Commit 5e18de25246adb7e2ebca561d9a8945b0d6018f8
1 parent
365278f4
Exists in
master
and in
28 other branches
ActionItem114: controllers atualized for new interface of access control plugin an more tested
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@854 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
19 changed files
with
101 additions
and
55 deletions
Show diff stats
app/controllers/application.rb
... | ... | @@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base |
9 | 9 | |
10 | 10 | # Be sure to include AuthenticationSystem in Application Controller instead |
11 | 11 | include AuthenticatedSystem |
12 | - extend PermissionCheck | |
12 | + include PermissionCheck | |
13 | 13 | init_gettext 'noosfero' |
14 | 14 | |
15 | 15 | include NeedsProfile |
... | ... | @@ -42,11 +42,19 @@ class ApplicationController < ActionController::Base |
42 | 42 | |
43 | 43 | def render_not_found(path) |
44 | 44 | @path = path |
45 | - render :file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404 | |
45 | + render(:file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404) && false | |
46 | 46 | end |
47 | 47 | |
48 | 48 | def load_admin_controller |
49 | 49 | # TODO: check access control |
50 | 50 | end |
51 | 51 | |
52 | + def load_profile | |
53 | + @profile = Profile.find_by_identifier(params[:profile]) | |
54 | + end | |
55 | + | |
56 | + def user | |
57 | + current_user.person if logged_in? | |
58 | + end | |
59 | + | |
52 | 60 | end | ... | ... |
app/controllers/environment_admin/admin_panel_controller.rb
1 | 1 | class AdminPanelController < EnvironmentAdminController |
2 | 2 | |
3 | - protect [:index], 'view_environment_admin_panel', :environment | |
3 | + protect 'view_environment_admin_panel', :environment | |
4 | 4 | |
5 | 5 | #FIXME This is not necessary because the application controller define the envrioment |
6 | 6 | # as the default holder |
... | ... | @@ -8,8 +8,9 @@ class AdminPanelController < EnvironmentAdminController |
8 | 8 | |
9 | 9 | design :holder => 'environment' |
10 | 10 | |
11 | + protected | |
12 | + | |
11 | 13 | def load_default_enviroment |
12 | 14 | @environment = Environment.default |
13 | 15 | end |
14 | - | |
15 | 16 | end | ... | ... |
app/controllers/environment_admin/categories_controller.rb
app/controllers/environment_admin/environment_role_manager_controller.rb
1 | 1 | class EnvironmentRoleManagerController < ApplicationController |
2 | - protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate, :make_admin], 'manage_environment_roles', :environment | |
2 | + protect 'manage_environment_roles', :environment | |
3 | 3 | |
4 | 4 | def index |
5 | 5 | @admins = Person.find(:all, :conditions => ['role_assignments.resource_type = ?', 'Environment'], :include => :role_assignments ) | ... | ... |
app/controllers/environment_admin/features_controller.rb
app/controllers/environment_admin/region_validators_controller.rb
... | ... | @@ -2,7 +2,7 @@ class RegionValidatorsController < ApplicationController |
2 | 2 | |
3 | 3 | before_filter :load_region_and_search, :except => 'index' |
4 | 4 | |
5 | -# protect [:index, :region, :search, :add, :remove], 'manage_environment_validators', :environment | |
5 | +# protect 'manage_environment_validators', :environment | |
6 | 6 | |
7 | 7 | def index |
8 | 8 | @regions = Region.top_level_for(environment) | ... | ... |
app/controllers/environment_admin/role_controller.rb
app/controllers/profile_admin/cms_controller.rb
1 | 1 | class CmsController < Comatose::AdminController |
2 | - extend PermissionCheck | |
2 | + include PermissionCheck | |
3 | 3 | |
4 | 4 | |
5 | 5 | |
6 | 6 | define_option :page_class, Article |
7 | 7 | |
8 | - protect [:edit, :new, :reorder, :delete], 'post_content', :profile | |
8 | + protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete] | |
9 | 9 | |
10 | 10 | protected |
11 | 11 | ... | ... |
app/controllers/profile_admin/enterprise_editor_controller.rb
1 | 1 | class EnterpriseEditorController < ProfileAdminController |
2 | + needs_profile | |
3 | + protect 'edit_profile', :profile, :exept => :destroy | |
4 | + protect 'destroy_profile', :profile, :only => :destroy | |
2 | 5 | |
3 | - before_filter :login_required, :check_enterprise | |
4 | - | |
5 | - protect [:edit, :update], 'edit_profile', :profile | |
6 | - protect [:destroy], 'destroy_profile', :profile | |
7 | - | |
8 | - | |
6 | + before_filter :check_enterprise | |
9 | 7 | |
10 | 8 | # Show details about an enterprise |
11 | 9 | def index |
12 | - @enterprise = @profile | |
13 | 10 | end |
14 | 11 | |
15 | 12 | # Provides an interface to editing the enterprise details |
... | ... | @@ -30,7 +27,7 @@ class EnterpriseEditorController < ProfileAdminController |
30 | 27 | |
31 | 28 | # Elimitates the enterprise of the system |
32 | 29 | def destroy |
33 | - raise "bli" | |
30 | + #raise "bli" | |
34 | 31 | if @enterprise.destroy! |
35 | 32 | flash[:notice] = _('Enterprise sucessfully erased from the system') |
36 | 33 | redirect_to :controller => 'profile_editor', :action => 'index', :profile => current_user.login |
... | ... | @@ -41,7 +38,7 @@ class EnterpriseEditorController < ProfileAdminController |
41 | 38 | |
42 | 39 | # Activate a validated enterprise |
43 | 40 | def activate |
44 | - if @enterprise.activate | |
41 | + if @enterprise.activatepermission.nil? | |
45 | 42 | flash[:notice] = _('Enterprise successfuly activacted') |
46 | 43 | else |
47 | 44 | flash[:notice] = _('Failed to activate the enterprise') |
... | ... | @@ -51,8 +48,17 @@ class EnterpriseEditorController < ProfileAdminController |
51 | 48 | |
52 | 49 | protected |
53 | 50 | |
51 | + def permission | |
52 | + 'bli' | |
53 | + end | |
54 | + def permission=(perm) | |
55 | + @p = perm | |
56 | + end | |
54 | 57 | def check_enterprise |
55 | - redirect_to :controller => 'profile_editor', :profile => current_user.login unless @profile.is_a?(Enterprise) | |
56 | - @enterprise = @profile | |
58 | + if profile.is_a?(Enterprise) | |
59 | + @enterprise = profile | |
60 | + else | |
61 | + redirect_to :controller => 'account' #:controller => 'profile_editor', :profile => current_user.login and return | |
62 | + end | |
57 | 63 | end |
58 | 64 | end | ... | ... |
app/controllers/profile_admin/membership_editor_controller.rb
... | ... | @@ -2,9 +2,11 @@ class MembershipEditorController < ProfileAdminController |
2 | 2 | |
3 | 3 | before_filter :login_required |
4 | 4 | |
5 | - | |
6 | - | |
7 | - protect [:index, :new_enterprise, :create_enterprise ], 'edit_profile', :profile | |
5 | + def target | |
6 | + environment | |
7 | + end | |
8 | + | |
9 | + protect 'edit_profile', :profile, :only => [:index, :new_enterprise, :create_enterprise ] | |
8 | 10 | |
9 | 11 | def index |
10 | 12 | @memberships = current_user.person.enterprise_memberships | ... | ... |
app/controllers/profile_admin/profile_editor_controller.rb
1 | 1 | class ProfileEditorController < ProfileAdminController |
2 | 2 | |
3 | - #protect [:index, :edit], 'edit_profile', :profile | |
3 | + #protect 'edit_profile', :profile, only => [:index, :edit] | |
4 | 4 | |
5 | 5 | helper :profile |
6 | 6 | |
... | ... | @@ -12,7 +12,7 @@ class ProfileEditorController < ProfileAdminController |
12 | 12 | def block_types |
13 | 13 | %w[ |
14 | 14 | FavouriteLinks |
15 | - ] | |
15 | + ] | |
16 | 16 | end |
17 | 17 | |
18 | 18 | # FIXME Put other Blocks to works | ... | ... |
app/controllers/profile_admin/profile_members_controller.rb
1 | 1 | class ProfileMembersController < ProfileAdminController |
2 | 2 | |
3 | - protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate], 'manage_memberships', :profile | |
3 | + protect 'manage_memberships', :profile | |
4 | 4 | |
5 | 5 | def index |
6 | 6 | @members = profile.people.uniq | ... | ... |
app/controllers/public/account_controller.rb
... | ... | @@ -4,10 +4,6 @@ class AccountController < PublicController |
4 | 4 | |
5 | 5 | design :holder => 'environment' |
6 | 6 | |
7 | - def load_default_environment | |
8 | - @environment = Environment.default | |
9 | - end | |
10 | - | |
11 | 7 | # say something nice, you goof! something sweet. |
12 | 8 | def index |
13 | 9 | unless logged_in? |
... | ... | @@ -127,5 +123,7 @@ class AccountController < PublicController |
127 | 123 | @profile = current_user.person |
128 | 124 | end |
129 | 125 | |
130 | - | |
126 | + def load_default_environment | |
127 | + @environment = Environment.default | |
128 | + end | |
131 | 129 | end | ... | ... |
app/models/environment.rb
... | ... | @@ -11,7 +11,7 @@ class Environment < ActiveRecord::Base |
11 | 11 | 'manage_environment_roles' => N_('Manage environment roles'), |
12 | 12 | 'manage_environment_validators' => N_('Manage environment validators'), |
13 | 13 | } |
14 | - | |
14 | + | |
15 | 15 | # returns the available features for a Environment, in the form of a |
16 | 16 | # hash, with pairs in the form <tt>'feature_name' => 'Feature name'</tt>. |
17 | 17 | def self.available_features | ... | ... |
app/views/enterprise_editor/index.rhtml
1 | -<h3> <%= @profile.name %> </h3> | |
1 | +<h3> <%= @enterprise.name %> </h3> | |
2 | 2 | |
3 | 3 | <%= error_messages_for 'profile' %> |
4 | 4 | |
5 | -<p> <%= _('Identifier: ') %> <%= @profile.identifier %> </p> | |
6 | -<p> <%= _('Address: ') %> <%= @profile.address %> </p> | |
7 | -<p> <%= _('Contact phone: ') %> <%= @profile.contact_phone %> </p> | |
8 | -<p> <%= _('Contact person: ') %> <%= @profile.organization_info.contact_person %> </p> | |
9 | -<p> <%= _('Acronym: ') %> <%= @profile.organization_info.acronym %> </p> | |
10 | -<p> <%= _('Foundation year: ') %> <%= @profile.organization_info.foundation_year %> </p> | |
11 | -<p> <%= _('Legal Form: ') %> <%= @profile.organization_info.legal_form %> </p> | |
12 | -<p> <%= _('Economic activity: ') %> <%= @profile.organization_info.economic_activity %> </p> | |
13 | -<p> <%= _('Management infomation: ') %> <%= @profile.organization_info.management_information %> </p> | |
14 | -<p> <%= _('Tags:') %> <%= @profile.tag_list %> </p> | |
5 | +<p> <%= _('Identifier: ') %> <%= @enterprise.identifier %> </p> | |
6 | +<p> <%= _('Address: ') %> <%= @enterprise.address %> </p> | |
7 | +<p> <%= _('Contact phone: ') %> <%= @enterprise.contact_phone %> </p> | |
8 | +<p> <%= _('Contact person: ') %> <%= @enterprise.organization_info.contact_person %> </p> | |
9 | +<p> <%= _('Acronym: ') %> <%= @enterprise.organization_info.acronym %> </p> | |
10 | +<p> <%= _('Foundation year: ') %> <%= @enterprise.organization_info.foundation_year %> </p> | |
11 | +<p> <%= _('Legal Form: ') %> <%= @enterprise.organization_info.legal_form %> </p> | |
12 | +<p> <%= _('Economic activity: ') %> <%= @enterprise.organization_info.economic_activity %> </p> | |
13 | +<p> <%= _('Management infomation: ') %> <%= @enterprise.organization_info.management_information %> </p> | |
14 | +<p> <%= _('Tags:') %> <%= @enterprise.tag_list %> </p> | |
15 | 15 | |
16 | -<%= link_to _('Edit enterprise'), :action => 'edit', :id => @profile %> | |
16 | +<%= link_to _('Edit enterprise'), :action => 'edit', :id => @enterprise %> | |
17 | 17 | <%= help _('Change the information about the enterprise') %> |
18 | -<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @profile %> | |
18 | +<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @enterprise %> | |
19 | 19 | <%= help _('Remove the enterprise from the system') %> |
20 | -<%= link_to _('Activate'), :action => 'activate', :id => @profile unless @profile.active? %> | |
21 | -<%= help _('Activate an approved enterprise') unless @profile.active? %> | |
20 | +<%= link_to _('Activate'), :action => 'activate', :id => @enterprise unless @enterprise.active? %> | |
21 | +<%= help _('Activate an approved enterprise') unless @enterprise.active? %> | |
22 | 22 | |
23 | 23 | <%= link_to _('Back'), :controller => :profile_editor %> | ... | ... |
db/migrate/013_access_control_migration.rb
test/functional/admin_panel_controller_test.rb
... | ... | @@ -11,7 +11,7 @@ class AdminPanelControllerTest < Test::Unit::TestCase |
11 | 11 | @controller = AdminPanelController.new |
12 | 12 | @request = ActionController::TestRequest.new |
13 | 13 | @response = ActionController::TestResponse.new |
14 | - login_as(:ze) | |
14 | + login_as(create_admin_user(Environment.default)) | |
15 | 15 | end |
16 | 16 | |
17 | 17 | def test_index |
... | ... | @@ -21,5 +21,6 @@ class AdminPanelControllerTest < Test::Unit::TestCase |
21 | 21 | assert_tag :tag => 'a', :attributes => { :href => /edit_template/ } |
22 | 22 | assert_tag :tag => 'a', :attributes => { :href => /features/ } |
23 | 23 | assert_tag :tag => 'a', :attributes => { :href => /role/ } |
24 | + assert_tag :tag => 'a', :attributes => { :href => /region_validators/ } | |
24 | 25 | end |
25 | 26 | end | ... | ... |
test/functional/application_controller_test.rb
... | ... | @@ -5,8 +5,6 @@ require 'test_controller' |
5 | 5 | class TestController; def rescue_action(e) raise e end; end |
6 | 6 | |
7 | 7 | class ApplicationControllerTest < Test::Unit::TestCase |
8 | - | |
9 | -# all_fixtures:profiles, :environments, :domains, :design_boxes | |
10 | 8 | all_fixtures |
11 | 9 | def setup |
12 | 10 | @controller = TestController.new | ... | ... |
test/functional/enterprise_editor_controller_test.rb
... | ... | @@ -11,8 +11,39 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase |
11 | 11 | @response = ActionController::TestResponse.new |
12 | 12 | end |
13 | 13 | |
14 | - # Replace this with your real tests. | |
15 | - def test_truth | |
16 | - assert true | |
14 | + should 'not see index if do not logged in' do | |
15 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise') | |
16 | + get 'index', :profile => 'test_enterprise' | |
17 | + | |
18 | + assert_response :success | |
19 | + assert_template 'access_denied.rhtml' | |
20 | + end | |
21 | + | |
22 | + should 'not see index if do not have permission to edit profile' do | |
23 | + user = create_user('test_user') | |
24 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise') | |
25 | + login_as :test_user | |
26 | + | |
27 | + get 'index', :profile => 'test_enterprise' | |
28 | + | |
29 | + assert_response :success | |
30 | + assert @controller.send(:profile) | |
31 | + assert_equal ent.identifier, @controller.send(:profile).identifier | |
32 | + assert_template 'access_denied.rhtml' | |
33 | + end | |
34 | + | |
35 | + should 'see index if have permission' do | |
36 | + user = create_user('test_user').person | |
37 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enterprise') | |
38 | + role = Role.create!(:name => 'test_role', :permissions => ['edit_profile']) | |
39 | + assert user.add_role(role, ent) | |
40 | + assert user.has_permission?('edit_profile', ent) | |
41 | + login_as :test_user | |
42 | + | |
43 | + get 'index', :profile => 'test_enterprise' | |
44 | + | |
45 | + assert_response :success | |
46 | + assert @controller.send(:profile) | |
47 | + assert_template 'index' | |
17 | 48 | end |
18 | 49 | end | ... | ... |