ActionItem378: only show 'Manage Members' if user has permission

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1882 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem378: only show 'Manage Members' if user has permission
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1882 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent 38da9b9e
Showing 6 changed files with 54 additions and 5 deletions Show diff stats
app/models/profile.rb
app/views/profile_editor/index.rhtml
db/migrate/013_access_control_migration.rb
test/functional/profile_editor_controller_test.rb
test/unit/organization_test.rb
test/unit/profile_test.rb
@@ -295,6 +295,14 @@ class Profile &lt; ActiveRecord::Base
     self.affiliate(person, Profile::Roles.admin)
   end
+  def add_moderator(person)
+    if self.has_members?
+      self.affiliate(person, Profile::Roles.moderator)
+    else
+      raise _("%s can't has moderators") % self.class.name
+    end
+  end
+
   def self.recent(limit = nil)
     self.find(:all, :order => 'id desc', :limit => limit)
   end
 <div id="profile-editor-index">
 <h1 class="block-title"><%= _('My profile') %></h1>
-
+  
 <%= render :partial => 'pending_tasks' %>
 <% file_manager do %>
@@ -18,7 +18,7 @@
   <%= file_manager_button(_('Manage friends'), 'icons-app/friends.png', :controller => 'friends', :action => 'index') if profile.person? %>
-  <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization?  %>
+  <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization? && user.has_permission?(:manage_memberships, profile) %>
   <%= file_manager_button(_('Consumed Products'), 'icons-app/consumed_product.png', :controller => 'consumed_products') if profile.enterprise? %>
@@ -37,7 +37,9 @@ class AccessControlMigration &lt; ActiveRecord::Migration
       ])
       # moderators for enterprises, communities etc
-      Role.create!(:key => 'profile_moderator', :name => N_('Moderator'), :permissions => [ 'manage_memberships', 'edit_profile_design', 'manage_products' ])
+      Role.create!(:key => 'profile_moderator', :name => N_('Moderator'), :permissions => [
+        'manage_memberships', 'edit_profile_design', 'manage_products'
+      ])
     end
   end
@@ -284,4 +284,24 @@ class ProfileEditorControllerTest &lt; Test::Unit::TestCase
     assert_tag :tag => 'input', :attributes => { :type => 'checkbox', :name => 'profile_data[closed]' }
   end
+  should 'display manage members options if has permission' do
+    profile = Profile['ze']
+    community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
+    @controller.stubs(:user).returns(profile)
+    @controller.stubs(:profile).returns(community)
+    profile.stubs(:has_permission?).returns(true)
+    get :index, :profile => 'testorg'
+    assert_tag :tag => 'a', :content => 'Manage Members'
+  end
+
+  should 'not display manage members options if has no permission' do
+    profile = Profile['ze']
+    community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
+    @controller.stubs(:user).returns(profile)
+    @controller.stubs(:profile).returns(community)
+    profile.stubs(:has_permission?).returns(false)
+    get :index, :profile => 'testorg'
+    assert_no_tag :tag => 'a', :content => 'Manage Members'
+  end
+
 end
@@ -162,7 +162,7 @@ class OrganizationTest &lt; Test::Unit::TestCase
     assert_respond_to org, :closed?
   end
-  should 'allow to add new members' do
+  should 'allow to add new member' do
     o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
     p = create_user('mytestuser').person
@@ -182,4 +182,15 @@ class OrganizationTest &lt; Test::Unit::TestCase
     assert_not_includes c.members, p
   end
+  # FIXME why members dont return moderators???
+  should 'allow to add new moderator' do
+    o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
+    p = create_user('myanothertestuser').person
+
+    o.add_moderator(p)
+    o.reload
+
+    assert o.members.include?(p), "Organization should add the new moderator"
+  end
+
 end
@@ -326,7 +326,7 @@ class ProfileTest &lt; Test::Unit::TestCase
     assert_kind_of RssFeed, profile.articles.find_by_path('feed')
   end
-  should 'raises when add members' do
+  should 'not allow to add members' do
     c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
     p = create_user('mytestuser').person
     assert_raise RuntimeError do
@@ -343,6 +343,14 @@ class ProfileTest &lt; Test::Unit::TestCase
     assert c.members.include?(p), "Profile should add the new admin"
   end
+  should 'not allow to add moderators' do
+    c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_moderator(p)
+    end
+  end
+
   should 'have tasks' do
     c = Profile.create!(:name => 'my test profile', :identifier => 'mytestprofile')
     t1 = c.tasks.build
	@@ -295,6 +295,14 @@ class Profile < ActiveRecord::Base		@@ -295,6 +295,14 @@ class Profile < ActiveRecord::Base
295	self.affiliate(person, Profile::Roles.admin)	295	self.affiliate(person, Profile::Roles.admin)
296	end	296	end
297		297
		298	+ def add_moderator(person)
		299	+ if self.has_members?
		300	+ self.affiliate(person, Profile::Roles.moderator)
		301	+ else
		302	+ raise _("%s can't has moderators") % self.class.name
		303	+ end
		304	+ end
		305	+
298	def self.recent(limit = nil)	306	def self.recent(limit = nil)
299	self.find(:all, :order => 'id desc', :limit => limit)	307	self.find(:all, :order => 'id desc', :limit => limit)
300	end	308	end
1	<div id="profile-editor-index">	1	<div id="profile-editor-index">
2		2
3	<h1 class="block-title"><%= _('My profile') %></h1>	3	<h1 class="block-title"><%= _('My profile') %></h1>
4	-	4	+
5	<%= render :partial => 'pending_tasks' %>	5	<%= render :partial => 'pending_tasks' %>
6		6
7	<% file_manager do %>	7	<% file_manager do %>
	@@ -18,7 +18,7 @@		@@ -18,7 +18,7 @@
18		18
19	<%= file_manager_button(_('Manage friends'), 'icons-app/friends.png', :controller => 'friends', :action => 'index') if profile.person? %>	19	<%= file_manager_button(_('Manage friends'), 'icons-app/friends.png', :controller => 'friends', :action => 'index') if profile.person? %>
20		20
21	- <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization? %>	21	+ <%= file_manager_button(_('Manage Members'), 'icons-app/members.png', :controller => 'profile_members') if profile.organization? && user.has_permission?(:manage_memberships, profile) %>
22		22
23	<%= file_manager_button(_('Consumed Products'), 'icons-app/consumed_product.png', :controller => 'consumed_products') if profile.enterprise? %>	23	<%= file_manager_button(_('Consumed Products'), 'icons-app/consumed_product.png', :controller => 'consumed_products') if profile.enterprise? %>
24		24
	@@ -284,4 +284,24 @@ class ProfileEditorControllerTest < Test::Unit::TestCase		@@ -284,4 +284,24 @@ class ProfileEditorControllerTest < Test::Unit::TestCase
284	assert_tag :tag => 'input', :attributes => { :type => 'checkbox', :name => 'profile_data[closed]' }	284	assert_tag :tag => 'input', :attributes => { :type => 'checkbox', :name => 'profile_data[closed]' }
285	end	285	end
286		286
		287	+ should 'display manage members options if has permission' do
		288	+ profile = Profile['ze']
		289	+ community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
		290	+ @controller.stubs(:user).returns(profile)
		291	+ @controller.stubs(:profile).returns(community)
		292	+ profile.stubs(:has_permission?).returns(true)
		293	+ get :index, :profile => 'testorg'
		294	+ assert_tag :tag => 'a', :content => 'Manage Members'
		295	+ end
		296	+
		297	+ should 'not display manage members options if has no permission' do
		298	+ profile = Profile['ze']
		299	+ community = Community.create!(:name => 'test org', :identifier => 'testorg', :contact_person => 'my contact')
		300	+ @controller.stubs(:user).returns(profile)
		301	+ @controller.stubs(:profile).returns(community)
		302	+ profile.stubs(:has_permission?).returns(false)
		303	+ get :index, :profile => 'testorg'
		304	+ assert_no_tag :tag => 'a', :content => 'Manage Members'
		305	+ end
		306	+
287	end	307	end
	@@ -162,7 +162,7 @@ class OrganizationTest < Test::Unit::TestCase		@@ -162,7 +162,7 @@ class OrganizationTest < Test::Unit::TestCase
162	assert_respond_to org, :closed?	162	assert_respond_to org, :closed?
163	end	163	end
164		164
165	- should 'allow to add new members' do	165	+ should 'allow to add new member' do
166	o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')	166	o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
167	p = create_user('mytestuser').person	167	p = create_user('mytestuser').person
168		168
	@@ -182,4 +182,15 @@ class OrganizationTest < Test::Unit::TestCase		@@ -182,4 +182,15 @@ class OrganizationTest < Test::Unit::TestCase
182	assert_not_includes c.members, p	182	assert_not_includes c.members, p
183	end	183	end
184		184
		185	+ # FIXME why members dont return moderators???
		186	+ should 'allow to add new moderator' do
		187	+ o = Organization.create!(:name => 'my test profile', :identifier => 'mytestprofile')
		188	+ p = create_user('myanothertestuser').person
		189	+
		190	+ o.add_moderator(p)
		191	+ o.reload
		192	+
		193	+ assert o.members.include?(p), "Organization should add the new moderator"
		194	+ end
		195	+
185	end	196	end