Download as
Browse Code »

Commit de31ad255e433e43003781594f88111157fc88af

Authored by Victor Costa
Committed by Rodrigo Souto
1 parent 6c0f66e4
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Move code that checks permission to create an article into person class

Showing 3 changed files with 33 additions and 11 deletions   Show diff stats
app/controllers/my_profile/cms_controller.rb
  Diff comments   View file @de31ad2
@@ -27,20 +27,13 @@ class CmsController < MyProfileController @@ -27,20 +27,13 @@ class CmsController < MyProfileController
27 27
28 helper_method :file_types 28 helper_method :file_types
29 29
30 - protect_if :only => :upload_files do |c, user, profile|  
31 - article_id = c.params[:parent_id]  
32 - (!article_id.blank? && profile.articles.find(article_id).allow_create?(user)) ||  
33 - (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))  
34 - end  
35 -  
36 - protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :publish_on_portal_community, :publish_on_communities, :search_communities_to_publish, :upload_files, :new] do |c, user, profile| 30 + protect_if :except => [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] do |c, user, profile|
37 user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)) 31 user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
38 end 32 end
39 33
40 - protect_if :only => :new do |c, user, profile|  
41 - article = profile.articles.find_by_id(c.params[:parent_id])  
42 - (!article.nil? && (article.allow_create?(user) || article.parent.allow_create?(user))) ||  
43 - (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))) 34 + protect_if :only => [:new, :upload_files] do |c, user, profile|
  35 + parent = profile.articles.find_by_id(c.params[:parent_id])
  36 + user && user.can_post_content?(profile, parent)
44 end 37 end
45 38
46 protect_if :only => :destroy do |c, user, profile| 39 protect_if :only => :destroy do |c, user, profile|
app/models/person.rb
  Diff comments   View file @de31ad2
@@ -123,6 +123,11 @@ roles] } @@ -123,6 +123,11 @@ roles] }
123 self.tracked_notifications.exists?(activity) 123 self.tracked_notifications.exists?(activity)
124 end 124 end
125 125
  126 + def can_post_content?(profile, parent=nil)
  127 + (!parent.nil? && (parent.allow_create?(self))) ||
  128 + (self.has_permission?('post_content', profile) || self.has_permission?('publish_content', profile))
  129 + end
  130 +
126 # Sets the identifier for this person. Raises an exception when called on a 131 # Sets the identifier for this person. Raises an exception when called on a
127 # existing person (since peoples' identifiers cannot be changed) 132 # existing person (since peoples' identifiers cannot be changed)
128 def identifier=(value) 133 def identifier=(value)
test/unit/person_test.rb
  Diff comments   View file @de31ad2
@@ -1524,6 +1524,7 @@ class PersonTest < ActiveSupport::TestCase @@ -1524,6 +1524,7 @@ class PersonTest < ActiveSupport::TestCase
1524 end 1524 end
1525 end 1525 end
1526 1526
  1527 +<<<<<<< HEAD
1527 should 'have a list of suggested people to be friend' do 1528 should 'have a list of suggested people to be friend' do
1528 person = create_user('person').person 1529 person = create_user('person').person
1529 suggested_friend = fast_create(Person) 1530 suggested_friend = fast_create(Person)
@@ -1638,4 +1639,27 @@ class PersonTest &lt; ActiveSupport::TestCase @@ -1638,4 +1639,27 @@ class PersonTest &lt; ActiveSupport::TestCase
1638 assert_equal false, person.follows?(nil) 1639 assert_equal false, person.follows?(nil)
1639 end 1640 end
1640 1641
  1642 + should 'allow posting content when has post_content permission' do
  1643 + person = create_user('person').person
  1644 + profile = mock
  1645 + person.expects(:has_permission?).with('post_content', profile).returns(true)
  1646 + assert person.can_post_content?(profile)
  1647 + end
  1648 +
  1649 + should 'allow posting content when has publish_content permission' do
  1650 + person = create_user('person').person
  1651 + profile = mock
  1652 + person.expects(:has_permission?).with('post_content', profile).returns(false)
  1653 + person.expects(:has_permission?).with('publish_content', profile).returns(true)
  1654 + assert person.can_post_content?(profile)
  1655 + end
  1656 +
  1657 + should 'allow posting content when has permission in the parent' do
  1658 + person = create_user('person').person
  1659 + profile = mock
  1660 + parent = mock
  1661 + parent.expects(:allow_create?).with(person).returns(true)
  1662 + assert person.can_post_content?(profile, parent)
  1663 + end
  1664 +
1641 end 1665 end