diff --git a/app/controllers/my_profile/profile_editor_controller.rb b/app/controllers/my_profile/profile_editor_controller.rb index b656411..691ee24 100644 --- a/app/controllers/my_profile/profile_editor_controller.rb +++ b/app/controllers/my_profile/profile_editor_controller.rb @@ -6,11 +6,13 @@ class ProfileEditorController < MyProfileController before_filter :access_welcome_page, :only => [:welcome_page] before_filter :back_to before_filter :forbid_destroy_profile, :only => [:destroy_profile] + before_filter :check_user_can_edit_header_footer, :only => [:header_footer] helper_method :has_welcome_page def index @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)} @show_appearance_option = user.is_admin?(environment) || !environment.enabled?('disable_appearance') + @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) end helper :profile @@ -163,4 +165,9 @@ class ProfileEditorController < MyProfileController redirect_to_previous_location end end + + def check_user_can_edit_header_footer + user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer') + redirect_to back_to if user_can_not_edit_header_footer + end end diff --git a/app/controllers/themes_controller.rb b/app/controllers/themes_controller.rb index 656b5b9..8ad8b67 100644 --- a/app/controllers/themes_controller.rb +++ b/app/controllers/themes_controller.rb @@ -43,8 +43,8 @@ class ThemesController < ApplicationController private def check_user_can_edit_appearance - disable_appearance_enabled = !user.is_admin?(environment) && environment.enabled?('disable_appearance') - redirect_to request.referer || "/" if disable_appearance_enabled + user_can_not_edit_appearance = !user.is_admin?(environment) && environment.enabled?('disable_appearance') + redirect_to request.referer || "/" if user_can_not_edit_appearance end end diff --git a/app/views/profile_editor/index.html.erb b/app/views/profile_editor/index.html.erb index a20bdac..4f80ae2 100644 --- a/app/views/profile_editor/index.html.erb +++ b/app/views/profile_editor/index.html.erb @@ -24,7 +24,7 @@ <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') if @show_appearance_option %> - <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) %> + <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if @show_header_footer_option %> <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb index c20d89b..6a81a40 100644 --- a/test/functional/profile_editor_controller_test.rb +++ b/test/functional/profile_editor_controller_test.rb @@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest < ActionController::TestCase get :index, :profile => user.identifier assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' } end + + should 'user cant edit header and footer if environment dont permit' do + environment = Environment.default + environment.settings[:disable_header_and_footer_enabled] = true + environment.save! + + user = create_user('user').person + login_as('user') + + get :header_footer, :profile => user.identifier + assert_response :redirect + end + + should 'admin can edit header and footer if environment dont permit' do + user = create_user('user').person + + environment = Environment.default + environment.add_admin(user) + environment.settings[:disable_header_and_footer_enabled] = true + environment.save! + + login_as('user') + + get :header_footer, :profile => user.identifier + assert_response :success + end end -- libgit2 0.21.2