diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb
index ce88259..9102ebc 100644
--- a/app/controllers/public/content_viewer_controller.rb
+++ b/app/controllers/public/content_viewer_controller.rb
@@ -33,14 +33,33 @@ class ContentViewerController < PublicController
end
if request.post? && params[:comment]
- @comment = Comment.new(params[:comment])
- @comment.author = user if logged_in?
- @comment.article = @page
- if @comment.save!
- @comment = nil # clear the comment form
- end
+ add_comment
+ end
+
+ if request.post? && params[:remove_comment]
+ remove_comment
end
+
@comments = @page.comments(true)
end
+ protected
+
+ def add_comment
+ @comment = Comment.new(params[:comment])
+ @comment.author = user if logged_in?
+ @comment.article = @page
+ if @comment.save!
+ @comment = nil # clear the comment form
+ end
+ end
+
+ def remove_comment
+ @comment = @page.comments.find(params[:remove_comment])
+ if (user == @comment.author) || (user == @page.profile)
+ @comment.destroy
+ end
+ redirect_to :action => 'view_page'
+ end
+
end
diff --git a/app/helpers/cms_helper.rb b/app/helpers/cms_helper.rb
index 4068e85..5cf42cf 100644
--- a/app/helpers/cms_helper.rb
+++ b/app/helpers/cms_helper.rb
@@ -33,7 +33,8 @@ module CmsHelper
if cat.top_level?
result << content_tag('h5', toplevel.name)
else
- result << content_tag('div', check_box_tag("#{object_name}[category_ids][]", cat.id, object.category_ids.include?(cat.id)) + cat.full_name_without_leading(1))
+ checkbox_id = "#{object_name}_#{cat.full_name.downcase.gsub(/\s+|\//, '_')}"
+ result << content_tag('label', check_box_tag("#{object_name}[category_ids][]", cat.id, object.category_ids.include?(cat.id), :id => checkbox_id) + cat.full_name_without_leading(1), :for => checkbox_id)
end
end
end
diff --git a/app/views/content_viewer/_comment.rhtml b/app/views/content_viewer/_comment.rhtml
index 85a2b2a..f5f7012 100644
--- a/app/views/content_viewer/_comment.rhtml
+++ b/app/views/content_viewer/_comment.rhtml
@@ -1,4 +1,10 @@
+ <% if user == @page.profile || user == comment.author %>
+ <% button_bar(:style => 'float: right; margin-top: 0;') do %>
+ <%= button(:delete, 'Delete', { :remove_comment => comment.id }, :method => :post, :confirm => _('Are you sure you want to remove this comment?')) %>
+ <% end %>
+ <% end %>
+
<% if comment.author %>
<%= link_to content_tag( 'span', comment.author.name() ), comment.author.url,
:class => 'comment-picture',
diff --git a/script/populate b/script/populate
deleted file mode 100755
index e675699..0000000
--- a/script/populate
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env ruby
-require File.dirname(__FILE__) + '/../config/environment'
-
-Profile.destroy_all
-
-User.destroy_all
-User.create!(:login => 'testprofile', :email => 'admin@localhost.localdomain', :password => 'test', :password_confirmation => 'test')
-User.create!(:login => 'user', :email => 'user@localhost.localdomain', :password => 'user', :password_confirmation => 'user')
-User.create!(:login => 'usuario', :email => 'usuario@localhost.localdomain', :password => 'usuario', :password_confirmation => 'usuario')
-ze = User.create!(:login => 'ze', :email => 'ze@localhost.localdomain', :password => 'test', :password_confirmation => 'test').person
-root = User.create!(:login => 'root', :email => 'root@noosfero.org', :password => 'root', :password_confirmation => 'root').person
-
-Role.destroy_all
-admin_role = Role.create!(:name => 'admin', :permissions => ['edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_validators'])
-
-RoleAssignment.create!(:accessor => root, :role => admin_role, :resource => nil)
-
-empa = Enterprise.create!(:name => 'Empreendimento A', :identifier => 'empreendimento_a')
-
-owner_role = Role.create!(:name => 'owner', :permissions => ['edit_profile', 'destroy_profile', 'manage_memberships', 'post_content', 'edit_profile_design'])
-
-RoleAssignment.create!(:accessor => ze, :role => owner_role, :resource => empa)
-RoleAssignment.create!(:accessor => root, :role => owner_role, :resource => Environmnet.default) if Environmnet.default
-
diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb
index 8182507..355fd3c 100644
--- a/test/functional/content_viewer_controller_test.rb
+++ b/test/functional/content_viewer_controller_test.rb
@@ -90,7 +90,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase
# for example, RSS feeds
profile = create_user('someone').person
page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')
- page.save!
+page.save!
feed = RssFeed.new(:name => 'testfeed')
feed.profile = profile
@@ -104,5 +104,54 @@ class ContentViewerControllerTest < Test::Unit::TestCase
assert_equal feed.data, @response.body
end
+ should 'be able to remove comment' do
+ profile = create_user('testuser').person
+ article = profile.articles.build(:name => 'test')
+ article.save!
+ comment = article.comments.build(:author => profile, :title => 'a comment', :body => 'lalala')
+ comment.save!
+
+ login_as 'testuser'
+ assert_difference Comment, :count, -1 do
+ post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
+ assert_response :redirect
+ end
+
+ end
+
+ should "not be able to remove other people's comments" do
+ profile = create_user('testuser').person
+ article = profile.articles.build(:name => 'test')
+ article.save!
+
+ commenter = create_user('otheruser').person
+ comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
+ comment.save!
+
+ login_as 'ze' # ze cannot remove other people's comments
+ assert_no_difference Comment, :count do
+ post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
+ assert_response :redirect
+ end
+
+ end
+
+ should 'be able to remove comments on their articles' do
+ profile = create_user('testuser').person
+ article = profile.articles.build(:name => 'test')
+ article.save!
+
+ commenter = create_user('otheruser').person
+ comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
+ comment.save!
+
+ login_as 'testuser' # testuser must be able to remove comments in his articles
+ assert_difference Comment, :count, -1 do
+ post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
+ assert_response :redirect
+ end
+
+ end
+
end
--
libgit2 0.21.2