diff --git a/app/controllers/my_profile/profile_editor_controller.rb b/app/controllers/my_profile/profile_editor_controller.rb index 202952d..b04d3bf 100644 --- a/app/controllers/my_profile/profile_editor_controller.rb +++ b/app/controllers/my_profile/profile_editor_controller.rb @@ -6,10 +6,13 @@ class ProfileEditorController < MyProfileController before_filter :access_welcome_page, :only => [:welcome_page] before_filter :back_to before_filter :forbid_destroy_profile, :only => [:destroy_profile] + before_filter :check_user_can_edit_header_footer, :only => [:header_footer] helper_method :has_welcome_page def index @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)} + @show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance') + @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) end helper :profile @@ -169,4 +172,9 @@ class ProfileEditorController < MyProfileController redirect_to_previous_location end end + + def check_user_can_edit_header_footer + user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer') + redirect_to back_to if user_can_not_edit_header_footer + end end diff --git a/app/controllers/themes_controller.rb b/app/controllers/themes_controller.rb index c12ec08..7973b47 100644 --- a/app/controllers/themes_controller.rb +++ b/app/controllers/themes_controller.rb @@ -1,6 +1,7 @@ class ThemesController < ApplicationController before_filter :login_required + before_filter :check_user_can_edit_appearance, :only => [:index] no_design_blocks @@ -39,4 +40,11 @@ class ThemesController < ApplicationController redirect_to :action => 'index' end + private + + def check_user_can_edit_appearance + user_can_edit_appearance = user.is_admin?(environment) || environment.enabled?('enable_appearance') + redirect_to request.referer || "/" unless user_can_edit_appearance + end + end diff --git a/app/models/environment.rb b/app/models/environment.rb index 5f74d9c..acb8a89 100644 --- a/app/models/environment.rb +++ b/app/models/environment.rb @@ -158,7 +158,9 @@ class Environment < ActiveRecord::Base 'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'), 'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'), 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'), - 'restrict_to_members' => _('Show content only to members') + 'restrict_to_members' => _('Show content only to members'), + + 'enable_appearance' => _('Enable appearance editing by users'), } end @@ -438,6 +440,7 @@ class Environment < ActiveRecord::Base show_balloon_with_profile_links_when_clicked show_zoom_button_on_article_images use_portal_community + enable_appearance ) before_create :enable_default_features diff --git a/app/views/profile_editor/index.html.erb b/app/views/profile_editor/index.html.erb index 7d3db97..4f80ae2 100644 --- a/app/views/profile_editor/index.html.erb +++ b/app/views/profile_editor/index.html.erb @@ -22,9 +22,9 @@ <%= control_panel_button(_('Edit sideboxes'), 'blocks', :controller => 'profile_design', :action => 'index') %> - <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') %> + <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') if @show_appearance_option %> - <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) %> + <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if @show_header_footer_option %> <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> diff --git a/features/change_appearance.feature b/features/change_appearance.feature index 5eb5b1f..db9f4c1 100644 --- a/features/change_appearance.feature +++ b/features/change_appearance.feature @@ -6,6 +6,7 @@ Feature: Change appearance Given the following users | login | name | | joaosilva | Joao Silva | + And feature "enable_appearance" is enabled on environment Scenario: Change appearance from default(3 boxes) to Left Top and Right(4 boxes) Given I am logged in as "joaosilva" diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb index c20d89b..6a81a40 100644 --- a/test/functional/profile_editor_controller_test.rb +++ b/test/functional/profile_editor_controller_test.rb @@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest < ActionController::TestCase get :index, :profile => user.identifier assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' } end + + should 'user cant edit header and footer if environment dont permit' do + environment = Environment.default + environment.settings[:disable_header_and_footer_enabled] = true + environment.save! + + user = create_user('user').person + login_as('user') + + get :header_footer, :profile => user.identifier + assert_response :redirect + end + + should 'admin can edit header and footer if environment dont permit' do + user = create_user('user').person + + environment = Environment.default + environment.add_admin(user) + environment.settings[:disable_header_and_footer_enabled] = true + environment.save! + + login_as('user') + + get :header_footer, :profile => user.identifier + assert_response :success + end end diff --git a/test/functional/profile_themes_controller_test.rb b/test/functional/profile_themes_controller_test.rb index ee53a6e..4601f52 100644 --- a/test/functional/profile_themes_controller_test.rb +++ b/test/functional/profile_themes_controller_test.rb @@ -17,6 +17,7 @@ class ProfileThemesControllerTest < ActionController::TestCase @env = Environment.default @env.enable('user_themes') + @env.enable_default_features @env.save! end attr_reader :profile, :env @@ -116,7 +117,7 @@ class ProfileThemesControllerTest < ActionController::TestCase should 'create a new theme' do post :new, :profile => 'testinguser', :name => 'My theme' - + ok('theme should be created') do profile.themes.first.id == 'my-theme' end @@ -197,7 +198,7 @@ class ProfileThemesControllerTest < ActionController::TestCase should 'display "add image" button' do theme = Theme.create('mytheme', :owner => profile) get :edit, :profile => 'testinguser', :id => 'mytheme' - + assert_tag :tag => 'a', :attributes => { :href => '/myprofile/testinguser/profile_themes/add_image/mytheme' } end @@ -329,4 +330,29 @@ class ProfileThemesControllerTest < ActionController::TestCase assert_equal [t2, t1], assigns(:themes) end + should 'user cant edit appearance if environment dont permit' do + environment = Environment.default + environment.disable('enable_appearance') + environment.save! + + user = create_user('user').person + login_as('user') + + post :index, :profile => user.identifier + assert_response :redirect + end + + should 'admin can edit appearance if environment dont permit' do + user = create_user('user').person + + environment = Environment.default + environment.add_admin(user) + environment.disable('enable_appearance') + environment.save! + + login_as('user') + + post :index, :profile => user.identifier + assert_response :success + end end -- libgit2 0.21.2