Commit 9c082693f667b9ab3a056fbd40f5016d0ad354f6
Exists in
master
and in
28 other branches
Merge commit 'refs/merge-requests/425' of git://gitorious.org/noosfero/noosfero …
…into merge-requests/425
Showing
2 changed files
with
24 additions
and
1 deletions
Show diff stats
app/controllers/public/content_viewer_controller.rb
@@ -96,7 +96,7 @@ class ContentViewerController < ApplicationController | @@ -96,7 +96,7 @@ class ContentViewerController < ApplicationController | ||
96 | end | 96 | end |
97 | 97 | ||
98 | if @page.folder? && @page.gallery? | 98 | if @page.folder? && @page.gallery? |
99 | - @images = @page.images | 99 | + @images = @page.images.select{ |a| a.display_to? user } |
100 | @images = @images.paginate(:per_page => per_page, :page => params[:npage]) unless params[:slideshow] | 100 | @images = @images.paginate(:per_page => per_page, :page => params[:npage]) unless params[:slideshow] |
101 | end | 101 | end |
102 | 102 |
test/functional/content_viewer_controller_test.rb
@@ -600,6 +600,29 @@ class ContentViewerControllerTest < ActionController::TestCase | @@ -600,6 +600,29 @@ class ContentViewerControllerTest < ActionController::TestCase | ||
600 | assert_equal 2, assigns(:images).size | 600 | assert_equal 2, assigns(:images).size |
601 | end | 601 | end |
602 | 602 | ||
603 | + should 'not display private images in the slideshow for unauthorized people' do | ||
604 | + owner = create_user('owner').person | ||
605 | + unauthorized = create_user('unauthorized').person | ||
606 | + folder = Gallery.create!(:name => 'gallery', :profile => owner) | ||
607 | + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false) | ||
608 | + login_as('unauthorized') | ||
609 | + get :view_page, :profile => owner.identifier, :page => folder.explode_path, :slideshow => true | ||
610 | + assert_response :success | ||
611 | + assert_equal 0, assigns(:images).length | ||
612 | + end | ||
613 | + | ||
614 | + should 'not display private images thumbnails for unauthorized people' do | ||
615 | + owner = create_user('owner').person | ||
616 | + unauthorized = create_user('unauthorized').person | ||
617 | + folder = Gallery.create!(:name => 'gallery', :profile => owner) | ||
618 | + image1 = UploadedFile.create!(:profile => owner, :parent => folder, :uploaded_data => fixture_file_upload('/files/other-pic.jpg', 'image/jpg'), :published => false) | ||
619 | + login_as('unauthorized') | ||
620 | + get :view_page, :profile => owner.identifier, :page => folder.explode_path | ||
621 | + assert_response :success | ||
622 | + assert_select '.image-gallery-item', 0 | ||
623 | + end | ||
624 | + | ||
625 | + | ||
603 | should 'display default image in the slideshow if thumbnails were not processed' do | 626 | should 'display default image in the slideshow if thumbnails were not processed' do |
604 | @controller.stubs(:per_page).returns(1) | 627 | @controller.stubs(:per_page).returns(1) |
605 | folder = Gallery.create!(:name => 'gallery', :profile => profile) | 628 | folder = Gallery.create!(:name => 'gallery', :profile => profile) |