From 3c4fe9d3ebd90deb158100cc82e2651f05f743a6 Mon Sep 17 00:00:00 2001
From: MoisesMachado <MoisesMachado@3f533792-8f58-4932-b0fe-aaf55b0a4547>
Date: Thu, 20 Sep 2007 22:30:52 +0000
Subject: [PATCH] ActionItem5: added the management of members of a profile and the protect helper to protect actions from unathorized access

---
 app/controllers/application.rb                             | 12 ++++++++++++
 app/controllers/profile_admin/enterprise_controller.rb     |  7 +++++--
 app/controllers/profile_admin/profile_member_controller.rb | 23 +++++++++++++++++++++++
 app/helpers/profile_member_helper.rb                       |  2 ++
 app/models/profile.rb                                      |  6 +++++-
 app/models/role.rb                                         |  6 ++++++
 app/views/profile_member/affiliate.rhtml                   |  7 +++++++
 app/views/profile_member/index.rhtml                       |  9 +++++++++
 app/views/shared/access_denied.rhtml                       |  1 +
 test/functional/profile_member_controller_test.rb          | 18 ++++++++++++++++++
 10 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 app/controllers/profile_admin/profile_member_controller.rb
 create mode 100644 app/helpers/profile_member_helper.rb
 create mode 100644 app/views/profile_member/affiliate.rhtml
 create mode 100644 app/views/profile_member/index.rhtml
 create mode 100644 app/views/shared/access_denied.rhtml
 create mode 100644 test/functional/profile_member_controller_test.rb

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index 2b7fcd3..981b8ea 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -51,4 +51,16 @@ class ApplicationController < ActionController::Base
     verify :method => :post, :only => actions, :redirect_to => redirect
   end
 
+  # Declares the +permission+ need to be able to access +action+.
+  #
+  # * +action+ must be a symbol or string with the name of the action
+  # * +permission+ must be a symbol or string naming the needed permission.
+  # * +target+ is the object over witch the user would need the specified permission.
+  def self.protect(actions, permission, target = nil)
+    before_filter :only => actions do |controller|
+      unless controller.send(:logged_in?) and controller.send(:current_user).person.has_permission?(permission, target)
+          controller.send(:render, {:file => 'app/views/shared/access_denied.rhtml', :layout => true})
+      end
+    end
+  end
 end
diff --git a/app/controllers/profile_admin/enterprise_controller.rb b/app/controllers/profile_admin/enterprise_controller.rb
index ac6c894..0ddfebe 100644
--- a/app/controllers/profile_admin/enterprise_controller.rb
+++ b/app/controllers/profile_admin/enterprise_controller.rb
@@ -2,7 +2,8 @@
 class EnterpriseController < ProfileAdminController
 
   before_filter :logon, :my_enterprises
-  
+  protect([:edit, :update, :activate, :destroy], 'edit_enterprise', @profile)
+
   # Redirects to show if there is only one action and to list otherwise
   def index
     if @person.enterprises.size == 1
@@ -10,6 +11,8 @@ class EnterpriseController < ProfileAdminController
     else
       redirect_to :action => 'list'
     end
+    @vitual_communities = VirtualCommunity.find(:all)
+    @validation_entities = Organization.find(:all)
   end
   
   # Lists all enterprises
@@ -104,7 +107,7 @@ class EnterpriseController < ProfileAdminController
     if @enterprise.approve
       flash[:notice] = _('Enterprise successfuly approved')
     else
-      flash[:notice] = _('Failed to approve the enterprise')
+      flash[:notice] = _('Failed to approve the htmlenterprise')
     end
     redirect_to :action => 'index'
   end
diff --git a/app/controllers/profile_admin/profile_member_controller.rb b/app/controllers/profile_admin/profile_member_controller.rb
new file mode 100644
index 0000000..dfc293c
--- /dev/null
+++ b/app/controllers/profile_admin/profile_member_controller.rb
@@ -0,0 +1,23 @@
+class ProfileMemberController < ApplicationController
+
+  def index
+    @members = @profile.people
+  end
+
+  def affiliate
+    @member = Person.find(params[:id])
+    @roles = Role.find(:all).select{ |r| r.has_kind?(:profile) }
+  end
+
+  def give_role
+    @person = Person.find(params[:person])
+    @role = Role.find(params[:role])
+    if @profile.affiliate(@person, @role)
+      redirect_to :action => 'index'
+    else
+      @member = Person.find(params[:person])
+      @roles = Role.find(:all).select{ |r| r.has_kind?(:profile) }
+      render :action => 'affiliate'
+    end
+  end
+end
diff --git a/app/helpers/profile_member_helper.rb b/app/helpers/profile_member_helper.rb
new file mode 100644
index 0000000..a175ed7
--- /dev/null
+++ b/app/helpers/profile_member_helper.rb
@@ -0,0 +1,2 @@
+module ProfileMemberHelper
+end
diff --git a/app/models/profile.rb b/app/models/profile.rb
index d66b2e4..cdaecf9 100644
--- a/app/models/profile.rb
+++ b/app/models/profile.rb
@@ -103,6 +103,10 @@ class Profile < ActiveRecord::Base
   end
 
   def affiliate(person, role)
-    RoleAssignment.new(:person => person, :role => role, :resource => self).save
+    unless RoleAssignment.find(:first, :conditions => {:person_id => person, :role_id => role, :resource_id => self, :resource_type => self.class.base_class.name})
+      RoleAssignment.new(:person => person, :role => role, :resource => self).save
+    else
+      false
+    end
   end
 end
diff --git a/app/models/role.rb b/app/models/role.rb
index 08e3e32..b83d1e3 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -5,6 +5,8 @@ class Role < ActiveRecord::Base
       'edit_profile' => N_('Edit profile'),
       'post_content' => N_('Post content'),
       'destroy_profile' => N_('Destroy profile'),
+      'manage_membership' => N_('Manage membership'),
+      'moderate_content' => N_('Moderate content'),
     },
     :system => {
     }
@@ -35,4 +37,8 @@ class Role < ActiveRecord::Base
   def has_permission?(perm)
     permissions.include?(perm)
   end
+
+  def has_kind?(kind)
+    permissions.any?{ |p| PERMISSIONS[kind][p] }
+  end
 end
diff --git a/app/views/profile_member/affiliate.rhtml b/app/views/profile_member/affiliate.rhtml
new file mode 100644
index 0000000..808326a
--- /dev/null
+++ b/app/views/profile_member/affiliate.rhtml
@@ -0,0 +1,7 @@
+<h2> <%= @member.name %> </h2>
+
+<% form_tag( {:action => 'give_role'}, {:method => :post}) do %>
+  <%= select_tag 'role', options_for_select(@roles.map{|r|[r.name,r.id]})  %>
+  <%= hidden_field_tag 'person', current_user.person.id %>
+  <%= submit_tag _('Affiliate') %>
+<% end %>
diff --git a/app/views/profile_member/index.rhtml b/app/views/profile_member/index.rhtml
new file mode 100644
index 0000000..a52a2c4
--- /dev/null
+++ b/app/views/profile_member/index.rhtml
@@ -0,0 +1,9 @@
+<h2> <%= _('Listing Members') %> </h2>
+
+<%= link_to _('Affiliate'), :action => 'affiliate', :id => current_user.person %>
+
+<ul>
+  <% @members.each do |m| %>
+    <li> <%= m.name %> </li>
+  <% end %>
+</ul>
diff --git a/app/views/shared/access_denied.rhtml b/app/views/shared/access_denied.rhtml
new file mode 100644
index 0000000..332054e
--- /dev/null
+++ b/app/views/shared/access_denied.rhtml
@@ -0,0 +1 @@
+<h2> <%= _('Access denied') %> </h2>
diff --git a/test/functional/profile_member_controller_test.rb b/test/functional/profile_member_controller_test.rb
new file mode 100644
index 0000000..348c4f4
--- /dev/null
+++ b/test/functional/profile_member_controller_test.rb
@@ -0,0 +1,18 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'profile_member_controller'
+
+# Re-raise errors caught by the controller.
+class ProfileMemberController; def rescue_action(e) raise e end; end
+
+class ProfileMemberControllerTest < Test::Unit::TestCase
+  def setup
+    @controller = ProfileMemberController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end
--
libgit2 0.21.2