ActionItem616: made private articles non reachable

made article respond to its private/public status instead of the profile so we can have private folders inside public profiles git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2397 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem616: made private articles non reachable
made article respond to its private/public status instead of the profile so we can have private folders inside public profiles git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@2397 3f533792-8f58-4932-b0fe-aaf55b0a4547
MoisesMachado
1 parent 921b88f8
Showing 3 changed files with 83 additions and 56 deletions Show diff stats
app/models/article.rb
test/functional/content_viewer_controller_test.rb
test/unit/article_test.rb
@@ -137,8 +137,8 @@ class Article &lt; ActiveRecord::Base
   end
   def display_to?(user)
-    if self.profile.public_content
-      true
+    if self.public_article
+      self.profile.display_info_to?(user)
     else
       if user.nil?
         false
@@ -22,11 +22,11 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     page.save!
     assert_local_files_reference :get, :view_page, :profile => profile.identifier, :page => [ 'test' ]
   end
-  
+
   def test_valid_xhtml
     assert_valid_xhtml
   end
-  
+
   def test_should_display_page
     page = profile.articles.build(:name => 'test')
     page.save!
@@ -69,7 +69,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     Profile.delete_all
     uses_host 'anhetegua'
     get :view_page, :profile => 'some_unexisting_profile', :page => []
-    assert_response :missing    
+    assert_response :missing
   end
   def test_should_be_able_to_post_comment_while_authenticated
@@ -97,7 +97,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
   should 'produce a download-like when article is not text/html' do
-    # for example, RSS feeds 
+    # for example, RSS feeds
     profile = create_user('someone').person
     page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')
     page.save!
@@ -126,38 +126,36 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
       post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
       assert_response :redirect
     end
-    
   end
-  
+
   should "not be able to remove other people's comments if not moderator or admin" do
     create_user('normaluser')
     profile = create_user('testuser').person
     article = profile.articles.build(:name => 'test')
     article.save!
-    
+
     commenter = create_user('otheruser').person
     comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
     comment.save!
     login_as 'normaluser' # normaluser cannot remove other people's comments
-    assert_no_difference Comment, :count do 
+    assert_no_difference Comment, :count do
       post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
       assert_response :redirect
     end
-    
   end
   should 'be able to remove comments on their articles' do
     profile = create_user('testuser').person
     article = profile.articles.build(:name => 'test')
     article.save!
-    
+
     commenter = create_user('otheruser').person
     comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
     comment.save!
     login_as 'testuser' # testuser must be able to remove comments in his articles
-    assert_difference Comment, :count, -1 do 
+    assert_difference Comment, :count, -1 do
       post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
       assert_response :redirect
     end
@@ -181,7 +179,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     comment = article.comments.create!(:author => commenter, :title => 'a comment', :body => 'lalala')
     community.add_moderator(profile)
     login_as profile.identifier
-    assert_difference Comment, :count, -1 do 
+    assert_difference Comment, :count, -1 do
       post :view_page, :profile => community.identifier, :page => [ 'test' ], :remove_comment => comment.id
       assert_response :redirect
     end
@@ -209,7 +207,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     post :view_page, :profile => @profile.identifier, :page => [ 'myarticle' ], :comment => { :title => '', :body => '' }
     assert_tag :tag => 'div', :attributes => { :class => 'post_comment_box opened' }
   end
-  
+
   should 'filter html content from body' do
     login_as @profile.identifier
     page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
@@ -345,4 +343,34 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     assert_tag :tag => 'div', :attributes => { :class => /main-block/ }, :descendant => { :tag => 'a', :attributes => { :href => "/myprofile/testinguser/cms/new?parent_id=#{folder.id}" } }
   end
+  should 'not give access to private articles if logged off' do
+    profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+    intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false)
+    get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
+
+    assert_template 'access_denied'
+  end
+
+  should 'not give access to private articles if logged in but not member' do
+    login_as('testinguser')
+    profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+    intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false)
+    get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
+
+    assert_template 'access_denied'
+  end
+
+  should 'give access to private articles if logged in and member' do
+    person = create_user('test_user').person
+    profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+    intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false)
+    profile.affiliate(person, Profile::Roles.member)
+    login_as('test_user')
+
+    get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
+
+    assert_template 'view_page'
+  end
+
+
 end
@@ -230,47 +230,6 @@ class ArticleTest &lt; Test::Unit::TestCase
     assert_equal true, a.display_to?(person)
   end
-  should 'not display to other unauthenticated user if private' do
-    # a person with private contents ...
-    person = create_user('testuser').person
-    person.update_attributes!(:public_content => false)
-
-    # ... has an article ...
-    a1 = person.articles.create!(:name => 'test article')
-
-    # ... which anonymous users cannot view
-    assert_equal false, a1.display_to?(nil)
-  end
-
-  should 'not display to another user if private' do
-    # a person with private contents ...
-    person = create_user('testuser').person
-    person.update_attributes!(:public_content => false)
-
-    # ... has an article ...
-    a1 = person.articles.create!(:name => 'test article')
-
-    # ... which another user cannot see
-    another_user = create_user('another_user').person
-    assert_equal false, a1.display_to?(another_user)
-  end
-
-  should 'display for members of profile' do
-    # a community with private content ...
-    community = Community.create!(:name => 'test community')
-    community.update_attributes!(:public_content => false)
-
-    # ... has an article ...
-    a1 = community.articles.create!(:name => 'test article')
-
-    # ... and its members ...
-    member = create_user('testuser').person
-    community.add_member(member)
-
-    # ... can view that article
-    assert_equal true, a1.display_to?(member)
-  end
-
   should 'reindex when comments are changed' do
     a = Article.new
     a.expects(:ferret_update)
@@ -365,4 +324,44 @@ class ArticleTest &lt; Test::Unit::TestCase
     assert !Article.new.accept_category?(ProductCategory.new)
   end
+  should 'accept public_article attribute' do
+    assert_respond_to Article.new, :public_article
+    assert_respond_to Article.new, :public_article=
+  end
+
+  should 'say that logged off user cannot see private article' do
+    profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+    article = Article.create!(:name => 'test article', :profile => profile, :public_article => false)
+
+    assert !article.display_to?(nil)
+  end 
+  
+  should 'say that not member of profile cannot see private article' do
+    profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+    article = Article.create!(:name => 'test article', :profile => profile, :public_article => false)
+    person = create_user('test_user').person
+
+    assert !article.display_to?(person)
+  end
+  
+  should 'say that member user can see private article' do
+    profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+    article = Article.create!(:name => 'test article', :profile => profile, :public_article => false)
+    person = create_user('test_user').person
+    profile.affiliate(person, Profile::Roles.member)
+
+    assert article.display_to?(person)
+  end
+
+  should 'not show article to non member if article public but profile private' do
+    profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile', :public_profile => false)
+    article = Article.create!(:name => 'test article', :profile => profile, :public_article => true)
+    person1 = create_user('test_user1').person
+    profile.affiliate(person1, Profile::Roles.member)
+    person2 = create_user('test_user2').person
+
+    assert !article.display_to?(nil)
+    assert !article.display_to?(person2)
+    assert article.display_to?(person1)
+  end
 end