Download as
Browse Code »

Commit 498e40b7b47bcafc8988cc6943193c5a6e91528b

Authored by Joenio Costa
1 parent 5b9b6c8f
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

HTML forms with id #ajax-form will be submited by ajax automatically 

- fixing some bugfixes
 - all controllers under admin/ should require login
 - plugins admin interface should require at least one permission

(ActionItem2056)
Showing 8 changed files with 25 additions and 4 deletions   Show diff stats
app/controllers/admin/admin_panel_controller.rb
  Diff comments   View file @498e40b
1 class AdminPanelController < AdminController 1 class AdminPanelController < AdminController
2 2
3 - before_filter :login_required  
4 -  
5 protect 'view_environment_admin_panel', :environment 3 protect 'view_environment_admin_panel', :environment
6 4
7 def boxes_holder 5 def boxes_holder
app/controllers/admin/plugins_controller.rb
  Diff comments   View file @498e40b
1 class PluginsController < AdminController 1 class PluginsController < AdminController
  2 + protect 'edit_environment_features', :environment
2 3
3 def index 4 def index
4 @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact 5 @active_plugins = Noosfero::Plugin.all.map {|plugin_name| plugin_name.constantize }.compact
app/controllers/admin_controller.rb
  Diff comments   View file @498e40b
1 class AdminController < ApplicationController 1 class AdminController < ApplicationController
2 require_ssl 2 require_ssl
  3 + before_filter :login_required
3 end 4 end
features/send_email_to_environment_members.feature
  Diff comments   View file @498e40b
@@ -5,7 +5,7 @@ Feature: send emails to environment members users @@ -5,7 +5,7 @@ Feature: send emails to environment members users
5 Scenario: Cant access if not logged in 5 Scenario: Cant access if not logged in
6 Given I am not logged in 6 Given I am not logged in
7 When I go to /admin/users/send_mail 7 When I go to /admin/users/send_mail
8 - Then I should see "Access denied" 8 + Then I should be on login page
9 9
10 Scenario: Cant access as normal user 10 Scenario: Cant access as normal user
11 Given the following user 11 Given the following user
public/javascripts/application.js
  Diff comments   View file @498e40b
@@ -677,3 +677,18 @@ function original_image_dimensions(src) { @@ -677,3 +677,18 @@ function original_image_dimensions(src) {
677 img.src = src; 677 img.src = src;
678 return { 'width' : img.width, 'height' : img.height }; 678 return { 'width' : img.width, 'height' : img.height };
679 } 679 }
  680 +
  681 +jQuery(function() {
  682 + jQuery("#ajax-form").before("<div id='ajax-form-loading-area' style='display:block;width:16px;height:16px;'></div>");
  683 + jQuery("#ajax-form").before("<div id='ajax-form-message-area'></div>");
  684 + jQuery("#ajax-form").ajaxForm({
  685 + beforeSubmit: function(a,f,o) {
  686 + jQuery('#ajax-form-message-area').html('');
  687 + o.loading = small_loading('ajax-form-loading-area');
  688 + },
  689 + success: function() {
  690 + loading_done('ajax-form-loading-area');
  691 + },
  692 + target: "#ajax-form-message-area"
  693 + })
  694 +});
test/functional/admin_controller_test.rb
  Diff comments   View file @498e40b
@@ -25,6 +25,7 @@ class AdminControllerTest &lt; Test::Unit::TestCase @@ -25,6 +25,7 @@ class AdminControllerTest &lt; Test::Unit::TestCase
25 end 25 end
26 26
27 should 'detect ssl' do 27 should 'detect ssl' do
  28 + login_as 'ze'
28 @request.expects(:ssl?).returns(true).at_least_once 29 @request.expects(:ssl?).returns(true).at_least_once
29 get :index 30 get :index
30 assert_response :success 31 assert_response :success
test/functional/cms_controller_test.rb
  Diff comments   View file @498e40b
@@ -16,6 +16,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -16,6 +16,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
16 16
17 @profile = create_user_with_permission('testinguser', 'post_content') 17 @profile = create_user_with_permission('testinguser', 'post_content')
18 login_as :testinguser 18 login_as :testinguser
  19 + @controller.stubs(:user).returns(@profile)
19 end 20 end
20 21
21 attr_reader :profile 22 attr_reader :profile
@@ -614,7 +615,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -614,7 +615,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
614 end 615 end
615 616
616 should 'not make enterprise homepage available to person' do 617 should 'not make enterprise homepage available to person' do
617 - @controller.stubs(:profile).returns(create_user('test_user').person) 618 + @controller.stubs(:profile).returns(profile)
618 assert_not_includes @controller.available_article_types, EnterpriseHomepage 619 assert_not_includes @controller.available_article_types, EnterpriseHomepage
619 end 620 end
620 621
@@ -1278,6 +1279,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -1278,6 +1279,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
1278 c = Community.create!(:name => 'test_comm', :identifier => 'test_comm') 1279 c = Community.create!(:name => 'test_comm', :identifier => 'test_comm')
1279 u = create_user_with_permission('test_user', 'publish_content', c) 1280 u = create_user_with_permission('test_user', 'publish_content', c)
1280 login_as :test_user 1281 login_as :test_user
  1282 + @controller.stubs(:user).returns(u)
1281 1283
1282 get :new, :profile => c.identifier, :type => 'TinyMceArticle' 1284 get :new, :profile => c.identifier, :type => 'TinyMceArticle'
1283 assert_response :success 1285 assert_response :success
@@ -1311,6 +1313,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase @@ -1311,6 +1313,7 @@ class CmsControllerTest &lt; Test::Unit::TestCase
1311 u = create_user_with_permission('test_user', 'publish_content', c) 1313 u = create_user_with_permission('test_user', 'publish_content', c)
1312 a = c.articles.create!(:name => 'test_article', :last_changed_by => u) 1314 a = c.articles.create!(:name => 'test_article', :last_changed_by => u)
1313 login_as :test_user 1315 login_as :test_user
  1316 + @controller.stubs(:user).returns(u)
1314 1317
1315 get :edit, :profile => c.identifier, :id => a.id 1318 get :edit, :profile => c.identifier, :id => a.id
1316 1319
test/functional/users_controller_test.rb
  Diff comments   View file @498e40b
@@ -15,6 +15,8 @@ class UsersControllerTest &lt; Test::Unit::TestCase @@ -15,6 +15,8 @@ class UsersControllerTest &lt; Test::Unit::TestCase
15 end 15 end
16 16
17 should 'not access without right permission' do 17 should 'not access without right permission' do
  18 + create_user('guest')
  19 + login_as 'guest'
18 get :index 20 get :index
19 assert_response 403 # forbidden 21 assert_response 403 # forbidden
20 end 22 end