Download as
Browse Code »

Commit 5ae2a0b6f4891187024c5fdd7688033ead0ba54f

Authored by Rodrigo Souto
1 parent aa6be22b
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

[comments-refactor-review] Encapsulating comment destroy check

Showing 3 changed files with 48 additions and 2 deletions   Show diff stats
app/controllers/public/comment_controller.rb
  Diff comments   View file @5ae2a0b
... ... @@ -86,8 +86,7 @@ class CommentController < ApplicationController
86 86 def destroy
87 87 comment = profile.comments_received.find(params[:id])
88 88  
89   - could_remove = (user == comment.author || user == comment.profile || user.has_permission?(:moderate_comments, comment.profile))
90   - if comment && could_remove && comment.destroy
  89 + if comment && comment.can_be_destroyed_by?(user) && comment.destroy
91 90 render :text => {'ok' => true}.to_json, :content_type => 'application/json'
92 91 else
93 92 session[:notice] = _("The comment was not removed.")
... ...
app/models/comment.rb
  Diff comments   View file @5ae2a0b
... ... @@ -259,4 +259,9 @@ class Comment < ActiveRecord::Base
259 259 article.moderate_comments? && (author.nil? || article.author != author)
260 260 end
261 261  
  262 + def can_be_destroyed_by?(user)
  263 + return if user.nil?
  264 + user == author || user == profile || user.has_permission?(:moderate_comments, profile)
  265 + end
  266 +
262 267 end
... ...
test/unit/comment_test.rb
  Diff comments   View file @5ae2a0b
... ... @@ -593,6 +593,48 @@ class CommentTest < ActiveSupport::TestCase
593 593 assert comment.need_moderation?
594 594 end
595 595  
  596 + should 'not be able to destroy comment without user' do
  597 + comment = Comment.new
  598 +
  599 + assert !comment.can_be_destroyed_by?(nil)
  600 + end
  601 +
  602 + should 'not be able to destroy comment' do
  603 + user = Person.new
  604 + profile = Profile.new
  605 + article = Article.new(:profile => profile)
  606 + comment = Comment.new(:article => article)
  607 + user.expects(:has_permission?).with(:moderate_comments, profile).returns(false)
  608 +
  609 + assert !comment.can_be_destroyed_by?(user)
  610 + end
  611 +
  612 + should 'be able to destroy comment if is the author' do
  613 + user = Person.new
  614 + comment = Comment.new(:author => user)
  615 +
  616 + assert comment.can_be_destroyed_by?(user)
  617 + end
  618 +
  619 + should 'be able to destroy comment if is the profile' do
  620 + user = Person.new
  621 + article = Article.new(:profile => user)
  622 + comment = Comment.new(:article => article)
  623 +
  624 + assert comment.can_be_destroyed_by?(user)
  625 + end
  626 +
  627 + should 'be able to destroy comment if can moderate_comments on the profile' do
  628 + user = Person.new
  629 + profile = Profile.new
  630 + article = Article.new(:profile => profile)
  631 + comment = Comment.new(:article => article)
  632 +
  633 + user.expects(:has_permission?).with(:moderate_comments, profile).returns(true)
  634 +
  635 + assert comment.can_be_destroyed_by?(user)
  636 + end
  637 +
596 638 private
597 639  
598 640 def create_comment(args = {})
... ...