Download as
Browse Code »

Commit 5ae2a0b6f4891187024c5fdd7688033ead0ba54f

Authored by Rodrigo Souto
1 parent aa6be22b
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

[comments-refactor-review] Encapsulating comment destroy check

Showing 3 changed files with 48 additions and 2 deletions   Show diff stats
app/controllers/public/comment_controller.rb
  Diff comments   View file @5ae2a0b
... ... @@ -86,8 +86,7 @@ class CommentController < ApplicationController
86 86 def destroy
87 87 comment = profile.comments_received.find(params[:id])
88 88  
89   - could_remove = (user == comment.author || user == comment.profile || user.has_permission?(:moderate_comments, comment.profile))
90   - if comment && could_remove && comment.destroy
  89 + if comment && comment.can_be_destroyed_by?(user) && comment.destroy
91 90 render :text => {'ok' => true}.to_json, :content_type => 'application/json'
92 91 else
93 92 session[:notice] = _("The comment was not removed.")
... ...
app/models/comment.rb
  Diff comments   View file @5ae2a0b
... ... @@ -259,4 +259,9 @@ class Comment < ActiveRecord::Base
259 259 article.moderate_comments? && (author.nil? || article.author != author)
260 260 end
261 261  
  262 + def can_be_destroyed_by?(user)
  263 + return if user.nil?
  264 + user == author || user == profile || user.has_permission?(:moderate_comments, profile)
  265 + end
  266 +
262 267 end
... ...
test/unit/comment_test.rb
  Diff comments   View file @5ae2a0b
... ... @@ -593,6 +593,48 @@ class CommentTest < ActiveSupport::TestCase
593 593 assert comment.need_moderation?
594 594 end
595 595  
  596 + should 'not be able to destroy comment without user' do
  597 + comment = Comment.new
  598 +
  599 + assert !comment.can_be_destroyed_by?(nil)
  600 + end
  601 +
  602 + should 'not be able to destroy comment' do
  603 + user = Person.new
  604 + profile = Profile.new
  605 + article = Article.new(:profile => profile)
  606 + comment = Comment.new(:article => article)
  607 + user.expects(:has_permission?).with(:moderate_comments, profile).returns(false)
  608 +
  609 + assert !comment.can_be_destroyed_by?(user)
  610 + end
  611 +
  612 + should 'be able to destroy comment if is the author' do
  613 + user = Person.new
  614 + comment = Comment.new(:author => user)
  615 +
  616 + assert comment.can_be_destroyed_by?(user)
  617 + end
  618 +
  619 + should 'be able to destroy comment if is the profile' do
  620 + user = Person.new
  621 + article = Article.new(:profile => user)
  622 + comment = Comment.new(:article => article)
  623 +
  624 + assert comment.can_be_destroyed_by?(user)
  625 + end
  626 +
  627 + should 'be able to destroy comment if can moderate_comments on the profile' do
  628 + user = Person.new
  629 + profile = Profile.new
  630 + article = Article.new(:profile => profile)
  631 + comment = Comment.new(:article => article)
  632 +
  633 + user.expects(:has_permission?).with(:moderate_comments, profile).returns(true)
  634 +
  635 + assert comment.can_be_destroyed_by?(user)
  636 + end
  637 +
596 638 private
597 639  
598 640 def create_comment(args = {})
... ...