provide interface to manage trusted sites

ActionItem2675

provide interface to manage trusted sites
ActionItem2675
Lucas Melo
1 parent 96a2e91e
Showing 9 changed files with 223 additions and 1 deletions Show diff stats
app/controllers/admin/trusted_sites_controller.rb
app/models/environment.rb
app/views/admin_panel/index.rhtml
app/views/trusted_sites/edit.rhtml
app/views/trusted_sites/index.rhtml
app/views/trusted_sites/new.rhtml
test/factories.rb
test/fixtures/roles.yml
test/functional/trusted_sites_controller_test.rb
@@ -0,0 +1,82 @@
+class TrustedSitesController < AdminController
+  protect 'manage_environment_trusted_sites', :environment
+
+  def index
+    @sites = environment.trusted_sites_for_iframe
+  end
+
+  def new
+    @site = ""
+  end
+
+  def create
+    if add_trusted_site(params[:site])
+      session[:notice] = _('New trusted site added.')
+      redirect_to :action => 'index'
+    else
+      session[:notice] = _('Failed to add trusted site.')
+      render :action => 'new'
+    end
+  end
+
+  def edit
+    if is_trusted_site? params[:site]
+      @site = params[:site]
+    else
+      session[:notice] = _('Trusted site was not found')
+      redirect_to :action => 'index'
+    end
+  end
+
+  def update
+    site = params[:site]
+    orig_site = params[:orig_site]
+    if rename_trusted_site(orig_site, site)
+      redirect_to :action => 'edit', :site => @site
+    else
+      session[:notice] = _('Failed to edit trusted site.')
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    if delete_trusted_site(params[:site])
+      session[:notice] = _('Trusted site removed')
+    else
+      session[:notice] = _('Trusted site could not be removed')
+    end
+    redirect_to :action => 'index'
+  end
+
+  protected
+  def add_trusted_site (site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    trusted_sites << site
+    environment.trusted_sites_for_iframe = trusted_sites
+    environment.save
+  end
+
+  def rename_trusted_site(orig_site, site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    i = trusted_sites.index orig_site
+    if i.nil?
+      return false
+    else
+      trusted_sites[i] = site
+      environment.trusted_sites_for_iframe = trusted_sites
+      environment.save
+    end
+  end
+
+
+  def delete_trusted_site (site)
+    trusted_sites = environment.trusted_sites_for_iframe
+    trusted_sites.delete site
+    environment.trusted_sites_for_iframe = trusted_sites
+    environment.save
+  end
+
+  def is_trusted_site? (site)
+    environment.trusted_sites_for_iframe.include? site
+  end
+end
@@ -26,6 +26,7 @@ class Environment &lt; ActiveRecord::Base
     'manage_environment_users' => N_('Manage environment users'),
     'manage_environment_templates' => N_('Manage environment templates'),
     'manage_environment_licenses' => N_('Manage environment licenses'),
+    'manage_environment_trusted_sites' => N_('Manage_environment_trusted_sites')
   }
   module Roles
@@ -9,6 +9,7 @@
   <tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr>
   <tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr>
   <tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr>
+  <tr><td><%= link_to _('Trusted sites'), :controller =>'trusted_sites' %></td></tr>
 </table>
 <h2><%= _('Profiles') %></h2>
@@ -0,0 +1,15 @@
+<h2> <%= _("Editing trusted site") %> </h2>
+
+<% form_tag :action => :update do %>
+
+  <%= text_field_tag :site, @site %>
+  <%= hidden_field_tag :orig_site, @site %>
+
+  <% button_bar do %>
+    <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
+
+<script>
+  jQuery(function() { jQuery('input#site').focus(); } );
+</script>
@@ -0,0 +1,28 @@
+<h1><%= _('Manage trusted sites') %></h1>
+
+<p>
+<%=  _('Here you can manage the list of trusted sites of your environment. A trusted site is a site that you consider safe enough to incorporate their content through <em>iframes</em>.') %>
+</p>
+
+<table>
+  <tr>
+    <th><%= _('Site') %></th>
+    <th><%= _('Actions') %></th>
+  </tr>
+  <% @sites.each do |site| %>
+    <tr>
+      <td>
+        <%= link_to site, :action => 'show', :site => site %>
+      </td>
+      <td style='white-space: nowrap;'>
+        <%= button_without_text :edit, _('Edit'), :action => 'edit', :site => site %>
+        <%= button_without_text :remove,  _('Remove'), {:action => :destroy, :site => site}, :method => :delete, :confirm => _('Are you sure you want to remove this site from the list of trusted sites?') %>
+      </td>
+    </tr>
+  <% end %>
+</table>
+
+<% button_bar do %>
+  <%= button :add, _('Add a trusted site'), :action => 'new' %>
+  <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
+<% end %>
@@ -0,0 +1,14 @@
+<h2> <%= _("Add a new trusted site") %> </h2>
+
+<% form_tag :action => :create do %>
+
+  <%= text_field_tag :site, @site %>
+
+  <% button_bar do %>
+    <%= submit_button('save', _('Add trusted site'), :cancel => {:action => 'index'} ) %>
+  <% end %>
+<% end %>
+
+<script>
+  jQuery(function() { jQuery('input#site').focus(); } );
+</script>
@@ -55,7 +55,7 @@ module Noosfero::Factory
   ###### old stuff to be rearranged
   def create_admin_user(env)
     admin_user = User.find_by_login('adminuser') || create_user('adminuser', :email => 'adminuser@noosfero.org', :password => 'adminuser', :password_confirmation => 'adminuser', :environment => env)
-    admin_role = Role.find_by_name('admin_role') || Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_templates', 'manage_environment_licenses'])
+    admin_role = Role.find_by_name('admin_role') || Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_trusted_sites', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_templates', 'manage_environment_licenses'])
     RoleAssignment.create!(:accessor => admin_user.person, :role => admin_role, :resource => env) unless admin_user.person.role_assignments.map{|ra|[ra.role, ra.accessor, ra.resource]}.include?([admin_role, admin_user, env])
     admin_user.login
   end
@@ -30,6 +30,7 @@ four:
    - edit_environment_design
    - manage_environment_categories
    - manage_environment_roles
+   - manage_environment_trusted_sites
    - manage_environment_validators
    - moderate_comments
    - perform_task
@@ -85,6 +86,7 @@ environment_administrator:
    - edit_environment_design
    - manage_environment_categories
    - manage_environment_roles
+   - manage_environment_trusted_sites
    - manage_environment_validators
    - moderate_comments
    - manage_environment_users
@@ -0,0 +1,79 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'trusted_sites_controller'
+
+# Re-raise errors caught by the controller.
+class TrustedSitesController; def rescue_action(e) raise e end; end
+
+class TrustedSitesControllerTest < ActionController::TestCase
+  all_fixtures
+
+  def setup
+    @controller = TrustedSitesController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    @role = Role.find(:first)
+    @environment = Environment.default
+    @environment.trusted_sites_for_iframe = ['existing.site.com']
+    @environment.save!
+
+    login_as(:ze)
+  end
+
+  should 'get index' do
+    get :index
+    assert_response :success
+    assert_not_nil assigns(:sites)
+  end
+
+  should 'get new' do
+    get :new
+    assert_response :success
+  end
+
+  should 'create site' do
+    post :create, :site => 'new.site.com'
+    assert_redirected_to :action => :index
+    assert @controller.environment.trusted_sites_for_iframe.include?('new.site.com'), 'Site was not included in the trusted_sites'
+  end
+
+  should 'fail creation gracefully' do
+    @controller.stubs(:add_trusted_site).returns(false)
+    post :create, :site => 'new.site.com'
+    assert_response :success # it actually failed, but was not redirected
+    assert !@controller.environment.trusted_sites_for_iframe.include?('new.site.com'), 'Site was included in the trusted_sites!?'
+  end
+
+  should 'destroy site' do
+    post :create, :site => 'todel.site.com'
+    delete :destroy, :site => 'todel.site.com'
+    assert_redirected_to :action => :index
+    assert ! @controller.environment.trusted_sites_for_iframe.include?('todel.site.com'), 'Site was not removed from trusted_sites'
+  end
+
+  should "get edit" do
+    get :edit, :site => 'existing.site.com'
+    assert_response :success
+  end
+
+  should "not get edit" do
+    get :edit, :site => 'nonexistent.site.com'
+    assert_redirected_to :action => :index
+  end
+
+  should 'update site' do
+    post :create, :site => 'toedit.site.com'
+    post :update, :orig_site => 'toedit.site.com', :site => 'edited.site.com'
+    assert_redirected_to :action => :edit
+    assert ! @controller.environment.trusted_sites_for_iframe.include?('toedit.site.com'), 'Original site found. Site was not updated?'
+    assert @controller.environment.trusted_sites_for_iframe.include?('edited.site.com'), 'New name for site not found. Site was not updated?'
+  end
+
+  should 'fail update gracefully' do
+    @controller.stubs(:rename_trusted_site).returns(false)
+    post :create, :site => 'toedit.site.com'
+    post :update, :orig_site => 'toedit.site.com', :site => 'edited.site.com'
+    assert_response :success # it actually failed, but was not redirected
+    assert @controller.environment.trusted_sites_for_iframe.include?('toedit.site.com'), 'Original site not found. Site was updated?'
+    assert !@controller.environment.trusted_sites_for_iframe.include?('edited.site.com'), 'New name for site found. Site was updated?'
+  end
+end
@@ -0,0 +1,82 @@		@@ -0,0 +1,82 @@
	1	+class TrustedSitesController < AdminController
	2	+ protect 'manage_environment_trusted_sites', :environment
	3	+
	4	+ def index
	5	+ @sites = environment.trusted_sites_for_iframe
	6	+ end
	7	+
	8	+ def new
	9	+ @site = ""
	10	+ end
	11	+
	12	+ def create
	13	+ if add_trusted_site(params[:site])
	14	+ session[:notice] = _('New trusted site added.')
	15	+ redirect_to :action => 'index'
	16	+ else
	17	+ session[:notice] = _('Failed to add trusted site.')
	18	+ render :action => 'new'
	19	+ end
	20	+ end
	21	+
	22	+ def edit
	23	+ if is_trusted_site? params[:site]
	24	+ @site = params[:site]
	25	+ else
	26	+ session[:notice] = _('Trusted site was not found')
	27	+ redirect_to :action => 'index'
	28	+ end
	29	+ end
	30	+
	31	+ def update
	32	+ site = params[:site]
	33	+ orig_site = params[:orig_site]
	34	+ if rename_trusted_site(orig_site, site)
	35	+ redirect_to :action => 'edit', :site => @site
	36	+ else
	37	+ session[:notice] = _('Failed to edit trusted site.')
	38	+ render :action => 'edit'
	39	+ end
	40	+ end
	41	+
	42	+ def destroy
	43	+ if delete_trusted_site(params[:site])
	44	+ session[:notice] = _('Trusted site removed')
	45	+ else
	46	+ session[:notice] = _('Trusted site could not be removed')
	47	+ end
	48	+ redirect_to :action => 'index'
	49	+ end
	50	+
	51	+ protected
	52	+ def add_trusted_site (site)
	53	+ trusted_sites = environment.trusted_sites_for_iframe
	54	+ trusted_sites << site
	55	+ environment.trusted_sites_for_iframe = trusted_sites
	56	+ environment.save
	57	+ end
	58	+
	59	+ def rename_trusted_site(orig_site, site)
	60	+ trusted_sites = environment.trusted_sites_for_iframe
	61	+ i = trusted_sites.index orig_site
	62	+ if i.nil?
	63	+ return false
	64	+ else
	65	+ trusted_sites[i] = site
	66	+ environment.trusted_sites_for_iframe = trusted_sites
	67	+ environment.save
	68	+ end
	69	+ end
	70	+
	71	+
	72	+ def delete_trusted_site (site)
	73	+ trusted_sites = environment.trusted_sites_for_iframe
	74	+ trusted_sites.delete site
	75	+ environment.trusted_sites_for_iframe = trusted_sites
	76	+ environment.save
	77	+ end
	78	+
	79	+ def is_trusted_site? (site)
	80	+ environment.trusted_sites_for_iframe.include? site
	81	+ end
	82	+end
	@@ -26,6 +26,7 @@ class Environment < ActiveRecord::Base		@@ -26,6 +26,7 @@ class Environment < ActiveRecord::Base
26	'manage_environment_users' => N_('Manage environment users'),	26	'manage_environment_users' => N_('Manage environment users'),
27	'manage_environment_templates' => N_('Manage environment templates'),	27	'manage_environment_templates' => N_('Manage environment templates'),
28	'manage_environment_licenses' => N_('Manage environment licenses'),	28	'manage_environment_licenses' => N_('Manage environment licenses'),
		29	+ 'manage_environment_trusted_sites' => N_('Manage_environment_trusted_sites')
29	}	30	}
30		31
31	module Roles	32	module Roles
	@@ -9,6 +9,7 @@		@@ -9,6 +9,7 @@
9	<tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr>	9	<tr><td><%= link_to _('Sideboxes'), :controller => 'environment_design'%></td></tr>
10	<tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr>	10	<tr><td><%= link_to _('Homepage'), :action => 'set_portal_community' %></td></tr>
11	<tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr>	11	<tr><td><%= link_to _('Licenses'), :controller =>'licenses' %></td></tr>
		12	+ <tr><td><%= link_to _('Trusted sites'), :controller =>'trusted_sites' %></td></tr>
12	</table>	13	</table>
13		14
14	<h2><%= _('Profiles') %></h2>	15	<h2><%= _('Profiles') %></h2>
@@ -0,0 +1,15 @@		@@ -0,0 +1,15 @@
	1	+<h2> <%= _("Editing trusted site") %> </h2>
	2	+
	3	+<% form_tag :action => :update do %>
	4	+
	5	+ <%= text_field_tag :site, @site %>
	6	+ <%= hidden_field_tag :orig_site, @site %>
	7	+
	8	+ <% button_bar do %>
	9	+ <%= submit_button('save', _('Save changes'), :cancel => {:action => 'index'} ) %>
	10	+ <% end %>
	11	+<% end %>
	12	+
	13	+<script>
	14	+ jQuery(function() { jQuery('input#site').focus(); } );
	15	+</script>
@@ -0,0 +1,28 @@		@@ -0,0 +1,28 @@
	1	+<h1><%= _('Manage trusted sites') %></h1>
	2	+
	3	+<p>
	4	+<%= _('Here you can manage the list of trusted sites of your environment. A trusted site is a site that you consider safe enough to incorporate their content through <em>iframes</em>.') %>
	5	+</p>
	6	+
	7	+<table>
	8	+ <tr>
	9	+ <th><%= _('Site') %></th>
	10	+ <th><%= _('Actions') %></th>
	11	+ </tr>
	12	+ <% @sites.each do \|site\| %>
	13	+ <tr>
	14	+ <td>
	15	+ <%= link_to site, :action => 'show', :site => site %>
	16	+ </td>
	17	+ <td style='white-space: nowrap;'>
	18	+ <%= button_without_text :edit, _('Edit'), :action => 'edit', :site => site %>
	19	+ <%= button_without_text :remove, _('Remove'), {:action => :destroy, :site => site}, :method => :delete, :confirm => _('Are you sure you want to remove this site from the list of trusted sites?') %>
	20	+ </td>
	21	+ </tr>
	22	+ <% end %>
	23	+</table>
	24	+
	25	+<% button_bar do %>
	26	+ <%= button :add, _('Add a trusted site'), :action => 'new' %>
	27	+ <%= button :back, _('Back to admin panel'), :controller => 'admin_panel' %>
	28	+<% end %>
@@ -0,0 +1,14 @@		@@ -0,0 +1,14 @@
	1	+<h2> <%= _("Add a new trusted site") %> </h2>
	2	+
	3	+<% form_tag :action => :create do %>
	4	+
	5	+ <%= text_field_tag :site, @site %>
	6	+
	7	+ <% button_bar do %>
	8	+ <%= submit_button('save', _('Add trusted site'), :cancel => {:action => 'index'} ) %>
	9	+ <% end %>
	10	+<% end %>
	11	+
	12	+<script>
	13	+ jQuery(function() { jQuery('input#site').focus(); } );
	14	+</script>
	@@ -55,7 +55,7 @@ module Noosfero::Factory		@@ -55,7 +55,7 @@ module Noosfero::Factory
55	###### old stuff to be rearranged	55	###### old stuff to be rearranged
56	def create_admin_user(env)	56	def create_admin_user(env)
57	admin_user = User.find_by_login('adminuser') \|\| create_user('adminuser', :email => 'adminuser@noosfero.org', :password => 'adminuser', :password_confirmation => 'adminuser', :environment => env)	57	admin_user = User.find_by_login('adminuser') \|\| create_user('adminuser', :email => 'adminuser@noosfero.org', :password => 'adminuser', :password_confirmation => 'adminuser', :environment => env)
58	- admin_role = Role.find_by_name('admin_role') \|\| Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_templates', 'manage_environment_licenses'])	58	+ admin_role = Role.find_by_name('admin_role') \|\| Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_trusted_sites', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_templates', 'manage_environment_licenses'])
59	RoleAssignment.create!(:accessor => admin_user.person, :role => admin_role, :resource => env) unless admin_user.person.role_assignments.map{\|ra\|[ra.role, ra.accessor, ra.resource]}.include?([admin_role, admin_user, env])	59	RoleAssignment.create!(:accessor => admin_user.person, :role => admin_role, :resource => env) unless admin_user.person.role_assignments.map{\|ra\|[ra.role, ra.accessor, ra.resource]}.include?([admin_role, admin_user, env])
60	admin_user.login	60	admin_user.login
61	end	61	end
	@@ -30,6 +30,7 @@ four:		@@ -30,6 +30,7 @@ four:
30	- edit_environment_design	30	- edit_environment_design
31	- manage_environment_categories	31	- manage_environment_categories
32	- manage_environment_roles	32	- manage_environment_roles
		33	+ - manage_environment_trusted_sites
33	- manage_environment_validators	34	- manage_environment_validators
34	- moderate_comments	35	- moderate_comments
35	- perform_task	36	- perform_task
	@@ -85,6 +86,7 @@ environment_administrator:		@@ -85,6 +86,7 @@ environment_administrator:
85	- edit_environment_design	86	- edit_environment_design
86	- manage_environment_categories	87	- manage_environment_categories
87	- manage_environment_roles	88	- manage_environment_roles
		89	+ - manage_environment_trusted_sites
88	- manage_environment_validators	90	- manage_environment_validators
89	- moderate_comments	91	- moderate_comments
90	- manage_environment_users	92	- manage_environment_users
@@ -0,0 +1,79 @@		@@ -0,0 +1,79 @@
	1	+require File.dirname(__FILE__) + '/../test_helper'
	2	+require 'trusted_sites_controller'
	3	+
	4	+# Re-raise errors caught by the controller.
	5	+class TrustedSitesController; def rescue_action(e) raise e end; end
	6	+
	7	+class TrustedSitesControllerTest < ActionController::TestCase
	8	+ all_fixtures
	9	+
	10	+ def setup
	11	+ @controller = TrustedSitesController.new
	12	+ @request = ActionController::TestRequest.new
	13	+ @response = ActionController::TestResponse.new
	14	+ @role = Role.find(:first)
	15	+ @environment = Environment.default
	16	+ @environment.trusted_sites_for_iframe = ['existing.site.com']
	17	+ @environment.save!
	18	+
	19	+ login_as(:ze)
	20	+ end
	21	+
	22	+ should 'get index' do
	23	+ get :index
	24	+ assert_response :success
	25	+ assert_not_nil assigns(:sites)
	26	+ end
	27	+
	28	+ should 'get new' do
	29	+ get :new
	30	+ assert_response :success
	31	+ end
	32	+
	33	+ should 'create site' do
	34	+ post :create, :site => 'new.site.com'
	35	+ assert_redirected_to :action => :index
	36	+ assert @controller.environment.trusted_sites_for_iframe.include?('new.site.com'), 'Site was not included in the trusted_sites'
	37	+ end
	38	+
	39	+ should 'fail creation gracefully' do
	40	+ @controller.stubs(:add_trusted_site).returns(false)
	41	+ post :create, :site => 'new.site.com'
	42	+ assert_response :success # it actually failed, but was not redirected
	43	+ assert !@controller.environment.trusted_sites_for_iframe.include?('new.site.com'), 'Site was included in the trusted_sites!?'
	44	+ end
	45	+
	46	+ should 'destroy site' do
	47	+ post :create, :site => 'todel.site.com'
	48	+ delete :destroy, :site => 'todel.site.com'
	49	+ assert_redirected_to :action => :index
	50	+ assert ! @controller.environment.trusted_sites_for_iframe.include?('todel.site.com'), 'Site was not removed from trusted_sites'
	51	+ end
	52	+
	53	+ should "get edit" do
	54	+ get :edit, :site => 'existing.site.com'
	55	+ assert_response :success
	56	+ end
	57	+
	58	+ should "not get edit" do
	59	+ get :edit, :site => 'nonexistent.site.com'
	60	+ assert_redirected_to :action => :index
	61	+ end
	62	+
	63	+ should 'update site' do
	64	+ post :create, :site => 'toedit.site.com'
	65	+ post :update, :orig_site => 'toedit.site.com', :site => 'edited.site.com'
	66	+ assert_redirected_to :action => :edit
	67	+ assert ! @controller.environment.trusted_sites_for_iframe.include?('toedit.site.com'), 'Original site found. Site was not updated?'
	68	+ assert @controller.environment.trusted_sites_for_iframe.include?('edited.site.com'), 'New name for site not found. Site was not updated?'
	69	+ end
	70	+
	71	+ should 'fail update gracefully' do
	72	+ @controller.stubs(:rename_trusted_site).returns(false)
	73	+ post :create, :site => 'toedit.site.com'
	74	+ post :update, :orig_site => 'toedit.site.com', :site => 'edited.site.com'
	75	+ assert_response :success # it actually failed, but was not redirected
	76	+ assert @controller.environment.trusted_sites_for_iframe.include?('toedit.site.com'), 'Original site not found. Site was updated?'
	77	+ assert !@controller.environment.trusted_sites_for_iframe.include?('edited.site.com'), 'New name for site found. Site was updated?'
	78	+ end
	79	+end