Commit 3d111ca77eb9cc0e74d6b0f0ef82c1ffa747d1ca

Authored by Luciano Prestes
Committed by Rodrigo Souto
1 parent 47e5f189

Add option to block appearence edit

- Add before_filter for check permission for open edit header and footer page
- Change environment feature name of disable_appearance to enable_appearance
- Update cucumber test change_appearance.feature

Signed-off-by: DylanGuedes <djmgguedes@gmail.com>
Signed-off-by: Luciano Prestes Cavalcanti <lucianopcbr@gmail.com>
Signed-off-by: Omar Junior <omarroinuj@gmail.com>
Signed-off-by: vitorbaraujo <vitornga15@gmail.com>
Signed-off-by: Victor Matias Navarro <victor.matias.navarro@gmail.com>
app/controllers/my_profile/profile_editor_controller.rb
@@ -6,10 +6,13 @@ class ProfileEditorController &lt; MyProfileController @@ -6,10 +6,13 @@ class ProfileEditorController &lt; MyProfileController
6 before_filter :access_welcome_page, :only => [:welcome_page] 6 before_filter :access_welcome_page, :only => [:welcome_page]
7 before_filter :back_to 7 before_filter :back_to
8 before_filter :forbid_destroy_profile, :only => [:destroy_profile] 8 before_filter :forbid_destroy_profile, :only => [:destroy_profile]
  9 + before_filter :check_user_can_edit_header_footer, :only => [:header_footer]
9 helper_method :has_welcome_page 10 helper_method :has_welcome_page
10 11
11 def index 12 def index
12 @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)} 13 @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)}
  14 + @show_appearance_option = user.is_admin?(environment) || environment.enabled?('enable_appearance')
  15 + @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer'))
13 end 16 end
14 17
15 helper :profile 18 helper :profile
@@ -169,4 +172,9 @@ class ProfileEditorController &lt; MyProfileController @@ -169,4 +172,9 @@ class ProfileEditorController &lt; MyProfileController
169 redirect_to_previous_location 172 redirect_to_previous_location
170 end 173 end
171 end 174 end
  175 +
  176 + def check_user_can_edit_header_footer
  177 + user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer')
  178 + redirect_to back_to if user_can_not_edit_header_footer
  179 + end
172 end 180 end
app/controllers/themes_controller.rb
1 class ThemesController < ApplicationController 1 class ThemesController < ApplicationController
2 2
3 before_filter :login_required 3 before_filter :login_required
  4 + before_filter :check_user_can_edit_appearance, :only => [:index]
4 5
5 no_design_blocks 6 no_design_blocks
6 7
@@ -39,4 +40,11 @@ class ThemesController &lt; ApplicationController @@ -39,4 +40,11 @@ class ThemesController &lt; ApplicationController
39 redirect_to :action => 'index' 40 redirect_to :action => 'index'
40 end 41 end
41 42
  43 + private
  44 +
  45 + def check_user_can_edit_appearance
  46 + user_can_edit_appearance = user.is_admin?(environment) || environment.enabled?('enable_appearance')
  47 + redirect_to request.referer || "/" unless user_can_edit_appearance
  48 + end
  49 +
42 end 50 end
app/models/environment.rb
@@ -158,7 +158,9 @@ class Environment &lt; ActiveRecord::Base @@ -158,7 +158,9 @@ class Environment &lt; ActiveRecord::Base
158 'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'), 158 'allow_change_of_redirection_after_login' => _('Allow users to set the page to redirect after login'),
159 'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'), 159 'display_my_communities_on_user_menu' => _('Display on menu the list of communities the user can manage'),
160 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'), 160 'display_my_enterprises_on_user_menu' => _('Display on menu the list of enterprises the user can manage'),
161 - 'restrict_to_members' => _('Show content only to members') 161 + 'restrict_to_members' => _('Show content only to members'),
  162 +
  163 + 'enable_appearance' => _('Enable appearance editing by users'),
162 } 164 }
163 end 165 end
164 166
@@ -438,6 +440,7 @@ class Environment &lt; ActiveRecord::Base @@ -438,6 +440,7 @@ class Environment &lt; ActiveRecord::Base
438 show_balloon_with_profile_links_when_clicked 440 show_balloon_with_profile_links_when_clicked
439 show_zoom_button_on_article_images 441 show_zoom_button_on_article_images
440 use_portal_community 442 use_portal_community
  443 + enable_appearance
441 ) 444 )
442 445
443 before_create :enable_default_features 446 before_create :enable_default_features
app/views/profile_editor/index.html.erb
@@ -22,9 +22,9 @@ @@ -22,9 +22,9 @@
22 22
23 <%= control_panel_button(_('Edit sideboxes'), 'blocks', :controller => 'profile_design', :action => 'index') %> 23 <%= control_panel_button(_('Edit sideboxes'), 'blocks', :controller => 'profile_design', :action => 'index') %>
24 24
25 - <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') %> 25 + <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') if @show_appearance_option %>
26 26
27 - <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) %> 27 + <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if @show_header_footer_option %>
28 28
29 <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> 29 <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %>
30 30
features/change_appearance.feature
@@ -6,6 +6,7 @@ Feature: Change appearance @@ -6,6 +6,7 @@ Feature: Change appearance
6 Given the following users 6 Given the following users
7 | login | name | 7 | login | name |
8 | joaosilva | Joao Silva | 8 | joaosilva | Joao Silva |
  9 + And feature "enable_appearance" is enabled on environment
9 10
10 Scenario: Change appearance from default(3 boxes) to Left Top and Right(4 boxes) 11 Scenario: Change appearance from default(3 boxes) to Left Top and Right(4 boxes)
11 Given I am logged in as "joaosilva" 12 Given I am logged in as "joaosilva"
test/functional/profile_editor_controller_test.rb
@@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase @@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest &lt; ActionController::TestCase
1184 get :index, :profile => user.identifier 1184 get :index, :profile => user.identifier
1185 assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' } 1185 assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' }
1186 end 1186 end
  1187 +
  1188 + should 'user cant edit header and footer if environment dont permit' do
  1189 + environment = Environment.default
  1190 + environment.settings[:disable_header_and_footer_enabled] = true
  1191 + environment.save!
  1192 +
  1193 + user = create_user('user').person
  1194 + login_as('user')
  1195 +
  1196 + get :header_footer, :profile => user.identifier
  1197 + assert_response :redirect
  1198 + end
  1199 +
  1200 + should 'admin can edit header and footer if environment dont permit' do
  1201 + user = create_user('user').person
  1202 +
  1203 + environment = Environment.default
  1204 + environment.add_admin(user)
  1205 + environment.settings[:disable_header_and_footer_enabled] = true
  1206 + environment.save!
  1207 +
  1208 + login_as('user')
  1209 +
  1210 + get :header_footer, :profile => user.identifier
  1211 + assert_response :success
  1212 + end
1187 end 1213 end
test/functional/profile_themes_controller_test.rb
@@ -17,6 +17,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase @@ -17,6 +17,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
17 17
18 @env = Environment.default 18 @env = Environment.default
19 @env.enable('user_themes') 19 @env.enable('user_themes')
  20 + @env.enable_default_features
20 @env.save! 21 @env.save!
21 end 22 end
22 attr_reader :profile, :env 23 attr_reader :profile, :env
@@ -116,7 +117,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase @@ -116,7 +117,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
116 117
117 should 'create a new theme' do 118 should 'create a new theme' do
118 post :new, :profile => 'testinguser', :name => 'My theme' 119 post :new, :profile => 'testinguser', :name => 'My theme'
119 - 120 +
120 ok('theme should be created') do 121 ok('theme should be created') do
121 profile.themes.first.id == 'my-theme' 122 profile.themes.first.id == 'my-theme'
122 end 123 end
@@ -197,7 +198,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase @@ -197,7 +198,7 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
197 should 'display "add image" button' do 198 should 'display "add image" button' do
198 theme = Theme.create('mytheme', :owner => profile) 199 theme = Theme.create('mytheme', :owner => profile)
199 get :edit, :profile => 'testinguser', :id => 'mytheme' 200 get :edit, :profile => 'testinguser', :id => 'mytheme'
200 - 201 +
201 assert_tag :tag => 'a', :attributes => { :href => '/myprofile/testinguser/profile_themes/add_image/mytheme' } 202 assert_tag :tag => 'a', :attributes => { :href => '/myprofile/testinguser/profile_themes/add_image/mytheme' }
202 end 203 end
203 204
@@ -329,4 +330,29 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase @@ -329,4 +330,29 @@ class ProfileThemesControllerTest &lt; ActionController::TestCase
329 assert_equal [t2, t1], assigns(:themes) 330 assert_equal [t2, t1], assigns(:themes)
330 end 331 end
331 332
  333 + should 'user cant edit appearance if environment dont permit' do
  334 + environment = Environment.default
  335 + environment.disable('enable_appearance')
  336 + environment.save!
  337 +
  338 + user = create_user('user').person
  339 + login_as('user')
  340 +
  341 + post :index, :profile => user.identifier
  342 + assert_response :redirect
  343 + end
  344 +
  345 + should 'admin can edit appearance if environment dont permit' do
  346 + user = create_user('user').person
  347 +
  348 + environment = Environment.default
  349 + environment.add_admin(user)
  350 + environment.disable('enable_appearance')
  351 + environment.save!
  352 +
  353 + login_as('user')
  354 +
  355 + post :index, :profile => user.identifier
  356 + assert_response :success
  357 + end
332 end 358 end