From 5d65aadb46ba12238f405e3dffaef2b727517af5 Mon Sep 17 00:00:00 2001 From: Daniela Soares Feitosa Date: Fri, 27 Mar 2009 15:17:09 -0300 Subject: [PATCH] ActionItem968: admins and moderators can view private content --- app/models/article.rb | 2 +- app/models/profile.rb | 23 ++++++++++++----------- db/migrate/063_fix_some_roles_permission.rb | 21 +++++++++++++++++++++ test/fixtures/roles.yml | 3 +++ test/functional/content_viewer_controller_test.rb | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- test/unit/article_test.rb | 29 +++++++++++++++++++++++------ 6 files changed, 124 insertions(+), 19 deletions(-) create mode 100644 db/migrate/063_fix_some_roles_permission.rb diff --git a/app/models/article.rb b/app/models/article.rb index 46c8093..9be2845 100644 --- a/app/models/article.rb +++ b/app/models/article.rb @@ -197,7 +197,7 @@ class Article < ActiveRecord::Base if user.nil? false else - (user == self.profile) || user.memberships.include?(self.profile) || (profile.kind_of?(Person) && profile.friends.include?(user)) || user.has_permission?('post_content', self.profile) + (user == self.profile) || user.has_permission?('view_private_content', self.profile) end end end diff --git a/app/models/profile.rb b/app/models/profile.rb index 20bf3e1..2705e93 100644 --- a/app/models/profile.rb +++ b/app/models/profile.rb @@ -25,17 +25,18 @@ class Profile < ActiveRecord::Base end PERMISSIONS['Profile'] = { - 'edit_profile' => N_('Edit profile'), - 'destroy_profile' => N_('Destroy profile'), - 'manage_memberships' => N_('Manage memberships'), - 'post_content' => N_('Post content'), - 'edit_profile_design' => N_('Edit profile design'), - 'manage_products' => N_('Manage products'), - 'manage_friends' => N_('Manage friends'), - 'validate_enterprise' => N_('Validate enterprise'), - 'perform_task' => N_('Perform task'), - 'moderate_comments' => N_('Moderate comments'), - 'edit_appearance' => N_('Edit appearance'), + 'edit_profile' => N_('Edit profile'), + 'destroy_profile' => N_('Destroy profile'), + 'manage_memberships' => N_('Manage memberships'), + 'post_content' => N_('Post content'), + 'edit_profile_design' => N_('Edit profile design'), + 'manage_products' => N_('Manage products'), + 'manage_friends' => N_('Manage friends'), + 'validate_enterprise' => N_('Validate enterprise'), + 'perform_task' => N_('Perform task'), + 'moderate_comments' => N_('Moderate comments'), + 'edit_appearance' => N_('Edit appearance'), + 'view_private_content' => N_('View private content'), } acts_as_accessible diff --git a/db/migrate/063_fix_some_roles_permission.rb b/db/migrate/063_fix_some_roles_permission.rb new file mode 100644 index 0000000..db7058f --- /dev/null +++ b/db/migrate/063_fix_some_roles_permission.rb @@ -0,0 +1,21 @@ +class FixSomeRolesPermission < ActiveRecord::Migration + def self.up + admin = Profile::Roles.admin + admin.permissions += ['view_private_content'] + admin.save + + moderator = Profile::Roles.moderator + moderator.permissions += ['view_private_content'] + moderator.save + end + + def self.down + admin = Profile::Roles.admin + admin.permissions -= ['view_private_content'] + admin.save + + moderator = Profile::Roles.moderator + moderator.permissions -= ['view_private_content'] + moderator.save + end +end diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml index 03b0450..f31c12c 100644 --- a/test/fixtures/roles.yml +++ b/test/fixtures/roles.yml @@ -39,6 +39,8 @@ profile_admin: - moderate_comments - destroy_profile - perform_task + - post_content + - view_private_content profile_member: id: 6 key: 'profile_member' @@ -55,6 +57,7 @@ profile_moderator: system: true permissions: - moderate_comments + - view_private_content environment_administrator: id: 8 key: 'environment_administrator' diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb index 66193ac..ea609f0 100644 --- a/test/functional/content_viewer_controller_test.rb +++ b/test/functional/content_viewer_controller_test.rb @@ -329,6 +329,43 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_response :success end + should 'not show private content to members' do + community = Community.create!(:name => 'testcomm') + Folder.create!(:name => 'test', :profile => community, :public_article => false) + community.add_member(profile) + + login_as(profile.identifier) + + @request.stubs(:ssl?).returns(true) + get :view_page, :profile => community.identifier, :page => [ 'test' ] + + assert_template 'access_denied.rhtml' + end + + should 'show private content to profile moderators' do + community = Community.create!(:name => 'testcomm') + community.articles.create!(:name => 'test', :public_article => false) + community.add_moderator(profile) + + login_as(profile.identifier) + + @request.stubs(:ssl?).returns(true) + get :view_page, :profile => community.identifier, :page => [ 'test' ] + assert_response :success + end + + should 'show private content to profile admins' do + community = Community.create!(:name => 'testcomm') + community.articles.create!(:name => 'test', :public_article => false) + community.add_admin(profile) + + login_as(profile.identifier) + + @request.stubs(:ssl?).returns(true) + get :view_page, :profile => community.identifier, :page => [ 'test' ] + assert_response :success + end + should 'show message for disabled enterprises' do login_as(@profile.identifier) ent = Enterprise.create!(:name => 'my test enterprise', :identifier => 'my-test-enterprise', :enabled => false) @@ -424,7 +461,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase assert_template 'access_denied.rhtml' end - should 'give access to private articles if logged in and member' do + should 'not give access to private articles if logged in and only member' do person = create_user('test_user').person profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) @@ -434,6 +471,32 @@ class ContentViewerControllerTest < Test::Unit::TestCase @request.stubs(:ssl?).returns(true) get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] + assert_template 'access_denied.rhtml' + end + + should 'give access to private articles if logged in and moderator' do + person = create_user('test_user').person + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) + profile.affiliate(person, Profile::Roles.moderator) + login_as('test_user') + + @request.stubs(:ssl?).returns(true) + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] + + assert_template 'view_page' + end + + should 'give access to private articles if logged in and admin' do + person = create_user('test_user').person + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') + intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :public_article => false) + profile.affiliate(person, Profile::Roles.admin) + login_as('test_user') + + @request.stubs(:ssl?).returns(true) + get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] + assert_template 'view_page' end diff --git a/test/unit/article_test.rb b/test/unit/article_test.rb index ca37826..7b683a6 100644 --- a/test/unit/article_test.rb +++ b/test/unit/article_test.rb @@ -437,12 +437,30 @@ class ArticleTest < Test::Unit::TestCase assert !article.display_to?(person) end - should 'say that member user can see private article' do + should 'say that member user can not see private article' do profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) person = create_user('test_user').person profile.affiliate(person, Profile::Roles.member) + assert !article.display_to?(person) + end + + should 'say that profile admin can see private article' do + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) + person = create_user('test_user').person + profile.affiliate(person, Profile::Roles.admin) + + assert article.display_to?(person) + end + + should 'say that profile moderator can see private article' do + profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile') + article = Article.create!(:name => 'test article', :profile => profile, :public_article => false) + person = create_user('test_user').person + profile.affiliate(person, Profile::Roles.moderator) + assert article.display_to?(person) end @@ -496,7 +514,7 @@ class ArticleTest < Test::Unit::TestCase assert !article.public_article end - should 'allow friends of private person see the article' do + should 'not allow friends of private person see the article' do person = create_user('test_user').person article = Article.create!(:name => 'test article', :profile => person, :public_article => false) friend = create_user('test_friend').person @@ -504,16 +522,15 @@ class ArticleTest < Test::Unit::TestCase person.save! friend.save! - assert article.display_to?(friend) + assert !article.display_to?(friend) end - - should 'display articles to people who can edit them' do + should 'display private articles to people who can view private content' do person = create_user('test_user').person article = Article.create!(:name => 'test article', :profile => person, :public_article => false) admin_user = create_user('admin_user').person - admin_user.stubs(:has_permission?).with('post_content', article.profile).returns('true') + admin_user.stubs(:has_permission?).with('view_private_content', article.profile).returns('true') assert article.display_to?(admin_user) end -- libgit2 0.21.2