Commit 5e18de25246adb7e2ebca561d9a8945b0d6018f8
1 parent
365278f4
Exists in
master
and in
28 other branches
ActionItem114: controllers atualized for new interface of access control plugin an more tested
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@854 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
19 changed files
with
101 additions
and
55 deletions
Show diff stats
app/controllers/application.rb
| ... | ... | @@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base |
| 9 | 9 | |
| 10 | 10 | # Be sure to include AuthenticationSystem in Application Controller instead |
| 11 | 11 | include AuthenticatedSystem |
| 12 | - extend PermissionCheck | |
| 12 | + include PermissionCheck | |
| 13 | 13 | init_gettext 'noosfero' |
| 14 | 14 | |
| 15 | 15 | include NeedsProfile |
| ... | ... | @@ -42,11 +42,19 @@ class ApplicationController < ActionController::Base |
| 42 | 42 | |
| 43 | 43 | def render_not_found(path) |
| 44 | 44 | @path = path |
| 45 | - render :file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404 | |
| 45 | + render(:file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404) && false | |
| 46 | 46 | end |
| 47 | 47 | |
| 48 | 48 | def load_admin_controller |
| 49 | 49 | # TODO: check access control |
| 50 | 50 | end |
| 51 | 51 | |
| 52 | + def load_profile | |
| 53 | + @profile = Profile.find_by_identifier(params[:profile]) | |
| 54 | + end | |
| 55 | + | |
| 56 | + def user | |
| 57 | + current_user.person if logged_in? | |
| 58 | + end | |
| 59 | + | |
| 52 | 60 | end | ... | ... |
app/controllers/environment_admin/admin_panel_controller.rb
| 1 | 1 | class AdminPanelController < EnvironmentAdminController |
| 2 | 2 | |
| 3 | - protect [:index], 'view_environment_admin_panel', :environment | |
| 3 | + protect 'view_environment_admin_panel', :environment | |
| 4 | 4 | |
| 5 | 5 | #FIXME This is not necessary because the application controller define the envrioment |
| 6 | 6 | # as the default holder |
| ... | ... | @@ -8,8 +8,9 @@ class AdminPanelController < EnvironmentAdminController |
| 8 | 8 | |
| 9 | 9 | design :holder => 'environment' |
| 10 | 10 | |
| 11 | + protected | |
| 12 | + | |
| 11 | 13 | def load_default_enviroment |
| 12 | 14 | @environment = Environment.default |
| 13 | 15 | end |
| 14 | - | |
| 15 | 16 | end | ... | ... |
app/controllers/environment_admin/categories_controller.rb
app/controllers/environment_admin/environment_role_manager_controller.rb
| 1 | 1 | class EnvironmentRoleManagerController < ApplicationController |
| 2 | - protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate, :make_admin], 'manage_environment_roles', :environment | |
| 2 | + protect 'manage_environment_roles', :environment | |
| 3 | 3 | |
| 4 | 4 | def index |
| 5 | 5 | @admins = Person.find(:all, :conditions => ['role_assignments.resource_type = ?', 'Environment'], :include => :role_assignments ) | ... | ... |
app/controllers/environment_admin/features_controller.rb
app/controllers/environment_admin/region_validators_controller.rb
| ... | ... | @@ -2,7 +2,7 @@ class RegionValidatorsController < ApplicationController |
| 2 | 2 | |
| 3 | 3 | before_filter :load_region_and_search, :except => 'index' |
| 4 | 4 | |
| 5 | -# protect [:index, :region, :search, :add, :remove], 'manage_environment_validators', :environment | |
| 5 | +# protect 'manage_environment_validators', :environment | |
| 6 | 6 | |
| 7 | 7 | def index |
| 8 | 8 | @regions = Region.top_level_for(environment) | ... | ... |
app/controllers/environment_admin/role_controller.rb
app/controllers/profile_admin/cms_controller.rb
| 1 | 1 | class CmsController < Comatose::AdminController |
| 2 | - extend PermissionCheck | |
| 2 | + include PermissionCheck | |
| 3 | 3 | |
| 4 | 4 | |
| 5 | 5 | |
| 6 | 6 | define_option :page_class, Article |
| 7 | 7 | |
| 8 | - protect [:edit, :new, :reorder, :delete], 'post_content', :profile | |
| 8 | + protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete] | |
| 9 | 9 | |
| 10 | 10 | protected |
| 11 | 11 | ... | ... |
app/controllers/profile_admin/enterprise_editor_controller.rb
| 1 | 1 | class EnterpriseEditorController < ProfileAdminController |
| 2 | + needs_profile | |
| 3 | + protect 'edit_profile', :profile, :exept => :destroy | |
| 4 | + protect 'destroy_profile', :profile, :only => :destroy | |
| 2 | 5 | |
| 3 | - before_filter :login_required, :check_enterprise | |
| 4 | - | |
| 5 | - protect [:edit, :update], 'edit_profile', :profile | |
| 6 | - protect [:destroy], 'destroy_profile', :profile | |
| 7 | - | |
| 8 | - | |
| 6 | + before_filter :check_enterprise | |
| 9 | 7 | |
| 10 | 8 | # Show details about an enterprise |
| 11 | 9 | def index |
| 12 | - @enterprise = @profile | |
| 13 | 10 | end |
| 14 | 11 | |
| 15 | 12 | # Provides an interface to editing the enterprise details |
| ... | ... | @@ -30,7 +27,7 @@ class EnterpriseEditorController < ProfileAdminController |
| 30 | 27 | |
| 31 | 28 | # Elimitates the enterprise of the system |
| 32 | 29 | def destroy |
| 33 | - raise "bli" | |
| 30 | + #raise "bli" | |
| 34 | 31 | if @enterprise.destroy! |
| 35 | 32 | flash[:notice] = _('Enterprise sucessfully erased from the system') |
| 36 | 33 | redirect_to :controller => 'profile_editor', :action => 'index', :profile => current_user.login |
| ... | ... | @@ -41,7 +38,7 @@ class EnterpriseEditorController < ProfileAdminController |
| 41 | 38 | |
| 42 | 39 | # Activate a validated enterprise |
| 43 | 40 | def activate |
| 44 | - if @enterprise.activate | |
| 41 | + if @enterprise.activatepermission.nil? | |
| 45 | 42 | flash[:notice] = _('Enterprise successfuly activacted') |
| 46 | 43 | else |
| 47 | 44 | flash[:notice] = _('Failed to activate the enterprise') |
| ... | ... | @@ -51,8 +48,17 @@ class EnterpriseEditorController < ProfileAdminController |
| 51 | 48 | |
| 52 | 49 | protected |
| 53 | 50 | |
| 51 | + def permission | |
| 52 | + 'bli' | |
| 53 | + end | |
| 54 | + def permission=(perm) | |
| 55 | + @p = perm | |
| 56 | + end | |
| 54 | 57 | def check_enterprise |
| 55 | - redirect_to :controller => 'profile_editor', :profile => current_user.login unless @profile.is_a?(Enterprise) | |
| 56 | - @enterprise = @profile | |
| 58 | + if profile.is_a?(Enterprise) | |
| 59 | + @enterprise = profile | |
| 60 | + else | |
| 61 | + redirect_to :controller => 'account' #:controller => 'profile_editor', :profile => current_user.login and return | |
| 62 | + end | |
| 57 | 63 | end |
| 58 | 64 | end | ... | ... |
app/controllers/profile_admin/membership_editor_controller.rb
| ... | ... | @@ -2,9 +2,11 @@ class MembershipEditorController < ProfileAdminController |
| 2 | 2 | |
| 3 | 3 | before_filter :login_required |
| 4 | 4 | |
| 5 | - | |
| 6 | - | |
| 7 | - protect [:index, :new_enterprise, :create_enterprise ], 'edit_profile', :profile | |
| 5 | + def target | |
| 6 | + environment | |
| 7 | + end | |
| 8 | + | |
| 9 | + protect 'edit_profile', :profile, :only => [:index, :new_enterprise, :create_enterprise ] | |
| 8 | 10 | |
| 9 | 11 | def index |
| 10 | 12 | @memberships = current_user.person.enterprise_memberships | ... | ... |
app/controllers/profile_admin/profile_editor_controller.rb
| 1 | 1 | class ProfileEditorController < ProfileAdminController |
| 2 | 2 | |
| 3 | - #protect [:index, :edit], 'edit_profile', :profile | |
| 3 | + #protect 'edit_profile', :profile, only => [:index, :edit] | |
| 4 | 4 | |
| 5 | 5 | helper :profile |
| 6 | 6 | |
| ... | ... | @@ -12,7 +12,7 @@ class ProfileEditorController < ProfileAdminController |
| 12 | 12 | def block_types |
| 13 | 13 | %w[ |
| 14 | 14 | FavouriteLinks |
| 15 | - ] | |
| 15 | + ] | |
| 16 | 16 | end |
| 17 | 17 | |
| 18 | 18 | # FIXME Put other Blocks to works | ... | ... |
app/controllers/profile_admin/profile_members_controller.rb
| 1 | 1 | class ProfileMembersController < ProfileAdminController |
| 2 | 2 | |
| 3 | - protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate], 'manage_memberships', :profile | |
| 3 | + protect 'manage_memberships', :profile | |
| 4 | 4 | |
| 5 | 5 | def index |
| 6 | 6 | @members = profile.people.uniq | ... | ... |
app/controllers/public/account_controller.rb
| ... | ... | @@ -4,10 +4,6 @@ class AccountController < PublicController |
| 4 | 4 | |
| 5 | 5 | design :holder => 'environment' |
| 6 | 6 | |
| 7 | - def load_default_environment | |
| 8 | - @environment = Environment.default | |
| 9 | - end | |
| 10 | - | |
| 11 | 7 | # say something nice, you goof! something sweet. |
| 12 | 8 | def index |
| 13 | 9 | unless logged_in? |
| ... | ... | @@ -127,5 +123,7 @@ class AccountController < PublicController |
| 127 | 123 | @profile = current_user.person |
| 128 | 124 | end |
| 129 | 125 | |
| 130 | - | |
| 126 | + def load_default_environment | |
| 127 | + @environment = Environment.default | |
| 128 | + end | |
| 131 | 129 | end | ... | ... |
app/models/environment.rb
| ... | ... | @@ -11,7 +11,7 @@ class Environment < ActiveRecord::Base |
| 11 | 11 | 'manage_environment_roles' => N_('Manage environment roles'), |
| 12 | 12 | 'manage_environment_validators' => N_('Manage environment validators'), |
| 13 | 13 | } |
| 14 | - | |
| 14 | + | |
| 15 | 15 | # returns the available features for a Environment, in the form of a |
| 16 | 16 | # hash, with pairs in the form <tt>'feature_name' => 'Feature name'</tt>. |
| 17 | 17 | def self.available_features | ... | ... |
app/views/enterprise_editor/index.rhtml
| 1 | -<h3> <%= @profile.name %> </h3> | |
| 1 | +<h3> <%= @enterprise.name %> </h3> | |
| 2 | 2 | |
| 3 | 3 | <%= error_messages_for 'profile' %> |
| 4 | 4 | |
| 5 | -<p> <%= _('Identifier: ') %> <%= @profile.identifier %> </p> | |
| 6 | -<p> <%= _('Address: ') %> <%= @profile.address %> </p> | |
| 7 | -<p> <%= _('Contact phone: ') %> <%= @profile.contact_phone %> </p> | |
| 8 | -<p> <%= _('Contact person: ') %> <%= @profile.organization_info.contact_person %> </p> | |
| 9 | -<p> <%= _('Acronym: ') %> <%= @profile.organization_info.acronym %> </p> | |
| 10 | -<p> <%= _('Foundation year: ') %> <%= @profile.organization_info.foundation_year %> </p> | |
| 11 | -<p> <%= _('Legal Form: ') %> <%= @profile.organization_info.legal_form %> </p> | |
| 12 | -<p> <%= _('Economic activity: ') %> <%= @profile.organization_info.economic_activity %> </p> | |
| 13 | -<p> <%= _('Management infomation: ') %> <%= @profile.organization_info.management_information %> </p> | |
| 14 | -<p> <%= _('Tags:') %> <%= @profile.tag_list %> </p> | |
| 5 | +<p> <%= _('Identifier: ') %> <%= @enterprise.identifier %> </p> | |
| 6 | +<p> <%= _('Address: ') %> <%= @enterprise.address %> </p> | |
| 7 | +<p> <%= _('Contact phone: ') %> <%= @enterprise.contact_phone %> </p> | |
| 8 | +<p> <%= _('Contact person: ') %> <%= @enterprise.organization_info.contact_person %> </p> | |
| 9 | +<p> <%= _('Acronym: ') %> <%= @enterprise.organization_info.acronym %> </p> | |
| 10 | +<p> <%= _('Foundation year: ') %> <%= @enterprise.organization_info.foundation_year %> </p> | |
| 11 | +<p> <%= _('Legal Form: ') %> <%= @enterprise.organization_info.legal_form %> </p> | |
| 12 | +<p> <%= _('Economic activity: ') %> <%= @enterprise.organization_info.economic_activity %> </p> | |
| 13 | +<p> <%= _('Management infomation: ') %> <%= @enterprise.organization_info.management_information %> </p> | |
| 14 | +<p> <%= _('Tags:') %> <%= @enterprise.tag_list %> </p> | |
| 15 | 15 | |
| 16 | -<%= link_to _('Edit enterprise'), :action => 'edit', :id => @profile %> | |
| 16 | +<%= link_to _('Edit enterprise'), :action => 'edit', :id => @enterprise %> | |
| 17 | 17 | <%= help _('Change the information about the enterprise') %> |
| 18 | -<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @profile %> | |
| 18 | +<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @enterprise %> | |
| 19 | 19 | <%= help _('Remove the enterprise from the system') %> |
| 20 | -<%= link_to _('Activate'), :action => 'activate', :id => @profile unless @profile.active? %> | |
| 21 | -<%= help _('Activate an approved enterprise') unless @profile.active? %> | |
| 20 | +<%= link_to _('Activate'), :action => 'activate', :id => @enterprise unless @enterprise.active? %> | |
| 21 | +<%= help _('Activate an approved enterprise') unless @enterprise.active? %> | |
| 22 | 22 | |
| 23 | 23 | <%= link_to _('Back'), :controller => :profile_editor %> | ... | ... |
db/migrate/013_access_control_migration.rb
test/functional/admin_panel_controller_test.rb
| ... | ... | @@ -11,7 +11,7 @@ class AdminPanelControllerTest < Test::Unit::TestCase |
| 11 | 11 | @controller = AdminPanelController.new |
| 12 | 12 | @request = ActionController::TestRequest.new |
| 13 | 13 | @response = ActionController::TestResponse.new |
| 14 | - login_as(:ze) | |
| 14 | + login_as(create_admin_user(Environment.default)) | |
| 15 | 15 | end |
| 16 | 16 | |
| 17 | 17 | def test_index |
| ... | ... | @@ -21,5 +21,6 @@ class AdminPanelControllerTest < Test::Unit::TestCase |
| 21 | 21 | assert_tag :tag => 'a', :attributes => { :href => /edit_template/ } |
| 22 | 22 | assert_tag :tag => 'a', :attributes => { :href => /features/ } |
| 23 | 23 | assert_tag :tag => 'a', :attributes => { :href => /role/ } |
| 24 | + assert_tag :tag => 'a', :attributes => { :href => /region_validators/ } | |
| 24 | 25 | end |
| 25 | 26 | end | ... | ... |
test/functional/application_controller_test.rb
| ... | ... | @@ -5,8 +5,6 @@ require 'test_controller' |
| 5 | 5 | class TestController; def rescue_action(e) raise e end; end |
| 6 | 6 | |
| 7 | 7 | class ApplicationControllerTest < Test::Unit::TestCase |
| 8 | - | |
| 9 | -# all_fixtures:profiles, :environments, :domains, :design_boxes | |
| 10 | 8 | all_fixtures |
| 11 | 9 | def setup |
| 12 | 10 | @controller = TestController.new | ... | ... |
test/functional/enterprise_editor_controller_test.rb
| ... | ... | @@ -11,8 +11,39 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase |
| 11 | 11 | @response = ActionController::TestResponse.new |
| 12 | 12 | end |
| 13 | 13 | |
| 14 | - # Replace this with your real tests. | |
| 15 | - def test_truth | |
| 16 | - assert true | |
| 14 | + should 'not see index if do not logged in' do | |
| 15 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise') | |
| 16 | + get 'index', :profile => 'test_enterprise' | |
| 17 | + | |
| 18 | + assert_response :success | |
| 19 | + assert_template 'access_denied.rhtml' | |
| 20 | + end | |
| 21 | + | |
| 22 | + should 'not see index if do not have permission to edit profile' do | |
| 23 | + user = create_user('test_user') | |
| 24 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise') | |
| 25 | + login_as :test_user | |
| 26 | + | |
| 27 | + get 'index', :profile => 'test_enterprise' | |
| 28 | + | |
| 29 | + assert_response :success | |
| 30 | + assert @controller.send(:profile) | |
| 31 | + assert_equal ent.identifier, @controller.send(:profile).identifier | |
| 32 | + assert_template 'access_denied.rhtml' | |
| 33 | + end | |
| 34 | + | |
| 35 | + should 'see index if have permission' do | |
| 36 | + user = create_user('test_user').person | |
| 37 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enterprise') | |
| 38 | + role = Role.create!(:name => 'test_role', :permissions => ['edit_profile']) | |
| 39 | + assert user.add_role(role, ent) | |
| 40 | + assert user.has_permission?('edit_profile', ent) | |
| 41 | + login_as :test_user | |
| 42 | + | |
| 43 | + get 'index', :profile => 'test_enterprise' | |
| 44 | + | |
| 45 | + assert_response :success | |
| 46 | + assert @controller.send(:profile) | |
| 47 | + assert_template 'index' | |
| 17 | 48 | end |
| 18 | 49 | end | ... | ... |