Check user permission before listing.

(ActionItem1396) Signed-off-by: Antonio Terceiro <terceiro@colivre.coop.br>

Check user permission before listing.
(ActionItem1396) Signed-off-by: Antonio Terceiro <terceiro@colivre.coop.br>
Rodrigo Souto · Antonio Terceiro
1 parent d60bb7ec
Showing 5 changed files with 101 additions and 7 deletions Show diff stats
app/helpers/folder_helper.rb
app/models/folder.rb
app/views/content_viewer/folder.rhtml
app/views/profile/sitemap.rhtml
test/unit/folder_helper_test.rb
 module FolderHelper
   def list_articles(articles, recursive = false)
-    content_tag(
-      'table',
-      content_tag('tr', content_tag('th', _('Title')) + content_tag('th', _('Last update'))) +
-      articles.select { |item| item.public? }.map {|item| display_article_in_listing(item, recursive, 0)}.join('')
-    )
+    if !articles.blank?
+      content_tag(
+        'table',
+        content_tag('tr', content_tag('th', _('Title')) + content_tag('th', _('Last update'))) +
+        articles.map {|item| display_article_in_listing(item, recursive, 0)}.join('')
+      )
+    else
+      content_tag('em', _('(empty folder)'))
+    end
+  end
+
+  def available_articles(articles, user)
+    articles.select {|article| article.display_to?(user)}
   end
   def display_article_in_listing(article, recursive = false, level = 0)
@@ -41,7 +41,10 @@ class Folder &lt; Article
   end
   def folder
-    content_tag('div', body) + tag('hr') + (children.empty? ? content_tag('em', _('(empty folder)')) : list_articles(children))
+    folder = self
+    lambda do
+      render :file => 'content_viewer/folder', :locals => { :folder => folder }
+    end
   end
   def image_gallery
@@ -0,0 +1,10 @@
+<div>
+  <%= folder.body %>
+</div>
+<hr/>
+
+<% if folder.children.empty? %>
+  <em><%= _('(empty folder)') %></em>
+<% else %>
+  <%= list_articles(available_articles(folder.children, user)) %>
+<% end %>
 <h1><%= _("%s: site map") % profile.name %></h1>
-<%= list_articles(@articles, false) %>
+<%= list_articles(available_articles(@articles, user), false) %>
@@ -15,4 +15,77 @@ class FolderHelperTest &lt; Test::Unit::TestCase
     assert_equal 'icons-mime/unknown.png', icon_for_article(art2)
   end
+  should 'list all the folder\'s children to the owner' do
+    profile = create_user('Folder Owner').person
+    folder = fast_create(Folder, :profile_id => profile.id)
+    sub_folder = fast_create(Folder, {:parent_id => folder.id, :profile_id => profile.id})
+    sub_blog = fast_create(Blog, {:parent_id => folder.id, :profile_id => profile.id})
+    sub_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => false})
+
+    result = available_articles(folder.children, profile)
+
+    assert_includes result, sub_folder
+    assert_includes result, sub_article
+    assert_includes result, sub_blog
+  end
+
+  should 'list the folder\'s children that are public to the user' do
+    profile = create_user('Folder Owner').person
+    profile2 = create_user('Folder Viwer').person
+    folder = fast_create(Folder, :profile_id => profile.id)
+    public_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => true})
+    not_public_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => false})
+
+    result = available_articles(folder.children, profile2)
+
+    assert_includes result, public_article
+    assert_not_includes result, not_public_article
+  end
+
+  should ' not list the folder\'s children to the user because the owner\'s profile is not public' do
+    profile = create_user('folder-owner').person
+    profile.public_profile = false
+    profile.save!
+    profile2 = create_user('Folder Viwer').person
+    folder = fast_create(Folder, :profile_id => profile.id)
+    article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id})
+
+    result = available_articles(folder.children, profile2)
+
+    assert_not_includes result, article
+  end
+
+  should ' not list the folder\'s children to the user because the owner\'s profile is not visible' do
+    profile = create_user('folder-owner').person
+    profile.visible = false
+    profile.save!
+    profile2 = create_user('Folder Viwer').person
+    folder = fast_create(Folder, :profile_id => profile.id)
+    article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id})
+
+    result = available_articles(folder.children, profile2)
+
+    assert_not_includes result, article
+  end
+
+  should 'list subitems as HTML content' do
+    profile = create_user('folder-owner').person
+    folder = fast_create(Folder, {:name => 'Parent Folder', :profile_id => profile.id})
+    article = fast_create(Article, {:name => 'Article1', :parent_id => folder.id, :profile_id => profile.id})
+    article = fast_create(Article, {:name => 'Article2', :parent_id => folder.id, :profile_id => profile.id})
+
+    result = folder.list_articles(folder.children)
+
+    assert_tag_in_string result, :tag => 'td', :descendant => { :tag => 'a', :attributes => { :href => /.*\/folder-owner\/my-article-[0-9]*(\?|$)/ } }, :content => /Article1/
+    assert_tag_in_string result, :tag => 'td', :descendant => { :tag => 'a', :attributes => { :href => /.*\/folder-owner\/my-article-[0-9]*(\?|$)/ } }, :content => /Article2/
+  end
+
+  should 'explictly advise if empty' do
+    profile = create_user('folder-owner').person
+    folder = fast_create(Folder, {:name => 'Parent Folder', :profile_id => profile.id})
+    result = folder.list_articles(folder.children)
+
+    assert_match '(empty folder)', result
+  end
+
 end
1	module FolderHelper	1	module FolderHelper
2		2
3	def list_articles(articles, recursive = false)	3	def list_articles(articles, recursive = false)
4	- content_tag(
5	- 'table',
6	- content_tag('tr', content_tag('th', _('Title')) + content_tag('th', _('Last update'))) +
7	- articles.select { \|item\| item.public? }.map {\|item\| display_article_in_listing(item, recursive, 0)}.join('')
8	- )	4	+ if !articles.blank?
		5	+ content_tag(
		6	+ 'table',
		7	+ content_tag('tr', content_tag('th', _('Title')) + content_tag('th', _('Last update'))) +
		8	+ articles.map {\|item\| display_article_in_listing(item, recursive, 0)}.join('')
		9	+ )
		10	+ else
		11	+ content_tag('em', _('(empty folder)'))
		12	+ end
		13	+ end
		14	+
		15	+ def available_articles(articles, user)
		16	+ articles.select {\|article\| article.display_to?(user)}
9	end	17	end
10		18
11	def display_article_in_listing(article, recursive = false, level = 0)	19	def display_article_in_listing(article, recursive = false, level = 0)
@@ -0,0 +1,10 @@		@@ -0,0 +1,10 @@
	1	+<div>
	2	+ <%= folder.body %>
	3	+</div>
	4	+<hr/>
	5	+
	6	+<% if folder.children.empty? %>
	7	+ <em><%= _('(empty folder)') %></em>
	8	+<% else %>
	9	+ <%= list_articles(available_articles(folder.children, user)) %>
	10	+<% end %>
1	<h1><%= _("%s: site map") % profile.name %></h1>	1	<h1><%= _("%s: site map") % profile.name %></h1>
2		2
3	-<%= list_articles(@articles, false) %>	3	+<%= list_articles(available_articles(@articles, user), false) %>
	@@ -15,4 +15,77 @@ class FolderHelperTest < Test::Unit::TestCase		@@ -15,4 +15,77 @@ class FolderHelperTest < Test::Unit::TestCase
15	assert_equal 'icons-mime/unknown.png', icon_for_article(art2)	15	assert_equal 'icons-mime/unknown.png', icon_for_article(art2)
16	end	16	end
17		17
		18	+ should 'list all the folder\'s children to the owner' do
		19	+ profile = create_user('Folder Owner').person
		20	+ folder = fast_create(Folder, :profile_id => profile.id)
		21	+ sub_folder = fast_create(Folder, {:parent_id => folder.id, :profile_id => profile.id})
		22	+ sub_blog = fast_create(Blog, {:parent_id => folder.id, :profile_id => profile.id})
		23	+ sub_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => false})
		24	+
		25	+ result = available_articles(folder.children, profile)
		26	+
		27	+ assert_includes result, sub_folder
		28	+ assert_includes result, sub_article
		29	+ assert_includes result, sub_blog
		30	+ end
		31	+
		32	+ should 'list the folder\'s children that are public to the user' do
		33	+ profile = create_user('Folder Owner').person
		34	+ profile2 = create_user('Folder Viwer').person
		35	+ folder = fast_create(Folder, :profile_id => profile.id)
		36	+ public_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => true})
		37	+ not_public_article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id, :published => false})
		38	+
		39	+ result = available_articles(folder.children, profile2)
		40	+
		41	+ assert_includes result, public_article
		42	+ assert_not_includes result, not_public_article
		43	+ end
		44	+
		45	+ should ' not list the folder\'s children to the user because the owner\'s profile is not public' do
		46	+ profile = create_user('folder-owner').person
		47	+ profile.public_profile = false
		48	+ profile.save!
		49	+ profile2 = create_user('Folder Viwer').person
		50	+ folder = fast_create(Folder, :profile_id => profile.id)
		51	+ article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id})
		52	+
		53	+ result = available_articles(folder.children, profile2)
		54	+
		55	+ assert_not_includes result, article
		56	+ end
		57	+
		58	+ should ' not list the folder\'s children to the user because the owner\'s profile is not visible' do
		59	+ profile = create_user('folder-owner').person
		60	+ profile.visible = false
		61	+ profile.save!
		62	+ profile2 = create_user('Folder Viwer').person
		63	+ folder = fast_create(Folder, :profile_id => profile.id)
		64	+ article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id})
		65	+
		66	+ result = available_articles(folder.children, profile2)
		67	+
		68	+ assert_not_includes result, article
		69	+ end
		70	+
		71	+ should 'list subitems as HTML content' do
		72	+ profile = create_user('folder-owner').person
		73	+ folder = fast_create(Folder, {:name => 'Parent Folder', :profile_id => profile.id})
		74	+ article = fast_create(Article, {:name => 'Article1', :parent_id => folder.id, :profile_id => profile.id})
		75	+ article = fast_create(Article, {:name => 'Article2', :parent_id => folder.id, :profile_id => profile.id})
		76	+
		77	+ result = folder.list_articles(folder.children)
		78	+
		79	+ assert_tag_in_string result, :tag => 'td', :descendant => { :tag => 'a', :attributes => { :href => /.\/folder-owner\/my-article-[0-9](\?\|$)/ } }, :content => /Article1/
		80	+ assert_tag_in_string result, :tag => 'td', :descendant => { :tag => 'a', :attributes => { :href => /.\/folder-owner\/my-article-[0-9](\?\|$)/ } }, :content => /Article2/
		81	+ end
		82	+
		83	+ should 'explictly advise if empty' do
		84	+ profile = create_user('folder-owner').person
		85	+ folder = fast_create(Folder, {:name => 'Parent Folder', :profile_id => profile.id})
		86	+ result = folder.list_articles(folder.children)
		87	+
		88	+ assert_match '(empty folder)', result
		89	+ end
		90	+
18	end	91	end