diff --git a/app/controllers/my_profile/cms_controller.rb b/app/controllers/my_profile/cms_controller.rb index 53ddfd5..655e3c4 100644 --- a/app/controllers/my_profile/cms_controller.rb +++ b/app/controllers/my_profile/cms_controller.rb @@ -143,6 +143,7 @@ class CmsController < MyProfileController klass = @type.constantize article_data = environment.enabled?('articles_dont_accept_comments_by_default') ? { :accept_comments => false } : {} article_data.merge!(params[:article]) if params[:article] + article_data.merge!(:profile => profile) if profile @article = klass.new(article_data) parent = check_parent(params[:parent_id]) @@ -220,7 +221,7 @@ class CmsController < MyProfileController if @errors.any? render :action => 'upload_files', :parent_id => @parent_id else - session[:notice] = _('File(s) successfully uploaded') + session[:notice] = _('File(s) successfully uploaded') if @back_to redirect_to @back_to elsif @parent diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb index 5d9cac5..a1463b0 100644 --- a/app/controllers/public/content_viewer_controller.rb +++ b/app/controllers/public/content_viewer_controller.rb @@ -13,7 +13,7 @@ class ContentViewerController < ApplicationController @version = params[:version].to_i if path.blank? - @page = profile.home_page + @page = profile.home_page return if redirected_to_profile_index else @page = profile.articles.find_by_path(path) @@ -121,21 +121,23 @@ class ContentViewerController < ApplicationController helper_method :pass_without_comment_captcha? def allow_access_to_page(path) - allowed = true if @page.nil? # page not found, give error render_not_found(path) - allowed = false - elsif !@page.display_to?(user) - if !profile.public? + return false + end + + unless @page.display_to?(user) + if !profile.visible? || profile.secret? || (user && user.follows?(profile)) + render_access_denied + else #!profile.public? private_profile_partial_parameters render :template => 'profile/_private_profile', :status => 403, :formats => [:html] - allowed = false - else #if !profile.visible? - render_access_denied - allowed = false end + + return false end - allowed + + return true end def user_is_a_bot? @@ -180,7 +182,7 @@ class ContentViewerController < ApplicationController if @page.forum? && @page.has_terms_of_use && terms_accepted == "true" @page.add_agreed_user(user) end - end + end def is_a_forum_topic? (page) return (!@page.parent.nil? && @page.parent.forum?) diff --git a/app/controllers/public_controller.rb b/app/controllers/public_controller.rb index a9bb763..c8e75ba 100644 --- a/app/controllers/public_controller.rb +++ b/app/controllers/public_controller.rb @@ -3,7 +3,7 @@ class PublicController < ApplicationController def allow_access_to_page unless profile.display_info_to?(user) - if profile.visible? + if profile.visible? && !profile.secret private_profile else invisible_profile diff --git a/app/models/article.rb b/app/models/article.rb index 56fd15a..764ae4e 100644 --- a/app/models/article.rb +++ b/app/models/article.rb @@ -25,6 +25,16 @@ class Article < ActiveRecord::Base :display => %w[full] } + def initialize(*params) + super + + if !params.blank? && params.first.has_key?(:profile) + profile = params.first[:profile] + self.published = false unless profile.public? + end + + end + def self.default_search_display 'full' end @@ -488,14 +498,14 @@ class Article < ActiveRecord::Base scope :display_filter, lambda {|user, profile| return published if (user.nil? && profile && profile.public?) - return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile)) + return [] if user.nil? || profile.nil? || (profile && !profile.public? && !user.follows?(profile)) where( [ - "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ? - OR (show_to_followers = ? AND ?)", true, user.id, user.id, + "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ? + OR (show_to_followers = ? AND ? AND profile_id = ?)", true, user.id, user.id, profile.nil? ? false : user.has_permission?(:view_private_content, profile), - true, user.follows?(profile) - ] + true, user.follows?(profile), profile.id + ] ) } @@ -509,7 +519,7 @@ class Article < ActiveRecord::Base def display_to?(user = nil) if published? - profile.display_info_to?(user) + (profile.secret? || !profile.visible?) ? profile.display_info_to?(user) : true else if !user false diff --git a/features/article_versioning.feature b/features/article_versioning.feature index e2f5a09..43ffbf8 100644 --- a/features/article_versioning.feature +++ b/features/article_versioning.feature @@ -80,8 +80,8 @@ Feature: article versioning Scenario: deny access to specific version when disabled, private and not logged Given the article "Edited Article" is updated with - | display_versions | published | - | false | false | + | display_versions | published | show_to_followers | + | false | false | false | And I am not logged in And I go to /joaosilva/edited-article?version=1 Then I should see "Access denied" diff --git a/features/edit_article.feature b/features/edit_article.feature index 07fe9aa..4da2e8b 100644 --- a/features/edit_article.feature +++ b/features/edit_article.feature @@ -41,6 +41,7 @@ Feature: edit article When I follow "Folder" And I fill in "Title" with "My Folder" And I choose "article_published_false" + And I uncheck "article_show_to_followers" And I press "Save" And I log off And I go to /freesoftware/my-folder @@ -87,6 +88,7 @@ Feature: edit article When I follow "Folder" And I fill in "Title" with "My Folder" And I choose "article_published_false" + And I uncheck "article_show_to_followers" Then I should see "Fill in the search field to add the exception users to see this content" @selenium diff --git a/features/secret_community.feature b/features/secret_community.feature index 24d887c..39801d3 100644 --- a/features/secret_community.feature +++ b/features/secret_community.feature @@ -33,7 +33,7 @@ Feature: Use a secret community Scenario: Non members shouldn't see secret communit's content Given I am logged in as "maria" And I go to mycommunity's homepage - And I should see "Access denied" + And I should see "Oops ... you cannot go ahead here" And I follow "Communities" Then I should not see "My Community" diff --git a/test/functional/contact_controller_test.rb b/test/functional/contact_controller_test.rb index f995395..a237728 100644 --- a/test/functional/contact_controller_test.rb +++ b/test/functional/contact_controller_test.rb @@ -131,7 +131,7 @@ class ContactControllerTest < ActionController::TestCase post :new, :profile => community.identifier assert_response :forbidden - assert_template :private_profile + assert_template "profile/_private_profile" end should 'not show send e-mail page to non members of invisible community' do diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb index 8921c80..b2bc944 100644 --- a/test/functional/content_viewer_controller_test.rb +++ b/test/functional/content_viewer_controller_test.rb @@ -257,22 +257,22 @@ class ContentViewerControllerTest < ActionController::TestCase end should 'not give access to private articles if logged off' do - profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') + profile = Community.create!(:name => 'test profile', :identifier => 'test_profile') intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false) get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] - assert_template 'access_denied' + assert_template "profile/_private_profile" end should 'not give access to private articles if logged in but not member' do login_as('testinguser') - profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') + profile = Community.create!(:name => 'test profile', :identifier => 'test_profile') intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false) get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] - assert_template 'access_denied' + assert_template "profile/_private_profile" end should 'not give access to private articles if logged in and only member' do @@ -1428,7 +1428,7 @@ class ContentViewerControllerTest < ActionController::TestCase article = TinyMceArticle.create(:name => 'Article to be shared with images', :body => 'This article should be shared with all social networks', - :profile => @profile, + :profile => community, :published => false, :show_to_followers => true) article.parent = blog diff --git a/test/functional/events_controller_test.rb b/test/functional/events_controller_test.rb index da0b169..a9f8444 100644 --- a/test/functional/events_controller_test.rb +++ b/test/functional/events_controller_test.rb @@ -60,7 +60,7 @@ class EventsControllerTest < ActionController::TestCase post :events, :profile => community.identifier assert_response :forbidden - assert_template :private_profile + assert_template "profile/_private_profile" end should 'not show events page to non members of invisible community' do diff --git a/test/integration/http_caching_test.rb b/test/integration/http_caching_test.rb index 0bffb33..3d2fa0d 100644 --- a/test/integration/http_caching_test.rb +++ b/test/integration/http_caching_test.rb @@ -85,7 +85,7 @@ class HttpCachingTest < ActionController::IntegrationTest test 'private community content should not return cache headers' do community = create_private_community('the-community') - create(Article, profile_id: community.id, name: 'Test page') + create(Article, profile_id: community.id, name: 'Test page', published: false) get "/the-community/test-page" assert_response 403 @@ -139,4 +139,3 @@ class HttpCachingTest < ActionController::IntegrationTest end end - diff --git a/test/unit/article_test.rb b/test/unit/article_test.rb index d2334ad..7d99427 100644 --- a/test/unit/article_test.rb +++ b/test/unit/article_test.rb @@ -484,7 +484,7 @@ class ArticleTest < ActiveSupport::TestCase should 'say that member user can not see private article' do profile = fast_create(Profile, :name => 'test profile', :identifier => 'test_profile') - article = fast_create(Article, :name => 'test article', :profile_id => profile.id, :published => false) + article = fast_create(Article, :name => 'test article', :profile_id => profile.id, :published => false, :show_to_followers => false) person = create_user('test_user').person profile.affiliate(person, Profile::Roles.member(profile.environment.id)) @@ -509,15 +509,15 @@ class ArticleTest < ActiveSupport::TestCase assert article.display_to?(person) end - should 'not show article to non member if article public but profile private' do + should 'show article to non member if article public but profile private' do profile = fast_create(Profile, :name => 'test profile', :identifier => 'test_profile', :public_profile => false) article = fast_create(Article, :name => 'test article', :profile_id => profile.id, :published => true) person1 = create_user('test_user1').person profile.affiliate(person1, Profile::Roles.member(profile.environment.id)) person2 = create_user('test_user2').person - assert !article.display_to?(nil) - assert !article.display_to?(person2) + assert article.display_to?(nil) + assert article.display_to?(person2) assert article.display_to?(person1) end @@ -543,7 +543,7 @@ class ArticleTest < ActiveSupport::TestCase should 'not allow friends of private person see the article' do person = create_user('test_user').person - article = create(Article, :name => 'test article', :profile => person, :published => false) + article = create(Article, :name => 'test article', :profile => person, :published => false, :show_to_followers => false) friend = create_user('test_friend').person person.add_friend(friend) person.save! @@ -1686,7 +1686,7 @@ class ArticleTest < ActiveSupport::TestCase a.allow_members_to_edit = true assert !a.allow_edit?(nil) end - + should 'allow author to edit topic' do community = fast_create(Community) admin = fast_create(Person) @@ -1905,7 +1905,7 @@ class ArticleTest < ActiveSupport::TestCase end should 'display_filter display only public articles if there is no user' do - p = fast_create(Person) + p = fast_create(Person) Article.delete_all a = fast_create(Article, :published => true, :profile_id => p.id) fast_create(Article, :published => false, :profile_id => p.id) @@ -1915,7 +1915,7 @@ class ArticleTest < ActiveSupport::TestCase should 'display_filter display public articles for users' do user = create_user('someuser').person - p = fast_create(Person) + p = fast_create(Person) user.stubs(:has_permission?).with(:view_private_content, p).returns(false) Article.delete_all a = fast_create(Article, :published => true, :profile_id => p.id) @@ -1926,7 +1926,7 @@ class ArticleTest < ActiveSupport::TestCase should 'display_filter display private article last changed by user' do user = create_user('someuser').person - p = fast_create(Person) + p = fast_create(Person) user.stubs(:has_permission?).with(:view_private_content, p).returns(false) Article.delete_all a = fast_create(Article, :published => false, :last_changed_by_id => user.id, :profile_id => p.id) @@ -1938,7 +1938,7 @@ class ArticleTest < ActiveSupport::TestCase should 'display_filter display user private article of his own profile' do user = create_user('someuser').person user.stubs(:has_permission?).with(:view_private_content, user).returns(false) - p = fast_create(Person) + p = fast_create(Person) Article.delete_all a = fast_create(Article, :published => false, :profile_id => user.id) fast_create(Article, :published => false, :profile_id => p.id) @@ -1948,7 +1948,7 @@ class ArticleTest < ActiveSupport::TestCase should 'display_filter show profile private content if the user has view_private_content permission' do user = create_user('someuser').person - p = fast_create(Person) + p = fast_create(Person) Article.delete_all user.stubs(:has_permission?).with(:view_private_content, p).returns(false) a = fast_create(Article, :published => false, :profile_id => p.id) @@ -1965,8 +1965,8 @@ class ArticleTest < ActiveSupport::TestCase user.stubs(:has_permission?).with(:view_private_content, p).returns(false) Article.delete_all a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) assert_equal [a], Article.display_filter(user, p) end @@ -1977,8 +1977,8 @@ class ArticleTest < ActiveSupport::TestCase user.stubs(:has_permission?).with(:view_private_content, p).returns(false) Article.delete_all a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) assert_equal [a], Article.display_filter(user, p) end @@ -2057,8 +2057,8 @@ class ArticleTest < ActiveSupport::TestCase user.stubs(:has_permission?).with(:view_private_content, p).returns(false) Article.delete_all a = fast_create(Article, :published => true, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) assert_equal [a], Article.display_filter(user, p) end @@ -2088,7 +2088,7 @@ class ArticleTest < ActiveSupport::TestCase a1 = fast_create(Article, :published => true, :profile_id => user.id) a2 = fast_create(Article, :published => true, :profile_id => p.id) fast_create(Article, :published => false, :profile_id => p.id) - assert_equivalent [a1,a2], Article.display_filter(user, nil) + assert_equivalent [a1,a2], Article.display_filter(nil, user) end should 'display_filter show person public content of private person profile for user friends' do @@ -2099,8 +2099,8 @@ class ArticleTest < ActiveSupport::TestCase user.stubs(:has_permission?).with(:view_private_content, p).returns(false) Article.delete_all a = fast_create(Article, :published => true, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) - fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) + fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id) assert_equal [a], Article.display_filter(user, p) end @@ -2130,7 +2130,7 @@ class ArticleTest < ActiveSupport::TestCase a1 = fast_create(Article, :published => true, :profile_id => user.id) a2 = fast_create(Article, :published => true, :profile_id => p.id) fast_create(Article, :published => false, :profile_id => p.id) - assert_equivalent [a1,a2], Article.display_filter(user, nil) + assert_equivalent [a1,a2], Article.display_filter(nil, user) end end diff --git a/test/unit/folder_helper_test.rb b/test/unit/folder_helper_test.rb index 6f95471..d25b2f1 100644 --- a/test/unit/folder_helper_test.rb +++ b/test/unit/folder_helper_test.rb @@ -68,7 +68,7 @@ class FolderHelperTest < ActionView::TestCase profile.public_profile = false profile.save! profile2 = create_user('Folder Viwer').person - folder = fast_create(Folder, :profile_id => profile.id) + folder = fast_create(Folder, :profile_id => profile.id, :published => false) article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id}) result = available_articles(folder.children, profile2) -- libgit2 0.21.2