Commit ae17c75a735cd4d9f2a1904aadbaf871f51a53a4
Exists in
master
and in
28 other branches
Merge commit 'refs/merge-requests/137' of git://gitorious.org/noosfero/noosfero …
…into merge-requests/137 (ActionItem2295)
Showing
4 changed files
with
56 additions
and
10 deletions
Show diff stats
app/controllers/public/profile_controller.rb
... | ... | @@ -211,7 +211,8 @@ class ProfileController < PublicController |
211 | 211 | |
212 | 212 | def remove_activity |
213 | 213 | begin |
214 | - activity = current_person.tracked_actions.find(params[:activity_id]) | |
214 | + raise if !can_edit_profile | |
215 | + activity = ActionTracker::Record.find(params[:activity_id]) | |
215 | 216 | activity.destroy |
216 | 217 | render :text => _('Activity successfully removed.') |
217 | 218 | rescue |
... | ... | @@ -219,6 +220,17 @@ class ProfileController < PublicController |
219 | 220 | end |
220 | 221 | end |
221 | 222 | |
223 | + def remove_notification | |
224 | + begin | |
225 | + raise if !can_edit_profile | |
226 | + notification = ActionTrackerNotification.find(:first, :conditions => {:profile_id => profile.id, :action_tracker_id => params[:activity_id]}) | |
227 | + notification.destroy | |
228 | + render :text => _('Notification successfully removed.') | |
229 | + rescue | |
230 | + render :text => _('You could not remove this notification.') | |
231 | + end | |
232 | + end | |
233 | + | |
222 | 234 | def profile_info |
223 | 235 | begin |
224 | 236 | @block = profile.blocks.find(params[:block_id]) |
... | ... | @@ -320,4 +332,8 @@ class ProfileController < PublicController |
320 | 332 | 20 |
321 | 333 | end |
322 | 334 | |
335 | + def can_edit_profile | |
336 | + @can_edit_profile ||= user && user.has_permission?('edit_profile', profile) | |
337 | + end | |
338 | + helper_method :can_edit_profile | |
323 | 339 | end | ... | ... |
app/views/profile/_profile_activities.rhtml
... | ... | @@ -6,7 +6,7 @@ |
6 | 6 | <div class='profile-activity-description'> |
7 | 7 | <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p> |
8 | 8 | <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p> |
9 | - <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %> | |
9 | + <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if can_edit_profile %> | |
10 | 10 | </div> |
11 | 11 | <hr /> |
12 | 12 | </li> | ... | ... |
app/views/profile/_profile_network_activities.rhtml
... | ... | @@ -9,6 +9,7 @@ |
9 | 9 | <div class='profile-network-description'> |
10 | 10 | <p class='profile-network-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p> |
11 | 11 | <p class='profile-network-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p> |
12 | + <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_notification', :activity_id => activity.id}, :update => "profile-network-item-#{activity.id}") if can_edit_profile %> | |
12 | 13 | <p class='profile-network-where'><%= _('In community %s') % link_to(activity.target.name, activity.target.url) if !profile.is_a?(Community) && activity.target.is_a?(Community) %></p> |
13 | 14 | </div> |
14 | 15 | <div id='profile-network-message-<%= activity.id%>' style='display:none;'> | ... | ... |
test/functional/profile_controller_test.rb
... | ... | @@ -1032,14 +1032,43 @@ class ProfileControllerTest < Test::Unit::TestCase |
1032 | 1032 | assert_redirected_to :controller => 'account', :action => 'login' |
1033 | 1033 | end |
1034 | 1034 | |
1035 | - should "not remove an activity of another user" do | |
1036 | - login_as(profile.identifier) | |
1037 | - p1 = fast_create(Person) | |
1038 | - at = fast_create(ActionTracker::Record, :user_id => p1.id) | |
1039 | - atn = fast_create(ActionTrackerNotification, :profile_id => p1.id, :action_tracker_id => at.id) | |
1040 | - count = ActionTrackerNotification.count | |
1041 | - post :remove_activity, :profile => profile.identifier, :activity_id => at.id | |
1042 | - assert_equal count, ActionTrackerNotification.count | |
1035 | + should "remove an activity of another person if user has permissions to edit it" do | |
1036 | + user = create_user('owner').person | |
1037 | + login_as(user.identifier) | |
1038 | + owner = create_user('owner').person | |
1039 | + activity = fast_create(ActionTracker::Record, :user_id => owner.id) | |
1040 | + @controller.stubs(:user).returns(user) | |
1041 | + @controller.stubs(:profile).returns(owner) | |
1042 | + | |
1043 | + assert_no_difference ActionTracker::Record, :count do | |
1044 | + post :remove_activity, :profile => owner.identifier, :activity_id => activity.id | |
1045 | + end | |
1046 | + | |
1047 | + owner.environment.add_admin(user) | |
1048 | + | |
1049 | + assert_difference ActionTracker::Record, :count, -1 do | |
1050 | + post :remove_activity, :profile => owner.identifier, :activity_id => activity.id | |
1051 | + end | |
1052 | + end | |
1053 | + | |
1054 | + should "remove a notification of another profile if user has permissions to edit it" do | |
1055 | + user = create_user('owner').person | |
1056 | + login_as(user.identifier) | |
1057 | + profile = fast_create(Profile) | |
1058 | + activity = fast_create(ActionTracker::Record, :user_id => user.id) | |
1059 | + fast_create(ActionTrackerNotification, :profile_id => profile.id, :action_tracker_id => activity.id) | |
1060 | + @controller.stubs(:user).returns(user) | |
1061 | + @controller.stubs(:profile).returns(profile) | |
1062 | + | |
1063 | + assert_no_difference ActionTrackerNotification, :count do | |
1064 | + post :remove_notification, :profile => profile.identifier, :activity_id => activity.id | |
1065 | + end | |
1066 | + | |
1067 | + profile.environment.add_admin(user) | |
1068 | + | |
1069 | + assert_difference ActionTrackerNotification, :count, -1 do | |
1070 | + post :remove_activity, :profile => profile.identifier, :activity_id => activity.id | |
1071 | + end | |
1043 | 1072 | end |
1044 | 1073 | |
1045 | 1074 | should "not show the scrap button on network activity if the user don't follow the user" do | ... | ... |