diff --git a/app/models/block.rb b/app/models/block.rb index 7a5dcc8..8538743 100644 --- a/app/models/block.rb +++ b/app/models/block.rb @@ -76,6 +76,17 @@ class Block < ApplicationRecord true end + def visible_to_user?(user) + visible = self.display_to_user?(user) + if self.owner.kind_of?(Profile) + visible &= self.owner.display_info_to?(user) + visible &= (self.visible? || user && user.has_permission?(:edit_profile_design, self.owner)) + elsif self.owner.kind_of?(Environment) + visible &= (self.visible? || user && user.has_permission?(:edit_environment_design, self.owner)) + end + visible + end + def display_to_user?(user) display_user == 'all' || (user.nil? && display_user == 'not_logged') || (user && display_user == 'logged') || (user && display_user == 'followers' && user.follows?(owner)) end diff --git a/lib/noosfero/api/v1/blocks.rb b/lib/noosfero/api/v1/blocks.rb index a32ed9e..42b7bb0 100644 --- a/lib/noosfero/api/v1/blocks.rb +++ b/lib/noosfero/api/v1/blocks.rb @@ -6,9 +6,7 @@ module Noosfero resource :blocks do get ':id' do block = Block.find(params["id"]) - if block.owner.kind_of?(Profile) - return forbidden! unless block.owner.display_info_to?(current_person) - end + return forbidden! unless block.visible_to_user?(current_person) present block, :with => Entities::Block, display_api_content: true end end diff --git a/test/unit/block_test.rb b/test/unit/block_test.rb index e3b9f10..8fc5b8d 100644 --- a/test/unit/block_test.rb +++ b/test/unit/block_test.rb @@ -365,4 +365,64 @@ class BlockTest < ActiveSupport::TestCase assert block.get_limit.is_a?(Fixnum) end + should 'return true at visible_to_user? when block is visible' do + block = Block.new + person = create_user('person_one').person + assert block.visible_to_user?(person) + end + + should 'return false at visible_to_user? when block is not visible and user is nil' do + block = Block.new + person = create_user('person_one').person + block.stubs(:owner).returns(person) + block.expects(:visible?).returns(false) + assert !block.visible_to_user?(nil) + end + + should 'return false at visible_to_user? when block is not visible and user does not has permission' do + block = Block.new + person = create_user('person_one').person + community = fast_create(Community) + block.stubs(:owner).returns(community) + block.expects(:visible?).returns(false) + assert !block.visible_to_user?(person) + end + + should 'return true at visible_to_user? when block is not visible and user has permission' do + block = Block.new + person = create_user('person_one').person + community = fast_create(Community) + give_permission(person, 'edit_profile_design', community) + block.stubs(:owner).returns(community) + block.expects(:visible?).returns(false) + assert block.visible_to_user?(person) + end + + should 'return false at visible_to_user? when block is not visible and user does not has permission in environment' do + block = Block.new + environment = Environment.default + person = create_user('person_one').person + block.stubs(:owner).returns(environment) + block.expects(:visible?).returns(false) + assert !block.visible_to_user?(person) + end + + should 'return true at visible_to_user? when block is not visible and user has permission in environment' do + block = Block.new + environment = Environment.default + person = create_user('person_one').person + give_permission(person, 'edit_environment_design', environment) + block.stubs(:owner).returns(environment) + block.expects(:visible?).returns(false) + assert block.visible_to_user?(person) + end + + should 'return false at visible_to_user? when block is not visible to user' do + block = Block.new + person = create_user('person_one').person + block.stubs(:owner).returns(person) + block.expects(:visible?).returns(true) + block.expects(:display_to_user?).returns(false) + assert !block.visible_to_user?(nil) + end end -- libgit2 0.21.2