Download as
Browse Code »

Commit dfed60056c9e3f6162e9e7f28a9da4a9de605f02

Authored by Tallys Martins
1 parent 1db348b8
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

WorkAssignment privacy edition now works for all users 

Refactored Cms Controller inheritance on Work Assignment Plugin.
Added a new method on Cms controller that is extended on Work Assignment Plugin and can allow a plugin action to by pass
the static before filter generated on Cms that denies any other actions outside it's list.
Added a before filter on plugin cms controller  that allows the visibility edition only for the article author and admins.

Signed-off-by Tallys Martins <tallysmartins@gmail.com>
Signed-off-by: Arhur Del Esposte <arthurmde@gmail.com>
Signed-off-by: Luciano Prestes <lucianopcbr@gmail.com>
Showing 4 changed files with 43 additions and 21 deletions   Show diff stats
app/controllers/my_profile/cms_controller.rb
  Diff comments   View file @dfed600
@@ -30,9 +30,13 @@ class CmsController &lt; MyProfileController @@ -30,9 +30,13 @@ class CmsController &lt; MyProfileController
30 (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))) 30 (user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)))
31 end 31 end
32 32
  33 + def self.add_as_exception?(action)
  34 + false
  35 + end
  36 +
33 action_list = [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new] 37 action_list = [:suggest_an_article, :set_home_page, :edit, :destroy, :publish, :upload_files, :new]
34 protect_if :except => action_list do |c, user, profile| 38 protect_if :except => action_list do |c, user, profile|
35 - user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile)) 39 + add_as_exception?(c.action_name) || user && (user.has_permission?('post_content', profile) || user.has_permission?('publish_content', profile))
36 end 40 end
37 41
38 protect_if :only => :new do |c, user, profile| 42 protect_if :only => :new do |c, user, profile|
plugins/work_assignment/controllers/myprofile/work_assignment_plugin_cms_controller.rb
View file @1db348b
@@ -1,19 +0,0 @@ @@ -1,19 +0,0 @@
1 -class WorkAssignmentPluginCmsController < CmsController  
2 -  
3 - def edit_visibility  
4 - @folder = profile.articles.find(params[:article_id])  
5 - @back_to = url_for(@folder.parent.url)  
6 - if request.post?  
7 - @folder.published = params[:article][:published]  
8 - unless params[:q].nil?  
9 - @folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}  
10 - @folder.children.each do |c|  
11 - c.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}  
12 - c.save!  
13 - end  
14 - end  
15 - @folder.save!  
16 - redirect_to @back_to  
17 - end  
18 - end  
19 -end  
20 \ No newline at end of file 0 \ No newline at end of file
plugins/work_assignment/lib/ext/cms_controller.rb 0 → 100644
  Diff comments   View file @dfed600
@@ -0,0 +1,37 @@ @@ -0,0 +1,37 @@
  1 +require_dependency 'cms_controller'
  2 +
  3 +class CmsController
  4 +
  5 +
  6 +protect_if :only => :edit_visibility do |c,user,profile|
  7 + profile.articles.find(c.params[:article_id]).author == user || user.has_permission?('view_private_content', profile)
  8 +end
  9 +
  10 +def edit_visibility
  11 + @folder = profile.articles.find(params[:article_id])
  12 + @back_to = url_for(@folder.parent.url)
  13 + if request.post?
  14 + @folder.published = params[:article][:published]
  15 + unless params[:q].nil?
  16 + @folder.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
  17 + @folder.children.each do |c|
  18 + c.article_privacy_exceptions = params[:q].split(/,/).map{|n| environment.people.find n.to_i}
  19 + c.save!
  20 + end
  21 + end
  22 + @folder.save!
  23 + redirect_to @back_to
  24 + end
  25 + end
  26 +
  27 +def self.add_as_exception?(action)
  28 + actions = "edit_visibility, search_article_privacy_exceptions"
  29 +
  30 + if actions.include? action
  31 + true
  32 + else
  33 + false
  34 + end
  35 + end
  36 +
  37 +end
0 \ No newline at end of file 38 \ No newline at end of file
plugins/work_assignment/lib/work_assignment_plugin/helper.rb
  Diff comments   View file @dfed600
@@ -83,7 +83,7 @@ module WorkAssignmentPlugin::Helper @@ -83,7 +83,7 @@ module WorkAssignmentPlugin::Helper
83 m.articles_with_access.include?(@folder) 83 m.articles_with_access.include?(@folder)
84 } 84 }
85 ) 85 )
86 - colorbox_button :edit, _('Edit'), { :controller => 'work_assignment_plugin_cms', 86 + colorbox_button :edit, _('Edit'), { :controller => 'cms',
87 :action => 'edit_visibility', :article_id => @folder.id, :tokenized_children => @tokenized_children} 87 :action => 'edit_visibility', :article_id => @folder.id, :tokenized_children => @tokenized_children}
88 end 88 end
89 end 89 end