Download as
Browse Code »

Commit 4f861626f78b359d564dc74da9091d992eed6e52

Authored by Junior Silva
1 parent ce0d03ab
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

uploaded-file: don't display private images thumbnails and private images on slideshow 

AI2824
Showing 2 changed files with 24 additions and 1 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @4f86162
@@ -93,7 +93,7 @@ class ContentViewerController < ApplicationController @@ -93,7 +93,7 @@ class ContentViewerController < ApplicationController
93 end 93 end
94 94
95 if @page.folder? && @page.gallery? 95 if @page.folder? && @page.gallery?
96 - @images = @page.images 96 + @images = @page.images.select{ |a| a.display_to? user }
97 @images = @images.paginate(:per_page => per_page, :page => params[:npage]) unless params[:slideshow] 97 @images = @images.paginate(:per_page => per_page, :page => params[:npage]) unless params[:slideshow]
98 end 98 end
99 99
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @4f86162
@@ -587,6 +587,29 @@ class ContentViewerControllerTest < ActionController::TestCase @@ -587,6 +587,29 @@ class ContentViewerControllerTest < ActionController::TestCase
587 assert_equal 2, assigns(:images).size 587 assert_equal 2, assigns(:images).size
588 end 588 end
589 589
  590 + should 'not display private images in the slideshow for unauthorized people' do
  591 + owner = create_user('owner').person
  592 + unauthorized = create_user('unauthorized').person
  593 + folder = Gallery.create!(:name => 'gallery', :profile => owner)
  594 + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false)
  595 + login_as('unauthorized')
  596 + get :view_page, :profile => owner.identifier, :page => folder.explode_path, :slideshow => true
  597 + assert_response :success
  598 + assert_equal 0, assigns(:images).length
  599 + end
  600 +
  601 + should 'not display private images thumbnails for unauthorized people' do
  602 + owner = create_user('owner').person
  603 + unauthorized = create_user('unauthorized').person
  604 + folder = Gallery.create!(:name => 'gallery', :profile => owner)
  605 + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false)
  606 + login_as('unauthorized')
  607 + get :view_page, :profile => owner.identifier, :page => folder.explode_path
  608 + assert_response :success
  609 + assert_select '.image-gallery-item', 0
  610 + end
  611 +
  612 +
590 should 'display default image in the slideshow if thumbnails were not processed' do 613 should 'display default image in the slideshow if thumbnails were not processed' do
591 @controller.stubs(:per_page).returns(1) 614 @controller.stubs(:per_page).returns(1)
592 folder = Gallery.create!(:name => 'gallery', :profile => profile) 615 folder = Gallery.create!(:name => 'gallery', :profile => profile)