Download as
Browse Code »

Commit 2be5a656af9c53340e7fc5b91b72596c03b69fde

Authored by AntonioTerceiro
1 parent 0b6af513
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

ActionItem295: checking access to article 


git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1825 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 3 changed files with 18 additions and 18 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @2be5a65
... ... @@ -21,6 +21,10 @@ class ContentViewerController < PublicController
21 21 end
22 22 end
23 23  
  24 + if !@page.display_to?(user)
  25 + render :action => 'access_denied', :status => 403
  26 + end
  27 +
24 28 if @page.mime_type != 'text/html'
25 29 headers['Content-Type'] = @page.mime_type
26 30 data = @page.data
... ...
app/views/content_viewer/access_denied.rhtml 0 → 100644
  Diff comments   View file @2be5a65
... ... @@ -0,0 +1,5 @@
  1 +<h1><%= _('Access denied') %></h1>
  2 +
  3 +<p>
  4 +<%= _('You are not allowed to view this content.') %>
  5 +</p>
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @2be5a65
... ... @@ -229,31 +229,22 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
229 229 assert_tag :tag => 'div', :attributes => { :class => 'article-tags' }, :descendant => { :content => /This article's tags:/ }
230 230 end
231 231  
232   - should 'not display articles from private content' do
  232 + should 'not display forbidden articles' do
233 233 profile.articles.create!(:name => 'test')
234 234 profile.update_attributes!(:public_content => false)
235 235  
  236 + Article.any_instance.expects(:display_to?).with(anything).returns(false)
236 237 get :view_page, :profile => profile.identifier, :page => [ 'test' ]
237 238 assert_response 403
238 239 end
239 240  
240   - #should 'display articles to its owner' do
241   - #profile.articles.create!(:name => 'test')
242   - #profile.update_attributes!(:public_content => false)
243   -
244   - #login_as(@profile.identifier)
245   - #get :view_page, :profile => profile.identifier, :page => [ 'test' ]
246   - #assert_response 200
247   - #end
248   -
249   - #should 'display articles to profile members' do
250   - #c = Community.create!(:name => 'my community')
251   - #c.update_attributes!(:public_content => false)
252   - #c.add_member(@profile)
  241 + should 'display allowed articles' do
  242 + profile.articles.create!(:name => 'test')
  243 + profile.update_attributes!(:public_content => false)
253 244  
254   - #login_as(@profile.identifier)
255   - #get :view_page, :profile => profile.identifier, :page => [ 'test' ]
256   - #assert_response 200
257   - #end
  245 + Article.any_instance.expects(:display_to?).with(anything).returns(true)
  246 + get :view_page, :profile => profile.identifier, :page => [ 'test' ]
  247 + assert_response 200
  248 + end
258 249  
259 250 end
... ...