Commit cafedbe4be321a423747af020b1f4451497c1259
1 parent
053bed47
Exists in
master
and in
29 other branches
ActionItem177: access control applied on the my_profile controllers
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1518 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
19 changed files
with
79 additions
and
10 deletions
Show diff stats
app/controllers/my_profile/cms_controller.rb
| 1 | class CmsController < MyProfileController | 1 | class CmsController < MyProfileController |
| 2 | 2 | ||
| 3 | - protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete] | 3 | + protect 'post_content', :profile, :except => [:set_home_page] |
| 4 | + protect 'edit_profile', :profile, :only => [:set_home_page] | ||
| 4 | 5 | ||
| 5 | def boxes_holder | 6 | def boxes_holder |
| 6 | profile | 7 | profile |
app/controllers/my_profile/enterprise_validation_controller.rb
| 1 | class EnterpriseValidationController < MyProfileController | 1 | class EnterpriseValidationController < MyProfileController |
| 2 | 2 | ||
| 3 | + protect 'validate_enterprise', :profile | ||
| 4 | + | ||
| 3 | def index | 5 | def index |
| 4 | @pending_validations = profile.pending_validations | 6 | @pending_validations = profile.pending_validations |
| 5 | end | 7 | end |
app/controllers/my_profile/friends_controller.rb
app/controllers/my_profile/memberships_controller.rb
app/controllers/my_profile/profile_design_controller.rb
| @@ -2,6 +2,8 @@ class ProfileDesignController < BoxOrganizerController | @@ -2,6 +2,8 @@ class ProfileDesignController < BoxOrganizerController | ||
| 2 | 2 | ||
| 3 | needs_profile | 3 | needs_profile |
| 4 | 4 | ||
| 5 | + protect 'edit_profile_design', :profile | ||
| 6 | + | ||
| 5 | def available_blocks | 7 | def available_blocks |
| 6 | blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock ] | 8 | blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock ] |
| 7 | 9 |
app/controllers/my_profile/profile_editor_controller.rb
| 1 | class ProfileEditorController < MyProfileController | 1 | class ProfileEditorController < MyProfileController |
| 2 | 2 | ||
| 3 | -# protect 'edit_profile', :profile, :only => [:index, :edit] | 3 | + protect 'edit_profile', :profile, :only => [:index, :edit] |
| 4 | 4 | ||
| 5 | def index | 5 | def index |
| 6 | @pending_tasks = profile.tasks.pending | 6 | @pending_tasks = profile.tasks.pending |
app/controllers/my_profile/tasks_controller.rb
app/models/profile.rb
| @@ -16,12 +16,15 @@ class Profile < ActiveRecord::Base | @@ -16,12 +16,15 @@ class Profile < ActiveRecord::Base | ||
| 16 | end | 16 | end |
| 17 | 17 | ||
| 18 | PERMISSIONS[:profile] = { | 18 | PERMISSIONS[:profile] = { |
| 19 | - 'edit_profile' => N_('Edit profile'), | ||
| 20 | - 'destroy_profile' => N_('Destroy profile'), | ||
| 21 | - 'manage_memberships' => N_('Manage memberships'), | ||
| 22 | - 'post_content' => N_('Post content'), | 19 | + 'edit_profile' => N_('Edit profile'), |
| 20 | + 'destroy_profile' => N_('Destroy profile'), | ||
| 21 | + 'manage_memberships' => N_('Manage memberships'), | ||
| 22 | + 'post_content' => N_('Post content'), | ||
| 23 | 'edit_profile_design' => N_('Edit profile design'), | 23 | 'edit_profile_design' => N_('Edit profile design'), |
| 24 | - 'manage_products' => N_('Manage products'), | 24 | + 'manage_products' => N_('Manage products'), |
| 25 | + 'manage_friends' => N_('Manage friends'), | ||
| 26 | + 'validate_enterprise' => N_('Validate enterprise'), | ||
| 27 | + 'peform_task' => N_('Peform task'), | ||
| 25 | } | 28 | } |
| 26 | 29 | ||
| 27 | acts_as_accessible | 30 | acts_as_accessible |
lib/authenticated_test_helper.rb
| @@ -4,6 +4,10 @@ module AuthenticatedTestHelper | @@ -4,6 +4,10 @@ module AuthenticatedTestHelper | ||
| 4 | @request.session[:user] = User.find_by_login(user.to_s) | 4 | @request.session[:user] = User.find_by_login(user.to_s) |
| 5 | end | 5 | end |
| 6 | 6 | ||
| 7 | + def logout | ||
| 8 | + @request.session[:user] = nil | ||
| 9 | + end | ||
| 10 | + | ||
| 7 | def content_type(type) | 11 | def content_type(type) |
| 8 | @request.env['Content-Type'] = type | 12 | @request.env['Content-Type'] = type |
| 9 | end | 13 | end |
script/anhetegua
| @@ -10,6 +10,7 @@ Profile.destroy_all | @@ -10,6 +10,7 @@ Profile.destroy_all | ||
| 10 | Role.destroy_all | 10 | Role.destroy_all |
| 11 | RoleAssignment.destroy_all | 11 | RoleAssignment.destroy_all |
| 12 | Category.destroy_all | 12 | Category.destroy_all |
| 13 | +Product.destroy_all | ||
| 13 | Article.destroy_all | 14 | Article.destroy_all |
| 14 | 15 | ||
| 15 | def new_category(parent, name, color = nil) | 16 | def new_category(parent, name, color = nil) |
| @@ -108,6 +109,36 @@ colivre.affiliate(ze, owner_role) | @@ -108,6 +109,36 @@ colivre.affiliate(ze, owner_role) | ||
| 108 | member_role = Profile::Roles.member | 109 | member_role = Profile::Roles.member |
| 109 | moderator_role = Profile::Roles.moderator | 110 | moderator_role = Profile::Roles.moderator |
| 110 | 111 | ||
| 112 | +# product categories | ||
| 113 | +produtos = ProductCategory.create!(:name => 'Produtos', :environment => Environment.default, :display_color => 4) | ||
| 114 | + | ||
| 115 | +alimentacao = ProductCategory.create!(:name => 'Alimentação', :environment => Environment.default, :parent => produtos) | ||
| 116 | +vegetais = ProductCategory.create!(:name => 'Vegetais', :environment => Environment.default, :parent => alimentacao) | ||
| 117 | + | ||
| 118 | +feijao = ProductCategory.create!(:name => 'Feijão', :environment => Environment.default, :parent => vegetais) | ||
| 119 | + | ||
| 120 | +arroz = ProductCategory.create!(:name => 'Arroz', :environment => Environment.default, :parent => vegetais) | ||
| 121 | + | ||
| 122 | +batata = ProductCategory.create!(:name => 'Batata', :environment => Environment.default, :parent => vegetais) | ||
| 123 | + | ||
| 124 | +carnes = ProductCategory.create!(:name => 'Carnes', :environment => Environment.default, :parent => alimentacao) | ||
| 125 | + | ||
| 126 | +boi = ProductCategory.create!(:name => 'Boi', :environment => Environment.default, :parent => carnes) | ||
| 127 | + | ||
| 128 | +frango = ProductCategory.create!(:name => 'Frango', :environment => Environment.default, :parent => carnes) | ||
| 129 | + | ||
| 130 | +vestuario = ProductCategory.create!(:name => 'Vestuário', :environment => Environment.default, :parent => produtos) | ||
| 131 | + | ||
| 132 | +camisetas = ProductCategory.create!(:name => 'Camisetas', :environment => Environment.default, :parent => vestuario) | ||
| 133 | + | ||
| 134 | +calcas = ProductCategory.create!(:name => 'Calças', :environment => Environment.default, :parent => vestuario) | ||
| 135 | + | ||
| 136 | +software_livre = ProductCategory.create!(:name => 'Software Livre', :environment => Environment.default, :parent => produtos) | ||
| 137 | + | ||
| 138 | +desenv = ProductCategory.create!(:name => 'Desenvolvimento', :environment => Environment.default, :parent => software_livre) | ||
| 139 | +capacitacao = ProductCategory.create!(:name => 'Capacitação', :environment => Environment.default, :parent => software_livre) | ||
| 140 | +admin_de_sistemas = ProductCategory.create!(:name => 'Administração de sistemas', :environment => Environment.default, :parent => software_livre) | ||
| 141 | +arte_digital = ProductCategory.create!(:name => 'Arte Digital', :environment => Environment.default, :parent => software_livre) | ||
| 111 | 142 | ||
| 112 | 143 | ||
| 113 | # actual products | 144 | # actual products |
test/functional/enterprise_editor_controller_test.rb
| @@ -85,4 +85,5 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase | @@ -85,4 +85,5 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase | ||
| 85 | assert_response :redirect | 85 | assert_response :redirect |
| 86 | assert_redirected_to :controller => 'profile_editor', :profile => 'test_user' | 86 | assert_redirected_to :controller => 'profile_editor', :profile => 'test_user' |
| 87 | end | 87 | end |
| 88 | + | ||
| 88 | end | 89 | end |
test/functional/enterprise_validation_test.rb
| @@ -12,9 +12,10 @@ class EnterpriseValidationControllerTest < Test::Unit::TestCase | @@ -12,9 +12,10 @@ class EnterpriseValidationControllerTest < Test::Unit::TestCase | ||
| 12 | @controller = EnterpriseValidationController.new | 12 | @controller = EnterpriseValidationController.new |
| 13 | @request = ActionController::TestRequest.new | 13 | @request = ActionController::TestRequest.new |
| 14 | @response = ActionController::TestResponse.new | 14 | @response = ActionController::TestResponse.new |
| 15 | + | ||
| 15 | login_as 'ze' | 16 | login_as 'ze' |
| 16 | - | ||
| 17 | @org = Organization.create!(:identifier => 'myorg', :name => "My Org") | 17 | @org = Organization.create!(:identifier => 'myorg', :name => "My Org") |
| 18 | + give_permission('ze', 'validate_enterprise', @org) | ||
| 18 | Profile.expects(:find_by_identifier).with('myorg').returns(@org).at_least_once | 19 | Profile.expects(:find_by_identifier).with('myorg').returns(@org).at_least_once |
| 19 | end | 20 | end |
| 20 | 21 |
test/functional/friends_controller_test.rb
| @@ -14,6 +14,7 @@ class FriendsControllerTest < Test::Unit::TestCase | @@ -14,6 +14,7 @@ class FriendsControllerTest < Test::Unit::TestCase | ||
| 14 | 14 | ||
| 15 | self.profile = create_user('testuser').person | 15 | self.profile = create_user('testuser').person |
| 16 | self.friend = create_user('thefriend').person | 16 | self.friend = create_user('thefriend').person |
| 17 | + login_as ('testuser') | ||
| 17 | end | 18 | end |
| 18 | attr_accessor :profile, :friend | 19 | attr_accessor :profile, :friend |
| 19 | 20 |
test/functional/memberships_controller_test.rb
| @@ -11,6 +11,7 @@ class MembershipsControllerTest < Test::Unit::TestCase | @@ -11,6 +11,7 @@ class MembershipsControllerTest < Test::Unit::TestCase | ||
| 11 | @response = ActionController::TestResponse.new | 11 | @response = ActionController::TestResponse.new |
| 12 | 12 | ||
| 13 | @profile = create_user('testuser').person | 13 | @profile = create_user('testuser').person |
| 14 | + login_as('testuser') | ||
| 14 | end | 15 | end |
| 15 | attr_reader :profile | 16 | attr_reader :profile |
| 16 | 17 |
test/functional/profile_design_controller_test.rb
| @@ -59,6 +59,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase | @@ -59,6 +59,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase | ||
| 59 | @request.env['HTTP_REFERER'] = '/editor' | 59 | @request.env['HTTP_REFERER'] = '/editor' |
| 60 | 60 | ||
| 61 | @controller.stubs(:boxes_holder).returns(holder) | 61 | @controller.stubs(:boxes_holder).returns(holder) |
| 62 | + login_as 'ze' | ||
| 62 | end | 63 | end |
| 63 | 64 | ||
| 64 | ###################################################### | 65 | ###################################################### |
test/functional/profile_editor_controller_test.rb
| @@ -67,4 +67,10 @@ class ProfileEditorControllerTest < Test::Unit::TestCase | @@ -67,4 +67,10 @@ class ProfileEditorControllerTest < Test::Unit::TestCase | ||
| 67 | assert_redirected_to :action => 'index' | 67 | assert_redirected_to :action => 'index' |
| 68 | end | 68 | end |
| 69 | 69 | ||
| 70 | + should 'not permmit if not logged' do | ||
| 71 | + logout | ||
| 72 | + person = create_user('test_user') | ||
| 73 | + get :index, :profile => 'test_user' | ||
| 74 | + end | ||
| 75 | + | ||
| 70 | end | 76 | end |
test/functional/tasks_controller_test.rb
| @@ -14,6 +14,7 @@ class TasksControllerTest < Test::Unit::TestCase | @@ -14,6 +14,7 @@ class TasksControllerTest < Test::Unit::TestCase | ||
| 14 | 14 | ||
| 15 | self.profile = create_user('testuser').person | 15 | self.profile = create_user('testuser').person |
| 16 | @controller.stubs(:profile).returns(profile) | 16 | @controller.stubs(:profile).returns(profile) |
| 17 | + login_as 'testuser' | ||
| 17 | end | 18 | end |
| 18 | attr_accessor :profile | 19 | attr_accessor :profile |
| 19 | 20 |
test/integration/enterprise_registration_test.rb
| @@ -44,6 +44,9 @@ class EnterpriseRegistrationTest < ActionController::IntegrationTest | @@ -44,6 +44,9 @@ class EnterpriseRegistrationTest < ActionController::IntegrationTest | ||
| 44 | code = CreateEnterprise.find(:first, :order => 'id desc').code | 44 | code = CreateEnterprise.find(:first, :order => 'id desc').code |
| 45 | 45 | ||
| 46 | # steps done by the validator | 46 | # steps done by the validator |
| 47 | + validator = create_user_with_permission('validator', 'validate_enterprise', org) | ||
| 48 | + login 'validator', 'validator' | ||
| 49 | + | ||
| 47 | get "/myprofile/myorg/enterprise_validation" | 50 | get "/myprofile/myorg/enterprise_validation" |
| 48 | assert_response :success | 51 | assert_response :success |
| 49 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/myorg/enterprise_validation/details/#{code}" } | 52 | assert_tag :tag => 'a', :attributes => { :href => "/myprofile/myorg/enterprise_validation/details/#{code}" } |
test/test_helper.rb
| @@ -83,8 +83,8 @@ class Test::Unit::TestCase | @@ -83,8 +83,8 @@ class Test::Unit::TestCase | ||
| 83 | User.create!(data) | 83 | User.create!(data) |
| 84 | end | 84 | end |
| 85 | 85 | ||
| 86 | - def create_user_with_permission(name, permission, target= nil) | ||
| 87 | - user = create_user(name).person | 86 | + def give_permission(user, permission, target) |
| 87 | + user = Person.find_by_identifier(user) if user.kind_of?(String) | ||
| 88 | target ||= user | 88 | target ||= user |
| 89 | i = 0 | 89 | i = 0 |
| 90 | while Role.find_by_name('test_role' + i.to_s) | 90 | while Role.find_by_name('test_role' + i.to_s) |
| @@ -97,6 +97,11 @@ class Test::Unit::TestCase | @@ -97,6 +97,11 @@ class Test::Unit::TestCase | ||
| 97 | user | 97 | user |
| 98 | end | 98 | end |
| 99 | 99 | ||
| 100 | + def create_user_with_permission(name, permission, target= nil) | ||
| 101 | + user = create_user(name).person | ||
| 102 | + give_permission(user, permission, target) | ||
| 103 | + end | ||
| 104 | + | ||
| 100 | alias :ok :assert_block | 105 | alias :ok :assert_block |
| 101 | 106 | ||
| 102 | def assert_equivalent(enum1, enum2) | 107 | def assert_equivalent(enum1, enum2) |