Commit 6efd86fd938628867682de9bc2e59af6cae1085d
1 parent
3fb6b301
Exists in
master
and in
27 other branches
not allow show public content of private profiles
Showing
2 changed files
with
78 additions
and
9 deletions
Show diff stats
app/models/article.rb
| ... | ... | @@ -487,15 +487,16 @@ class Article < ActiveRecord::Base |
| 487 | 487 | scope :more_recent, :order => "created_at DESC" |
| 488 | 488 | |
| 489 | 489 | scope :display_filter, lambda {|user, profile| |
| 490 | - user.nil? ? | |
| 491 | - {:conditions => ['articles.published = ?', true]} : | |
| 492 | - {:conditions => [" articles.published = ? OR | |
| 493 | - articles.last_changed_by_id = ? OR | |
| 494 | - articles.profile_id = ? OR | |
| 495 | - ? OR articles.show_to_followers = ? AND ? ", | |
| 496 | - true, user.id, user.id, user.has_permission?(:view_private_content, profile), | |
| 497 | - true, user.follows?(profile)] | |
| 498 | - } | |
| 490 | + return published if (user.nil? && profile.public?) | |
| 491 | + return [] if user.nil? || (!profile.public? && !user.follows?(profile)) | |
| 492 | + where( | |
| 493 | + [ | |
| 494 | + "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ? | |
| 495 | + OR (show_to_followers = ? AND ?)", true, user.id, user.id, | |
| 496 | + user.has_permission?(:view_private_content, profile), | |
| 497 | + true, user.follows?(profile) | |
| 498 | + ] | |
| 499 | + ) | |
| 499 | 500 | } |
| 500 | 501 | |
| 501 | 502 | ... | ... |
test/unit/article_test.rb
| ... | ... | @@ -2018,4 +2018,72 @@ class ArticleTest < ActiveSupport::TestCase |
| 2018 | 2018 | assert_equal [a], Article.display_filter(user, p) |
| 2019 | 2019 | end |
| 2020 | 2020 | |
| 2021 | + should 'display_filter show community public content of private community for user members' do | |
| 2022 | + user = create_user('someuser').person | |
| 2023 | + p = fast_create(Community, :public_profile => false) | |
| 2024 | + p.add_member(user) | |
| 2025 | + assert user.is_member_of?(p) | |
| 2026 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2027 | + Article.delete_all | |
| 2028 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2029 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2030 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2031 | + assert_equal [a], Article.display_filter(user, p) | |
| 2032 | + end | |
| 2033 | + | |
| 2034 | + should 'display_filter not show public content of private community for non members' do | |
| 2035 | + user = create_user('someuser').person | |
| 2036 | + p = fast_create(Community, :public_profile => false) | |
| 2037 | + assert !user.is_member_of?(p) | |
| 2038 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2039 | + Article.delete_all | |
| 2040 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2041 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2042 | + assert_equal [], Article.display_filter(user, p) | |
| 2043 | + end | |
| 2044 | + | |
| 2045 | + should 'display_filter not show public content of private community for non members when user is nil' do | |
| 2046 | + p = fast_create(Community, :public_profile => false) | |
| 2047 | + Article.delete_all | |
| 2048 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2049 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2050 | + assert_equal [], Article.display_filter(nil, p) | |
| 2051 | + end | |
| 2052 | + | |
| 2053 | + should 'display_filter show person public content of private person profile for user friends' do | |
| 2054 | + user = create_user('someuser').person | |
| 2055 | + p = fast_create(Person, :public_profile => false) | |
| 2056 | + p.add_friend(user) | |
| 2057 | + assert p.is_a_friend?(user) | |
| 2058 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2059 | + Article.delete_all | |
| 2060 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2061 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2062 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2063 | + assert_equal [a], Article.display_filter(user, p) | |
| 2064 | + end | |
| 2065 | + | |
| 2066 | + should 'display_filter not show public content of private person for non friends' do | |
| 2067 | + user = create_user('someuser').person | |
| 2068 | + p = fast_create(Person, :public_profile => false) | |
| 2069 | + assert !user.is_a_friend?(p) | |
| 2070 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2071 | + Article.delete_all | |
| 2072 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2073 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2074 | + assert_equal [], Article.display_filter(user, p) | |
| 2075 | + end | |
| 2076 | + | |
| 2077 | + should 'display_filter not show public content of private person for non friends when user is nil' do | |
| 2078 | + p = fast_create(Person, :public_profile => false) | |
| 2079 | + Article.delete_all | |
| 2080 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2081 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2082 | + assert_equal [], Article.display_filter(nil, p) | |
| 2083 | + end | |
| 2084 | + | |
| 2085 | + | |
| 2086 | + | |
| 2087 | + | |
| 2088 | + | |
| 2021 | 2089 | end | ... | ... |