proper validations for approve_article task

Rodrigo Souto
1 parent ed0554c6
Showing 2 changed files with 62 additions and 6 deletions Show diff stats
app/models/approve_article.rb
test/unit/approve_article_test.rb
@@ -2,8 +2,18 @@ class ApproveArticle &lt; Task
   validates_presence_of :requestor_id, :target_id
   validates :requestor, kind_of: {kind: Person}
-  #validates :target, kind_of: {kind: Organization}
-  #validate :request_is_member_of_target
+  validate :allowed_requestor
+
+  def allowed_requestor
+    if target
+      if target.person? && requestor != target
+        self.errors.add(:requestor, _('You can not post articles to other users.'))
+      end
+      if target.organization? && !target.members.include?(requestor) && target.environment.portal_community != target
+        self.errors.add(:requestor, _('Only members can post articles on communities.'))
+      end
+    end
+  end
   def article_title
     article ? article.title : _('(The original text was removed)')
@@ -9,6 +9,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     @profile = create_user('test_user').person
     @article = fast_create(TextileArticle, :profile_id => @profile.id, :name => 'test name', :abstract => 'Lead of article', :body => 'This is my article')
     @community = fast_create(Community)
+    @community.add_member(@profile)
   end
   attr_reader :profile, :article, :community
@@ -251,6 +252,8 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
   end
   should 'not group trackers activity of article\'s creation' do
+    other_community = fast_create(Community)
+    other_community.add_member(profile)
     ActionTracker::Record.delete_all
     article = fast_create(TextileArticle)
@@ -262,20 +265,20 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     a.finish
     article = fast_create(TextileArticle)
-    other_community = fast_create(Community)
     a = create(ApproveArticle, :name => 'another bar', :article => article, :target => other_community, :requestor => profile)
     a.finish
     assert_equal 3, ActionTracker::Record.count
   end
   should 'not create trackers activity when updating articles' do
+    other_community = fast_create(Community)
+    other_community.add_member(profile)
     ActionTracker::Record.delete_all
     article1 = fast_create(TextileArticle)
     a = create(ApproveArticle, :name => 'bar', :article => article1, :target => community, :requestor => profile)
     a.finish
     article2 = fast_create(TinyMceArticle)
-    other_community = fast_create(Community)
     a = create(ApproveArticle, :name => 'another bar', :article => article2, :target => other_community, :requestor => profile)
     a.finish
     assert_equal 2, ActionTracker::Record.count
@@ -283,7 +286,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     assert_no_difference 'ActionTracker::Record.count' do
       published = article1.class.last
       published.name = 'foo';published.save!
-  
+
       published = article2.class.last
       published.name = 'another foo';published.save!
     end
@@ -307,7 +310,7 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     person = fast_create(Person)
     person.stubs(:notification_emails).returns(['target@example.org'])
-    a = create(ApproveArticle, :article => article, :target => person, :requestor => profile)
+    a = create(ApproveArticle, :article => article, :target => person, :requestor => person)
     a.finish
     approved_article = person.articles.find_by_name(article.name)
@@ -440,4 +443,47 @@ class ApproveArticleTest &lt; ActiveSupport::TestCase
     assert_equal article, LinkArticle.last.reference_article
   end
+  should 'not allow non-person requestor' do
+    task = ApproveArticle.new(:requestor => Community.new)
+    task.valid?
+    assert task.invalid?(:requestor)
+  end
+
+  should 'allow only self requestors when the target is a person' do
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+
+    t1 = ApproveArticle.new(:requestor => person, :target => person)
+    t2 = ApproveArticle.new(:requestor => another_person, :target => person)
+
+    assert t1.valid?
+    assert !t2.valid?
+    assert t2.invalid?(:requestor)
+  end
+
+  should 'allow only members to be requestors when target is a community' do
+    community = fast_create(Community)
+    member = fast_create(Person)
+    community.add_member(member)
+    non_member = fast_create(Person)
+
+    t1 = ApproveArticle.new(:requestor => member, :target => community)
+    t2 = ApproveArticle.new(:requestor => non_member, :target => community)
+
+    assert t1.valid?
+    assert !t2.valid?
+    assert t2.invalid?(:requestor)
+  end
+
+  should 'allow any user to be requestor whe the target is the portal community' do
+    community = fast_create(Community)
+    environment = community.environment
+    environment.portal_community = community
+    environment.save!
+    person = fast_create(Person)
+
+    task = ApproveArticle.new(:requestor => person, :target => community)
+
+    assert task.valid?
+  end
 end
	@@ -2,8 +2,18 @@ class ApproveArticle < Task		@@ -2,8 +2,18 @@ class ApproveArticle < Task
2	validates_presence_of :requestor_id, :target_id	2	validates_presence_of :requestor_id, :target_id
3		3
4	validates :requestor, kind_of: {kind: Person}	4	validates :requestor, kind_of: {kind: Person}
5	- #validates :target, kind_of: {kind: Organization}
6	- #validate :request_is_member_of_target	5	+ validate :allowed_requestor
		6	+
		7	+ def allowed_requestor
		8	+ if target
		9	+ if target.person? && requestor != target
		10	+ self.errors.add(:requestor, _('You can not post articles to other users.'))
		11	+ end
		12	+ if target.organization? && !target.members.include?(requestor) && target.environment.portal_community != target
		13	+ self.errors.add(:requestor, _('Only members can post articles on communities.'))
		14	+ end
		15	+ end
		16	+ end
7		17
8	def article_title	18	def article_title
9	article ? article.title : _('(The original text was removed)')	19	article ? article.title : _('(The original text was removed)')
	@@ -9,6 +9,7 @@ class ApproveArticleTest < ActiveSupport::TestCase		@@ -9,6 +9,7 @@ class ApproveArticleTest < ActiveSupport::TestCase
9	@profile = create_user('test_user').person	9	@profile = create_user('test_user').person
10	@article = fast_create(TextileArticle, :profile_id => @profile.id, :name => 'test name', :abstract => 'Lead of article', :body => 'This is my article')	10	@article = fast_create(TextileArticle, :profile_id => @profile.id, :name => 'test name', :abstract => 'Lead of article', :body => 'This is my article')
11	@community = fast_create(Community)	11	@community = fast_create(Community)
		12	+ @community.add_member(@profile)
12	end	13	end
13	attr_reader :profile, :article, :community	14	attr_reader :profile, :article, :community
14		15
	@@ -251,6 +252,8 @@ class ApproveArticleTest < ActiveSupport::TestCase		@@ -251,6 +252,8 @@ class ApproveArticleTest < ActiveSupport::TestCase
251	end	252	end
252		253
253	should 'not group trackers activity of article\'s creation' do	254	should 'not group trackers activity of article\'s creation' do
		255	+ other_community = fast_create(Community)
		256	+ other_community.add_member(profile)
254	ActionTracker::Record.delete_all	257	ActionTracker::Record.delete_all
255		258
256	article = fast_create(TextileArticle)	259	article = fast_create(TextileArticle)
	@@ -262,20 +265,20 @@ class ApproveArticleTest < ActiveSupport::TestCase		@@ -262,20 +265,20 @@ class ApproveArticleTest < ActiveSupport::TestCase
262	a.finish	265	a.finish
263		266
264	article = fast_create(TextileArticle)	267	article = fast_create(TextileArticle)
265	- other_community = fast_create(Community)
266	a = create(ApproveArticle, :name => 'another bar', :article => article, :target => other_community, :requestor => profile)	268	a = create(ApproveArticle, :name => 'another bar', :article => article, :target => other_community, :requestor => profile)
267	a.finish	269	a.finish
268	assert_equal 3, ActionTracker::Record.count	270	assert_equal 3, ActionTracker::Record.count
269	end	271	end
270		272
271	should 'not create trackers activity when updating articles' do	273	should 'not create trackers activity when updating articles' do
		274	+ other_community = fast_create(Community)
		275	+ other_community.add_member(profile)
272	ActionTracker::Record.delete_all	276	ActionTracker::Record.delete_all
273	article1 = fast_create(TextileArticle)	277	article1 = fast_create(TextileArticle)
274	a = create(ApproveArticle, :name => 'bar', :article => article1, :target => community, :requestor => profile)	278	a = create(ApproveArticle, :name => 'bar', :article => article1, :target => community, :requestor => profile)
275	a.finish	279	a.finish
276		280
277	article2 = fast_create(TinyMceArticle)	281	article2 = fast_create(TinyMceArticle)
278	- other_community = fast_create(Community)
279	a = create(ApproveArticle, :name => 'another bar', :article => article2, :target => other_community, :requestor => profile)	282	a = create(ApproveArticle, :name => 'another bar', :article => article2, :target => other_community, :requestor => profile)
280	a.finish	283	a.finish
281	assert_equal 2, ActionTracker::Record.count	284	assert_equal 2, ActionTracker::Record.count
	@@ -283,7 +286,7 @@ class ApproveArticleTest < ActiveSupport::TestCase		@@ -283,7 +286,7 @@ class ApproveArticleTest < ActiveSupport::TestCase
283	assert_no_difference 'ActionTracker::Record.count' do	286	assert_no_difference 'ActionTracker::Record.count' do
284	published = article1.class.last	287	published = article1.class.last
285	published.name = 'foo';published.save!	288	published.name = 'foo';published.save!
286	-	289	+
287	published = article2.class.last	290	published = article2.class.last
288	published.name = 'another foo';published.save!	291	published.name = 'another foo';published.save!
289	end	292	end
	@@ -307,7 +310,7 @@ class ApproveArticleTest < ActiveSupport::TestCase		@@ -307,7 +310,7 @@ class ApproveArticleTest < ActiveSupport::TestCase
307	person = fast_create(Person)	310	person = fast_create(Person)
308	person.stubs(:notification_emails).returns(['target@example.org'])	311	person.stubs(:notification_emails).returns(['target@example.org'])
309		312
310	- a = create(ApproveArticle, :article => article, :target => person, :requestor => profile)	313	+ a = create(ApproveArticle, :article => article, :target => person, :requestor => person)
311	a.finish	314	a.finish
312		315
313	approved_article = person.articles.find_by_name(article.name)	316	approved_article = person.articles.find_by_name(article.name)
	@@ -440,4 +443,47 @@ class ApproveArticleTest < ActiveSupport::TestCase		@@ -440,4 +443,47 @@ class ApproveArticleTest < ActiveSupport::TestCase
440	assert_equal article, LinkArticle.last.reference_article	443	assert_equal article, LinkArticle.last.reference_article
441	end	444	end
442		445
		446	+ should 'not allow non-person requestor' do
		447	+ task = ApproveArticle.new(:requestor => Community.new)
		448	+ task.valid?
		449	+ assert task.invalid?(:requestor)
		450	+ end
		451	+
		452	+ should 'allow only self requestors when the target is a person' do
		453	+ person = fast_create(Person)
		454	+ another_person = fast_create(Person)
		455	+
		456	+ t1 = ApproveArticle.new(:requestor => person, :target => person)
		457	+ t2 = ApproveArticle.new(:requestor => another_person, :target => person)
		458	+
		459	+ assert t1.valid?
		460	+ assert !t2.valid?
		461	+ assert t2.invalid?(:requestor)
		462	+ end
		463	+
		464	+ should 'allow only members to be requestors when target is a community' do
		465	+ community = fast_create(Community)
		466	+ member = fast_create(Person)
		467	+ community.add_member(member)
		468	+ non_member = fast_create(Person)
		469	+
		470	+ t1 = ApproveArticle.new(:requestor => member, :target => community)
		471	+ t2 = ApproveArticle.new(:requestor => non_member, :target => community)
		472	+
		473	+ assert t1.valid?
		474	+ assert !t2.valid?
		475	+ assert t2.invalid?(:requestor)
		476	+ end
		477	+
		478	+ should 'allow any user to be requestor whe the target is the portal community' do
		479	+ community = fast_create(Community)
		480	+ environment = community.environment
		481	+ environment.portal_community = community
		482	+ environment.save!
		483	+ person = fast_create(Person)
		484	+
		485	+ task = ApproveArticle.new(:requestor => person, :target => community)
		486	+
		487	+ assert task.valid?
		488	+ end
443	end	489	end