Download as
Browse Code »

Commit 623a401dbd8855e8b96d37d5795d75b29c62082d

Authored by Victor Costa
1 parent abde9210
Exists in master and in 27 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, temp_ratings, tests, tests_fixies

Allow only members in a whitelist to access an anvironment

Showing 4 changed files with 59 additions and 0 deletions   Show diff stats
app/controllers/application_controller.rb
  Diff comments   View file @623a401
... ... @@ -5,6 +5,11 @@ class ApplicationController < ActionController::Base
5 5 before_filter :init_noosfero_plugins_controller_filters
6 6 before_filter :allow_cross_domain_access
7 7 before_filter :login_required, :if => :private_environment?
  8 + before_filter :verify_members_whitelist, :if => :user
  9 +
  10 + def verify_members_whitelist
  11 + render_access_denied unless user.is_admin? || environment.members_whitelist.blank? || environment.in_whitelist?(user)
  12 + end
8 13  
9 14 def allow_cross_domain_access
10 15 origin = request.headers['Origin']
... ...
app/models/environment.rb
  Diff comments   View file @623a401
... ... @@ -295,6 +295,16 @@ class Environment < ActiveRecord::Base
295 295 settings_items :access_control_allow_origin, :type => Array, :default => []
296 296 settings_items :access_control_allow_methods, :type => String
297 297  
  298 + settings_items :members_whitelist, :type => Array, :default => []
  299 +
  300 + def in_whitelist?(person)
  301 + members_whitelist.include?(person.identifier)
  302 + end
  303 +
  304 + def members_whitelist=(members)
  305 + settings[:members_whitelist] = members.split(',').map(&:strip).reject(&:blank?)
  306 + end
  307 +
298 308 def news_amount_by_folder=(amount)
299 309 settings[:news_amount_by_folder] = amount.to_i
300 310 end
... ...
app/views/features/index.rhtml
  Diff comments   View file @623a401
... ... @@ -37,6 +37,11 @@ Check all the features you want to enable for your environment, uncheck all the
37 37 <%= select_organization_approval_method('environment', 'organization_approval_method') %>
38 38 <hr/>
39 39  
  40 +<h3><%= _('Members Whitelist') %></h3>
  41 + <div class="info"><%= _('Allow these people to access this environment (separate with commas):') %></div>
  42 + <%= text_field :environment, :members_whitelist, :value => environment.members_whitelist.join(',') %>
  43 +<hr/>
  44 +
40 45 <div>
41 46 <% button_bar do %>
42 47 <%= submit_button('save', _('Save changes')) %>
... ...
test/functional/application_controller_test.rb
  Diff comments   View file @623a401
... ... @@ -581,4 +581,43 @@ class ApplicationControllerTest &lt; ActionController::TestCase
581 581 assert_redirected_to :controller => 'account', :action => 'login'
582 582 end
583 583  
  584 + should 'do allow member in whitelist to access an environment' do
  585 + user = create_user
  586 + e = Environment.default
  587 + e.members_whitelist = 'admin'
  588 + e.save!
  589 + login_as(user.login)
  590 + get :index
  591 + assert_response :forbidden
  592 + end
  593 +
  594 + should 'allow member in whitelist to access an environment' do
  595 + user = create_user
  596 + e = Environment.default
  597 + e.members_whitelist = user.person.identifier
  598 + e.save!
  599 + login_as(user.login)
  600 + get :index
  601 + assert_response :success
  602 + end
  603 +
  604 + should 'allow members to access an environment if whitelist is blank' do
  605 + user = create_user
  606 + e = Environment.default
  607 + e.members_whitelist = ''
  608 + e.save!
  609 + login_as(user.login)
  610 + get :index
  611 + assert_response :success
  612 + end
  613 +
  614 + should 'allow admin to access an environment' do
  615 + e = Environment.default
  616 + e.members_whitelist = 'ze'
  617 + e.save!
  618 + login_as(create_admin_user(e))
  619 + get :index
  620 + assert_response :success
  621 + end
  622 +
584 623 end
... ...