Commit 3d111ca77eb9cc0e74d6b0f0ef82c1ffa747d1ca
Committed by
Rodrigo Souto
1 parent
47e5f189
Exists in
master
and in
29 other branches
Add option to block appearence edit
- Add before_filter for check permission for open edit header and footer page - Change environment feature name of disable_appearance to enable_appearance - Update cucumber test change_appearance.feature Signed-off-by: DylanGuedes <djmgguedes@gmail.com> Signed-off-by: Luciano Prestes Cavalcanti <lucianopcbr@gmail.com> Signed-off-by: Omar Junior <omarroinuj@gmail.com> Signed-off-by: vitorbaraujo <vitornga15@gmail.com> Signed-off-by: Victor Matias Navarro <victor.matias.navarro@gmail.com>
Showing
7 changed files
with
77 additions
and
5 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
@@ -6,10 +6,13 @@ class ProfileEditorController < MyProfileController | @@ -6,10 +6,13 @@ class ProfileEditorController < MyProfileController | ||
6 | before_filter :access_welcome_page, :only => [:welcome_page] | 6 | before_filter :access_welcome_page, :only => [:welcome_page] |
7 | before_filter :back_to | 7 | before_filter :back_to |
8 | before_filter :forbid_destroy_profile, :only => [:destroy_profile] | 8 | before_filter :forbid_destroy_profile, :only => [:destroy_profile] |
9 | + before_filter :check_user_can_edit_header_footer, :only => [:header_footer] | ||
9 | helper_method :has_welcome_page | 10 | helper_method :has_welcome_page |
10 | 11 | ||
11 | def index | 12 | def index |
12 | @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)} | 13 | @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)} |
14 | + @show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance') | ||
15 | + @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) | ||
13 | end | 16 | end |
14 | 17 | ||
15 | helper :profile | 18 | helper :profile |
@@ -169,4 +172,9 @@ class ProfileEditorController < MyProfileController | @@ -169,4 +172,9 @@ class ProfileEditorController < MyProfileController | ||
169 | redirect_to_previous_location | 172 | redirect_to_previous_location |
170 | end | 173 | end |
171 | end | 174 | end |
175 | + | ||
176 | + def check_user_can_edit_header_footer | ||
177 | + user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer') | ||
178 | + redirect_to back_to if user_can_not_edit_header_footer | ||
179 | + end | ||
172 | end | 180 | end |
app/controllers/themes_controller.rb
1 | class ThemesController < ApplicationController | 1 | class ThemesController < ApplicationController |
2 | 2 | ||
3 | before_filter :login_required | 3 | before_filter :login_required |
4 | + before_filter :check_user_can_edit_appearance, :only => [:index] | ||
4 | 5 | ||
5 | no_design_blocks | 6 | no_design_blocks |
6 | 7 | ||
@@ -39,4 +40,11 @@ class ThemesController < ApplicationController | @@ -39,4 +40,11 @@ class ThemesController < ApplicationController | ||
39 | redirect_to :action => 'index' | 40 | redirect_to :action => 'index' |
40 | end | 41 | end |
41 | 42 | ||
43 | + private | ||
44 | + | ||
45 | + def check_user_can_edit_appearance | ||
46 | + user_can_edit_appearance = user.is_admin?(environment) || environment.enabled?('enable_appearance') | ||
47 | + redirect_to request.referer || "/" unless user_can_edit_appearance | ||
48 | + end | ||
49 | + | ||
42 | end | 50 | end |
app/models/environment.rb
@@ -158,7 +158,9 @@ class Environment < ActiveRecord::Base | @@ -158,7 +158,9 @@ class Environment < ActiveRecord::Base | ||
158 | 'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'), | 158 | 'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'), |
159 | 'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'), | 159 | 'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'), |
160 | 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'), | 160 | 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'), |
161 | - 'restrict_to_members' => _('Show content only to members') | 161 | + 'restrict_to_members' => _('Show content only to members'), |
162 | + | ||
163 | + 'enable_appearance' => _('Enable appearance editing by users'), | ||
162 | } | 164 | } |
163 | end | 165 | end |
164 | 166 | ||
@@ -438,6 +440,7 @@ class Environment < ActiveRecord::Base | @@ -438,6 +440,7 @@ class Environment < ActiveRecord::Base | ||
438 | show_balloon_with_profile_links_when_clicked | 440 | show_balloon_with_profile_links_when_clicked |
439 | show_zoom_button_on_article_images | 441 | show_zoom_button_on_article_images |
440 | use_portal_community | 442 | use_portal_community |
443 | + enable_appearance | ||
441 | ) | 444 | ) |
442 | 445 | ||
443 | before_create :enable_default_features | 446 | before_create :enable_default_features |
app/views/profile_editor/index.html.erb
@@ -22,9 +22,9 @@ | @@ -22,9 +22,9 @@ | ||
22 | 22 | ||
23 | <%= control_panel_button(_('Edit sideboxes'), 'blocks', :controller => 'profile_design', :action => 'index') %> | 23 | <%= control_panel_button(_('Edit sideboxes'), 'blocks', :controller => 'profile_design', :action => 'index') %> |
24 | 24 | ||
25 | - <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') %> | 25 | + <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') if @show_appearance_option %> |
26 | 26 | ||
27 | - <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) %> | 27 | + <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if @show_header_footer_option %> |
28 | 28 | ||
29 | <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> | 29 | <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> |
30 | 30 |
features/change_appearance.feature
@@ -6,6 +6,7 @@ Feature: Change appearance | @@ -6,6 +6,7 @@ Feature: Change appearance | ||
6 | Given the following users | 6 | Given the following users |
7 | | login | name | | 7 | | login | name | |
8 | | joaosilva | Joao Silva | | 8 | | joaosilva | Joao Silva | |
9 | + And feature "enable_appearance" is enabled on environment | ||
9 | 10 | ||
10 | Scenario: Change appearance from default(3 boxes) to Left Top and Right(4 boxes) | 11 | Scenario: Change appearance from default(3 boxes) to Left Top and Right(4 boxes) |
11 | Given I am logged in as "joaosilva" | 12 | Given I am logged in as "joaosilva" |
test/functional/profile_editor_controller_test.rb
@@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest < ActionController::TestCase | @@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest < ActionController::TestCase | ||
1184 | get :index, :profile => user.identifier | 1184 | get :index, :profile => user.identifier |
1185 | assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' } | 1185 | assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' } |
1186 | end | 1186 | end |
1187 | + | ||
1188 | + should 'user cant edit header and footer if environment dont permit' do | ||
1189 | + environment = Environment.default | ||
1190 | + environment.settings[:disable_header_and_footer_enabled] = true | ||
1191 | + environment.save! | ||
1192 | + | ||
1193 | + user = create_user('user').person | ||
1194 | + login_as('user') | ||
1195 | + | ||
1196 | + get :header_footer, :profile => user.identifier | ||
1197 | + assert_response :redirect | ||
1198 | + end | ||
1199 | + | ||
1200 | + should 'admin can edit header and footer if environment dont permit' do | ||
1201 | + user = create_user('user').person | ||
1202 | + | ||
1203 | + environment = Environment.default | ||
1204 | + environment.add_admin(user) | ||
1205 | + environment.settings[:disable_header_and_footer_enabled] = true | ||
1206 | + environment.save! | ||
1207 | + | ||
1208 | + login_as('user') | ||
1209 | + | ||
1210 | + get :header_footer, :profile => user.identifier | ||
1211 | + assert_response :success | ||
1212 | + end | ||
1187 | end | 1213 | end |
test/functional/profile_themes_controller_test.rb
@@ -17,6 +17,7 @@ class ProfileThemesControllerTest < ActionController::TestCase | @@ -17,6 +17,7 @@ class ProfileThemesControllerTest < ActionController::TestCase | ||
17 | 17 | ||
18 | @env = Environment.default | 18 | @env = Environment.default |
19 | @env.enable('user_themes') | 19 | @env.enable('user_themes') |
20 | + @env.enable_default_features | ||
20 | @env.save! | 21 | @env.save! |
21 | end | 22 | end |
22 | attr_reader :profile, :env | 23 | attr_reader :profile, :env |
@@ -116,7 +117,7 @@ class ProfileThemesControllerTest < ActionController::TestCase | @@ -116,7 +117,7 @@ class ProfileThemesControllerTest < ActionController::TestCase | ||
116 | 117 | ||
117 | should 'create a new theme' do | 118 | should 'create a new theme' do |
118 | post :new, :profile => 'testinguser', :name => 'My theme' | 119 | post :new, :profile => 'testinguser', :name => 'My theme' |
119 | - | 120 | + |
120 | ok('theme should be created') do | 121 | ok('theme should be created') do |
121 | profile.themes.first.id == 'my-theme' | 122 | profile.themes.first.id == 'my-theme' |
122 | end | 123 | end |
@@ -197,7 +198,7 @@ class ProfileThemesControllerTest < ActionController::TestCase | @@ -197,7 +198,7 @@ class ProfileThemesControllerTest < ActionController::TestCase | ||
197 | should 'display "add image" button' do | 198 | should 'display "add image" button' do |
198 | theme = Theme.create('mytheme', :owner => profile) | 199 | theme = Theme.create('mytheme', :owner => profile) |
199 | get :edit, :profile => 'testinguser', :id => 'mytheme' | 200 | get :edit, :profile => 'testinguser', :id => 'mytheme' |
200 | - | 201 | + |
201 | assert_tag :tag => 'a', :attributes => { :href => '/myprofile/testinguser/profile_themes/add_image/mytheme' } | 202 | assert_tag :tag => 'a', :attributes => { :href => '/myprofile/testinguser/profile_themes/add_image/mytheme' } |
202 | end | 203 | end |
203 | 204 | ||
@@ -329,4 +330,29 @@ class ProfileThemesControllerTest < ActionController::TestCase | @@ -329,4 +330,29 @@ class ProfileThemesControllerTest < ActionController::TestCase | ||
329 | assert_equal [t2, t1], assigns(:themes) | 330 | assert_equal [t2, t1], assigns(:themes) |
330 | end | 331 | end |
331 | 332 | ||
333 | + should 'user cant edit appearance if environment dont permit' do | ||
334 | + environment = Environment.default | ||
335 | + environment.disable('enable_appearance') | ||
336 | + environment.save! | ||
337 | + | ||
338 | + user = create_user('user').person | ||
339 | + login_as('user') | ||
340 | + | ||
341 | + post :index, :profile => user.identifier | ||
342 | + assert_response :redirect | ||
343 | + end | ||
344 | + | ||
345 | + should 'admin can edit appearance if environment dont permit' do | ||
346 | + user = create_user('user').person | ||
347 | + | ||
348 | + environment = Environment.default | ||
349 | + environment.add_admin(user) | ||
350 | + environment.disable('enable_appearance') | ||
351 | + environment.save! | ||
352 | + | ||
353 | + login_as('user') | ||
354 | + | ||
355 | + post :index, :profile => user.identifier | ||
356 | + assert_response :success | ||
357 | + end | ||
332 | end | 358 | end |