Commit 5e18de25246adb7e2ebca561d9a8945b0d6018f8
1 parent
365278f4
Exists in
master
and in
28 other branches
ActionItem114: controllers atualized for new interface of access control plugin an more tested
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@854 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing
19 changed files
with
101 additions
and
55 deletions
Show diff stats
app/controllers/application.rb
| @@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base | @@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base | ||
| 9 | 9 | ||
| 10 | # Be sure to include AuthenticationSystem in Application Controller instead | 10 | # Be sure to include AuthenticationSystem in Application Controller instead |
| 11 | include AuthenticatedSystem | 11 | include AuthenticatedSystem |
| 12 | - extend PermissionCheck | 12 | + include PermissionCheck |
| 13 | init_gettext 'noosfero' | 13 | init_gettext 'noosfero' |
| 14 | 14 | ||
| 15 | include NeedsProfile | 15 | include NeedsProfile |
| @@ -42,11 +42,19 @@ class ApplicationController < ActionController::Base | @@ -42,11 +42,19 @@ class ApplicationController < ActionController::Base | ||
| 42 | 42 | ||
| 43 | def render_not_found(path) | 43 | def render_not_found(path) |
| 44 | @path = path | 44 | @path = path |
| 45 | - render :file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404 | 45 | + render(:file => File.join(RAILS_ROOT, 'app', 'views', 'shared', 'not_found.rhtml'), :layout => 'not_found', :status => 404) && false |
| 46 | end | 46 | end |
| 47 | 47 | ||
| 48 | def load_admin_controller | 48 | def load_admin_controller |
| 49 | # TODO: check access control | 49 | # TODO: check access control |
| 50 | end | 50 | end |
| 51 | 51 | ||
| 52 | + def load_profile | ||
| 53 | + @profile = Profile.find_by_identifier(params[:profile]) | ||
| 54 | + end | ||
| 55 | + | ||
| 56 | + def user | ||
| 57 | + current_user.person if logged_in? | ||
| 58 | + end | ||
| 59 | + | ||
| 52 | end | 60 | end |
app/controllers/environment_admin/admin_panel_controller.rb
| 1 | class AdminPanelController < EnvironmentAdminController | 1 | class AdminPanelController < EnvironmentAdminController |
| 2 | 2 | ||
| 3 | - protect [:index], 'view_environment_admin_panel', :environment | 3 | + protect 'view_environment_admin_panel', :environment |
| 4 | 4 | ||
| 5 | #FIXME This is not necessary because the application controller define the envrioment | 5 | #FIXME This is not necessary because the application controller define the envrioment |
| 6 | # as the default holder | 6 | # as the default holder |
| @@ -8,8 +8,9 @@ class AdminPanelController < EnvironmentAdminController | @@ -8,8 +8,9 @@ class AdminPanelController < EnvironmentAdminController | ||
| 8 | 8 | ||
| 9 | design :holder => 'environment' | 9 | design :holder => 'environment' |
| 10 | 10 | ||
| 11 | + protected | ||
| 12 | + | ||
| 11 | def load_default_enviroment | 13 | def load_default_enviroment |
| 12 | @environment = Environment.default | 14 | @environment = Environment.default |
| 13 | end | 15 | end |
| 14 | - | ||
| 15 | end | 16 | end |
app/controllers/environment_admin/categories_controller.rb
| 1 | class CategoriesController < EnvironmentAdminController | 1 | class CategoriesController < EnvironmentAdminController |
| 2 | 2 | ||
| 3 | - protect [:index, :new, :edit, :remove], 'manage_environment_categories', :environment | 3 | + protect 'manage_environment_categories', :environment |
| 4 | 4 | ||
| 5 | helper :categories | 5 | helper :categories |
| 6 | 6 |
app/controllers/environment_admin/environment_role_manager_controller.rb
| 1 | class EnvironmentRoleManagerController < ApplicationController | 1 | class EnvironmentRoleManagerController < ApplicationController |
| 2 | - protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate, :make_admin], 'manage_environment_roles', :environment | 2 | + protect 'manage_environment_roles', :environment |
| 3 | 3 | ||
| 4 | def index | 4 | def index |
| 5 | @admins = Person.find(:all, :conditions => ['role_assignments.resource_type = ?', 'Environment'], :include => :role_assignments ) | 5 | @admins = Person.find(:all, :conditions => ['role_assignments.resource_type = ?', 'Environment'], :include => :role_assignments ) |
app/controllers/environment_admin/features_controller.rb
| 1 | class FeaturesController < EnvironmentAdminController | 1 | class FeaturesController < EnvironmentAdminController |
| 2 | - protect [:index, :update], 'edit_environment_features', :environment | 2 | + protect 'edit_environment_features', :environment |
| 3 | 3 | ||
| 4 | acts_as_environment_admin_controller | 4 | acts_as_environment_admin_controller |
| 5 | 5 |
app/controllers/environment_admin/region_validators_controller.rb
| @@ -2,7 +2,7 @@ class RegionValidatorsController < ApplicationController | @@ -2,7 +2,7 @@ class RegionValidatorsController < ApplicationController | ||
| 2 | 2 | ||
| 3 | before_filter :load_region_and_search, :except => 'index' | 3 | before_filter :load_region_and_search, :except => 'index' |
| 4 | 4 | ||
| 5 | -# protect [:index, :region, :search, :add, :remove], 'manage_environment_validators', :environment | 5 | +# protect 'manage_environment_validators', :environment |
| 6 | 6 | ||
| 7 | def index | 7 | def index |
| 8 | @regions = Region.top_level_for(environment) | 8 | @regions = Region.top_level_for(environment) |
app/controllers/environment_admin/role_controller.rb
| 1 | class RoleController < EnvironmentAdminController | 1 | class RoleController < EnvironmentAdminController |
| 2 | - protect [:index, :show, :new, :create, :edit, :update, :destroy], 'manage_environment_roles', :environment | 2 | + protect 'manage_environment_roles', :environment |
| 3 | 3 | ||
| 4 | def index | 4 | def index |
| 5 | @roles = Role.find(:all) | 5 | @roles = Role.find(:all) |
app/controllers/profile_admin/cms_controller.rb
| 1 | class CmsController < Comatose::AdminController | 1 | class CmsController < Comatose::AdminController |
| 2 | - extend PermissionCheck | 2 | + include PermissionCheck |
| 3 | 3 | ||
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | define_option :page_class, Article | 6 | define_option :page_class, Article |
| 7 | 7 | ||
| 8 | - protect [:edit, :new, :reorder, :delete], 'post_content', :profile | 8 | + protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete] |
| 9 | 9 | ||
| 10 | protected | 10 | protected |
| 11 | 11 |
app/controllers/profile_admin/enterprise_editor_controller.rb
| 1 | class EnterpriseEditorController < ProfileAdminController | 1 | class EnterpriseEditorController < ProfileAdminController |
| 2 | + needs_profile | ||
| 3 | + protect 'edit_profile', :profile, :exept => :destroy | ||
| 4 | + protect 'destroy_profile', :profile, :only => :destroy | ||
| 2 | 5 | ||
| 3 | - before_filter :login_required, :check_enterprise | ||
| 4 | - | ||
| 5 | - protect [:edit, :update], 'edit_profile', :profile | ||
| 6 | - protect [:destroy], 'destroy_profile', :profile | ||
| 7 | - | ||
| 8 | - | 6 | + before_filter :check_enterprise |
| 9 | 7 | ||
| 10 | # Show details about an enterprise | 8 | # Show details about an enterprise |
| 11 | def index | 9 | def index |
| 12 | - @enterprise = @profile | ||
| 13 | end | 10 | end |
| 14 | 11 | ||
| 15 | # Provides an interface to editing the enterprise details | 12 | # Provides an interface to editing the enterprise details |
| @@ -30,7 +27,7 @@ class EnterpriseEditorController < ProfileAdminController | @@ -30,7 +27,7 @@ class EnterpriseEditorController < ProfileAdminController | ||
| 30 | 27 | ||
| 31 | # Elimitates the enterprise of the system | 28 | # Elimitates the enterprise of the system |
| 32 | def destroy | 29 | def destroy |
| 33 | - raise "bli" | 30 | + #raise "bli" |
| 34 | if @enterprise.destroy! | 31 | if @enterprise.destroy! |
| 35 | flash[:notice] = _('Enterprise sucessfully erased from the system') | 32 | flash[:notice] = _('Enterprise sucessfully erased from the system') |
| 36 | redirect_to :controller => 'profile_editor', :action => 'index', :profile => current_user.login | 33 | redirect_to :controller => 'profile_editor', :action => 'index', :profile => current_user.login |
| @@ -41,7 +38,7 @@ class EnterpriseEditorController < ProfileAdminController | @@ -41,7 +38,7 @@ class EnterpriseEditorController < ProfileAdminController | ||
| 41 | 38 | ||
| 42 | # Activate a validated enterprise | 39 | # Activate a validated enterprise |
| 43 | def activate | 40 | def activate |
| 44 | - if @enterprise.activate | 41 | + if @enterprise.activatepermission.nil? |
| 45 | flash[:notice] = _('Enterprise successfuly activacted') | 42 | flash[:notice] = _('Enterprise successfuly activacted') |
| 46 | else | 43 | else |
| 47 | flash[:notice] = _('Failed to activate the enterprise') | 44 | flash[:notice] = _('Failed to activate the enterprise') |
| @@ -51,8 +48,17 @@ class EnterpriseEditorController < ProfileAdminController | @@ -51,8 +48,17 @@ class EnterpriseEditorController < ProfileAdminController | ||
| 51 | 48 | ||
| 52 | protected | 49 | protected |
| 53 | 50 | ||
| 51 | + def permission | ||
| 52 | + 'bli' | ||
| 53 | + end | ||
| 54 | + def permission=(perm) | ||
| 55 | + @p = perm | ||
| 56 | + end | ||
| 54 | def check_enterprise | 57 | def check_enterprise |
| 55 | - redirect_to :controller => 'profile_editor', :profile => current_user.login unless @profile.is_a?(Enterprise) | ||
| 56 | - @enterprise = @profile | 58 | + if profile.is_a?(Enterprise) |
| 59 | + @enterprise = profile | ||
| 60 | + else | ||
| 61 | + redirect_to :controller => 'account' #:controller => 'profile_editor', :profile => current_user.login and return | ||
| 62 | + end | ||
| 57 | end | 63 | end |
| 58 | end | 64 | end |
app/controllers/profile_admin/membership_editor_controller.rb
| @@ -2,9 +2,11 @@ class MembershipEditorController < ProfileAdminController | @@ -2,9 +2,11 @@ class MembershipEditorController < ProfileAdminController | ||
| 2 | 2 | ||
| 3 | before_filter :login_required | 3 | before_filter :login_required |
| 4 | 4 | ||
| 5 | - | ||
| 6 | - | ||
| 7 | - protect [:index, :new_enterprise, :create_enterprise ], 'edit_profile', :profile | 5 | + def target |
| 6 | + environment | ||
| 7 | + end | ||
| 8 | + | ||
| 9 | + protect 'edit_profile', :profile, :only => [:index, :new_enterprise, :create_enterprise ] | ||
| 8 | 10 | ||
| 9 | def index | 11 | def index |
| 10 | @memberships = current_user.person.enterprise_memberships | 12 | @memberships = current_user.person.enterprise_memberships |
app/controllers/profile_admin/profile_editor_controller.rb
| 1 | class ProfileEditorController < ProfileAdminController | 1 | class ProfileEditorController < ProfileAdminController |
| 2 | 2 | ||
| 3 | - #protect [:index, :edit], 'edit_profile', :profile | 3 | + #protect 'edit_profile', :profile, only => [:index, :edit] |
| 4 | 4 | ||
| 5 | helper :profile | 5 | helper :profile |
| 6 | 6 | ||
| @@ -12,7 +12,7 @@ class ProfileEditorController < ProfileAdminController | @@ -12,7 +12,7 @@ class ProfileEditorController < ProfileAdminController | ||
| 12 | def block_types | 12 | def block_types |
| 13 | %w[ | 13 | %w[ |
| 14 | FavouriteLinks | 14 | FavouriteLinks |
| 15 | - ] | 15 | + ] |
| 16 | end | 16 | end |
| 17 | 17 | ||
| 18 | # FIXME Put other Blocks to works | 18 | # FIXME Put other Blocks to works |
app/controllers/profile_admin/profile_members_controller.rb
| 1 | class ProfileMembersController < ProfileAdminController | 1 | class ProfileMembersController < ProfileAdminController |
| 2 | 2 | ||
| 3 | - protect [:index, :change_roles, :update_roles, :change_role, :add_role, :remove_role, :unassociate], 'manage_memberships', :profile | 3 | + protect 'manage_memberships', :profile |
| 4 | 4 | ||
| 5 | def index | 5 | def index |
| 6 | @members = profile.people.uniq | 6 | @members = profile.people.uniq |
app/controllers/public/account_controller.rb
| @@ -4,10 +4,6 @@ class AccountController < PublicController | @@ -4,10 +4,6 @@ class AccountController < PublicController | ||
| 4 | 4 | ||
| 5 | design :holder => 'environment' | 5 | design :holder => 'environment' |
| 6 | 6 | ||
| 7 | - def load_default_environment | ||
| 8 | - @environment = Environment.default | ||
| 9 | - end | ||
| 10 | - | ||
| 11 | # say something nice, you goof! something sweet. | 7 | # say something nice, you goof! something sweet. |
| 12 | def index | 8 | def index |
| 13 | unless logged_in? | 9 | unless logged_in? |
| @@ -127,5 +123,7 @@ class AccountController < PublicController | @@ -127,5 +123,7 @@ class AccountController < PublicController | ||
| 127 | @profile = current_user.person | 123 | @profile = current_user.person |
| 128 | end | 124 | end |
| 129 | 125 | ||
| 130 | - | 126 | + def load_default_environment |
| 127 | + @environment = Environment.default | ||
| 128 | + end | ||
| 131 | end | 129 | end |
app/models/environment.rb
| @@ -11,7 +11,7 @@ class Environment < ActiveRecord::Base | @@ -11,7 +11,7 @@ class Environment < ActiveRecord::Base | ||
| 11 | 'manage_environment_roles' => N_('Manage environment roles'), | 11 | 'manage_environment_roles' => N_('Manage environment roles'), |
| 12 | 'manage_environment_validators' => N_('Manage environment validators'), | 12 | 'manage_environment_validators' => N_('Manage environment validators'), |
| 13 | } | 13 | } |
| 14 | - | 14 | + |
| 15 | # returns the available features for a Environment, in the form of a | 15 | # returns the available features for a Environment, in the form of a |
| 16 | # hash, with pairs in the form <tt>'feature_name' => 'Feature name'</tt>. | 16 | # hash, with pairs in the form <tt>'feature_name' => 'Feature name'</tt>. |
| 17 | def self.available_features | 17 | def self.available_features |
app/views/enterprise_editor/index.rhtml
| 1 | -<h3> <%= @profile.name %> </h3> | 1 | +<h3> <%= @enterprise.name %> </h3> |
| 2 | 2 | ||
| 3 | <%= error_messages_for 'profile' %> | 3 | <%= error_messages_for 'profile' %> |
| 4 | 4 | ||
| 5 | -<p> <%= _('Identifier: ') %> <%= @profile.identifier %> </p> | ||
| 6 | -<p> <%= _('Address: ') %> <%= @profile.address %> </p> | ||
| 7 | -<p> <%= _('Contact phone: ') %> <%= @profile.contact_phone %> </p> | ||
| 8 | -<p> <%= _('Contact person: ') %> <%= @profile.organization_info.contact_person %> </p> | ||
| 9 | -<p> <%= _('Acronym: ') %> <%= @profile.organization_info.acronym %> </p> | ||
| 10 | -<p> <%= _('Foundation year: ') %> <%= @profile.organization_info.foundation_year %> </p> | ||
| 11 | -<p> <%= _('Legal Form: ') %> <%= @profile.organization_info.legal_form %> </p> | ||
| 12 | -<p> <%= _('Economic activity: ') %> <%= @profile.organization_info.economic_activity %> </p> | ||
| 13 | -<p> <%= _('Management infomation: ') %> <%= @profile.organization_info.management_information %> </p> | ||
| 14 | -<p> <%= _('Tags:') %> <%= @profile.tag_list %> </p> | 5 | +<p> <%= _('Identifier: ') %> <%= @enterprise.identifier %> </p> |
| 6 | +<p> <%= _('Address: ') %> <%= @enterprise.address %> </p> | ||
| 7 | +<p> <%= _('Contact phone: ') %> <%= @enterprise.contact_phone %> </p> | ||
| 8 | +<p> <%= _('Contact person: ') %> <%= @enterprise.organization_info.contact_person %> </p> | ||
| 9 | +<p> <%= _('Acronym: ') %> <%= @enterprise.organization_info.acronym %> </p> | ||
| 10 | +<p> <%= _('Foundation year: ') %> <%= @enterprise.organization_info.foundation_year %> </p> | ||
| 11 | +<p> <%= _('Legal Form: ') %> <%= @enterprise.organization_info.legal_form %> </p> | ||
| 12 | +<p> <%= _('Economic activity: ') %> <%= @enterprise.organization_info.economic_activity %> </p> | ||
| 13 | +<p> <%= _('Management infomation: ') %> <%= @enterprise.organization_info.management_information %> </p> | ||
| 14 | +<p> <%= _('Tags:') %> <%= @enterprise.tag_list %> </p> | ||
| 15 | 15 | ||
| 16 | -<%= link_to _('Edit enterprise'), :action => 'edit', :id => @profile %> | 16 | +<%= link_to _('Edit enterprise'), :action => 'edit', :id => @enterprise %> |
| 17 | <%= help _('Change the information about the enterprise') %> | 17 | <%= help _('Change the information about the enterprise') %> |
| 18 | -<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @profile %> | 18 | +<%= link_to _('Delete enterprise'), :action => 'destroy', :id => @enterprise %> |
| 19 | <%= help _('Remove the enterprise from the system') %> | 19 | <%= help _('Remove the enterprise from the system') %> |
| 20 | -<%= link_to _('Activate'), :action => 'activate', :id => @profile unless @profile.active? %> | ||
| 21 | -<%= help _('Activate an approved enterprise') unless @profile.active? %> | 20 | +<%= link_to _('Activate'), :action => 'activate', :id => @enterprise unless @enterprise.active? %> |
| 21 | +<%= help _('Activate an approved enterprise') unless @enterprise.active? %> | ||
| 22 | 22 | ||
| 23 | <%= link_to _('Back'), :controller => :profile_editor %> | 23 | <%= link_to _('Back'), :controller => :profile_editor %> |
db/migrate/013_access_control_migration.rb
| @@ -11,6 +11,7 @@ class AccessControlMigration < ActiveRecord::Migration | @@ -11,6 +11,7 @@ class AccessControlMigration < ActiveRecord::Migration | ||
| 11 | t.column :resource_id, :integer | 11 | t.column :resource_id, :integer |
| 12 | t.column :resource_type, :string | 12 | t.column :resource_type, :string |
| 13 | t.column :role_id, :integer | 13 | t.column :role_id, :integer |
| 14 | + t.column :is_global, :boolean | ||
| 14 | end | 15 | end |
| 15 | end | 16 | end |
| 16 | 17 |
test/functional/admin_panel_controller_test.rb
| @@ -11,7 +11,7 @@ class AdminPanelControllerTest < Test::Unit::TestCase | @@ -11,7 +11,7 @@ class AdminPanelControllerTest < Test::Unit::TestCase | ||
| 11 | @controller = AdminPanelController.new | 11 | @controller = AdminPanelController.new |
| 12 | @request = ActionController::TestRequest.new | 12 | @request = ActionController::TestRequest.new |
| 13 | @response = ActionController::TestResponse.new | 13 | @response = ActionController::TestResponse.new |
| 14 | - login_as(:ze) | 14 | + login_as(create_admin_user(Environment.default)) |
| 15 | end | 15 | end |
| 16 | 16 | ||
| 17 | def test_index | 17 | def test_index |
| @@ -21,5 +21,6 @@ class AdminPanelControllerTest < Test::Unit::TestCase | @@ -21,5 +21,6 @@ class AdminPanelControllerTest < Test::Unit::TestCase | ||
| 21 | assert_tag :tag => 'a', :attributes => { :href => /edit_template/ } | 21 | assert_tag :tag => 'a', :attributes => { :href => /edit_template/ } |
| 22 | assert_tag :tag => 'a', :attributes => { :href => /features/ } | 22 | assert_tag :tag => 'a', :attributes => { :href => /features/ } |
| 23 | assert_tag :tag => 'a', :attributes => { :href => /role/ } | 23 | assert_tag :tag => 'a', :attributes => { :href => /role/ } |
| 24 | + assert_tag :tag => 'a', :attributes => { :href => /region_validators/ } | ||
| 24 | end | 25 | end |
| 25 | end | 26 | end |
test/functional/application_controller_test.rb
| @@ -5,8 +5,6 @@ require 'test_controller' | @@ -5,8 +5,6 @@ require 'test_controller' | ||
| 5 | class TestController; def rescue_action(e) raise e end; end | 5 | class TestController; def rescue_action(e) raise e end; end |
| 6 | 6 | ||
| 7 | class ApplicationControllerTest < Test::Unit::TestCase | 7 | class ApplicationControllerTest < Test::Unit::TestCase |
| 8 | - | ||
| 9 | -# all_fixtures:profiles, :environments, :domains, :design_boxes | ||
| 10 | all_fixtures | 8 | all_fixtures |
| 11 | def setup | 9 | def setup |
| 12 | @controller = TestController.new | 10 | @controller = TestController.new |
test/functional/enterprise_editor_controller_test.rb
| @@ -11,8 +11,39 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase | @@ -11,8 +11,39 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase | ||
| 11 | @response = ActionController::TestResponse.new | 11 | @response = ActionController::TestResponse.new |
| 12 | end | 12 | end |
| 13 | 13 | ||
| 14 | - # Replace this with your real tests. | ||
| 15 | - def test_truth | ||
| 16 | - assert true | 14 | + should 'not see index if do not logged in' do |
| 15 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise') | ||
| 16 | + get 'index', :profile => 'test_enterprise' | ||
| 17 | + | ||
| 18 | + assert_response :success | ||
| 19 | + assert_template 'access_denied.rhtml' | ||
| 20 | + end | ||
| 21 | + | ||
| 22 | + should 'not see index if do not have permission to edit profile' do | ||
| 23 | + user = create_user('test_user') | ||
| 24 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enteprise') | ||
| 25 | + login_as :test_user | ||
| 26 | + | ||
| 27 | + get 'index', :profile => 'test_enterprise' | ||
| 28 | + | ||
| 29 | + assert_response :success | ||
| 30 | + assert @controller.send(:profile) | ||
| 31 | + assert_equal ent.identifier, @controller.send(:profile).identifier | ||
| 32 | + assert_template 'access_denied.rhtml' | ||
| 33 | + end | ||
| 34 | + | ||
| 35 | + should 'see index if have permission' do | ||
| 36 | + user = create_user('test_user').person | ||
| 37 | + ent = Enterprise.create!(:identifier => 'test_enterprise', :name => 'Test enterprise') | ||
| 38 | + role = Role.create!(:name => 'test_role', :permissions => ['edit_profile']) | ||
| 39 | + assert user.add_role(role, ent) | ||
| 40 | + assert user.has_permission?('edit_profile', ent) | ||
| 41 | + login_as :test_user | ||
| 42 | + | ||
| 43 | + get 'index', :profile => 'test_enterprise' | ||
| 44 | + | ||
| 45 | + assert_response :success | ||
| 46 | + assert @controller.send(:profile) | ||
| 47 | + assert_template 'index' | ||
| 17 | end | 48 | end |
| 18 | end | 49 | end |