From 6ca0d5631f7d386dd8ff6f3f50e944adb1fd65d2 Mon Sep 17 00:00:00 2001 From: Rodrigo Souto Date: Thu, 20 May 2010 14:41:35 -0300 Subject: [PATCH] Only environment admin can unblock enterprises --- app/controllers/public/profile_controller.rb | 12 +++++++++--- test/functional/profile_controller_test.rb | 22 ++++++++++++++++++++++ 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/app/controllers/public/profile_controller.rb b/app/controllers/public/profile_controller.rb index 20de316..f5966c6 100644 --- a/app/controllers/public/profile_controller.rb +++ b/app/controllers/public/profile_controller.rb @@ -3,7 +3,7 @@ class ProfileController < PublicController needs_profile before_filter :check_access_to_profile, :except => [:join, :refuse_join, :refuse_for_now, :index] before_filter :store_before_join, :only => [:join] - before_filter :login_required, :only => [:join, :refuse_join, :leave] + before_filter :login_required, :only => [:join, :refuse_join, :leave, :unblock] helper TagsHelper @@ -114,8 +114,14 @@ class ProfileController < PublicController end def unblock - profile.unblock - redirect_to :controller => 'profile', :action => 'index' + if current_user.person.is_admin?(profile.environment) + profile.unblock + flash[:notice] = _("You have unblocked %s successfully. ") % profile.name + redirect_to :controller => 'profile', :action => 'index' + else + message = _('You are not allowed to unblock enterprises in this environment.') + render_access_denied(message) + end end protected diff --git a/test/functional/profile_controller_test.rb b/test/functional/profile_controller_test.rb index 256a1af..2d68a2e 100644 --- a/test/functional/profile_controller_test.rb +++ b/test/functional/profile_controller_test.rb @@ -665,4 +665,26 @@ class ProfileControllerTest < Test::Unit::TestCase get :index, :profile => profile.identifier assert_tag :tag => 'a', :content => 'One picture', :attributes => { :href => /\/testuser\/gallery/ } end + + should 'ask for login if user not logged' do + enterprise = fast_create(Enterprise) + get :unblock, :profile => enterprise.identifier + assert_redirected_to "asdf" + end + + should ' not allow ordinary users to unblock enterprises' do + login_as(profile.identifier) + enterprise = fast_create(Enterprise) + get :unblock, :profile => enterprise.identifier + assert_response 403 + end + + should 'allow environment admin to unblock enteprises' do + login_as(profile.identifier) + enterprise = fast_create(Enterprise) + enterprise.environment.add_admin(profile) + get :unblock, :profile => enterprise.identifier + assert_response 302 + end + end -- libgit2 0.21.2