Download as
Browse Code »

Commit da0396de56254f90861d5567cffb6fb22a0ae35d

Authored by Rodrigo Souto
1 parent ede53a92
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

admins: avoid problems with empty roles or environment on resources

Showing 3 changed files with 15 additions and 9 deletions   Show diff stats
app/models/environment.rb
  Diff comments   View file @da0396d
@@ -86,7 +86,9 @@ class Environment < ActiveRecord::Base @@ -86,7 +86,9 @@ class Environment < ActiveRecord::Base
86 end 86 end
87 87
88 def admins 88 def admins
89 - Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', Environment::Roles.admin(self).id]) 89 + admin_role = Environment::Roles.admin(self)
  90 + return [] if admin_role.blank?
  91 + Person.members_of(self).all(:conditions => ['role_assignments.role_id = ?', admin_role.id])
90 end 92 end
91 93
92 # returns the available features for a Environment, in the form of a 94 # returns the available features for a Environment, in the form of a
app/models/person.rb
  Diff comments   View file @da0396d
@@ -33,16 +33,17 @@ class Person < Profile @@ -33,16 +33,17 @@ class Person < Profile
33 { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] } 33 { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
34 } 34 }
35 35
36 - def has_permission_with_admin?(permission, profile)  
37 - return true if profile.admins.include?(self) || profile.environment.admins.include?(self)  
38 - has_permission_without_admin?(permission, profile) 36 + def has_permission_with_admin?(permission, resource)
  37 + return true if resource.blank? || resource.admins.include?(self)
  38 + return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
  39 + has_permission_without_admin?(permission, resource)
39 end 40 end
40 alias_method_chain :has_permission?, :admin 41 alias_method_chain :has_permission?, :admin
41 42
42 - def has_permission_with_plugins?(permission, profile)  
43 - permissions = [has_permission_without_plugins?(permission, profile)] 43 + def has_permission_with_plugins?(permission, resource)
  44 + permissions = [has_permission_without_plugins?(permission, resource)]
44 permissions += plugins.map do |plugin| 45 permissions += plugins.map do |plugin|
45 - plugin.has_permission?(self, permission, profile) 46 + plugin.has_permission?(self, permission, resource)
46 end 47 end
47 permissions.include?(true) 48 permissions.include?(true)
48 end 49 end
app/models/profile.rb
  Diff comments   View file @da0396d
@@ -795,7 +795,10 @@ private :generate_url, :url_options @@ -795,7 +795,10 @@ private :generate_url, :url_options
795 end 795 end
796 796
797 def admins 797 def admins
798 - self.members_by_role(Profile::Roles.admin(environment.id)) 798 + return [] if environment.blank?
  799 + admin_role = Profile::Roles.admin(environment.id)
  800 + return [] if admin_role.blank?
  801 + self.members_by_role(admin_role)
799 end 802 end
800 803
801 def enable_contact? 804 def enable_contact?
@@ -803,7 +806,7 @@ private :generate_url, :url_options @@ -803,7 +806,7 @@ private :generate_url, :url_options
803 end 806 end
804 807
805 include Noosfero::Plugin::HotSpot 808 include Noosfero::Plugin::HotSpot
806 - 809 +
807 def folder_types 810 def folder_types
808 types = Article.folder_types 811 types = Article.folder_types
809 plugins.dispatch(:content_types).each {|type| 812 plugins.dispatch(:content_types).each {|type|