Commit 32400274693cd67d161fb6df6813c5461a04533e

Authored by Luciano Prestes
Committed by Tallys Martins
1 parent bb9c5971

Add option to block appearence edit

- Add before_filter for check permission for open edit header and footer page
- Change environment feature name of disable_appearance to enable_appearance
- Update cucumber test change_appearance.feature

Signed-off-by: DylanGuedes <djmgguedes@gmail.com>
Signed-off-by: Luciano Prestes Cavalcanti <lucianopcbr@gmail.com>
Signed-off-by: Omar Junior <omarroinuj@gmail.com>
Signed-off-by: vitorbaraujo <vitornga15@gmail.com>
Signed-off-by: Victor Matias Navarro <victor.matias.navarro@gmail.com>
app/controllers/my_profile/profile_editor_controller.rb
... ... @@ -6,10 +6,13 @@ class ProfileEditorController &lt; MyProfileController
6 6 before_filter :access_welcome_page, :only => [:welcome_page]
7 7 before_filter :back_to
8 8 before_filter :forbid_destroy_profile, :only => [:destroy_profile]
  9 + before_filter :check_user_can_edit_header_footer, :only => [:header_footer]
9 10 helper_method :has_welcome_page
10 11  
11 12 def index
12 13 @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
  14 + @show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance')
  15 + @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer'))
13 16 end
14 17  
15 18 helper :profile
... ... @@ -169,4 +172,9 @@ class ProfileEditorController &lt; MyProfileController
169 172 redirect_to_previous_location
170 173 end
171 174 end
  175 +
  176 + def check_user_can_edit_header_footer
  177 + user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer')
  178 + redirect_to back_to if user_can_not_edit_header_footer
  179 + end
172 180 end
... ...
app/controllers/themes_controller.rb
1 1 class ThemesController < ApplicationController
2 2  
3 3 before_filter :login_required
  4 + before_filter :check_user_can_edit_appearance, :only => [:index]
4 5  
5 6 no_design_blocks
6 7  
... ... @@ -39,4 +40,11 @@ class ThemesController &lt; ApplicationController
39 40 redirect_to :action => 'index'
40 41 end
41 42  
  43 + private
  44 +
  45 + def check_user_can_edit_appearance
  46 + user_can_edit_appearance = user.is_admin?(environment) || environment.enabled?('enable_appearance')
  47 + redirect_to request.referer || "/" unless user_can_edit_appearance
  48 + end
  49 +
42 50 end
... ...
app/models/environment.rb
... ... @@ -158,7 +158,9 @@ class Environment &lt; ActiveRecord::Base
158 158 'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'),
159 159 'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'),
160 160 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'),
161   - 'restrict_to_members' => _('Show content only to members')
  161 + 'restrict_to_members' => _('Show content only to members'),
  162 +
  163 + 'enable_appearance' => _('Enable appearance editing by users'),
162 164 }
163 165 end
164 166  
... ... @@ -438,6 +440,7 @@ class Environment &lt; ActiveRecord::Base
438 440 show_balloon_with_profile_links_when_clicked
439 441 show_zoom_button_on_article_images
440 442 use_portal_community
  443 + enable_appearance
441 444 )
442 445  
443 446 before_create :enable_default_features
... ...
app/views/profile_editor/index.html.erb
... ... @@ -22,9 +22,9 @@
22 22  
23 23 <%= control_panel_button(_('Edit sideboxes'), 'blocks', :controller => 'profile_design', :action => 'index') %>
24 24  
25   - <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') %>
  25 + <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') if @show_appearance_option %>
26 26  
27   - <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) %>
  27 + <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if @show_header_footer_option %>
28 28  
29 29 <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %>
30 30  
... ...
features/change_appearance.feature
... ... @@ -6,6 +6,7 @@ Feature: Change appearance
6 6 Given the following users
7 7 | login | name |
8 8 | joaosilva | Joao Silva |
  9 + And feature "enable_appearance" is enabled on environment
9 10  
10 11 Scenario: Change appearance from default(3 boxes) to Left Top and Right(4 boxes)
11 12 Given I am logged in as "joaosilva"
... ...
test/functional/profile_editor_controller_test.rb
... ... @@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
1184 1184 get :index, :profile => user.identifier
1185 1185 assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' }
1186 1186 end
  1187 +
  1188 + should 'user cant edit header and footer if environment dont permit' do
  1189 + environment = Environment.default
  1190 + environment.settings[:disable_header_and_footer_enabled] = true
  1191 + environment.save!
  1192 +
  1193 + user = create_user('user').person
  1194 + login_as('user')
  1195 +
  1196 + get :header_footer, :profile => user.identifier
  1197 + assert_response :redirect
  1198 + end
  1199 +
  1200 + should 'admin can edit header and footer if environment dont permit' do
  1201 + user = create_user('user').person
  1202 +
  1203 + environment = Environment.default
  1204 + environment.add_admin(user)
  1205 + environment.settings[:disable_header_and_footer_enabled] = true
  1206 + environment.save!
  1207 +
  1208 + login_as('user')
  1209 +
  1210 + get :header_footer, :profile => user.identifier
  1211 + assert_response :success
  1212 + end
1187 1213 end
... ...
test/functional/profile_themes_controller_test.rb
... ... @@ -17,6 +17,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
17 17  
18 18 @env = Environment.default
19 19 @env.enable('user_themes')
  20 + @env.enable_default_features
20 21 @env.save!
21 22 end
22 23 attr_reader :profile, :env
... ... @@ -116,7 +117,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
116 117  
117 118 should 'create a new theme' do
118 119 post :new, :profile => 'testinguser', :name => 'My theme'
119   -
  120 +
120 121 ok('theme should be created') do
121 122 profile.themes.first.id == 'my-theme'
122 123 end
... ... @@ -197,7 +198,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
197 198 should 'display "add image" button' do
198 199 theme = Theme.create('mytheme', :owner => profile)
199 200 get :edit, :profile => 'testinguser', :id => 'mytheme'
200   -
  201 +
201 202 assert_tag :tag => 'a', :attributes => { :href => '/myprofile/testinguser/profile_themes/add_image/mytheme' }
202 203 end
203 204  
... ... @@ -329,4 +330,29 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
329 330 assert_equal [t2, t1], assigns(:themes)
330 331 end
331 332  
  333 + should 'user cant edit appearance if environment dont permit' do
  334 + environment = Environment.default
  335 + environment.disable('enable_appearance')
  336 + environment.save!
  337 +
  338 + user = create_user('user').person
  339 + login_as('user')
  340 +
  341 + post :index, :profile => user.identifier
  342 + assert_response :redirect
  343 + end
  344 +
  345 + should 'admin can edit appearance if environment dont permit' do
  346 + user = create_user('user').person
  347 +
  348 + environment = Environment.default
  349 + environment.add_admin(user)
  350 + environment.disable('enable_appearance')
  351 + environment.save!
  352 +
  353 + login_as('user')
  354 +
  355 + post :index, :profile => user.identifier
  356 + assert_response :success
  357 + end
332 358 end
... ...