Commit ae17c75a735cd4d9f2a1904aadbaf871f51a53a4
Exists in
master
and in
29 other branches
Merge commit 'refs/merge-requests/137' of git://gitorious.org/noosfero/noosfero …
…into merge-requests/137 (ActionItem2295)
Showing
4 changed files
with
56 additions
and
10 deletions
Show diff stats
app/controllers/public/profile_controller.rb
| @@ -211,7 +211,8 @@ class ProfileController < PublicController | @@ -211,7 +211,8 @@ class ProfileController < PublicController | ||
| 211 | 211 | ||
| 212 | def remove_activity | 212 | def remove_activity |
| 213 | begin | 213 | begin |
| 214 | - activity = current_person.tracked_actions.find(params[:activity_id]) | 214 | + raise if !can_edit_profile |
| 215 | + activity = ActionTracker::Record.find(params[:activity_id]) | ||
| 215 | activity.destroy | 216 | activity.destroy |
| 216 | render :text => _('Activity successfully removed.') | 217 | render :text => _('Activity successfully removed.') |
| 217 | rescue | 218 | rescue |
| @@ -219,6 +220,17 @@ class ProfileController < PublicController | @@ -219,6 +220,17 @@ class ProfileController < PublicController | ||
| 219 | end | 220 | end |
| 220 | end | 221 | end |
| 221 | 222 | ||
| 223 | + def remove_notification | ||
| 224 | + begin | ||
| 225 | + raise if !can_edit_profile | ||
| 226 | + notification = ActionTrackerNotification.find(:first, :conditions => {:profile_id => profile.id, :action_tracker_id => params[:activity_id]}) | ||
| 227 | + notification.destroy | ||
| 228 | + render :text => _('Notification successfully removed.') | ||
| 229 | + rescue | ||
| 230 | + render :text => _('You could not remove this notification.') | ||
| 231 | + end | ||
| 232 | + end | ||
| 233 | + | ||
| 222 | def profile_info | 234 | def profile_info |
| 223 | begin | 235 | begin |
| 224 | @block = profile.blocks.find(params[:block_id]) | 236 | @block = profile.blocks.find(params[:block_id]) |
| @@ -320,4 +332,8 @@ class ProfileController < PublicController | @@ -320,4 +332,8 @@ class ProfileController < PublicController | ||
| 320 | 20 | 332 | 20 |
| 321 | end | 333 | end |
| 322 | 334 | ||
| 335 | + def can_edit_profile | ||
| 336 | + @can_edit_profile ||= user && user.has_permission?('edit_profile', profile) | ||
| 337 | + end | ||
| 338 | + helper_method :can_edit_profile | ||
| 323 | end | 339 | end |
app/views/profile/_profile_activities.rhtml
| @@ -6,7 +6,7 @@ | @@ -6,7 +6,7 @@ | ||
| 6 | <div class='profile-activity-description'> | 6 | <div class='profile-activity-description'> |
| 7 | <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p> | 7 | <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p> |
| 8 | <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p> | 8 | <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p> |
| 9 | - <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %> | 9 | + <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if can_edit_profile %> |
| 10 | </div> | 10 | </div> |
| 11 | <hr /> | 11 | <hr /> |
| 12 | </li> | 12 | </li> |
app/views/profile/_profile_network_activities.rhtml
| @@ -9,6 +9,7 @@ | @@ -9,6 +9,7 @@ | ||
| 9 | <div class='profile-network-description'> | 9 | <div class='profile-network-description'> |
| 10 | <p class='profile-network-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p> | 10 | <p class='profile-network-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p> |
| 11 | <p class='profile-network-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p> | 11 | <p class='profile-network-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p> |
| 12 | + <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_notification', :activity_id => activity.id}, :update => "profile-network-item-#{activity.id}") if can_edit_profile %> | ||
| 12 | <p class='profile-network-where'><%= _('In community %s') % link_to(activity.target.name, activity.target.url) if !profile.is_a?(Community) && activity.target.is_a?(Community) %></p> | 13 | <p class='profile-network-where'><%= _('In community %s') % link_to(activity.target.name, activity.target.url) if !profile.is_a?(Community) && activity.target.is_a?(Community) %></p> |
| 13 | </div> | 14 | </div> |
| 14 | <div id='profile-network-message-<%= activity.id%>' style='display:none;'> | 15 | <div id='profile-network-message-<%= activity.id%>' style='display:none;'> |
test/functional/profile_controller_test.rb
| @@ -1032,14 +1032,43 @@ class ProfileControllerTest < Test::Unit::TestCase | @@ -1032,14 +1032,43 @@ class ProfileControllerTest < Test::Unit::TestCase | ||
| 1032 | assert_redirected_to :controller => 'account', :action => 'login' | 1032 | assert_redirected_to :controller => 'account', :action => 'login' |
| 1033 | end | 1033 | end |
| 1034 | 1034 | ||
| 1035 | - should "not remove an activity of another user" do | ||
| 1036 | - login_as(profile.identifier) | ||
| 1037 | - p1 = fast_create(Person) | ||
| 1038 | - at = fast_create(ActionTracker::Record, :user_id => p1.id) | ||
| 1039 | - atn = fast_create(ActionTrackerNotification, :profile_id => p1.id, :action_tracker_id => at.id) | ||
| 1040 | - count = ActionTrackerNotification.count | ||
| 1041 | - post :remove_activity, :profile => profile.identifier, :activity_id => at.id | ||
| 1042 | - assert_equal count, ActionTrackerNotification.count | 1035 | + should "remove an activity of another person if user has permissions to edit it" do |
| 1036 | + user = create_user('owner').person | ||
| 1037 | + login_as(user.identifier) | ||
| 1038 | + owner = create_user('owner').person | ||
| 1039 | + activity = fast_create(ActionTracker::Record, :user_id => owner.id) | ||
| 1040 | + @controller.stubs(:user).returns(user) | ||
| 1041 | + @controller.stubs(:profile).returns(owner) | ||
| 1042 | + | ||
| 1043 | + assert_no_difference ActionTracker::Record, :count do | ||
| 1044 | + post :remove_activity, :profile => owner.identifier, :activity_id => activity.id | ||
| 1045 | + end | ||
| 1046 | + | ||
| 1047 | + owner.environment.add_admin(user) | ||
| 1048 | + | ||
| 1049 | + assert_difference ActionTracker::Record, :count, -1 do | ||
| 1050 | + post :remove_activity, :profile => owner.identifier, :activity_id => activity.id | ||
| 1051 | + end | ||
| 1052 | + end | ||
| 1053 | + | ||
| 1054 | + should "remove a notification of another profile if user has permissions to edit it" do | ||
| 1055 | + user = create_user('owner').person | ||
| 1056 | + login_as(user.identifier) | ||
| 1057 | + profile = fast_create(Profile) | ||
| 1058 | + activity = fast_create(ActionTracker::Record, :user_id => user.id) | ||
| 1059 | + fast_create(ActionTrackerNotification, :profile_id => profile.id, :action_tracker_id => activity.id) | ||
| 1060 | + @controller.stubs(:user).returns(user) | ||
| 1061 | + @controller.stubs(:profile).returns(profile) | ||
| 1062 | + | ||
| 1063 | + assert_no_difference ActionTrackerNotification, :count do | ||
| 1064 | + post :remove_notification, :profile => profile.identifier, :activity_id => activity.id | ||
| 1065 | + end | ||
| 1066 | + | ||
| 1067 | + profile.environment.add_admin(user) | ||
| 1068 | + | ||
| 1069 | + assert_difference ActionTrackerNotification, :count, -1 do | ||
| 1070 | + post :remove_activity, :profile => profile.identifier, :activity_id => activity.id | ||
| 1071 | + end | ||
| 1043 | end | 1072 | end |
| 1044 | 1073 | ||
| 1045 | should "not show the scrap button on network activity if the user don't follow the user" do | 1074 | should "not show the scrap button on network activity if the user don't follow the user" do |