Download as
Browse Code »

Commit 9c082693f667b9ab3a056fbd40f5016d0ad354f6

Authored by Rodrigo Souto
2 parents 130acb98 4f861626
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Merge commit 'refs/merge-requests/425' of git://gitorious.org/noosfero/noosfero … 

…into merge-requests/425
Showing 2 changed files with 24 additions and 1 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @9c08269
... ... @@ -96,7 +96,7 @@ class ContentViewerController < ApplicationController
96 96 end
97 97  
98 98 if @page.folder? && @page.gallery?
99   - @images = @page.images
  99 + @images = @page.images.select{ |a| a.display_to? user }
100 100 @images = @images.paginate(:per_page => per_page, :page => params[:npage]) unless params[:slideshow]
101 101 end
102 102  
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @9c08269
... ... @@ -600,6 +600,29 @@ class ContentViewerControllerTest < ActionController::TestCase
600 600 assert_equal 2, assigns(:images).size
601 601 end
602 602  
  603 + should 'not display private images in the slideshow for unauthorized people' do
  604 + owner = create_user('owner').person
  605 + unauthorized = create_user('unauthorized').person
  606 + folder = Gallery.create!(:name => 'gallery', :profile => owner)
  607 + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false)
  608 + login_as('unauthorized')
  609 + get :view_page, :profile => owner.identifier, :page => folder.explode_path, :slideshow => true
  610 + assert_response :success
  611 + assert_equal 0, assigns(:images).length
  612 + end
  613 +
  614 + should 'not display private images thumbnails for unauthorized people' do
  615 + owner = create_user('owner').person
  616 + unauthorized = create_user('unauthorized').person
  617 + folder = Gallery.create!(:name => 'gallery', :profile => owner)
  618 + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false)
  619 + login_as('unauthorized')
  620 + get :view_page, :profile => owner.identifier, :page => folder.explode_path
  621 + assert_response :success
  622 + assert_select '.image-gallery-item', 0
  623 + end
  624 +
  625 +
603 626 should 'display default image in the slideshow if thumbnails were not processed' do
604 627 @controller.stubs(:per_page).returns(1)
605 628 folder = Gallery.create!(:name => 'gallery', :profile => profile)
... ...