Commit ae17c75a735cd4d9f2a1904aadbaf871f51a53a4

Authored by Daniela Feitosa
2 parents a5e19fe6 2cb24382

Merge commit 'refs/merge-requests/137' of git://gitorious.org/noosfero/noosfero …

…into merge-requests/137

(ActionItem2295)
app/controllers/public/profile_controller.rb
... ... @@ -211,7 +211,8 @@ class ProfileController < PublicController
211 211  
212 212 def remove_activity
213 213 begin
214   - activity = current_person.tracked_actions.find(params[:activity_id])
  214 + raise if !can_edit_profile
  215 + activity = ActionTracker::Record.find(params[:activity_id])
215 216 activity.destroy
216 217 render :text => _('Activity successfully removed.')
217 218 rescue
... ... @@ -219,6 +220,17 @@ class ProfileController < PublicController
219 220 end
220 221 end
221 222  
  223 + def remove_notification
  224 + begin
  225 + raise if !can_edit_profile
  226 + notification = ActionTrackerNotification.find(:first, :conditions => {:profile_id => profile.id, :action_tracker_id => params[:activity_id]})
  227 + notification.destroy
  228 + render :text => _('Notification successfully removed.')
  229 + rescue
  230 + render :text => _('You could not remove this notification.')
  231 + end
  232 + end
  233 +
222 234 def profile_info
223 235 begin
224 236 @block = profile.blocks.find(params[:block_id])
... ... @@ -320,4 +332,8 @@ class ProfileController < PublicController
320 332 20
321 333 end
322 334  
  335 + def can_edit_profile
  336 + @can_edit_profile ||= user && user.has_permission?('edit_profile', profile)
  337 + end
  338 + helper_method :can_edit_profile
323 339 end
... ...
app/views/profile/_profile_activities.rhtml
... ... @@ -6,7 +6,7 @@
6 6 <div class='profile-activity-description'>
7 7 <p class='profile-activity-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p>
8 8 <p class='profile-activity-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p>
9   - <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if logged_in? && current_person == @profile %>
  9 + <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_activity', :activity_id => activity.id}, :update => "profile-activity-item-#{activity.id}") if can_edit_profile %>
10 10 </div>
11 11 <hr />
12 12 </li>
... ...
app/views/profile/_profile_network_activities.rhtml
... ... @@ -9,6 +9,7 @@
9 9 <div class='profile-network-description'>
10 10 <p class='profile-network-time'><%= time_ago_as_sentence(activity.created_at) + ' ' + _('ago') %></p>
11 11 <p class='profile-network-text'><%= link_to activity.user.name, activity.user.url %> <%= describe activity %></p>
  12 + <%= button_to_remote(:delete, content_tag(:span, _('Remove')), :url =>{:action => 'remove_notification', :activity_id => activity.id}, :update => "profile-network-item-#{activity.id}") if can_edit_profile %>
12 13 <p class='profile-network-where'><%= _('In community %s') % link_to(activity.target.name, activity.target.url) if !profile.is_a?(Community) && activity.target.is_a?(Community) %></p>
13 14 </div>
14 15 <div id='profile-network-message-<%= activity.id%>' style='display:none;'>
... ...
test/functional/profile_controller_test.rb
... ... @@ -1032,14 +1032,43 @@ class ProfileControllerTest &lt; Test::Unit::TestCase
1032 1032 assert_redirected_to :controller => 'account', :action => 'login'
1033 1033 end
1034 1034  
1035   - should "not remove an activity of another user" do
1036   - login_as(profile.identifier)
1037   - p1 = fast_create(Person)
1038   - at = fast_create(ActionTracker::Record, :user_id => p1.id)
1039   - atn = fast_create(ActionTrackerNotification, :profile_id => p1.id, :action_tracker_id => at.id)
1040   - count = ActionTrackerNotification.count
1041   - post :remove_activity, :profile => profile.identifier, :activity_id => at.id
1042   - assert_equal count, ActionTrackerNotification.count
  1035 + should "remove an activity of another person if user has permissions to edit it" do
  1036 + user = create_user('owner').person
  1037 + login_as(user.identifier)
  1038 + owner = create_user('owner').person
  1039 + activity = fast_create(ActionTracker::Record, :user_id => owner.id)
  1040 + @controller.stubs(:user).returns(user)
  1041 + @controller.stubs(:profile).returns(owner)
  1042 +
  1043 + assert_no_difference ActionTracker::Record, :count do
  1044 + post :remove_activity, :profile => owner.identifier, :activity_id => activity.id
  1045 + end
  1046 +
  1047 + owner.environment.add_admin(user)
  1048 +
  1049 + assert_difference ActionTracker::Record, :count, -1 do
  1050 + post :remove_activity, :profile => owner.identifier, :activity_id => activity.id
  1051 + end
  1052 + end
  1053 +
  1054 + should "remove a notification of another profile if user has permissions to edit it" do
  1055 + user = create_user('owner').person
  1056 + login_as(user.identifier)
  1057 + profile = fast_create(Profile)
  1058 + activity = fast_create(ActionTracker::Record, :user_id => user.id)
  1059 + fast_create(ActionTrackerNotification, :profile_id => profile.id, :action_tracker_id => activity.id)
  1060 + @controller.stubs(:user).returns(user)
  1061 + @controller.stubs(:profile).returns(profile)
  1062 +
  1063 + assert_no_difference ActionTrackerNotification, :count do
  1064 + post :remove_notification, :profile => profile.identifier, :activity_id => activity.id
  1065 + end
  1066 +
  1067 + profile.environment.add_admin(user)
  1068 +
  1069 + assert_difference ActionTrackerNotification, :count, -1 do
  1070 + post :remove_activity, :profile => profile.identifier, :activity_id => activity.id
  1071 + end
1043 1072 end
1044 1073  
1045 1074 should "not show the scrap button on network activity if the user don't follow the user" do
... ...