controller.rb b/app/controllers/public/contact_controller.rb index bad75d0..fd29463 100644 --- a/app/controllers/public/contact_controller.rb +++ b/app/controllers/public/contact_controller.rb @@ -1,6 +1,7 @@ class ContactController < PublicController needs_profile + before_filter :allow_access_to_page def new @contact = build_contact diff --git a/app/controllers/public/events_controller.rb b/app/controllers/public/events_controller.rb index 93a0e4d..05303e5 100644 --- a/app/controllers/public/events_controller.rb +++ b/app/controllers/public/events_controller.rb @@ -1,6 +1,7 @@ class EventsController < PublicController needs_profile + before_filter :allow_access_to_page def events @events = [] diff --git a/app/controllers/public/profile_controller.rb b/app/controllers/public/profile_controller.rb index 5da51b5..da07102 100644 --- a/app/controllers/public/profile_controller.rb +++ b/app/controllers/public/profile_controller.rb @@ -16,13 +16,7 @@ class ProfileController < PublicController @activities = @profile.activities.paginate(:per_page => 15, :page => params[:page]) end @tags = profile.article_tags - unless profile.display_info_to?(user) - if profile.visible? - private_profile - else - invisible_profile - end - end + allow_access_to_page end def tags @@ -396,17 +390,6 @@ class ProfileController < PublicController end end - def private_profile - private_profile_partial_parameters - render :action => 'index', :status => 403 - end - - def invisible_profile - unless profile.is_template? - render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here")) - end - end - def per_page Noosfero::Constants::PROFILE_PER_PAGE end diff --git a/app/controllers/public_controller.rb b/app/controllers/public_controller.rb index 2857026..34e5fcd 100644 --- a/app/controllers/public_controller.rb +++ b/app/controllers/public_controller.rb @@ -1,2 +1,24 @@ class PublicController < ApplicationController + protected + + def allow_access_to_page + unless profile.display_info_to?(user) + if profile.visible? + private_profile + else + invisible_profile + end + end + end + + def private_profile + private_profile_partial_parameters + render :template => 'shared/access_denied.html.erb', :status => 403 + end + + def invisible_profile + unless profile.is_template? + render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here")) + end + end end diff --git a/test/functional/contact_controller_test.rb b/test/functional/contact_controller_test.rb index ad73a41..bcea29f 100644 --- a/test/functional/contact_controller_test.rb +++ b/test/functional/contact_controller_test.rb @@ -125,4 +125,31 @@ class ContactControllerTest < ActionController::TestCase assert_equal 'Bahia', assigns(:contact).state end + should 'not show send e-mail page to non members of private community' do + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) + + post :new, :profile => community.identifier + + assert_response :forbidden + assert_template :access_denied + end + + should 'not show send e-mail page to non members of invisible community' do + community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false) + + post :new, :profile => community.identifier + + assert_response :forbidden + assert_template :access_denied + end + + should 'show send e-mail page to members of private community' do + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) + community.add_member(@profile) + + post :new, :profile => community.identifier + + assert_response :success + end + end diff --git a/test/functional/events_controller_test.rb b/test/functional/events_controller_test.rb index b1c6f69..3bf51d7 100644 --- a/test/functional/events_controller_test.rb +++ b/test/functional/events_controller_test.rb @@ -54,4 +54,33 @@ class EventsControllerTest < ActionController::TestCase assert_tag :tag => 'a', :content => /Joao Birthday/ end + should 'not show events page to non members of private community' do + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) + + post :events, :profile => community.identifier + + assert_response :forbidden + assert_template :access_denied + end + + should 'not show events page to non members of invisible community' do + community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false) + + post :events, :profile => community.identifier + + assert_response :forbidden + assert_template :access_denied + end + + should 'show events page to members of private community' do + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false) + community.add_member(@profile) + + login_as('testuser') + + post :events, :profile => community.identifier + + assert_response :success + end + end -- libgit2 0.21.2