ActionItem5: added the management of members of a profile and the protect helper…

… to protect actions from unathorized access git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@507 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem5: added the management of members of a profile and the protect helper…
… to protect actions from unathorized access git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@507 3f533792-8f58-4932-b0fe-aaf55b0a4547
MoisesMachado
1 parent c8f6e434
Showing 10 changed files with 88 additions and 3 deletions Show diff stats
app/controllers/application.rb
app/controllers/profile_admin/enterprise_controller.rb
app/controllers/profile_admin/profile_member_controller.rb
app/helpers/profile_member_helper.rb
app/models/profile.rb
app/models/role.rb
app/views/profile_member/affiliate.rhtml
app/views/profile_member/index.rhtml
app/views/shared/access_denied.rhtml
test/functional/profile_member_controller_test.rb
@@ -51,4 +51,16 @@ class ApplicationController &lt; ActionController::Base
     verify :method => :post, :only => actions, :redirect_to => redirect
   end
  
+  # Declares the +permission+ need to be able to access +action+.
+  #
+  # * +action+ must be a symbol or string with the name of the action
+  # * +permission+ must be a symbol or string naming the needed permission.
+  # * +target+ is the object over witch the user would need the specified permission.
+  def self.protect(actions, permission, target = nil)
+    before_filter :only => actions do |controller|
+      unless controller.send(:logged_in?) and controller.send(:current_user).person.has_permission?(permission, target)
+          controller.send(:render, {:file => 'app/views/shared/access_denied.rhtml', :layout => true})
+      end
+    end
+  end
 end
@@ -2,7 +2,8 @@
 class EnterpriseController < ProfileAdminController
  
   before_filter :logon, :my_enterprises
-  
+  protect([:edit, :update, :activate, :destroy], 'edit_enterprise', @profile)
+
   # Redirects to show if there is only one action and to list otherwise
   def index
     if @person.enterprises.size == 1
@@ -10,6 +11,8 @@ class EnterpriseController &lt; ProfileAdminController
     else
       redirect_to :action => 'list'
     end
+    @vitual_communities = VirtualCommunity.find(:all)
+    @validation_entities = Organization.find(:all)
   end
  
   # Lists all enterprises
@@ -104,7 +107,7 @@ class EnterpriseController &lt; ProfileAdminController
     if @enterprise.approve
       flash[:notice] = _('Enterprise successfuly approved')
     else
-      flash[:notice] = _('Failed to approve the enterprise')
+      flash[:notice] = _('Failed to approve the htmlenterprise')
     end
     redirect_to :action => 'index'
   end
@@ -0,0 +1,23 @@
+class ProfileMemberController < ApplicationController
+
+  def index
+    @members = @profile.people
+  end
+
+  def affiliate
+    @member = Person.find(params[:id])
+    @roles = Role.find(:all).select{ |r| r.has_kind?(:profile) }
+  end
+
+  def give_role
+    @person = Person.find(params[:person])
+    @role = Role.find(params[:role])
+    if @profile.affiliate(@person, @role)
+      redirect_to :action => 'index'
+    else
+      @member = Person.find(params[:person])
+      @roles = Role.find(:all).select{ |r| r.has_kind?(:profile) }
+      render :action => 'affiliate'
+    end
+  end
+end
@@ -0,0 +1,2 @@
+module ProfileMemberHelper
+end
@@ -103,6 +103,10 @@ class Profile &lt; ActiveRecord::Base
   end
  
   def affiliate(person, role)
-    RoleAssignment.new(:person => person, :role => role, :resource => self).save
+    unless RoleAssignment.find(:first, :conditions => {:person_id => person, :role_id => role, :resource_id => self, :resource_type => self.class.base_class.name})
+      RoleAssignment.new(:person => person, :role => role, :resource => self).save
+    else
+      false
+    end
   end
 end
@@ -5,6 +5,8 @@ class Role &lt; ActiveRecord::Base
       'edit_profile' => N_('Edit profile'),
       'post_content' => N_('Post content'),
       'destroy_profile' => N_('Destroy profile'),
+      'manage_membership' => N_('Manage membership'),
+      'moderate_content' => N_('Moderate content'),
     },
     :system => {
     }
@@ -35,4 +37,8 @@ class Role &lt; ActiveRecord::Base
   def has_permission?(perm)
     permissions.include?(perm)
   end
+
+  def has_kind?(kind)
+    permissions.any?{ |p| PERMISSIONS[kind][p] }
+  end
 end
@@ -0,0 +1,7 @@
+<h2> <%= @member.name %> </h2>
+
+<% form_tag( {:action => 'give_role'}, {:method => :post}) do %>
+  <%= select_tag 'role', options_for_select(@roles.map{|r|[r.name,r.id]})  %>
+  <%= hidden_field_tag 'person', current_user.person.id %>
+  <%= submit_tag _('Affiliate') %>
+<% end %>
@@ -0,0 +1,9 @@
+<h2> <%= _('Listing Members') %> </h2>
+
+<%= link_to _('Affiliate'), :action => 'affiliate', :id => current_user.person %>
+
+<ul>
+  <% @members.each do |m| %>
+    <li> <%= m.name %> </li>
+  <% end %>
+</ul>
@@ -0,0 +1 @@
+<h2> <%= _('Access denied') %> </h2>
@@ -0,0 +1,18 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'profile_member_controller'
+
+# Re-raise errors caught by the controller.
+class ProfileMemberController; def rescue_action(e) raise e end; end
+
+class ProfileMemberControllerTest < Test::Unit::TestCase
+  def setup
+    @controller = ProfileMemberController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end
...	...	@@ -51,4 +51,16 @@ class ApplicationController < ActionController::Base
51	51	verify :method => :post, :only => actions, :redirect_to => redirect
52	52	end
53	53
	54	+ # Declares the +permission+ need to be able to access +action+.
	55	+ #
	56	+ # * +action+ must be a symbol or string with the name of the action
	57	+ # * +permission+ must be a symbol or string naming the needed permission.
	58	+ # * +target+ is the object over witch the user would need the specified permission.
	59	+ def self.protect(actions, permission, target = nil)
	60	+ before_filter :only => actions do \|controller\|
	61	+ unless controller.send(:logged_in?) and controller.send(:current_user).person.has_permission?(permission, target)
	62	+ controller.send(:render, {:file => 'app/views/shared/access_denied.rhtml', :layout => true})
	63	+ end
	64	+ end
	65	+ end
54	66	end
...	...
...	...	@@ -2,7 +2,8 @@
2	2	class EnterpriseController < ProfileAdminController
3	3
4	4	before_filter :logon, :my_enterprises
5		-
	5	+ protect([:edit, :update, :activate, :destroy], 'edit_enterprise', @profile)
	6	+
6	7	# Redirects to show if there is only one action and to list otherwise
7	8	def index
8	9	if @person.enterprises.size == 1
...	...	@@ -10,6 +11,8 @@ class EnterpriseController < ProfileAdminController
10	11	else
11	12	redirect_to :action => 'list'
12	13	end
	14	+ @vitual_communities = VirtualCommunity.find(:all)
	15	+ @validation_entities = Organization.find(:all)
13	16	end
14	17
15	18	# Lists all enterprises
...	...	@@ -104,7 +107,7 @@ class EnterpriseController < ProfileAdminController
104	107	if @enterprise.approve
105	108	flash[:notice] = _('Enterprise successfuly approved')
106	109	else
107		- flash[:notice] = _('Failed to approve the enterprise')
	110	+ flash[:notice] = _('Failed to approve the htmlenterprise')
108	111	end
109	112	redirect_to :action => 'index'
110	113	end
...	...
...	...	@@ -0,0 +1,23 @@
	1	+class ProfileMemberController < ApplicationController
	2	+
	3	+ def index
	4	+ @members = @profile.people
	5	+ end
	6	+
	7	+ def affiliate
	8	+ @member = Person.find(params[:id])
	9	+ @roles = Role.find(:all).select{ \|r\| r.has_kind?(:profile) }
	10	+ end
	11	+
	12	+ def give_role
	13	+ @person = Person.find(params[:person])
	14	+ @role = Role.find(params[:role])
	15	+ if @profile.affiliate(@person, @role)
	16	+ redirect_to :action => 'index'
	17	+ else
	18	+ @member = Person.find(params[:person])
	19	+ @roles = Role.find(:all).select{ \|r\| r.has_kind?(:profile) }
	20	+ render :action => 'affiliate'
	21	+ end
	22	+ end
	23	+end
...	...
...	...	@@ -0,0 +1,2 @@
	1	+module ProfileMemberHelper
	2	+end
...	...
...	...	@@ -103,6 +103,10 @@ class Profile < ActiveRecord::Base
103	103	end
104	104
105	105	def affiliate(person, role)
106		- RoleAssignment.new(:person => person, :role => role, :resource => self).save
	106	+ unless RoleAssignment.find(:first, :conditions => {:person_id => person, :role_id => role, :resource_id => self, :resource_type => self.class.base_class.name})
	107	+ RoleAssignment.new(:person => person, :role => role, :resource => self).save
	108	+ else
	109	+ false
	110	+ end
107	111	end
108	112	end
...	...
...	...	@@ -5,6 +5,8 @@ class Role < ActiveRecord::Base
5	5	'edit_profile' => N_('Edit profile'),
6	6	'post_content' => N_('Post content'),
7	7	'destroy_profile' => N_('Destroy profile'),
	8	+ 'manage_membership' => N_('Manage membership'),
	9	+ 'moderate_content' => N_('Moderate content'),
8	10	},
9	11	:system => {
10	12	}
...	...	@@ -35,4 +37,8 @@ class Role < ActiveRecord::Base
35	37	def has_permission?(perm)
36	38	permissions.include?(perm)
37	39	end
	40	+
	41	+ def has_kind?(kind)
	42	+ permissions.any?{ \|p\| PERMISSIONS[kind][p] }
	43	+ end
38	44	end
...	...
...	...	@@ -0,0 +1,7 @@
	1	+<h2> <%= @member.name %> </h2>
	2	+
	3	+<% form_tag( {:action => 'give_role'}, {:method => :post}) do %>
	4	+ <%= select_tag 'role', options_for_select(@roles.map{\|r\|[r.name,r.id]}) %>
	5	+ <%= hidden_field_tag 'person', current_user.person.id %>
	6	+ <%= submit_tag _('Affiliate') %>
	7	+<% end %>
...	...
...	...	@@ -0,0 +1,9 @@
	1	+<h2> <%= _('Listing Members') %> </h2>
	2	+
	3	+<%= link_to _('Affiliate'), :action => 'affiliate', :id => current_user.person %>
	4	+
	5	+<ul>
	6	+ <% @members.each do \|m\| %>
	7	+ <li> <%= m.name %> </li>
	8	+ <% end %>
	9	+</ul>
...	...
...	...	@@ -0,0 +1 @@
	1	+<h2> <%= _('Access denied') %> </h2>
...	...
...	...	@@ -0,0 +1,18 @@
	1	+require File.dirname(__FILE__) + '/../test_helper'
	2	+require 'profile_member_controller'
	3	+
	4	+# Re-raise errors caught by the controller.
	5	+class ProfileMemberController; def rescue_action(e) raise e end; end
	6	+
	7	+class ProfileMemberControllerTest < Test::Unit::TestCase
	8	+ def setup
	9	+ @controller = ProfileMemberController.new
	10	+ @request = ActionController::TestRequest.new
	11	+ @response = ActionController::TestResponse.new
	12	+ end
	13	+
	14	+ # Replace this with your real tests.
	15	+ def test_truth
	16	+ assert true
	17	+ end
	18	+end
...	...