Download as
Browse Code »

Commit 79df3e282deb595c919afbc7d0115fe8b30df8fc

Authored by Rodrigo Souto
Committed by Antonio Terceiro
1 parent d60bb7ec
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Check user permission before listing. 

(ActionItem1396)

Signed-off-by: Antonio Terceiro <terceiro@colivre.coop.br>
Showing 5 changed files with 101 additions and 7 deletions   Show diff stats
app/helpers/folder_helper.rb
  Diff comments   View file @79df3e2
1 1 module FolderHelper
2 2  
3 3 def list_articles(articles, recursive = false)
4   - content_tag(
5   - 'table',
6   - content_tag('tr', content_tag('th', _('Title')) + content_tag('th', _('Last update'))) +
7   - articles.select { |item| item.public? }.map {|item| display_article_in_listing(item, recursive, 0)}.join('')
8   - )
  4 + if !articles.blank?
  5 + content_tag(
  6 + 'table',
  7 + content_tag('tr', content_tag('th', _('Title')) + content_tag('th', _('Last update'))) +
  8 + articles.map {|item| display_article_in_listing(item, recursive, 0)}.join('')
  9 + )
  10 + else
  11 + content_tag('em', _('(empty folder)'))
  12 + end
  13 + end
  14 +
  15 + def available_articles(articles, user)
  16 + articles.select {|article| article.display_to?(user)}
9 17 end
10 18  
11 19 def display_article_in_listing(article, recursive = false, level = 0)
... ...
app/models/folder.rb
  Diff comments   View file @79df3e2
... ... @@ -41,7 +41,10 @@ class Folder &lt; Article
41 41 end
42 42  
43 43 def folder
44   - content_tag('div', body) + tag('hr') + (children.empty? ? content_tag('em', _('(empty folder)')) : list_articles(children))
  44 + folder = self
  45 + lambda do
  46 + render :file => 'content_viewer/folder', :locals => { :folder => folder }
  47 + end
45 48 end
46 49  
47 50 def image_gallery
... ...
app/views/content_viewer/folder.rhtml 0 → 100644
  Diff comments   View file @79df3e2
... ... @@ -0,0 +1,10 @@
  1 +<div>
  2 + <%= folder.body %>
  3 +</div>
  4 +<hr/>
  5 +
  6 +<% if folder.children.empty? %>
  7 + <em><%= _('(empty folder)') %></em>
  8 +<% else %>
  9 + <%= list_articles(available_articles(folder.children, user)) %>
  10 +<% end %>
... ...
app/views/profile/sitemap.rhtml
  Diff comments   View file @79df3e2
1 1 <h1><%= _("%s: site map") % profile.name %></h1>
2 2  
3   -<%= list_articles(@articles, false) %>
  3 +<%= list_articles(available_articles(@articles, user), false) %>
... ...
test/unit/folder_helper_test.rb
  Diff comments   View file @79df3e2
... ... @@ -15,4 +15,77 @@ class FolderHelperTest &lt; Test::Unit::TestCase
15 15 assert_equal 'icons-mime/unknown.png', icon_for_article(art2)
16 16 end
17 17  
  18 + should 'list all the folder\'s children to the owner' do
  19 + profile = create_user('Folder Owner').person
  20 + folder = fast_create(Folder, :profile_id => profile.id)
  21 + sub_folder = fast_create(Folder, {:parent_id => folder.id, :profile_id => profile.id})
  22 + sub_blog = fast_create(Blog, {:parent_id => folder.id, :profile_id => profile.id})
  23 + sub_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => false})
  24 +
  25 + result = available_articles(folder.children, profile)
  26 +
  27 + assert_includes result, sub_folder
  28 + assert_includes result, sub_article
  29 + assert_includes result, sub_blog
  30 + end
  31 +
  32 + should 'list the folder\'s children that are public to the user' do
  33 + profile = create_user('Folder Owner').person
  34 + profile2 = create_user('Folder Viwer').person
  35 + folder = fast_create(Folder, :profile_id => profile.id)
  36 + public_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => true})
  37 + not_public_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => false})
  38 +
  39 + result = available_articles(folder.children, profile2)
  40 +
  41 + assert_includes result, public_article
  42 + assert_not_includes result, not_public_article
  43 + end
  44 +
  45 + should ' not list the folder\'s children to the user because the owner\'s profile is not public' do
  46 + profile = create_user('folder-owner').person
  47 + profile.public_profile = false
  48 + profile.save!
  49 + profile2 = create_user('Folder Viwer').person
  50 + folder = fast_create(Folder, :profile_id => profile.id)
  51 + article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id})
  52 +
  53 + result = available_articles(folder.children, profile2)
  54 +
  55 + assert_not_includes result, article
  56 + end
  57 +
  58 + should ' not list the folder\'s children to the user because the owner\'s profile is not visible' do
  59 + profile = create_user('folder-owner').person
  60 + profile.visible = false
  61 + profile.save!
  62 + profile2 = create_user('Folder Viwer').person
  63 + folder = fast_create(Folder, :profile_id => profile.id)
  64 + article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id})
  65 +
  66 + result = available_articles(folder.children, profile2)
  67 +
  68 + assert_not_includes result, article
  69 + end
  70 +
  71 + should 'list subitems as HTML content' do
  72 + profile = create_user('folder-owner').person
  73 + folder = fast_create(Folder, {:name => 'Parent Folder', :profile_id => profile.id})
  74 + article = fast_create(Article, {:name => 'Article1', :parent_id => folder.id, :profile_id => profile.id})
  75 + article = fast_create(Article, {:name => 'Article2', :parent_id => folder.id, :profile_id => profile.id})
  76 +
  77 + result = folder.list_articles(folder.children)
  78 +
  79 + assert_tag_in_string result, :tag => 'td', :descendant => { :tag => 'a', :attributes => { :href => /.*\/folder-owner\/my-article-[0-9]*(\?|$)/ } }, :content => /Article1/
  80 + assert_tag_in_string result, :tag => 'td', :descendant => { :tag => 'a', :attributes => { :href => /.*\/folder-owner\/my-article-[0-9]*(\?|$)/ } }, :content => /Article2/
  81 + end
  82 +
  83 + should 'explictly advise if empty' do
  84 + profile = create_user('folder-owner').person
  85 + folder = fast_create(Folder, {:name => 'Parent Folder', :profile_id => profile.id})
  86 + result = folder.list_articles(folder.children)
  87 +
  88 + assert_match '(empty folder)', result
  89 + end
  90 +
18 91 end
... ...