diff --git a/app/controllers/my_profile/cms_controller.rb b/app/controllers/my_profile/cms_controller.rb index 14f8891..10f36e5 100644 --- a/app/controllers/my_profile/cms_controller.rb +++ b/app/controllers/my_profile/cms_controller.rb @@ -1,6 +1,7 @@ class CmsController < MyProfileController - protect 'post_content', :profile, :only => [:edit, :new, :reorder, :delete] + protect 'post_content', :profile, :except => [:set_home_page] + protect 'edit_profile', :profile, :only => [:set_home_page] def boxes_holder profile diff --git a/app/controllers/my_profile/enterprise_validation_controller.rb b/app/controllers/my_profile/enterprise_validation_controller.rb index 221c224..c34a6d0 100644 --- a/app/controllers/my_profile/enterprise_validation_controller.rb +++ b/app/controllers/my_profile/enterprise_validation_controller.rb @@ -1,5 +1,7 @@ class EnterpriseValidationController < MyProfileController + protect 'validate_enterprise', :profile + def index @pending_validations = profile.pending_validations end diff --git a/app/controllers/my_profile/friends_controller.rb b/app/controllers/my_profile/friends_controller.rb index cc57a3f..8ac1fcd 100644 --- a/app/controllers/my_profile/friends_controller.rb +++ b/app/controllers/my_profile/friends_controller.rb @@ -1,5 +1,7 @@ class FriendsController < MyProfileController + protect 'manage_friends', :profile + def index @friends = profile.friends end diff --git a/app/controllers/my_profile/memberships_controller.rb b/app/controllers/my_profile/memberships_controller.rb index 7609bd0..47589e5 100644 --- a/app/controllers/my_profile/memberships_controller.rb +++ b/app/controllers/my_profile/memberships_controller.rb @@ -1,5 +1,7 @@ class MembershipsController < MyProfileController + protect 'manage_memberships', :profile + def index @memberships = profile.memberships end diff --git a/app/controllers/my_profile/profile_design_controller.rb b/app/controllers/my_profile/profile_design_controller.rb index b837c85..2fd6035 100644 --- a/app/controllers/my_profile/profile_design_controller.rb +++ b/app/controllers/my_profile/profile_design_controller.rb @@ -2,6 +2,8 @@ class ProfileDesignController < BoxOrganizerController needs_profile + protect 'edit_profile_design', :profile + def available_blocks blocks = [ ArticleBlock, TagsBlock, RecentDocumentsBlock, ProfileInfoBlock ] diff --git a/app/controllers/my_profile/profile_editor_controller.rb b/app/controllers/my_profile/profile_editor_controller.rb index 49dd661..3240283 100644 --- a/app/controllers/my_profile/profile_editor_controller.rb +++ b/app/controllers/my_profile/profile_editor_controller.rb @@ -1,6 +1,6 @@ class ProfileEditorController < MyProfileController -# protect 'edit_profile', :profile, :only => [:index, :edit] + protect 'edit_profile', :profile, :only => [:index, :edit] def index @pending_tasks = profile.tasks.pending diff --git a/app/controllers/my_profile/tasks_controller.rb b/app/controllers/my_profile/tasks_controller.rb index 0541cd3..1aa9953 100644 --- a/app/controllers/my_profile/tasks_controller.rb +++ b/app/controllers/my_profile/tasks_controller.rb @@ -1,5 +1,7 @@ class TasksController < MyProfileController + protect 'peform_task', :profile + def index @tasks = profile.tasks.pending end diff --git a/app/models/profile.rb b/app/models/profile.rb index 2049e1d..65d0d7a 100644 --- a/app/models/profile.rb +++ b/app/models/profile.rb @@ -16,12 +16,15 @@ class Profile < ActiveRecord::Base end PERMISSIONS[:profile] = { - 'edit_profile' => N_('Edit profile'), - 'destroy_profile' => N_('Destroy profile'), - 'manage_memberships' => N_('Manage memberships'), - 'post_content' => N_('Post content'), + 'edit_profile' => N_('Edit profile'), + 'destroy_profile' => N_('Destroy profile'), + 'manage_memberships' => N_('Manage memberships'), + 'post_content' => N_('Post content'), 'edit_profile_design' => N_('Edit profile design'), - 'manage_products' => N_('Manage products'), + 'manage_products' => N_('Manage products'), + 'manage_friends' => N_('Manage friends'), + 'validate_enterprise' => N_('Validate enterprise'), + 'peform_task' => N_('Peform task'), } acts_as_accessible diff --git a/lib/authenticated_test_helper.rb b/lib/authenticated_test_helper.rb index 7685258..f811308 100644 --- a/lib/authenticated_test_helper.rb +++ b/lib/authenticated_test_helper.rb @@ -4,6 +4,10 @@ module AuthenticatedTestHelper @request.session[:user] = User.find_by_login(user.to_s) end + def logout + @request.session[:user] = nil + end + def content_type(type) @request.env['Content-Type'] = type end diff --git a/script/anhetegua b/script/anhetegua index 0d1340e..85ec621 100755 --- a/script/anhetegua +++ b/script/anhetegua @@ -10,6 +10,7 @@ Profile.destroy_all Role.destroy_all RoleAssignment.destroy_all Category.destroy_all +Product.destroy_all Article.destroy_all def new_category(parent, name, color = nil) @@ -108,6 +109,36 @@ colivre.affiliate(ze, owner_role) member_role = Profile::Roles.member moderator_role = Profile::Roles.moderator +# product categories +produtos = ProductCategory.create!(:name => 'Produtos', :environment => Environment.default, :display_color => 4) + +alimentacao = ProductCategory.create!(:name => 'Alimentação', :environment => Environment.default, :parent => produtos) +vegetais = ProductCategory.create!(:name => 'Vegetais', :environment => Environment.default, :parent => alimentacao) + +feijao = ProductCategory.create!(:name => 'Feijão', :environment => Environment.default, :parent => vegetais) + +arroz = ProductCategory.create!(:name => 'Arroz', :environment => Environment.default, :parent => vegetais) + +batata = ProductCategory.create!(:name => 'Batata', :environment => Environment.default, :parent => vegetais) + +carnes = ProductCategory.create!(:name => 'Carnes', :environment => Environment.default, :parent => alimentacao) + +boi = ProductCategory.create!(:name => 'Boi', :environment => Environment.default, :parent => carnes) + +frango = ProductCategory.create!(:name => 'Frango', :environment => Environment.default, :parent => carnes) + +vestuario = ProductCategory.create!(:name => 'Vestuário', :environment => Environment.default, :parent => produtos) + +camisetas = ProductCategory.create!(:name => 'Camisetas', :environment => Environment.default, :parent => vestuario) + +calcas = ProductCategory.create!(:name => 'Calças', :environment => Environment.default, :parent => vestuario) + +software_livre = ProductCategory.create!(:name => 'Software Livre', :environment => Environment.default, :parent => produtos) + +desenv = ProductCategory.create!(:name => 'Desenvolvimento', :environment => Environment.default, :parent => software_livre) +capacitacao = ProductCategory.create!(:name => 'Capacitação', :environment => Environment.default, :parent => software_livre) +admin_de_sistemas = ProductCategory.create!(:name => 'Administração de sistemas', :environment => Environment.default, :parent => software_livre) +arte_digital = ProductCategory.create!(:name => 'Arte Digital', :environment => Environment.default, :parent => software_livre) # actual products diff --git a/test/functional/enterprise_editor_controller_test.rb b/test/functional/enterprise_editor_controller_test.rb index 0ffc686..4700560 100644 --- a/test/functional/enterprise_editor_controller_test.rb +++ b/test/functional/enterprise_editor_controller_test.rb @@ -85,4 +85,5 @@ class EnterpriseEditorControllerTest < Test::Unit::TestCase assert_response :redirect assert_redirected_to :controller => 'profile_editor', :profile => 'test_user' end + end diff --git a/test/functional/enterprise_validation_test.rb b/test/functional/enterprise_validation_test.rb index f43b82b..d51f8ec 100644 --- a/test/functional/enterprise_validation_test.rb +++ b/test/functional/enterprise_validation_test.rb @@ -12,9 +12,10 @@ class EnterpriseValidationControllerTest < Test::Unit::TestCase @controller = EnterpriseValidationController.new @request = ActionController::TestRequest.new @response = ActionController::TestResponse.new + login_as 'ze' - @org = Organization.create!(:identifier => 'myorg', :name => "My Org") + give_permission('ze', 'validate_enterprise', @org) Profile.expects(:find_by_identifier).with('myorg').returns(@org).at_least_once end diff --git a/test/functional/friends_controller_test.rb b/test/functional/friends_controller_test.rb index c83089e..9ce9db8 100644 --- a/test/functional/friends_controller_test.rb +++ b/test/functional/friends_controller_test.rb @@ -14,6 +14,7 @@ class FriendsControllerTest < Test::Unit::TestCase self.profile = create_user('testuser').person self.friend = create_user('thefriend').person + login_as ('testuser') end attr_accessor :profile, :friend diff --git a/test/functional/memberships_controller_test.rb b/test/functional/memberships_controller_test.rb index ba8e3b6..40f39e3 100644 --- a/test/functional/memberships_controller_test.rb +++ b/test/functional/memberships_controller_test.rb @@ -11,6 +11,7 @@ class MembershipsControllerTest < Test::Unit::TestCase @response = ActionController::TestResponse.new @profile = create_user('testuser').person + login_as('testuser') end attr_reader :profile diff --git a/test/functional/profile_design_controller_test.rb b/test/functional/profile_design_controller_test.rb index ab42e42..c419a37 100644 --- a/test/functional/profile_design_controller_test.rb +++ b/test/functional/profile_design_controller_test.rb @@ -59,6 +59,7 @@ class ProfileDesignControllerTest < Test::Unit::TestCase @request.env['HTTP_REFERER'] = '/editor' @controller.stubs(:boxes_holder).returns(holder) + login_as 'ze' end ###################################################### diff --git a/test/functional/profile_editor_controller_test.rb b/test/functional/profile_editor_controller_test.rb index 5a24dda..03b34b6 100644 --- a/test/functional/profile_editor_controller_test.rb +++ b/test/functional/profile_editor_controller_test.rb @@ -67,4 +67,10 @@ class ProfileEditorControllerTest < Test::Unit::TestCase assert_redirected_to :action => 'index' end + should 'not permmit if not logged' do + logout + person = create_user('test_user') + get :index, :profile => 'test_user' + end + end diff --git a/test/functional/tasks_controller_test.rb b/test/functional/tasks_controller_test.rb index efcb0af..3875bc8 100644 --- a/test/functional/tasks_controller_test.rb +++ b/test/functional/tasks_controller_test.rb @@ -14,6 +14,7 @@ class TasksControllerTest < Test::Unit::TestCase self.profile = create_user('testuser').person @controller.stubs(:profile).returns(profile) + login_as 'testuser' end attr_accessor :profile diff --git a/test/integration/enterprise_registration_test.rb b/test/integration/enterprise_registration_test.rb index 84e2b58..8ce1655 100644 --- a/test/integration/enterprise_registration_test.rb +++ b/test/integration/enterprise_registration_test.rb @@ -44,6 +44,9 @@ class EnterpriseRegistrationTest < ActionController::IntegrationTest code = CreateEnterprise.find(:first, :order => 'id desc').code # steps done by the validator + validator = create_user_with_permission('validator', 'validate_enterprise', org) + login 'validator', 'validator' + get "/myprofile/myorg/enterprise_validation" assert_response :success assert_tag :tag => 'a', :attributes => { :href => "/myprofile/myorg/enterprise_validation/details/#{code}" } diff --git a/test/test_helper.rb b/test/test_helper.rb index ecaa436..7426c6e 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -83,8 +83,8 @@ class Test::Unit::TestCase User.create!(data) end - def create_user_with_permission(name, permission, target= nil) - user = create_user(name).person + def give_permission(user, permission, target) + user = Person.find_by_identifier(user) if user.kind_of?(String) target ||= user i = 0 while Role.find_by_name('test_role' + i.to_s) @@ -97,6 +97,11 @@ class Test::Unit::TestCase user end + def create_user_with_permission(name, permission, target= nil) + user = create_user(name).person + give_permission(user, permission, target) + end + alias :ok :assert_block def assert_equivalent(enum1, enum2) -- libgit2 0.21.2