Commit a2289792784d7652efb8f9c3bdfca85e0aa9ebb4
Exists in
master
and in
27 other branches
not show content of private profile
Showing
2 changed files
with
74 additions
and
9 deletions
Show diff stats
app/models/article.rb
| ... | ... | @@ -487,15 +487,16 @@ class Article < ActiveRecord::Base |
| 487 | 487 | scope :more_recent, :order => "created_at DESC" |
| 488 | 488 | |
| 489 | 489 | scope :display_filter, lambda {|user, profile| |
| 490 | - user.nil? ? | |
| 491 | - {:conditions => ['articles.published = ?', true]} : | |
| 492 | - {:conditions => [" articles.published = ? OR | |
| 493 | - articles.last_changed_by_id = ? OR | |
| 494 | - articles.profile_id = ? OR | |
| 495 | - ? OR articles.show_to_followers = ? AND ? ", | |
| 496 | - true, user.id, user.id, user.has_permission?(:view_private_content, profile), | |
| 497 | - true, user.follows?(profile)] | |
| 498 | - } | |
| 490 | + return published if (user.nil? && profile.public?) | |
| 491 | + return [] if user.nil? || (!profile.public? && !user.follows?(profile)) | |
| 492 | + where( | |
| 493 | + [ | |
| 494 | + "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ? | |
| 495 | + OR (show_to_followers = ? AND ?)", true, user.id, user.id, | |
| 496 | + user.has_permission?(:view_private_content, profile), | |
| 497 | + true, user.follows?(profile) | |
| 498 | + ] | |
| 499 | + ) | |
| 499 | 500 | } |
| 500 | 501 | |
| 501 | 502 | ... | ... |
test/unit/article_test.rb
| ... | ... | @@ -2037,4 +2037,68 @@ class ArticleTest < ActiveSupport::TestCase |
| 2037 | 2037 | assert_equal [], Article.display_filter(user, nil) |
| 2038 | 2038 | end |
| 2039 | 2039 | |
| 2040 | + should 'display_filter show community public content of private community for user members' do | |
| 2041 | + user = create_user('someuser').person | |
| 2042 | + p = fast_create(Community, :public_profile => false) | |
| 2043 | + p.add_member(user) | |
| 2044 | + assert user.is_member_of?(p) | |
| 2045 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2046 | + Article.delete_all | |
| 2047 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2048 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2049 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2050 | + assert_equal [a], Article.display_filter(user, p) | |
| 2051 | + end | |
| 2052 | + | |
| 2053 | + should 'display_filter not show public content of private community for non members' do | |
| 2054 | + user = create_user('someuser').person | |
| 2055 | + p = fast_create(Community, :public_profile => false) | |
| 2056 | + assert !user.is_member_of?(p) | |
| 2057 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2058 | + Article.delete_all | |
| 2059 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2060 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2061 | + assert_equal [], Article.display_filter(user, p) | |
| 2062 | + end | |
| 2063 | + | |
| 2064 | + should 'display_filter not show public content of private community for non members when user is nil' do | |
| 2065 | + p = fast_create(Community, :public_profile => false) | |
| 2066 | + Article.delete_all | |
| 2067 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2068 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2069 | + assert_equal [], Article.display_filter(nil, p) | |
| 2070 | + end | |
| 2071 | + | |
| 2072 | + should 'display_filter show person public content of private person profile for user friends' do | |
| 2073 | + user = create_user('someuser').person | |
| 2074 | + p = fast_create(Person, :public_profile => false) | |
| 2075 | + p.add_friend(user) | |
| 2076 | + assert p.is_a_friend?(user) | |
| 2077 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2078 | + Article.delete_all | |
| 2079 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2080 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2081 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2082 | + assert_equal [a], Article.display_filter(user, p) | |
| 2083 | + end | |
| 2084 | + | |
| 2085 | + should 'display_filter not show public content of private person for non friends' do | |
| 2086 | + user = create_user('someuser').person | |
| 2087 | + p = fast_create(Person, :public_profile => false) | |
| 2088 | + assert !user.is_a_friend?(p) | |
| 2089 | + user.stubs(:has_permission?).with(:view_private_content, p).returns(false) | |
| 2090 | + Article.delete_all | |
| 2091 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2092 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2093 | + assert_equal [], Article.display_filter(user, p) | |
| 2094 | + end | |
| 2095 | + | |
| 2096 | + should 'display_filter not show public content of private person for non friends when user is nil' do | |
| 2097 | + p = fast_create(Person, :public_profile => false) | |
| 2098 | + Article.delete_all | |
| 2099 | + a = fast_create(Article, :published => true, :profile_id => p.id) | |
| 2100 | + fast_create(Article, :published => false, :profile_id => p.id) | |
| 2101 | + assert_equal [], Article.display_filter(nil, p) | |
| 2102 | + end | |
| 2103 | + | |
| 2040 | 2104 | end | ... | ... |