ActionItem378: only show 'Manage Members' if user has permission

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1882 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem378: only show 'Manage Members' if user has permission
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1882 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent 38da9b9e
Showing 6 changed files with 54 additions and 5 deletions Show diff stats
app/models/profile.rb
app/views/profile_editor/index.rhtml
db/migrate/013_access_control_migration.rb
test/functional/profile_editor_controller_test.rb
test/unit/organization_test.rb
test/unit/profile_test.rb
@@ -295,6 +295,14 @@ class Profile &lt; ActiveRecord::Base
     self.affiliate(person, Profile::Roles.admin)
   end
  
+  def add_moderator(person)
+    if self.has_members?
+      self.affiliate(person, Profile::Roles.moderator)
+    else
+      raise _("%s can't has moderators") % self.class.name
+    end
+  end
+
   def self.recent(limit = nil)
     self.find(:all, :order => 'id desc', :limit => limit)
   end
 <div id="profile-editor-index">
  
 <h1 class="block-title"><%= _('My profile') %></h1>
-
+  
 <%= render :partial => 'pending_tasks' %>
  
 <% file_manager do %>
@@ -18,7 +18,7 @@
  
   <%= file_manager_button(_('Manage friends'), 'icons-app/friends.png', :controller => 'friends', :action => 'index') if profile.person? %>
  
-  <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization?  %>
+  <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization? && user.has_permission?(:manage_memberships, profile) %>
  
   <%= file_manager_button(_('Consumed Products'), 'icons-app/consumed_product.png', :controller => 'consumed_products') if profile.enterprise? %>
  
@@ -37,7 +37,9 @@ class AccessControlMigration &lt; ActiveRecord::Migration
       ])
  
       # moderators for enterprises, communities etc
-      Role.create!(:key => 'profile_moderator', :name => N_('Moderator'), :permissions => [ 'manage_memberships', 'edit_profile_design', 'manage_products' ])
+      Role.create!(:key => 'profile_moderator', :name => N_('Moderator'), :permissions => [
+        'manage_memberships', 'edit_profile_design', 'manage_products'
+      ])
  
     end
   end
@@ -284,4 +284,24 @@ class ProfileEditorControllerTest &lt; Test::Unit::TestCase
     assert_tag :tag => 'input', :attributes => { :type => 'checkbox', :name => 'profile_data[closed]' }
   end
  
+  should 'display manage members options if has permission' do
+    profile = Profile['ze']
+    community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
+    @controller.stubs(:user).returns(profile)
+    @controller.stubs(:profile).returns(community)
+    profile.stubs(:has_permission?).returns(true)
+    get :index, :profile => 'testorg'
+    assert_tag :tag => 'a', :content => 'Manage Members'
+  end
+
+  should 'not display manage members options if has no permission' do
+    profile = Profile['ze']
+    community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
+    @controller.stubs(:user).returns(profile)
+    @controller.stubs(:profile).returns(community)
+    profile.stubs(:has_permission?).returns(false)
+    get :index, :profile => 'testorg'
+    assert_no_tag :tag => 'a', :content => 'Manage Members'
+  end
+
 end
@@ -162,7 +162,7 @@ class OrganizationTest &lt; Test::Unit::TestCase
     assert_respond_to org, :closed?
   end
  
-  should 'allow to add new members' do
+  should 'allow to add new member' do
     o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
     p = create_user('mytestuser').person
  
@@ -182,4 +182,15 @@ class OrganizationTest &lt; Test::Unit::TestCase
     assert_not_includes c.members, p
   end
  
+  # FIXME why members dont return moderators???
+  should 'allow to add new moderator' do
+    o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
+    p = create_user('myanothertestuser').person
+
+    o.add_moderator(p)
+    o.reload
+
+    assert o.members.include?(p), "Organization should add the new moderator"
+  end
+
 end
@@ -326,7 +326,7 @@ class ProfileTest &lt; Test::Unit::TestCase
     assert_kind_of RssFeed, profile.articles.find_by_path('feed')
   end
  
-  should 'raises when add members' do
+  should 'not allow to add members' do
     c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
     p = create_user('mytestuser').person
     assert_raise RuntimeError do
@@ -343,6 +343,14 @@ class ProfileTest &lt; Test::Unit::TestCase
     assert c.members.include?(p), "Profile should add the new admin"
   end
  
+  should 'not allow to add moderators' do
+    c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_moderator(p)
+    end
+  end
+
   should 'have tasks' do
     c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
     t1 = c.tasks.build
...	...	@@ -295,6 +295,14 @@ class Profile < ActiveRecord::Base
295	295	self.affiliate(person, Profile::Roles.admin)
296	296	end
297	297
	298	+ def add_moderator(person)
	299	+ if self.has_members?
	300	+ self.affiliate(person, Profile::Roles.moderator)
	301	+ else
	302	+ raise _("%s can't has moderators") % self.class.name
	303	+ end
	304	+ end
	305	+
298	306	def self.recent(limit = nil)
299	307	self.find(:all, :order => 'id desc', :limit => limit)
300	308	end
...	...
1	1	<div id="profile-editor-index">
2	2
3	3	<h1 class="block-title"><%= _('My profile') %></h1>
4		-
	4	+
5	5	<%= render :partial => 'pending_tasks' %>
6	6
7	7	<% file_manager do %>
...	...	@@ -18,7 +18,7 @@
18	18
19	19	<%= file_manager_button(_('Manage friends'), 'icons-app/friends.png', :controller => 'friends', :action => 'index') if profile.person? %>
20	20
21		- <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization? %>
	21	+ <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization? && user.has_permission?(:manage_memberships, profile) %>
22	22
23	23	<%= file_manager_button(_('Consumed Products'), 'icons-app/consumed_product.png', :controller => 'consumed_products') if profile.enterprise? %>
24	24
...	...
...	...	@@ -37,7 +37,9 @@ class AccessControlMigration < ActiveRecord::Migration
37	37	])
38	38
39	39	# moderators for enterprises, communities etc
40		- Role.create!(:key => 'profile_moderator', :name => N_('Moderator'), :permissions => [ 'manage_memberships', 'edit_profile_design', 'manage_products' ])
	40	+ Role.create!(:key => 'profile_moderator', :name => N_('Moderator'), :permissions => [
	41	+ 'manage_memberships', 'edit_profile_design', 'manage_products'
	42	+ ])
41	43
42	44	end
43	45	end
...	...
...	...	@@ -284,4 +284,24 @@ class ProfileEditorControllerTest < Test::Unit::TestCase
284	284	assert_tag :tag => 'input', :attributes => { :type => 'checkbox', :name => 'profile_data[closed]' }
285	285	end
286	286
	287	+ should 'display manage members options if has permission' do
	288	+ profile = Profile['ze']
	289	+ community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
	290	+ @controller.stubs(:user).returns(profile)
	291	+ @controller.stubs(:profile).returns(community)
	292	+ profile.stubs(:has_permission?).returns(true)
	293	+ get :index, :profile => 'testorg'
	294	+ assert_tag :tag => 'a', :content => 'Manage Members'
	295	+ end
	296	+
	297	+ should 'not display manage members options if has no permission' do
	298	+ profile = Profile['ze']
	299	+ community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
	300	+ @controller.stubs(:user).returns(profile)
	301	+ @controller.stubs(:profile).returns(community)
	302	+ profile.stubs(:has_permission?).returns(false)
	303	+ get :index, :profile => 'testorg'
	304	+ assert_no_tag :tag => 'a', :content => 'Manage Members'
	305	+ end
	306	+
287	307	end
...	...
...	...	@@ -162,7 +162,7 @@ class OrganizationTest < Test::Unit::TestCase
162	162	assert_respond_to org, :closed?
163	163	end
164	164
165		- should 'allow to add new members' do
	165	+ should 'allow to add new member' do
166	166	o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
167	167	p = create_user('mytestuser').person
168	168
...	...	@@ -182,4 +182,15 @@ class OrganizationTest < Test::Unit::TestCase
182	182	assert_not_includes c.members, p
183	183	end
184	184
	185	+ # FIXME why members dont return moderators???
	186	+ should 'allow to add new moderator' do
	187	+ o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
	188	+ p = create_user('myanothertestuser').person
	189	+
	190	+ o.add_moderator(p)
	191	+ o.reload
	192	+
	193	+ assert o.members.include?(p), "Organization should add the new moderator"
	194	+ end
	195	+
185	196	end
...	...
...	...	@@ -326,7 +326,7 @@ class ProfileTest < Test::Unit::TestCase
326	326	assert_kind_of RssFeed, profile.articles.find_by_path('feed')
327	327	end
328	328
329		- should 'raises when add members' do
	329	+ should 'not allow to add members' do
330	330	c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
331	331	p = create_user('mytestuser').person
332	332	assert_raise RuntimeError do
...	...	@@ -343,6 +343,14 @@ class ProfileTest < Test::Unit::TestCase
343	343	assert c.members.include?(p), "Profile should add the new admin"
344	344	end
345	345
	346	+ should 'not allow to add moderators' do
	347	+ c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
	348	+ p = create_user('mytestuser').person
	349	+ assert_raise RuntimeError do
	350	+ c.add_moderator(p)
	351	+ end
	352	+ end
	353	+
346	354	should 'have tasks' do
347	355	c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
348	356	t1 = c.tasks.build
...	...