ActionItem219: able users to delete comments in his articles

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1583 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem219: able users to delete comments in his articles
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1583 3f533792-8f58-4932-b0fe-aaf55b0a4547
JoenioCosta
1 parent 1d62da97
Showing 5 changed files with 83 additions and 32 deletions Show diff stats
app/controllers/public/content_viewer_controller.rb
app/helpers/cms_helper.rb
app/views/content_viewer/_comment.rhtml
script/populate
test/functional/content_viewer_controller_test.rb
@@ -33,14 +33,33 @@ class ContentViewerController &lt; PublicController
     end
     if request.post? && params[:comment]
-      @comment = Comment.new(params[:comment])
-      @comment.author = user if logged_in?
-      @comment.article = @page
-      if @comment.save!
-        @comment = nil # clear the comment form
-      end
+      add_comment
+    end
+
+    if request.post? && params[:remove_comment]
+      remove_comment
     end
+    
     @comments = @page.comments(true)
   end
+  protected
+
+  def add_comment
+    @comment = Comment.new(params[:comment])
+    @comment.author = user if logged_in?
+    @comment.article = @page
+    if @comment.save!
+      @comment = nil # clear the comment form
+    end
+  end
+
+  def remove_comment
+    @comment = @page.comments.find(params[:remove_comment])
+    if (user == @comment.author) || (user == @page.profile)
+      @comment.destroy
+    end
+    redirect_to :action => 'view_page'
+  end
+
 end
@@ -33,7 +33,8 @@ module CmsHelper
         if cat.top_level?
           result << content_tag('h5', toplevel.name)
         else
-          result << content_tag('div', check_box_tag("#{object_name}[category_ids][]", cat.id, object.category_ids.include?(cat.id)) + cat.full_name_without_leading(1))
+          checkbox_id = "#{object_name}_#{cat.full_name.downcase.gsub(/\s+|\//, '_')}"
+          result << content_tag('label', check_box_tag("#{object_name}[category_ids][]", cat.id, object.category_ids.include?(cat.id), :id => checkbox_id) + cat.full_name_without_leading(1), :for => checkbox_id)
         end
       end
     end
 <div class="article-comment<%= ' comment-from-owner' if ( comment.author && (@page.profile.name == comment.author.name) ) %> comment-logged-<%= comment.author ? 'in' : 'out' %>">
+  <% if user == @page.profile || user == comment.author %>
+    <% button_bar(:style => 'float: right; margin-top: 0;') do %>
+      <%= button(:delete, 'Delete', { :remove_comment => comment.id }, :method => :post, :confirm => _('Are you sure you want to remove this comment?')) %>
+    <% end %>
+  <% end %>
+  
   <% if comment.author %>
     <%= link_to content_tag( 'span', comment.author.name() ), comment.author.url,
         :class => 'comment-picture',
@@ -1,24 +0,0 @@
-#!/usr/bin/env ruby
-require File.dirname(__FILE__) + '/../config/environment'
-
-Profile.destroy_all
-
-User.destroy_all
-User.create!(:login => 'testprofile', :email => 'admin@localhost.localdomain', :password => 'test', :password_confirmation => 'test')
-User.create!(:login => 'user', :email => 'user@localhost.localdomain', :password => 'user', :password_confirmation => 'user')
-User.create!(:login => 'usuario', :email => 'usuario@localhost.localdomain', :password => 'usuario', :password_confirmation => 'usuario')
-ze = User.create!(:login => 'ze', :email => 'ze@localhost.localdomain', :password => 'test', :password_confirmation => 'test').person
-root = User.create!(:login => 'root', :email => 'root@noosfero.org', :password => 'root', :password_confirmation => 'root').person
-
-Role.destroy_all
-admin_role = Role.create!(:name => 'admin', :permissions => ['edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_validators'])
-
-RoleAssignment.create!(:accessor => root, :role => admin_role, :resource => nil)
-
-empa = Enterprise.create!(:name => 'Empreendimento A', :identifier => 'empreendimento_a')
-
-owner_role = Role.create!(:name => 'owner', :permissions => ['edit_profile', 'destroy_profile', 'manage_memberships', 'post_content', 'edit_profile_design'])
-
-RoleAssignment.create!(:accessor => ze, :role => owner_role, :resource => empa)
-RoleAssignment.create!(:accessor => root, :role => owner_role, :resource => Environmnet.default) if Environmnet.default
-
@@ -90,7 +90,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     # for example, RSS feeds 
     profile = create_user('someone').person
     page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')
-    page.save!
+page.save!
     feed = RssFeed.new(:name => 'testfeed')
     feed.profile = profile
@@ -104,5 +104,54 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
     assert_equal feed.data, @response.body
   end
+  should 'be able to remove comment' do
+    profile = create_user('testuser').person
+    article = profile.articles.build(:name => 'test')
+    article.save!
+    comment = article.comments.build(:author => profile, :title => 'a comment', :body => 'lalala')
+    comment.save!
+
+    login_as 'testuser'
+    assert_difference Comment, :count, -1 do
+      post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
+      assert_response :redirect
+    end
+    
+  end
+  
+  should "not be able to remove other people's comments" do
+    profile = create_user('testuser').person
+    article = profile.articles.build(:name => 'test')
+    article.save!
+    
+    commenter = create_user('otheruser').person
+    comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
+    comment.save!
+
+    login_as 'ze' # ze cannot remove other people's comments
+    assert_no_difference Comment, :count do 
+      post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
+      assert_response :redirect
+    end
+    
+  end
+
+  should 'be able to remove comments on their articles' do
+    profile = create_user('testuser').person
+    article = profile.articles.build(:name => 'test')
+    article.save!
+    
+    commenter = create_user('otheruser').person
+    comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
+    comment.save!
+
+    login_as 'testuser' # testuser must be able to remove comments in his articles
+    assert_difference Comment, :count, -1 do 
+      post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
+      assert_response :redirect
+    end
+
+  end
+
 end
	@@ -33,14 +33,33 @@ class ContentViewerController < PublicController		@@ -33,14 +33,33 @@ class ContentViewerController < PublicController
33	end	33	end
34		34
35	if request.post? && params[:comment]	35	if request.post? && params[:comment]
36	- @comment = Comment.new(params[:comment])
37	- @comment.author = user if logged_in?
38	- @comment.article = @page
39	- if @comment.save!
40	- @comment = nil # clear the comment form
41	- end	36	+ add_comment
		37	+ end
		38	+
		39	+ if request.post? && params[:remove_comment]
		40	+ remove_comment
42	end	41	end
		42	+
43	@comments = @page.comments(true)	43	@comments = @page.comments(true)
44	end	44	end
45		45
		46	+ protected
		47	+
		48	+ def add_comment
		49	+ @comment = Comment.new(params[:comment])
		50	+ @comment.author = user if logged_in?
		51	+ @comment.article = @page
		52	+ if @comment.save!
		53	+ @comment = nil # clear the comment form
		54	+ end
		55	+ end
		56	+
		57	+ def remove_comment
		58	+ @comment = @page.comments.find(params[:remove_comment])
		59	+ if (user == @comment.author) \|\| (user == @page.profile)
		60	+ @comment.destroy
		61	+ end
		62	+ redirect_to :action => 'view_page'
		63	+ end
		64	+
46	end	65	end
1	<div class="article-comment<%= ' comment-from-owner' if ( comment.author && (@page.profile.name == comment.author.name) ) %> comment-logged-<%= comment.author ? 'in' : 'out' %>">	1	<div class="article-comment<%= ' comment-from-owner' if ( comment.author && (@page.profile.name == comment.author.name) ) %> comment-logged-<%= comment.author ? 'in' : 'out' %>">
		2	+ <% if user == @page.profile \|\| user == comment.author %>
		3	+ <% button_bar(:style => 'float: right; margin-top: 0;') do %>
		4	+ <%= button(:delete, 'Delete', { :remove_comment => comment.id }, :method => :post, :confirm => _('Are you sure you want to remove this comment?')) %>
		5	+ <% end %>
		6	+ <% end %>
		7	+
2	<% if comment.author %>	8	<% if comment.author %>
3	<%= link_to content_tag( 'span', comment.author.name() ), comment.author.url,	9	<%= link_to content_tag( 'span', comment.author.name() ), comment.author.url,
4	:class => 'comment-picture',	10	:class => 'comment-picture',
	@@ -1,24 +0,0 @@	@@ -1,24 +0,0 @@
1	-#!/usr/bin/env ruby
2	-require File.dirname(__FILE__) + '/../config/environment'
3	-
4	-Profile.destroy_all
5	-
6	-User.destroy_all
7	-User.create!(:login => 'testprofile', :email => 'admin@localhost.localdomain', :password => 'test', :password_confirmation => 'test')
8	-User.create!(:login => 'user', :email => 'user@localhost.localdomain', :password => 'user', :password_confirmation => 'user')
9	-User.create!(:login => 'usuario', :email => 'usuario@localhost.localdomain', :password => 'usuario', :password_confirmation => 'usuario')
10	-ze = User.create!(:login => 'ze', :email => 'ze@localhost.localdomain', :password => 'test', :password_confirmation => 'test').person
11	-root = User.create!(:login => 'root', :email => 'root@noosfero.org', :password => 'root', :password_confirmation => 'root').person
12	-
13	-Role.destroy_all
14	-admin_role = Role.create!(:name => 'admin', :permissions => ['edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_validators'])
15	-
16	-RoleAssignment.create!(:accessor => root, :role => admin_role, :resource => nil)
17	-
18	-empa = Enterprise.create!(:name => 'Empreendimento A', :identifier => 'empreendimento_a')
19	-
20	-owner_role = Role.create!(:name => 'owner', :permissions => ['edit_profile', 'destroy_profile', 'manage_memberships', 'post_content', 'edit_profile_design'])
21	-
22	-RoleAssignment.create!(:accessor => ze, :role => owner_role, :resource => empa)
23	-RoleAssignment.create!(:accessor => root, :role => owner_role, :resource => Environmnet.default) if Environmnet.default
24	-
	@@ -90,7 +90,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase		@@ -90,7 +90,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase
90	# for example, RSS feeds	90	# for example, RSS feeds
91	profile = create_user('someone').person	91	profile = create_user('someone').person
92	page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')	92	page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')
93	- page.save!	93	+page.save!
94		94
95	feed = RssFeed.new(:name => 'testfeed')	95	feed = RssFeed.new(:name => 'testfeed')
96	feed.profile = profile	96	feed.profile = profile
	@@ -104,5 +104,54 @@ class ContentViewerControllerTest < Test::Unit::TestCase		@@ -104,5 +104,54 @@ class ContentViewerControllerTest < Test::Unit::TestCase
104	assert_equal feed.data, @response.body	104	assert_equal feed.data, @response.body
105	end	105	end
106		106
		107	+ should 'be able to remove comment' do
		108	+ profile = create_user('testuser').person
		109	+ article = profile.articles.build(:name => 'test')
		110	+ article.save!
		111	+ comment = article.comments.build(:author => profile, :title => 'a comment', :body => 'lalala')
		112	+ comment.save!
		113	+
		114	+ login_as 'testuser'
		115	+ assert_difference Comment, :count, -1 do
		116	+ post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
		117	+ assert_response :redirect
		118	+ end
		119	+
		120	+ end
		121	+
		122	+ should "not be able to remove other people's comments" do
		123	+ profile = create_user('testuser').person
		124	+ article = profile.articles.build(:name => 'test')
		125	+ article.save!
		126	+
		127	+ commenter = create_user('otheruser').person
		128	+ comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
		129	+ comment.save!
		130	+
		131	+ login_as 'ze' # ze cannot remove other people's comments
		132	+ assert_no_difference Comment, :count do
		133	+ post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
		134	+ assert_response :redirect
		135	+ end
		136	+
		137	+ end
		138	+
		139	+ should 'be able to remove comments on their articles' do
		140	+ profile = create_user('testuser').person
		141	+ article = profile.articles.build(:name => 'test')
		142	+ article.save!
		143	+
		144	+ commenter = create_user('otheruser').person
		145	+ comment = article.comments.build(:author => commenter, :title => 'a comment', :body => 'lalala')
		146	+ comment.save!
		147	+
		148	+ login_as 'testuser' # testuser must be able to remove comments in his articles
		149	+ assert_difference Comment, :count, -1 do
		150	+ post :view_page, :profile => profile.identifier, :page => [ 'test' ], :remove_comment => comment.id
		151	+ assert_response :redirect
		152	+ end
		153	+
		154	+ end
		155	+
107		156
108	end	157	end