From 8791558a0575b50946a09ab197a157b91f701443 Mon Sep 17 00:00:00 2001 From: Joenio Costa Date: Thu, 16 Jul 2009 19:05:18 -0300 Subject: [PATCH] ActionItem1034: access denied page should not use blocks of the current profile --- app/controllers/application.rb | 6 ------ app/controllers/box_organizer_controller.rb | 2 ++ app/helpers/boxes_helper.rb | 2 +- test/functional/profile_design_controller_test.rb | 16 +++++++++++++++- vendor/plugins/access_control/lib/permission_check.rb | 11 +++++++++-- vendor/plugins/access_control/test/schema.rb | 9 +++++---- vendor/plugins/access_control/test/test_helper.rb | 6 ++++++ 7 files changed, 38 insertions(+), 14 deletions(-) diff --git a/app/controllers/application.rb b/app/controllers/application.rb index a2c63ea..45105e5 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -37,12 +37,6 @@ class ApplicationController < ActionController::Base def uses_design_blocks? !@no_design_blocks && self.class.uses_design_blocks? end - module UsesDesignBlocksHelper - def uses_design_blocks? - @controller.uses_design_blocks? - end - end - helper UsesDesignBlocksHelper # Be sure to include AuthenticationSystem in Application Controller instead include AuthenticatedSystem diff --git a/app/controllers/box_organizer_controller.rb b/app/controllers/box_organizer_controller.rb index 70ae138..d57e429 100644 --- a/app/controllers/box_organizer_controller.rb +++ b/app/controllers/box_organizer_controller.rb @@ -1,5 +1,7 @@ class BoxOrganizerController < ApplicationController + before_filter :login_required + def index end diff --git a/app/helpers/boxes_helper.rb b/app/helpers/boxes_helper.rb index 3f1fbbd..58cdf5f 100644 --- a/app/helpers/boxes_helper.rb +++ b/app/helpers/boxes_helper.rb @@ -1,7 +1,7 @@ module BoxesHelper def insert_boxes(content) - if @controller.send(:boxes_editor?) + if @controller.send(:boxes_editor?) && @controller.send(:uses_design_blocks?) content + display_boxes_editor(@controller.boxes_holder) else if @controller.send(:uses_design_blocks?) diff --git a/test/functional/profile_design_controller_test.rb b/test/functional/profile_design_controller_test.rb index eaa854d..16c9f9e 100644 --- a/test/functional/profile_design_controller_test.rb +++ b/test/functional/profile_design_controller_test.rb @@ -12,7 +12,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase @request.stubs(:ssl?).returns(true) @response = ActionController::TestResponse.new - @holder = create_user('designtestuser').person + @profile = @holder = create_user('designtestuser').person holder.save! @box1 = Box.new @@ -65,6 +65,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase @controller.stubs(:boxes_holder).returns(holder) login_as 'designtestuser' end + attr_reader :profile def test_local_files_reference assert_local_files_reference :get, :index, :profile => 'designtestuser' @@ -319,4 +320,17 @@ class ProfileDesignControllerTest < Test::Unit::TestCase assert_equal 20, @box1.blocks[-1].limit end + should 'require login' do + logout + get :index, :profile => profile.identifier + assert_redirected_to :controller => 'account', :action => 'login' + end + + should 'not show sideboxes when render access denied' do + another_profile = create_user('bobmarley').person + get :index, :profile => another_profile.identifier + assert_tag :tag => 'div', :attributes => {:class => 'no-boxes'} + assert_tag :tag => 'div', :attributes => {:id => 'access-denied'} + end + end diff --git a/vendor/plugins/access_control/lib/permission_check.rb b/vendor/plugins/access_control/lib/permission_check.rb index 945ac72..f191c2e 100644 --- a/vendor/plugins/access_control/lib/permission_check.rb +++ b/vendor/plugins/access_control/lib/permission_check.rb @@ -20,12 +20,19 @@ module PermissionCheck target = target_method.kind_of?(Symbol) ? c.send(target_method) : target_method accessor = accessor_method.kind_of?(Symbol) ? c.send(accessor_method) : accessor_method unless accessor && accessor.has_permission?(permission.to_s, target) -# c.instance_variable_set('@b', [accessor, permission, target]) - c.send(:render, :template => access_denied_template_path, :status => 403) && false + render_access_denied(c) && false end end end + def render_access_denied(c) + if c.respond_to?(:render_access_denied) + c.send(:render_access_denied) + else + c.send(:render, :template => access_denied_template_path, :status => 403) + end + end + def access_denied_template_path if File.exists?(File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml')) File.join(RAILS_ROOT, 'app', 'views', 'access_control', 'access_denied.rhtml') diff --git a/vendor/plugins/access_control/test/schema.rb b/vendor/plugins/access_control/test/schema.rb index ab9f715..786ccbe 100644 --- a/vendor/plugins/access_control/test/schema.rb +++ b/vendor/plugins/access_control/test/schema.rb @@ -3,10 +3,11 @@ ActiveRecord::Migration.verbose = false ActiveRecord::Schema.define(:version => 0) do create_table :access_control_test_roles, :force => true do |t| - t.column :name, :string - t.column :permissions, :string - t.column :key, :string - t.column :system, :boolean, :default => false + t.column :name, :string + t.column :permissions, :string + t.column :key, :string + t.column :system, :boolean, :default => false + t.column :environment_id, :integer end create_table :access_control_test_role_assignments, :force => true do |t| diff --git a/vendor/plugins/access_control/test/test_helper.rb b/vendor/plugins/access_control/test/test_helper.rb index dccb906..7a110ea 100644 --- a/vendor/plugins/access_control/test/test_helper.rb +++ b/vendor/plugins/access_control/test/test_helper.rb @@ -18,6 +18,12 @@ RoleAssignment.set_table_name 'access_control_test_role_assignments' class AccessControlTestAccessor < ActiveRecord::Base set_table_name 'access_control_test_accessors' acts_as_accessor + def cache_keys + [] + end + def blocks_to_expire_cache + [] + end end # resource example class to be accessed by some accessor -- libgit2 0.21.2