Commit da7091785238f5cb94580d90e52ce22668456464
Committed by
Rodrigo Souto
Rodrigo Souto
1 parent
4befe13d
Exists in
master
and in
28 other branches
Remove Control Panel button in the memberships listing when user doesn't have access
Showing
2 changed files
with
24 additions
and
3 deletions
Show diff stats
app/views/shared/_list_groups.html.erb
| @@ -12,7 +12,9 @@ | @@ -12,7 +12,9 @@ | ||
| 12 | <%= _('Members: %s') % group.members_count.to_s %> <br/> | 12 | <%= _('Members: %s') % group.members_count.to_s %> <br/> |
| 13 | <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> | 13 | <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/> |
| 14 | <% button_bar do %> | 14 | <% button_bar do %> |
| 15 | - <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | 15 | + <% if user.has_permission?(:edit_profile, group) %> |
| 16 | + <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %> | ||
| 17 | + <% end %> | ||
| 16 | <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> | 18 | <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %> |
| 17 | <% if (group.community? && user.has_permission?(:destroy_profile, group)) %> | 19 | <% if (group.community? && user.has_permission?(:destroy_profile, group)) %> |
| 18 | <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %> | 20 | <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %> |
test/functional/memberships_controller_test.rb
| @@ -6,7 +6,7 @@ require 'memberships_controller' | @@ -6,7 +6,7 @@ require 'memberships_controller' | ||
| 6 | class MembershipsController; def rescue_action(e) raise e end; end | 6 | class MembershipsController; def rescue_action(e) raise e end; end |
| 7 | 7 | ||
| 8 | class MembershipsControllerTest < ActionController::TestCase | 8 | class MembershipsControllerTest < ActionController::TestCase |
| 9 | - | 9 | + |
| 10 | include ApplicationHelper | 10 | include ApplicationHelper |
| 11 | 11 | ||
| 12 | def setup | 12 | def setup |
| @@ -22,7 +22,7 @@ class MembershipsControllerTest < ActionController::TestCase | @@ -22,7 +22,7 @@ class MembershipsControllerTest < ActionController::TestCase | ||
| 22 | def test_local_files_reference | 22 | def test_local_files_reference |
| 23 | assert_local_files_reference :get, :index, :profile => profile.identifier | 23 | assert_local_files_reference :get, :index, :profile => profile.identifier |
| 24 | end | 24 | end |
| 25 | - | 25 | + |
| 26 | def test_valid_xhtml | 26 | def test_valid_xhtml |
| 27 | assert_valid_xhtml | 27 | assert_valid_xhtml |
| 28 | end | 28 | end |
| @@ -245,4 +245,23 @@ class MembershipsControllerTest < ActionController::TestCase | @@ -245,4 +245,23 @@ class MembershipsControllerTest < ActionController::TestCase | ||
| 245 | assert_tag :tag => 'input', :attributes => {:id => 'community_plugin2', :type => 'hidden', :value => 'Plugin 2'} | 245 | assert_tag :tag => 'input', :attributes => {:id => 'community_plugin2', :type => 'hidden', :value => 'Plugin 2'} |
| 246 | end | 246 | end |
| 247 | 247 | ||
| 248 | + should 'only display control panel link to members with permission' do | ||
| 249 | + c1 = fast_create(Community, :name => 'My own community') | ||
| 250 | + c2 = fast_create(Community, :name => 'Not my community') | ||
| 251 | + | ||
| 252 | + owner = fast_create(Person) | ||
| 253 | + c2.add_admin(owner) | ||
| 254 | + | ||
| 255 | + person = Person['testuser'] | ||
| 256 | + c1.add_admin(person) | ||
| 257 | + c2.add_member(person) | ||
| 258 | + | ||
| 259 | + login_as('testuser') | ||
| 260 | + get :index, :profile => 'testuser' | ||
| 261 | + | ||
| 262 | + assert_template 'index' | ||
| 263 | + assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{c2.identifier}" } | ||
| 264 | + assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{c1.identifier}" } | ||
| 265 | + end | ||
| 266 | + | ||
| 248 | end | 267 | end |