Commit 498e40b7b47bcafc8988cc6943193c5a6e91528b
1 parent
5b9b6c8f
Exists in
master
and in
29 other branches
HTML forms with id #ajax-form will be submited by ajax automatically
- fixing some bugfixes - all controllers under admin/ should require login - plugins admin interface should require at least one permission (ActionItem2056)
Showing
8 changed files
with
25 additions
and
4 deletions
Show diff stats
app/controllers/admin/admin_panel_controller.rb
app/controllers/admin/plugins_controller.rb
1 | class PluginsController < AdminController | 1 | class PluginsController < AdminController |
2 | + protect 'edit_environment_features', :environment | ||
2 | 3 | ||
3 | def index | 4 | def index |
4 | @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact | 5 | @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact |
app/controllers/admin_controller.rb
features/send_email_to_environment_members.feature
@@ -5,7 +5,7 @@ Feature: send emails to environment members users | @@ -5,7 +5,7 @@ Feature: send emails to environment members users | ||
5 | Scenario: Cant access if not logged in | 5 | Scenario: Cant access if not logged in |
6 | Given I am not logged in | 6 | Given I am not logged in |
7 | When I go to /admin/users/send_mail | 7 | When I go to /admin/users/send_mail |
8 | - Then I should see "Access denied" | 8 | + Then I should be on login page |
9 | 9 | ||
10 | Scenario: Cant access as normal user | 10 | Scenario: Cant access as normal user |
11 | Given the following user | 11 | Given the following user |
public/javascripts/application.js
@@ -677,3 +677,18 @@ function original_image_dimensions(src) { | @@ -677,3 +677,18 @@ function original_image_dimensions(src) { | ||
677 | img.src = src; | 677 | img.src = src; |
678 | return { 'width' : img.width, 'height' : img.height }; | 678 | return { 'width' : img.width, 'height' : img.height }; |
679 | } | 679 | } |
680 | + | ||
681 | +jQuery(function() { | ||
682 | + jQuery("#ajax-form").before("<div id='ajax-form-loading-area' style='display:block;width:16px;height:16px;'></div>"); | ||
683 | + jQuery("#ajax-form").before("<div id='ajax-form-message-area'></div>"); | ||
684 | + jQuery("#ajax-form").ajaxForm({ | ||
685 | + beforeSubmit: function(a,f,o) { | ||
686 | + jQuery('#ajax-form-message-area').html(''); | ||
687 | + o.loading = small_loading('ajax-form-loading-area'); | ||
688 | + }, | ||
689 | + success: function() { | ||
690 | + loading_done('ajax-form-loading-area'); | ||
691 | + }, | ||
692 | + target: "#ajax-form-message-area" | ||
693 | + }) | ||
694 | +}); |
test/functional/admin_controller_test.rb
@@ -25,6 +25,7 @@ class AdminControllerTest < Test::Unit::TestCase | @@ -25,6 +25,7 @@ class AdminControllerTest < Test::Unit::TestCase | ||
25 | end | 25 | end |
26 | 26 | ||
27 | should 'detect ssl' do | 27 | should 'detect ssl' do |
28 | + login_as 'ze' | ||
28 | @request.expects(:ssl?).returns(true).at_least_once | 29 | @request.expects(:ssl?).returns(true).at_least_once |
29 | get :index | 30 | get :index |
30 | assert_response :success | 31 | assert_response :success |
test/functional/cms_controller_test.rb
@@ -16,6 +16,7 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -16,6 +16,7 @@ class CmsControllerTest < Test::Unit::TestCase | ||
16 | 16 | ||
17 | @profile = create_user_with_permission('testinguser', 'post_content') | 17 | @profile = create_user_with_permission('testinguser', 'post_content') |
18 | login_as :testinguser | 18 | login_as :testinguser |
19 | + @controller.stubs(:user).returns(@profile) | ||
19 | end | 20 | end |
20 | 21 | ||
21 | attr_reader :profile | 22 | attr_reader :profile |
@@ -614,7 +615,7 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -614,7 +615,7 @@ class CmsControllerTest < Test::Unit::TestCase | ||
614 | end | 615 | end |
615 | 616 | ||
616 | should 'not make enterprise homepage available to person' do | 617 | should 'not make enterprise homepage available to person' do |
617 | - @controller.stubs(:profile).returns(create_user('test_user').person) | 618 | + @controller.stubs(:profile).returns(profile) |
618 | assert_not_includes @controller.available_article_types, EnterpriseHomepage | 619 | assert_not_includes @controller.available_article_types, EnterpriseHomepage |
619 | end | 620 | end |
620 | 621 | ||
@@ -1278,6 +1279,7 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -1278,6 +1279,7 @@ class CmsControllerTest < Test::Unit::TestCase | ||
1278 | c = Community.create!(:name => 'test_comm', :identifier => 'test_comm') | 1279 | c = Community.create!(:name => 'test_comm', :identifier => 'test_comm') |
1279 | u = create_user_with_permission('test_user', 'publish_content', c) | 1280 | u = create_user_with_permission('test_user', 'publish_content', c) |
1280 | login_as :test_user | 1281 | login_as :test_user |
1282 | + @controller.stubs(:user).returns(u) | ||
1281 | 1283 | ||
1282 | get :new, :profile => c.identifier, :type => 'TinyMceArticle' | 1284 | get :new, :profile => c.identifier, :type => 'TinyMceArticle' |
1283 | assert_response :success | 1285 | assert_response :success |
@@ -1311,6 +1313,7 @@ class CmsControllerTest < Test::Unit::TestCase | @@ -1311,6 +1313,7 @@ class CmsControllerTest < Test::Unit::TestCase | ||
1311 | u = create_user_with_permission('test_user', 'publish_content', c) | 1313 | u = create_user_with_permission('test_user', 'publish_content', c) |
1312 | a = c.articles.create!(:name => 'test_article', :last_changed_by => u) | 1314 | a = c.articles.create!(:name => 'test_article', :last_changed_by => u) |
1313 | login_as :test_user | 1315 | login_as :test_user |
1316 | + @controller.stubs(:user).returns(u) | ||
1314 | 1317 | ||
1315 | get :edit, :profile => c.identifier, :id => a.id | 1318 | get :edit, :profile => c.identifier, :id => a.id |
1316 | 1319 |
test/functional/users_controller_test.rb
@@ -15,6 +15,8 @@ class UsersControllerTest < Test::Unit::TestCase | @@ -15,6 +15,8 @@ class UsersControllerTest < Test::Unit::TestCase | ||
15 | end | 15 | end |
16 | 16 | ||
17 | should 'not access without right permission' do | 17 | should 'not access without right permission' do |
18 | + create_user('guest') | ||
19 | + login_as 'guest' | ||
18 | get :index | 20 | get :index |
19 | assert_response 403 # forbidden | 21 | assert_response 403 # forbidden |
20 | end | 22 | end |