diff --git a/app/models/person.rb b/app/models/person.rb index 4cf14a5..b40ff98 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -28,6 +28,12 @@ class Person < Profile { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "role_assignments" ON "role_assignments"."accessor_id" = "profiles"."id" AND "role_assignments"."accessor_type" = (\'Profile\') WHERE "profiles"."type" IN (\'Person\') AND (%s))' % conditions] } } + def has_permission_with_admin?(permission, profile) + return true if profile.admins.include?(self) || profile.environment.admins.include?(self) + has_permission_without_admin?(permission, profile) + end + alias_method_chain :has_permission?, :admin + def has_permission_with_plugins?(permission, profile) permissions = [has_permission_without_plugins?(permission, profile)] permissions += plugins.map do |plugin| diff --git a/test/unit/person_test.rb b/test/unit/person_test.rb index 57f01c9..67aa450 100644 --- a/test/unit/person_test.rb +++ b/test/unit/person_test.rb @@ -1263,6 +1263,23 @@ class PersonTest < ActiveSupport::TestCase assert_equivalent [person_scrap,person_activity], person.activities.map { |a| a.klass.constantize.find(a.id) } end + should 'grant every permission over profile for its admin' do + admin = create_user('some-user').person + profile = fast_create(Profile) + profile.add_admin(admin) + + assert admin.has_permission?('anything', profile), 'Admin does not have every permission!' + end + + should 'grant every permission over profile for environment admin' do + admin = create_user('some-user').person + profile = fast_create(Profile) + environment = profile.environment + environment.add_admin(admin) + + assert admin.has_permission?('anything', profile), 'Environment admin does not have every permission!' + end + should 'allow plugins to extend person\'s permission access' do person = create_user('some-user').person class Plugin1 < Noosfero::Plugin -- libgit2 0.21.2