diff --git a/app/controllers/admin/admin_panel_controller.rb b/app/controllers/admin/admin_panel_controller.rb index 0698de6..94e0160 100644 --- a/app/controllers/admin/admin_panel_controller.rb +++ b/app/controllers/admin/admin_panel_controller.rb @@ -1,7 +1,5 @@ class AdminPanelController < AdminController - before_filter :login_required - protect 'view_environment_admin_panel', :environment def boxes_holder diff --git a/app/controllers/admin/plugins_controller.rb b/app/controllers/admin/plugins_controller.rb index d68a053..d75a701 100644 --- a/app/controllers/admin/plugins_controller.rb +++ b/app/controllers/admin/plugins_controller.rb @@ -1,4 +1,5 @@ class PluginsController < AdminController + protect 'edit_environment_features', :environment def index @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 809c220..c16f94a 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -1,3 +1,4 @@ class AdminController < ApplicationController require_ssl + before_filter :login_required end diff --git a/features/send_email_to_environment_members.feature b/features/send_email_to_environment_members.feature index a3a108b..0140ff3 100644 --- a/features/send_email_to_environment_members.feature +++ b/features/send_email_to_environment_members.feature @@ -5,7 +5,7 @@ Feature: send emails to environment members users Scenario: Cant access if not logged in Given I am not logged in When I go to /admin/users/send_mail - Then I should see "Access denied" + Then I should be on login page Scenario: Cant access as normal user Given the following user diff --git a/public/javascripts/application.js b/public/javascripts/application.js index 438eb39..b447f0d 100644 --- a/public/javascripts/application.js +++ b/public/javascripts/application.js @@ -677,3 +677,18 @@ function original_image_dimensions(src) { img.src = src; return { 'width' : img.width, 'height' : img.height }; } + +jQuery(function() { + jQuery("#ajax-form").before("
"); + jQuery("#ajax-form").before(""); + jQuery("#ajax-form").ajaxForm({ + beforeSubmit: function(a,f,o) { + jQuery('#ajax-form-message-area').html(''); + o.loading = small_loading('ajax-form-loading-area'); + }, + success: function() { + loading_done('ajax-form-loading-area'); + }, + target: "#ajax-form-message-area" + }) +}); diff --git a/test/functional/admin_controller_test.rb b/test/functional/admin_controller_test.rb index 0b9c562..d2508d7 100644 --- a/test/functional/admin_controller_test.rb +++ b/test/functional/admin_controller_test.rb @@ -25,6 +25,7 @@ class AdminControllerTest < Test::Unit::TestCase end should 'detect ssl' do + login_as 'ze' @request.expects(:ssl?).returns(true).at_least_once get :index assert_response :success diff --git a/test/functional/cms_controller_test.rb b/test/functional/cms_controller_test.rb index 5c23a39..e3e4750 100644 --- a/test/functional/cms_controller_test.rb +++ b/test/functional/cms_controller_test.rb @@ -16,6 +16,7 @@ class CmsControllerTest < Test::Unit::TestCase @profile = create_user_with_permission('testinguser', 'post_content') login_as :testinguser + @controller.stubs(:user).returns(@profile) end attr_reader :profile @@ -614,7 +615,7 @@ class CmsControllerTest < Test::Unit::TestCase end should 'not make enterprise homepage available to person' do - @controller.stubs(:profile).returns(create_user('test_user').person) + @controller.stubs(:profile).returns(profile) assert_not_includes @controller.available_article_types, EnterpriseHomepage end @@ -1278,6 +1279,7 @@ class CmsControllerTest < Test::Unit::TestCase c = Community.create!(:name => 'test_comm', :identifier => 'test_comm') u = create_user_with_permission('test_user', 'publish_content', c) login_as :test_user + @controller.stubs(:user).returns(u) get :new, :profile => c.identifier, :type => 'TinyMceArticle' assert_response :success @@ -1311,6 +1313,7 @@ class CmsControllerTest < Test::Unit::TestCase u = create_user_with_permission('test_user', 'publish_content', c) a = c.articles.create!(:name => 'test_article', :last_changed_by => u) login_as :test_user + @controller.stubs(:user).returns(u) get :edit, :profile => c.identifier, :id => a.id diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 1680e18..d2764c8 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -15,6 +15,8 @@ class UsersControllerTest < Test::Unit::TestCase end should 'not access without right permission' do + create_user('guest') + login_as 'guest' get :index assert_response 403 # forbidden end -- libgit2 0.21.2