Move code that checks permission to create an article into person class

Victor Costa · Rodrigo Souto
1 parent 61f22eb0
Showing 3 changed files with 33 additions and 11 deletions Show diff stats
app/controllers/my_profile/cms_controller.rb
app/models/person.rb
test/unit/person_test.rb
@@ -27,20 +27,13 @@ class CmsController &lt; MyProfileController
  
   helper_method :file_types
  
-  protect_if :only => :upload_files do |c, user, profile|
-    article_id = c.params[:parent_id]
-    (!article_id.blank? && profile.articles.find(article_id).allow_create?(user)) ||
-    (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
-  end
-
-  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do |c, user, profile|
+  protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do |c, user, profile|
     user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
   end
  
-  protect_if :only => :new do |c, user, profile|
-    article = profile.articles.find_by_id(c.params[:parent_id])
-    (!article.nil? && (article.allow_create?(user) || article.parent.allow_create?(user))) ||
-    (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
+  protect_if :only => [:new, :upload_files] do |c, user, profile|
+    parent = profile.articles.find_by_id(c.params[:parent_id])
+    user && user.can_post_content?(profile, parent)
   end
  
   protect_if :only => :destroy do |c, user, profile|
@@ -123,6 +123,11 @@ roles] }
     self.tracked_notifications.exists?(activity)
   end
  
+  def can_post_content?(profile, parent=nil)
+    (!parent.nil? && (parent.allow_create?(self))) ||
+      (self.has_permission?('post_content', profile) || self.has_permission?('publish_content', profile))
+  end
+
   # Sets the identifier for this person. Raises an exception when called on a
   # existing person (since peoples' identifiers cannot be changed)
   def identifier=(value)
@@ -1524,6 +1524,7 @@ class PersonTest &lt; ActiveSupport::TestCase
     end
   end
  
+<<<<<<< HEAD
   should 'have a list of suggested people to be friend' do
     person = create_user('person').person
     suggested_friend = fast_create(Person)
@@ -1638,4 +1639,27 @@ class PersonTest &lt; ActiveSupport::TestCase
     assert_equal false, person.follows?(nil)
   end
  
+  should 'allow posting content when has post_content permission' do
+    person = create_user('person').person
+    profile = mock
+    person.expects(:has_permission?).with('post_content', profile).returns(true)
+    assert person.can_post_content?(profile)
+  end
+
+  should 'allow posting content when has publish_content permission' do
+    person = create_user('person').person
+    profile = mock
+    person.expects(:has_permission?).with('post_content', profile).returns(false)
+    person.expects(:has_permission?).with('publish_content', profile).returns(true)
+    assert person.can_post_content?(profile)
+  end
+
+  should 'allow posting content when has permission in the parent' do
+    person = create_user('person').person
+    profile = mock
+    parent = mock
+    parent.expects(:allow_create?).with(person).returns(true)
+    assert person.can_post_content?(profile, parent)
+  end
+
 end
...	...	@@ -27,20 +27,13 @@ class CmsController < MyProfileController
27	27
28	28	helper_method :file_types
29	29
30		- protect_if :only => :upload_files do \|c, user, profile\|
31		- article_id = c.params[:parent_id]
32		- (!article_id.blank? && profile.articles.find(article_id).allow_create?(user)) \|\|
33		- (user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile)))
34		- end
35		-
36		- protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do \|c, user, profile\|
	30	+ protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do \|c, user, profile\|
37	31	user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile))
38	32	end
39	33
40		- protect_if :only => :new do \|c, user, profile\|
41		- article = profile.articles.find_by_id(c.params[:parent_id])
42		- (!article.nil? && (article.allow_create?(user) \|\| article.parent.allow_create?(user))) \|\|
43		- (user && (user.has_permission?('post_content', profile) \|\| user.has_permission?('publish_content', profile)))
	34	+ protect_if :only => [:new, :upload_files] do \|c, user, profile\|
	35	+ parent = profile.articles.find_by_id(c.params[:parent_id])
	36	+ user && user.can_post_content?(profile, parent)
44	37	end
45	38
46	39	protect_if :only => :destroy do \|c, user, profile\|
...	...
...	...	@@ -123,6 +123,11 @@ roles] }
123	123	self.tracked_notifications.exists?(activity)
124	124	end
125	125
	126	+ def can_post_content?(profile, parent=nil)
	127	+ (!parent.nil? && (parent.allow_create?(self))) \|\|
	128	+ (self.has_permission?('post_content', profile) \|\| self.has_permission?('publish_content', profile))
	129	+ end
	130	+
126	131	# Sets the identifier for this person. Raises an exception when called on a
127	132	# existing person (since peoples' identifiers cannot be changed)
128	133	def identifier=(value)
...	...
...	...	@@ -1524,6 +1524,7 @@ class PersonTest < ActiveSupport::TestCase
1524	1524	end
1525	1525	end
1526	1526
	1527	+<<<<<<< HEAD
1527	1528	should 'have a list of suggested people to be friend' do
1528	1529	person = create_user('person').person
1529	1530	suggested_friend = fast_create(Person)
...	...	@@ -1638,4 +1639,27 @@ class PersonTest < ActiveSupport::TestCase
1638	1639	assert_equal false, person.follows?(nil)
1639	1640	end
1640	1641
	1642	+ should 'allow posting content when has post_content permission' do
	1643	+ person = create_user('person').person
	1644	+ profile = mock
	1645	+ person.expects(:has_permission?).with('post_content', profile).returns(true)
	1646	+ assert person.can_post_content?(profile)
	1647	+ end
	1648	+
	1649	+ should 'allow posting content when has publish_content permission' do
	1650	+ person = create_user('person').person
	1651	+ profile = mock
	1652	+ person.expects(:has_permission?).with('post_content', profile).returns(false)
	1653	+ person.expects(:has_permission?).with('publish_content', profile).returns(true)
	1654	+ assert person.can_post_content?(profile)
	1655	+ end
	1656	+
	1657	+ should 'allow posting content when has permission in the parent' do
	1658	+ person = create_user('person').person
	1659	+ profile = mock
	1660	+ parent = mock
	1661	+ parent.expects(:allow_create?).with(person).returns(true)
	1662	+ assert person.can_post_content?(profile, parent)
	1663	+ end
	1664	+
1641	1665	end
...	...