Commit 5d65aadb46ba12238f405e3dffaef2b727517af5
Committed by
Antonio Terceiro
Antonio Terceiro
1 parent
1ab18c97
Exists in
master
and in
28 other branches
ActionItem968: admins and moderators can view private content
* Adding migrate with new permission to admin and moderators * not allowing members to view private content
Showing
6 changed files
with
124 additions
and
19 deletions
Show diff stats
app/models/article.rb
| ... | ... | @@ -197,7 +197,7 @@ class Article < ActiveRecord::Base |
| 197 | 197 | if user.nil? |
| 198 | 198 | false |
| 199 | 199 | else |
| 200 | - (user == self.profile) || user.memberships.include?(self.profile) || (profile.kind_of?(Person) && profile.friends.include?(user)) || user.has_permission?('post_content', self.profile) | |
| 200 | + (user == self.profile) || user.has_permission?('view_private_content', self.profile) | |
| 201 | 201 | end |
| 202 | 202 | end |
| 203 | 203 | end | ... | ... |
app/models/profile.rb
| ... | ... | @@ -25,17 +25,18 @@ class Profile < ActiveRecord::Base |
| 25 | 25 | end |
| 26 | 26 | |
| 27 | 27 | PERMISSIONS['Profile'] = { |
| 28 | - 'edit_profile' => N_('Edit profile'), | |
| 29 | - 'destroy_profile' => N_('Destroy profile'), | |
| 30 | - 'manage_memberships' => N_('Manage memberships'), | |
| 31 | - 'post_content' => N_('Post content'), | |
| 32 | - 'edit_profile_design' => N_('Edit profile design'), | |
| 33 | - 'manage_products' => N_('Manage products'), | |
| 34 | - 'manage_friends' => N_('Manage friends'), | |
| 35 | - 'validate_enterprise' => N_('Validate enterprise'), | |
| 36 | - 'perform_task' => N_('Perform task'), | |
| 37 | - 'moderate_comments' => N_('Moderate comments'), | |
| 38 | - 'edit_appearance' => N_('Edit appearance'), | |
| 28 | + 'edit_profile' => N_('Edit profile'), | |
| 29 | + 'destroy_profile' => N_('Destroy profile'), | |
| 30 | + 'manage_memberships' => N_('Manage memberships'), | |
| 31 | + 'post_content' => N_('Post content'), | |
| 32 | + 'edit_profile_design' => N_('Edit profile design'), | |
| 33 | + 'manage_products' => N_('Manage products'), | |
| 34 | + 'manage_friends' => N_('Manage friends'), | |
| 35 | + 'validate_enterprise' => N_('Validate enterprise'), | |
| 36 | + 'perform_task' => N_('Perform task'), | |
| 37 | + 'moderate_comments' => N_('Moderate comments'), | |
| 38 | + 'edit_appearance' => N_('Edit appearance'), | |
| 39 | + 'view_private_content' => N_('View private content'), | |
| 39 | 40 | } |
| 40 | 41 | |
| 41 | 42 | acts_as_accessible | ... | ... |
| ... | ... | @@ -0,0 +1,21 @@ |
| 1 | +class FixSomeRolesPermission < ActiveRecord::Migration | |
| 2 | + def self.up | |
| 3 | + admin = Profile::Roles.admin | |
| 4 | + admin.permissions += ['view_private_content'] | |
| 5 | + admin.save | |
| 6 | + | |
| 7 | + moderator = Profile::Roles.moderator | |
| 8 | + moderator.permissions += ['view_private_content'] | |
| 9 | + moderator.save | |
| 10 | + end | |
| 11 | + | |
| 12 | + def self.down | |
| 13 | + admin = Profile::Roles.admin | |
| 14 | + admin.permissions -= ['view_private_content'] | |
| 15 | + admin.save | |
| 16 | + | |
| 17 | + moderator = Profile::Roles.moderator | |
| 18 | + moderator.permissions -= ['view_private_content'] | |
| 19 | + moderator.save | |
| 20 | + end | |
| 21 | +end | ... | ... |
test/fixtures/roles.yml
| ... | ... | @@ -39,6 +39,8 @@ profile_admin: |
| 39 | 39 | - moderate_comments |
| 40 | 40 | - destroy_profile |
| 41 | 41 | - perform_task |
| 42 | + - post_content | |
| 43 | + - view_private_content | |
| 42 | 44 | profile_member: |
| 43 | 45 | id: 6 |
| 44 | 46 | key: 'profile_member' |
| ... | ... | @@ -55,6 +57,7 @@ profile_moderator: |
| 55 | 57 | system: true |
| 56 | 58 | permissions: |
| 57 | 59 | - moderate_comments |
| 60 | + - view_private_content | |
| 58 | 61 | environment_administrator: |
| 59 | 62 | id: 8 |
| 60 | 63 | key: 'environment_administrator' | ... | ... |
test/functional/content_viewer_controller_test.rb
| ... | ... | @@ -329,6 +329,43 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 329 | 329 | assert_response :success |
| 330 | 330 | end |
| 331 | 331 | |
| 332 | + should 'not show private content to members' do | |
| 333 | + community = Community.create!(:name => 'testcomm') | |
| 334 | + Folder.create!(:name => 'test', :profile => community, :public_article => false) | |
| 335 | + community.add_member(profile) | |
| 336 | + | |
| 337 | + login_as(profile.identifier) | |
| 338 | + | |
| 339 | + @request.stubs(:ssl?).returns(true) | |
| 340 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | |
| 341 | + | |
| 342 | + assert_template 'access_denied.rhtml' | |
| 343 | + end | |
| 344 | + | |
| 345 | + should 'show private content to profile moderators' do | |
| 346 | + community = Community.create!(:name => 'testcomm') | |
| 347 | + community.articles.create!(:name => 'test', :public_article => false) | |
| 348 | + community.add_moderator(profile) | |
| 349 | + | |
| 350 | + login_as(profile.identifier) | |
| 351 | + | |
| 352 | + @request.stubs(:ssl?).returns(true) | |
| 353 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | |
| 354 | + assert_response :success | |
| 355 | + end | |
| 356 | + | |
| 357 | + should 'show private content to profile admins' do | |
| 358 | + community = Community.create!(:name => 'testcomm') | |
| 359 | + community.articles.create!(:name => 'test', :public_article => false) | |
| 360 | + community.add_admin(profile) | |
| 361 | + | |
| 362 | + login_as(profile.identifier) | |
| 363 | + | |
| 364 | + @request.stubs(:ssl?).returns(true) | |
| 365 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | |
| 366 | + assert_response :success | |
| 367 | + end | |
| 368 | + | |
| 332 | 369 | should 'show message for disabled enterprises' do |
| 333 | 370 | login_as(@profile.identifier) |
| 334 | 371 | ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false) |
| ... | ... | @@ -424,7 +461,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 424 | 461 | assert_template 'access_denied.rhtml' |
| 425 | 462 | end |
| 426 | 463 | |
| 427 | - should 'give access to private articles if logged in and member' do | |
| 464 | + should 'not give access to private articles if logged in and only member' do | |
| 428 | 465 | person = create_user('test_user').person |
| 429 | 466 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') |
| 430 | 467 | intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) |
| ... | ... | @@ -434,6 +471,32 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
| 434 | 471 | @request.stubs(:ssl?).returns(true) |
| 435 | 472 | get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] |
| 436 | 473 | |
| 474 | + assert_template 'access_denied.rhtml' | |
| 475 | + end | |
| 476 | + | |
| 477 | + should 'give access to private articles if logged in and moderator' do | |
| 478 | + person = create_user('test_user').person | |
| 479 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 480 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | |
| 481 | + profile.affiliate(person, Profile::Roles.moderator) | |
| 482 | + login_as('test_user') | |
| 483 | + | |
| 484 | + @request.stubs(:ssl?).returns(true) | |
| 485 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | |
| 486 | + | |
| 487 | + assert_template 'view_page' | |
| 488 | + end | |
| 489 | + | |
| 490 | + should 'give access to private articles if logged in and admin' do | |
| 491 | + person = create_user('test_user').person | |
| 492 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 493 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | |
| 494 | + profile.affiliate(person, Profile::Roles.admin) | |
| 495 | + login_as('test_user') | |
| 496 | + | |
| 497 | + @request.stubs(:ssl?).returns(true) | |
| 498 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | |
| 499 | + | |
| 437 | 500 | assert_template 'view_page' |
| 438 | 501 | end |
| 439 | 502 | ... | ... |
test/unit/article_test.rb
| ... | ... | @@ -437,12 +437,30 @@ class ArticleTest < Test::Unit::TestCase |
| 437 | 437 | assert !article.display_to?(person) |
| 438 | 438 | end |
| 439 | 439 | |
| 440 | - should 'say that member user can see private article' do | |
| 440 | + should 'say that member user can not see private article' do | |
| 441 | 441 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') |
| 442 | 442 | article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) |
| 443 | 443 | person = create_user('test_user').person |
| 444 | 444 | profile.affiliate(person, Profile::Roles.member) |
| 445 | 445 | |
| 446 | + assert !article.display_to?(person) | |
| 447 | + end | |
| 448 | + | |
| 449 | + should 'say that profile admin can see private article' do | |
| 450 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 451 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | |
| 452 | + person = create_user('test_user').person | |
| 453 | + profile.affiliate(person, Profile::Roles.admin) | |
| 454 | + | |
| 455 | + assert article.display_to?(person) | |
| 456 | + end | |
| 457 | + | |
| 458 | + should 'say that profile moderator can see private article' do | |
| 459 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
| 460 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | |
| 461 | + person = create_user('test_user').person | |
| 462 | + profile.affiliate(person, Profile::Roles.moderator) | |
| 463 | + | |
| 446 | 464 | assert article.display_to?(person) |
| 447 | 465 | end |
| 448 | 466 | |
| ... | ... | @@ -496,7 +514,7 @@ class ArticleTest < Test::Unit::TestCase |
| 496 | 514 | assert !article.public_article |
| 497 | 515 | end |
| 498 | 516 | |
| 499 | - should 'allow friends of private person see the article' do | |
| 517 | + should 'not allow friends of private person see the article' do | |
| 500 | 518 | person = create_user('test_user').person |
| 501 | 519 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) |
| 502 | 520 | friend = create_user('test_friend').person |
| ... | ... | @@ -504,16 +522,15 @@ class ArticleTest < Test::Unit::TestCase |
| 504 | 522 | person.save! |
| 505 | 523 | friend.save! |
| 506 | 524 | |
| 507 | - assert article.display_to?(friend) | |
| 525 | + assert !article.display_to?(friend) | |
| 508 | 526 | end |
| 509 | 527 | |
| 510 | - | |
| 511 | - should 'display articles to people who can edit them' do | |
| 528 | + should 'display private articles to people who can view private content' do | |
| 512 | 529 | person = create_user('test_user').person |
| 513 | 530 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) |
| 514 | 531 | |
| 515 | 532 | admin_user = create_user('admin_user').person |
| 516 | - admin_user.stubs(:has_permission?).with('post_content', article.profile).returns('true') | |
| 533 | + admin_user.stubs(:has_permission?).with('view_private_content', article.profile).returns('true') | |
| 517 | 534 | |
| 518 | 535 | assert article.display_to?(admin_user) |
| 519 | 536 | end | ... | ... |