Download as
Browse Code »

Commit ad8ae7d6055249fecfa0d90e5f79991142331f11

Authored by AntonioTerceiro
1 parent 28af7f8b
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

ActionItem295: finishing restriction for profile info 


git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1810 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 4 changed files with 33 additions and 5 deletions   Show diff stats
app/controllers/public/profile_controller.rb
  Diff comments   View file @ad8ae7d
1 class ProfileController < ApplicationController 1 class ProfileController < ApplicationController
2 2
3 needs_profile 3 needs_profile
4 - before_filter :check_public_profile 4 + before_filter :check_access_to_profile
5 5
6 helper TagsHelper 6 helper TagsHelper
7 7
@@ -36,8 +36,8 @@ class ProfileController &lt; ApplicationController @@ -36,8 +36,8 @@ class ProfileController &lt; ApplicationController
36 36
37 protected 37 protected
38 38
39 - def check_public_profile  
40 - if !profile.public_profile 39 + def check_access_to_profile
  40 + unless profile.display_info_to?(user)
41 render :action => 'private_profile', :status => 403, :layout => false 41 render :action => 'private_profile', :status => 403, :layout => false
42 end 42 end
43 end 43 end
app/models/profile.rb
  Diff comments   View file @ad8ae7d
@@ -280,4 +280,15 @@ class Profile &lt; ActiveRecord::Base @@ -280,4 +280,15 @@ class Profile &lt; ActiveRecord::Base
280 self.find(:all, :order => 'profiles.name', :conditions => [ 'profiles.name like (?) or profiles.name like (?)', (initial + '%'), (initial.upcase + '%') ]) 280 self.find(:all, :order => 'profiles.name', :conditions => [ 'profiles.name like (?) or profiles.name like (?)', (initial + '%'), (initial.upcase + '%') ])
281 end 281 end
282 282
  283 + # returns +true+ if the given +user+ can see profile information about this
  284 + # +profile+, and +false+ otherwise.
  285 + def display_info_to?(user)
  286 + if self.public_profile
  287 + true
  288 + else
  289 + # other possibilities would come here
  290 + (user == self)
  291 + end
  292 + end
  293 +
283 end 294 end
test/functional/profile_controller_test.rb
  Diff comments   View file @ad8ae7d
@@ -187,8 +187,8 @@ class ProfileControllerTest &lt; Test::Unit::TestCase @@ -187,8 +187,8 @@ class ProfileControllerTest &lt; Test::Unit::TestCase
187 assert_no_tag :tag => 'a', :content => 'Leave this community' 187 assert_no_tag :tag => 'a', :content => 'Leave this community'
188 end 188 end
189 189
190 - should 'not display private profile' do  
191 - @profile.update_attributes!(:public_profile => false) 190 + should 'check access before displaying profile' do
  191 + Person.any_instance.expects(:display_info_to?).with(anything).returns(false)
192 get :index, :profile => @profile.identifier 192 get :index, :profile => @profile.identifier
193 assert_response 403 193 assert_response 403
194 end 194 end
test/unit/profile_test.rb
  Diff comments   View file @ad8ae7d
@@ -483,6 +483,23 @@ class ProfileTest &lt; Test::Unit::TestCase @@ -483,6 +483,23 @@ class ProfileTest &lt; Test::Unit::TestCase
483 assert_equal false, p.public_content 483 assert_equal false, p.public_content
484 end 484 end
485 485
  486 + should 'not display private profile to unauthenticated user' do
  487 + assert !Profile.new(:public_profile => false).display_info_to?(nil)
  488 + end
  489 +
  490 + should 'display private profile for its owner' do
  491 + p = Profile.new(:public_profile => false)
  492 + assert p.display_info_to?(p)
  493 + end
  494 +
  495 + should 'display private profile for members' do
  496 + p = create_user('testuser').person
  497 + c = Community.create!(:name => 'my community', :public_profile => false)
  498 + c.add_member(p)
  499 +
  500 + assert c.display_info_to?(p)
  501 + end
  502 +
486 private 503 private
487 504
488 def assert_invalid_identifier(id) 505 def assert_invalid_identifier(id)