ActionItem93: reactivated permissions and made tests pass

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1062 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem93: reactivated permissions and made tests pass
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1062 3f533792-8f58-4932-b0fe-aaf55b0a4547
MoisesMachado
1 parent bac820e8
Showing 10 changed files with 19 additions and 20 deletions Show diff stats
app/controllers/my_profile/cms_controller.rb
app/controllers/my_profile/consumed_products_controller.rb
app/controllers/my_profile/enterprise_editor_controller.rb
app/controllers/my_profile/manage_products_controller.rb
app/controllers/my_profile/profile_editor_controller.rb
app/controllers/my_profile/profile_members_controller.rb
app/models/profile.rb
test/functional/cms_controller_test.rb
test/functional/enterprise_editor_controller_test.rb
test/test_helper.rb
 class CmsController < MyProfileController
  
-  # FIXME add the access control again
-  # protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete]
+  protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete]
  
   design :holder => :profile
  
 class ConsumedProductsController < ApplicationController
   needs_profile
  
-#  protect 'manage_products', :profile
+  protect 'manage_products', :profile
  
   def index
     @consumptions = @profile.consumptions
@@ -2,8 +2,9 @@ class EnterpriseEditorController &lt; MyProfileController
   protect 'edit_profile', :profile, :user, :except => :destroy
   protect 'destroy_profile', :profile, :only => :destroy
  
-  before_filter :check_enterprise
-
+  requires_profile_class(Enterprise)
+  before_filter :enterprise
+  
   # Show details about an enterprise  
   def index
   end
@@ -35,13 +36,9 @@ class EnterpriseEditorController &lt; MyProfileController
     end
   end
  
-  protected
+ protected
  
-  def check_enterprise
-    if profile.is_a?(Enterprise)
-      @enterprise = profile
-    else 
-      redirect_to :controller => 'account'  #:controller => 'profile_editor', :profile => current_user.login and return
-    end
+  def enterprise
+    @enterprise = @profile
   end
 end
 class ManageProductsController < ApplicationController
   needs_profile
  
-#  protect 'manage_products', :profile
+  protect 'manage_products', :profile
  
   def index
     @products = @profile.products
 class ProfileEditorController < MyProfileController
  
-  #protect 'edit_profile', :profile, only => [:index, :edit]
+  protect 'edit_profile', :profile, :only => [:index, :edit]
  
   helper :profile
  
 class ProfileMembersController < MyProfileController
-#  protect 'manage_memberships', :profile
+  protect 'manage_memberships', :profile
  
   def index
     @members = profile.members
@@ -9,6 +9,7 @@ class Profile &lt; ActiveRecord::Base
     'manage_memberships' => N_('Manage memberships'),
     'post_content' => N_('Post content'),
     'edit_profile_design' => N_('Edit profile design'),
+    'manage_products' => N_('Manage products'),
   }
  
   acts_as_accessible
@@ -13,7 +13,8 @@ class CmsControllerTest &lt; Test::Unit::TestCase
     @request    = ActionController::TestRequest.new
     @response   = ActionController::TestResponse.new
  
-    @profile = create_user('testinguser').person
+    @profile = create_user_with_permission('testinguser', 'post_content')
+    login_as :testinguser
   end
  
   attr_reader :profile
@@ -67,12 +67,12 @@ class EnterpriseEditorControllerTest &lt; Test::Unit::TestCase
     user = create_user_with_permission('test_user', 'edit_profile', ent)
     login_as :test_user
  
-    post 'update', :profile => 'test_enterprise', :enterprise => {:name => 'test_name'}
+    post 'update', :profile => 'test_enterprise', :organization_info => {:acronym => 'bla'}
  
     assert_response :redirect
     assert_redirected_to :action => 'index'
     ent.reload
-    assert_equal 'test_name',  ent.name
+    assert_equal 'bla',  ent.organization_info.acronym
   end
  
   should 'destroy' do
@@ -63,15 +63,16 @@ class Test::Unit::TestCase
                  :password_confirmation => name.underscore)
   end
  
-  def create_user_with_permission(name, permission, target)
+  def create_user_with_permission(name, permission, target= nil)
     user = create_user(name).person
+    target ||= user
     i = 0
     while Role.find_by_name('test_role' + i.to_s)
       i+=1
     end
  
     role = Role.create!(:name => 'test_role' + i.to_s, :permissions => [permission])
-    assert user.add_role(role, target)
+    assert user.add_role(role, target) 
     assert user.has_permission?(permission, target)
     user
   end
1	1	class CmsController < MyProfileController
2	2
3		- # FIXME add the access control again
4		- # protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete]
	3	+ protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete]
5	4
6	5	design :holder => :profile
7	6
...	...
1	1	class ConsumedProductsController < ApplicationController
2	2	needs_profile
3	3
4		-# protect 'manage_products', :profile
	4	+ protect 'manage_products', :profile
5	5
6	6	def index
7	7	@consumptions = @profile.consumptions
...	...
...	...	@@ -2,8 +2,9 @@ class EnterpriseEditorController < MyProfileController
2	2	protect 'edit_profile', :profile, :user, :except => :destroy
3	3	protect 'destroy_profile', :profile, :only => :destroy
4	4
5		- before_filter :check_enterprise
6		-
	5	+ requires_profile_class(Enterprise)
	6	+ before_filter :enterprise
	7	+
7	8	# Show details about an enterprise
8	9	def index
9	10	end
...	...	@@ -35,13 +36,9 @@ class EnterpriseEditorController < MyProfileController
35	36	end
36	37	end
37	38
38		- protected
	39	+ protected
39	40
40		- def check_enterprise
41		- if profile.is_a?(Enterprise)
42		- @enterprise = profile
43		- else
44		- redirect_to :controller => 'account' #:controller => 'profile_editor', :profile => current_user.login and return
45		- end
	41	+ def enterprise
	42	+ @enterprise = @profile
46	43	end
47	44	end
...	...
1	1	class ManageProductsController < ApplicationController
2	2	needs_profile
3	3
4		-# protect 'manage_products', :profile
	4	+ protect 'manage_products', :profile
5	5
6	6	def index
7	7	@products = @profile.products
...	...
1	1	class ProfileEditorController < MyProfileController
2	2
3		- #protect 'edit_profile', :profile, only => [:index, :edit]
	3	+ protect 'edit_profile', :profile, :only => [:index, :edit]
4	4
5	5	helper :profile
6	6
...	...
1	1	class ProfileMembersController < MyProfileController
2		-# protect 'manage_memberships', :profile
	2	+ protect 'manage_memberships', :profile
3	3
4	4	def index
5	5	@members = profile.members
...	...
...	...	@@ -9,6 +9,7 @@ class Profile < ActiveRecord::Base
9	9	'manage_memberships' => N_('Manage memberships'),
10	10	'post_content' => N_('Post content'),
11	11	'edit_profile_design' => N_('Edit profile design'),
	12	+ 'manage_products' => N_('Manage products'),
12	13	}
13	14
14	15	acts_as_accessible
...	...
...	...	@@ -13,7 +13,8 @@ class CmsControllerTest < Test::Unit::TestCase
13	13	@request = ActionController::TestRequest.new
14	14	@response = ActionController::TestResponse.new
15	15
16		- @profile = create_user('testinguser').person
	16	+ @profile = create_user_with_permission('testinguser', 'post_content')
	17	+ login_as :testinguser
17	18	end
18	19
19	20	attr_reader :profile
...	...
...	...	@@ -67,12 +67,12 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase
67	67	user = create_user_with_permission('test_user', 'edit_profile', ent)
68	68	login_as :test_user
69	69
70		- post 'update', :profile => 'test_enterprise', :enterprise => {:name => 'test_name'}
	70	+ post 'update', :profile => 'test_enterprise', :organization_info => {:acronym => 'bla'}
71	71
72	72	assert_response :redirect
73	73	assert_redirected_to :action => 'index'
74	74	ent.reload
75		- assert_equal 'test_name', ent.name
	75	+ assert_equal 'bla', ent.organization_info.acronym
76	76	end
77	77
78	78	should 'destroy' do
...	...
...	...	@@ -63,15 +63,16 @@ class Test::Unit::TestCase
63	63	:password_confirmation => name.underscore)
64	64	end
65	65
66		- def create_user_with_permission(name, permission, target)
	66	+ def create_user_with_permission(name, permission, target= nil)
67	67	user = create_user(name).person
	68	+ target \|\|= user
68	69	i = 0
69	70	while Role.find_by_name('test_role' + i.to_s)
70	71	i+=1
71	72	end
72	73
73	74	role = Role.create!(:name => 'test_role' + i.to_s, :permissions => [permission])
74		- assert user.add_role(role, target)
	75	+ assert user.add_role(role, target)
75	76	assert user.has_permission?(permission, target)
76	77	user
77	78	end
...	...