Download as
Browse Code »

Commit 2dbb8586db43409cc630c1ada1efcbfea5b5a7dd

Authored by Tallys Martins
Committed by Gabriela Navarro
1 parent 320bcfbb
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Move privace methods of profile_controller to public_controller 

- Create tests for private and invisible communities using the privace methods
 - Executing filters for events and contact pages in private profiles

Signed-off-by: Arthur Del Esposte <arthurmde@gmail.com>
Signed-off-by: Gabriela Navarro <navarro1703@gmail.com>
Signed-off-by: Luciano Prestes <lucianopcbr@gmail.com>
Signed-off-by: Tallys Martins <tallysmartins@yahoo.com.br>
Showing 6 changed files with 81 additions and 18 deletions   Show diff stats
app/controllers/public/contact_controller.rb
  Diff comments   View file @2dbb858
1 class ContactController < PublicController 1 class ContactController < PublicController
2 2
3 needs_profile 3 needs_profile
  4 + before_filter :allow_access_to_page
4 5
5 def new 6 def new
6 @contact = build_contact 7 @contact = build_contact
app/controllers/public/events_controller.rb
  Diff comments   View file @2dbb858
1 class EventsController < PublicController 1 class EventsController < PublicController
2 2
3 needs_profile 3 needs_profile
  4 + before_filter :allow_access_to_page
4 5
5 def events 6 def events
6 @events = [] 7 @events = []
app/controllers/public/profile_controller.rb
  Diff comments   View file @2dbb858
@@ -16,13 +16,7 @@ class ProfileController &lt; PublicController @@ -16,13 +16,7 @@ class ProfileController &lt; PublicController
16 @activities = @profile.activities.paginate(:per_page => 15, :page => params[:page]) 16 @activities = @profile.activities.paginate(:per_page => 15, :page => params[:page])
17 end 17 end
18 @tags = profile.article_tags 18 @tags = profile.article_tags
19 - unless profile.display_info_to?(user)  
20 - if profile.visible?  
21 - private_profile  
22 - else  
23 - invisible_profile  
24 - end  
25 - end 19 + allow_access_to_page
26 end 20 end
27 21
28 def tags 22 def tags
@@ -396,17 +390,6 @@ class ProfileController &lt; PublicController @@ -396,17 +390,6 @@ class ProfileController &lt; PublicController
396 end 390 end
397 end 391 end
398 392
399 - def private_profile  
400 - private_profile_partial_parameters  
401 - render :action => 'index', :status => 403  
402 - end  
403 -  
404 - def invisible_profile  
405 - unless profile.is_template?  
406 - render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))  
407 - end  
408 - end  
409 -  
410 def per_page 393 def per_page
411 Noosfero::Constants::PROFILE_PER_PAGE 394 Noosfero::Constants::PROFILE_PER_PAGE
412 end 395 end
app/controllers/public_controller.rb
  Diff comments   View file @2dbb858
1 class PublicController < ApplicationController 1 class PublicController < ApplicationController
  2 + protected
  3 +
  4 + def allow_access_to_page
  5 + unless profile.display_info_to?(user)
  6 + if profile.visible?
  7 + private_profile
  8 + else
  9 + invisible_profile
  10 + end
  11 + end
  12 + end
  13 +
  14 + def private_profile
  15 + private_profile_partial_parameters
  16 + render :template => 'shared/access_denied.html.erb', :status => 403
  17 + end
  18 +
  19 + def invisible_profile
  20 + unless profile.is_template?
  21 + render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
  22 + end
  23 + end
2 end 24 end
test/functional/contact_controller_test.rb
  Diff comments   View file @2dbb858
@@ -125,4 +125,31 @@ class ContactControllerTest &lt; ActionController::TestCase @@ -125,4 +125,31 @@ class ContactControllerTest &lt; ActionController::TestCase
125 assert_equal 'Bahia', assigns(:contact).state 125 assert_equal 'Bahia', assigns(:contact).state
126 end 126 end
127 127
  128 + should 'not show send e-mail page to non members of private community' do
  129 + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
  130 +
  131 + post :new, :profile => community.identifier
  132 +
  133 + assert_response :forbidden
  134 + assert_template :access_denied
  135 + end
  136 +
  137 + should 'not show send e-mail page to non members of invisible community' do
  138 + community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false)
  139 +
  140 + post :new, :profile => community.identifier
  141 +
  142 + assert_response :forbidden
  143 + assert_template :access_denied
  144 + end
  145 +
  146 + should 'show send e-mail page to members of private community' do
  147 + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
  148 + community.add_member(@profile)
  149 +
  150 + post :new, :profile => community.identifier
  151 +
  152 + assert_response :success
  153 + end
  154 +
128 end 155 end
test/functional/events_controller_test.rb
  Diff comments   View file @2dbb858
@@ -54,4 +54,33 @@ class EventsControllerTest &lt; ActionController::TestCase @@ -54,4 +54,33 @@ class EventsControllerTest &lt; ActionController::TestCase
54 assert_tag :tag => 'a', :content => /Joao Birthday/ 54 assert_tag :tag => 'a', :content => /Joao Birthday/
55 end 55 end
56 56
  57 + should 'not show events page to non members of private community' do
  58 + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
  59 +
  60 + post :events, :profile => community.identifier
  61 +
  62 + assert_response :forbidden
  63 + assert_template :access_denied
  64 + end
  65 +
  66 + should 'not show events page to non members of invisible community' do
  67 + community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false)
  68 +
  69 + post :events, :profile => community.identifier
  70 +
  71 + assert_response :forbidden
  72 + assert_template :access_denied
  73 + end
  74 +
  75 + should 'show events page to members of private community' do
  76 + community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
  77 + community.add_member(@profile)
  78 +
  79 + login_as('testuser')
  80 +
  81 + post :events, :profile => community.identifier
  82 +
  83 + assert_response :success
  84 + end
  85 +
57 end 86 end