Commit 5d65aadb46ba12238f405e3dffaef2b727517af5
Committed by
Antonio Terceiro
1 parent
1ab18c97
Exists in
master
and in
28 other branches
ActionItem968: admins and moderators can view private content
* Adding migrate with new permission to admin and moderators * not allowing members to view private content
Showing
6 changed files
with
124 additions
and
19 deletions
Show diff stats
app/models/article.rb
... | ... | @@ -197,7 +197,7 @@ class Article < ActiveRecord::Base |
197 | 197 | if user.nil? |
198 | 198 | false |
199 | 199 | else |
200 | - (user == self.profile) || user.memberships.include?(self.profile) || (profile.kind_of?(Person) && profile.friends.include?(user)) || user.has_permission?('post_content', self.profile) | |
200 | + (user == self.profile) || user.has_permission?('view_private_content', self.profile) | |
201 | 201 | end |
202 | 202 | end |
203 | 203 | end | ... | ... |
app/models/profile.rb
... | ... | @@ -25,17 +25,18 @@ class Profile < ActiveRecord::Base |
25 | 25 | end |
26 | 26 | |
27 | 27 | PERMISSIONS['Profile'] = { |
28 | - 'edit_profile' => N_('Edit profile'), | |
29 | - 'destroy_profile' => N_('Destroy profile'), | |
30 | - 'manage_memberships' => N_('Manage memberships'), | |
31 | - 'post_content' => N_('Post content'), | |
32 | - 'edit_profile_design' => N_('Edit profile design'), | |
33 | - 'manage_products' => N_('Manage products'), | |
34 | - 'manage_friends' => N_('Manage friends'), | |
35 | - 'validate_enterprise' => N_('Validate enterprise'), | |
36 | - 'perform_task' => N_('Perform task'), | |
37 | - 'moderate_comments' => N_('Moderate comments'), | |
38 | - 'edit_appearance' => N_('Edit appearance'), | |
28 | + 'edit_profile' => N_('Edit profile'), | |
29 | + 'destroy_profile' => N_('Destroy profile'), | |
30 | + 'manage_memberships' => N_('Manage memberships'), | |
31 | + 'post_content' => N_('Post content'), | |
32 | + 'edit_profile_design' => N_('Edit profile design'), | |
33 | + 'manage_products' => N_('Manage products'), | |
34 | + 'manage_friends' => N_('Manage friends'), | |
35 | + 'validate_enterprise' => N_('Validate enterprise'), | |
36 | + 'perform_task' => N_('Perform task'), | |
37 | + 'moderate_comments' => N_('Moderate comments'), | |
38 | + 'edit_appearance' => N_('Edit appearance'), | |
39 | + 'view_private_content' => N_('View private content'), | |
39 | 40 | } |
40 | 41 | |
41 | 42 | acts_as_accessible | ... | ... |
... | ... | @@ -0,0 +1,21 @@ |
1 | +class FixSomeRolesPermission < ActiveRecord::Migration | |
2 | + def self.up | |
3 | + admin = Profile::Roles.admin | |
4 | + admin.permissions += ['view_private_content'] | |
5 | + admin.save | |
6 | + | |
7 | + moderator = Profile::Roles.moderator | |
8 | + moderator.permissions += ['view_private_content'] | |
9 | + moderator.save | |
10 | + end | |
11 | + | |
12 | + def self.down | |
13 | + admin = Profile::Roles.admin | |
14 | + admin.permissions -= ['view_private_content'] | |
15 | + admin.save | |
16 | + | |
17 | + moderator = Profile::Roles.moderator | |
18 | + moderator.permissions -= ['view_private_content'] | |
19 | + moderator.save | |
20 | + end | |
21 | +end | ... | ... |
test/fixtures/roles.yml
... | ... | @@ -39,6 +39,8 @@ profile_admin: |
39 | 39 | - moderate_comments |
40 | 40 | - destroy_profile |
41 | 41 | - perform_task |
42 | + - post_content | |
43 | + - view_private_content | |
42 | 44 | profile_member: |
43 | 45 | id: 6 |
44 | 46 | key: 'profile_member' |
... | ... | @@ -55,6 +57,7 @@ profile_moderator: |
55 | 57 | system: true |
56 | 58 | permissions: |
57 | 59 | - moderate_comments |
60 | + - view_private_content | |
58 | 61 | environment_administrator: |
59 | 62 | id: 8 |
60 | 63 | key: 'environment_administrator' | ... | ... |
test/functional/content_viewer_controller_test.rb
... | ... | @@ -329,6 +329,43 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
329 | 329 | assert_response :success |
330 | 330 | end |
331 | 331 | |
332 | + should 'not show private content to members' do | |
333 | + community = Community.create!(:name => 'testcomm') | |
334 | + Folder.create!(:name => 'test', :profile => community, :public_article => false) | |
335 | + community.add_member(profile) | |
336 | + | |
337 | + login_as(profile.identifier) | |
338 | + | |
339 | + @request.stubs(:ssl?).returns(true) | |
340 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | |
341 | + | |
342 | + assert_template 'access_denied.rhtml' | |
343 | + end | |
344 | + | |
345 | + should 'show private content to profile moderators' do | |
346 | + community = Community.create!(:name => 'testcomm') | |
347 | + community.articles.create!(:name => 'test', :public_article => false) | |
348 | + community.add_moderator(profile) | |
349 | + | |
350 | + login_as(profile.identifier) | |
351 | + | |
352 | + @request.stubs(:ssl?).returns(true) | |
353 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | |
354 | + assert_response :success | |
355 | + end | |
356 | + | |
357 | + should 'show private content to profile admins' do | |
358 | + community = Community.create!(:name => 'testcomm') | |
359 | + community.articles.create!(:name => 'test', :public_article => false) | |
360 | + community.add_admin(profile) | |
361 | + | |
362 | + login_as(profile.identifier) | |
363 | + | |
364 | + @request.stubs(:ssl?).returns(true) | |
365 | + get :view_page, :profile => community.identifier, :page => [ 'test' ] | |
366 | + assert_response :success | |
367 | + end | |
368 | + | |
332 | 369 | should 'show message for disabled enterprises' do |
333 | 370 | login_as(@profile.identifier) |
334 | 371 | ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false) |
... | ... | @@ -424,7 +461,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
424 | 461 | assert_template 'access_denied.rhtml' |
425 | 462 | end |
426 | 463 | |
427 | - should 'give access to private articles if logged in and member' do | |
464 | + should 'not give access to private articles if logged in and only member' do | |
428 | 465 | person = create_user('test_user').person |
429 | 466 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') |
430 | 467 | intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) |
... | ... | @@ -434,6 +471,32 @@ class ContentViewerControllerTest < Test::Unit::TestCase |
434 | 471 | @request.stubs(:ssl?).returns(true) |
435 | 472 | get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] |
436 | 473 | |
474 | + assert_template 'access_denied.rhtml' | |
475 | + end | |
476 | + | |
477 | + should 'give access to private articles if logged in and moderator' do | |
478 | + person = create_user('test_user').person | |
479 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
480 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | |
481 | + profile.affiliate(person, Profile::Roles.moderator) | |
482 | + login_as('test_user') | |
483 | + | |
484 | + @request.stubs(:ssl?).returns(true) | |
485 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | |
486 | + | |
487 | + assert_template 'view_page' | |
488 | + end | |
489 | + | |
490 | + should 'give access to private articles if logged in and admin' do | |
491 | + person = create_user('test_user').person | |
492 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
493 | + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) | |
494 | + profile.affiliate(person, Profile::Roles.admin) | |
495 | + login_as('test_user') | |
496 | + | |
497 | + @request.stubs(:ssl?).returns(true) | |
498 | + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] | |
499 | + | |
437 | 500 | assert_template 'view_page' |
438 | 501 | end |
439 | 502 | ... | ... |
test/unit/article_test.rb
... | ... | @@ -437,12 +437,30 @@ class ArticleTest < Test::Unit::TestCase |
437 | 437 | assert !article.display_to?(person) |
438 | 438 | end |
439 | 439 | |
440 | - should 'say that member user can see private article' do | |
440 | + should 'say that member user can not see private article' do | |
441 | 441 | profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') |
442 | 442 | article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) |
443 | 443 | person = create_user('test_user').person |
444 | 444 | profile.affiliate(person, Profile::Roles.member) |
445 | 445 | |
446 | + assert !article.display_to?(person) | |
447 | + end | |
448 | + | |
449 | + should 'say that profile admin can see private article' do | |
450 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
451 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | |
452 | + person = create_user('test_user').person | |
453 | + profile.affiliate(person, Profile::Roles.admin) | |
454 | + | |
455 | + assert article.display_to?(person) | |
456 | + end | |
457 | + | |
458 | + should 'say that profile moderator can see private article' do | |
459 | + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') | |
460 | + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) | |
461 | + person = create_user('test_user').person | |
462 | + profile.affiliate(person, Profile::Roles.moderator) | |
463 | + | |
446 | 464 | assert article.display_to?(person) |
447 | 465 | end |
448 | 466 | |
... | ... | @@ -496,7 +514,7 @@ class ArticleTest < Test::Unit::TestCase |
496 | 514 | assert !article.public_article |
497 | 515 | end |
498 | 516 | |
499 | - should 'allow friends of private person see the article' do | |
517 | + should 'not allow friends of private person see the article' do | |
500 | 518 | person = create_user('test_user').person |
501 | 519 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) |
502 | 520 | friend = create_user('test_friend').person |
... | ... | @@ -504,16 +522,15 @@ class ArticleTest < Test::Unit::TestCase |
504 | 522 | person.save! |
505 | 523 | friend.save! |
506 | 524 | |
507 | - assert article.display_to?(friend) | |
525 | + assert !article.display_to?(friend) | |
508 | 526 | end |
509 | 527 | |
510 | - | |
511 | - should 'display articles to people who can edit them' do | |
528 | + should 'display private articles to people who can view private content' do | |
512 | 529 | person = create_user('test_user').person |
513 | 530 | article = Article.create!(:name => 'test article', :profile => person, :public_article => false) |
514 | 531 | |
515 | 532 | admin_user = create_user('admin_user').person |
516 | - admin_user.stubs(:has_permission?).with('post_content', article.profile).returns('true') | |
533 | + admin_user.stubs(:has_permission?).with('view_private_content', article.profile).returns('true') | |
517 | 534 | |
518 | 535 | assert article.display_to?(admin_user) |
519 | 536 | end | ... | ... |