Download as
Browse Code »

Commit 4f861626f78b359d564dc74da9091d992eed6e52

Authored by Junior Silva
1 parent ce0d03ab
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

uploaded-file: don't display private images thumbnails and private images on slideshow 

AI2824
Showing 2 changed files with 24 additions and 1 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @4f86162
... ... @@ -93,7 +93,7 @@ class ContentViewerController < ApplicationController
93 93 end
94 94  
95 95 if @page.folder? && @page.gallery?
96   - @images = @page.images
  96 + @images = @page.images.select{ |a| a.display_to? user }
97 97 @images = @images.paginate(:per_page => per_page, :page => params[:npage]) unless params[:slideshow]
98 98 end
99 99  
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @4f86162
... ... @@ -587,6 +587,29 @@ class ContentViewerControllerTest < ActionController::TestCase
587 587 assert_equal 2, assigns(:images).size
588 588 end
589 589  
  590 + should 'not display private images in the slideshow for unauthorized people' do
  591 + owner = create_user('owner').person
  592 + unauthorized = create_user('unauthorized').person
  593 + folder = Gallery.create!(:name => 'gallery', :profile => owner)
  594 + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false)
  595 + login_as('unauthorized')
  596 + get :view_page, :profile => owner.identifier, :page => folder.explode_path, :slideshow => true
  597 + assert_response :success
  598 + assert_equal 0, assigns(:images).length
  599 + end
  600 +
  601 + should 'not display private images thumbnails for unauthorized people' do
  602 + owner = create_user('owner').person
  603 + unauthorized = create_user('unauthorized').person
  604 + folder = Gallery.create!(:name => 'gallery', :profile => owner)
  605 + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false)
  606 + login_as('unauthorized')
  607 + get :view_page, :profile => owner.identifier, :page => folder.explode_path
  608 + assert_response :success
  609 + assert_select '.image-gallery-item', 0
  610 + end
  611 +
  612 +
590 613 should 'display default image in the slideshow if thumbnails were not processed' do
591 614 @controller.stubs(:per_page).returns(1)
592 615 folder = Gallery.create!(:name => 'gallery', :profile => profile)
... ...