diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb index ea5925a..b6a94b8 100644 --- a/app/controllers/public/content_viewer_controller.rb +++ b/app/controllers/public/content_viewer_controller.rb @@ -221,7 +221,7 @@ class ContentViewerController < ApplicationController # relation. posts = posts.native_translations if blog_with_translation?(@page) - @posts = posts.paginate({ :page => params[:npage], :per_page => @page.posts_per_page }.merge(Article.display_filter(user, profile))).to_a + @posts = posts.display_filter(user, profile).paginate({ :page => params[:npage], :per_page => @page.posts_per_page }).to_a if blog_with_translation?(@page) @posts.replace @posts.map{ |p| p.get_translation_to(FastGettext.locale) }.compact diff --git a/app/models/article.rb b/app/models/article.rb index f7b5974..dd1ee55 100644 --- a/app/models/article.rb +++ b/app/models/article.rb @@ -486,15 +486,17 @@ class Article < ActiveRecord::Base scope :more_comments, :order => "comments_count DESC" scope :more_recent, :order => "created_at DESC" - def self.display_filter(user, profile) - return {:conditions => ['articles.published = ?', true]} if !user + scope :display_filter, lambda {|user, profile| + user.nil? ? + {:conditions => ['articles.published = ?', true]} : {:conditions => [" articles.published = ? OR articles.last_changed_by_id = ? OR articles.profile_id = ? OR - ? OR articles.show_to_followers = ? AND ?", + ? OR articles.show_to_followers = ? AND ? ", true, user.id, user.id, user.has_permission?(:view_private_content, profile), - true, user.follows?(profile)]} - end + true, user.follows?(profile)] + } + } def display_unpublished_article_to?(user) diff --git a/test/unit/article_test.rb b/test/unit/article_test.rb index 96230ce..3393f85 100644 --- a/test/unit/article_test.rb +++ b/test/unit/article_test.rb @@ -1892,4 +1892,130 @@ class ArticleTest < ActiveSupport::TestCase assert_equal p3, article.author_by_version(3) end + should 'display_filter display only public articles if there is no user' do + p = fast_create(Person) + Article.delete_all + a = fast_create(Article, :published => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(nil, p) + end + + should 'display_filter display public articles for users' do + user = create_user('someuser').person + p = fast_create(Person) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(user, p) + end + + should 'display_filter display private article last changed by user' do + user = create_user('someuser').person + p = fast_create(Person) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => false, :last_changed_by_id => user.id, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(user, p) + end + + should 'display_filter display user private article of his own profile' do + user = create_user('someuser').person + user.stubs(:has_permission?).with(:view_private_content, user).returns(false) + p = fast_create(Person) + Article.delete_all + a = fast_create(Article, :published => false, :profile_id => user.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(user, user) + end + + should 'display_filter show profile private content if the user has view_private_content permission' do + user = create_user('someuser').person + p = fast_create(Person) + Article.delete_all + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + a = fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [], Article.display_filter(user, p) + + user.stubs(:has_permission?).with(:view_private_content, p).returns(true) + assert_equal [a], Article.display_filter(user, p) + end + + should 'display_filter show person private content to friends' do + user = create_user('someuser').person + p = fast_create(Person) + p.add_friend(user) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(user, p) + end + + should 'display_filter show community private content to members' do + user = create_user('someuser').person + p = fast_create(Community) + p.add_member(user) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(user, p) + end + + should 'display_filter do not show person private content to non friends' do + user = create_user('someuser').person + p = fast_create(Person) + assert !p.is_a_friend?(user) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [], Article.display_filter(user, p) + end + + should 'display_filter do not show community private content to non members' do + user = create_user('someuser').person + p = fast_create(Community) + assert !user.is_member_of?(p) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [], Article.display_filter(user, p) + end + + should 'display_filter show community public content even it has no followers defined' do + user = create_user('someuser').person + p = fast_create(Community) + assert !user.is_member_of?(p) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => true, :show_to_followers => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(user, p) + end + + should 'display_filter show person public content even it has no followers defined' do + user = create_user('someuser').person + p = fast_create(Community) + assert !user.is_a_friend?(p) + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) + Article.delete_all + a = fast_create(Article, :published => true, :show_to_followers => true, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :published => false, :profile_id => p.id) + assert_equal [a], Article.display_filter(user, p) + end + end -- libgit2 0.21.2