[stoa] Blocking access to invite friends if user doesn't have usp id

* Adding new hotspots to remove links of invite friends * Adding new link on the control panel to invite friend

[stoa] Blocking access to invite friends if user doesn't have usp id
* Adding new hotspots to remove links of invite friends * Adding new link on the control panel to invite friend
Rodrigo Souto
1 parent 8b4f7289
Showing 8 changed files with 92 additions and 2 deletions Show diff stats
app/views/friends/index.rhtml
lib/noosfero/plugin.rb
plugins/stoa/lib/stoa_plugin.rb
plugins/stoa/public/images/control-panel/invite-friends.gif
plugins/stoa/public/images/control-panel/invite-friends.png
plugins/stoa/public/style.css
plugins/stoa/test/functional/invite_controller_test.rb
test/functional/friends_controller_test.rb
@@ -14,7 +14,9 @@
     <% button_bar do %>
       <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
       <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
-      <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+      <% if !@plugins.dispatch(:remove_invite_friends_button).include?(true) %>
+        <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+      <% end %>
     <% end %>
   <% end %>
  
@@ -43,7 +45,9 @@
   <% button_bar do %>
     <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
     <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
-    <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+    <% if !@plugins.dispatch(:remove_invite_friends_button).include?(true) %>
+      <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+    <% end %>
   <% end %>
 <% end %>
  
@@ -244,4 +244,10 @@ class Noosfero::Plugin
     nil
   end
  
+  # -> Removes the invite friend button from the friends controller
+  # returns = boolean
+  def remove_invite_friends_button
+    nil
+  end
+
 end
@@ -64,4 +64,21 @@ class StoaPlugin &lt; Noosfero::Plugin
       :block => block }]
   end
  
+  def invite_controller_filters
+    [{ :type => 'before_filter',
+      :method_name => 'check_usp_id_existence',
+      :block => lambda {render_access_denied if profile.usp_id.blank?} }]
+  end
+
+  def control_panel_buttons
+    { :title => _('Invite friends'),
+      :icon => 'invite-friends',
+      :url => {:controller => 'invite',
+               :action => 'select_address_book'} } if !context.profile.usp_id.blank?
+  end
+
+  def remove_invite_friends_button
+    true
+  end
+
 end
@@ -3,3 +3,6 @@
   display: block;
 }
  
+.controller-profile_editor a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.png)}
+.controller-profile_editor .msie6 a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.gif)}
+
@@ -0,0 +1,40 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../../../app/controllers/public/invite_controller'
+
+# Re-raise errors caught by the controller.
+class InviteController; def rescue_action(e) raise e end; end
+
+class InviteControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = InviteController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    environment = Environment.default
+    environment.enabled_plugins = ['StoaPlugin']
+    environment.save!
+  end
+
+  should 'not enable access to invitation if the user has not an usp_id' do
+    Task.create!(:code => 12345678)
+    person_without_usp_id = User.create!(:login => 'user-without', :email => 'user-without@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:invitation_code => 12345678}).person
+
+    login_as(person_without_usp_id.identifier)
+    get :select_address_book, :profile => person_without_usp_id.identifier
+    assert_response 403
+    get :select_friends, :profile => person_without_usp_id.identifier
+    assert_response 403
+  end
+
+  should 'enable access to invitation if the user has an usp_id' do
+    person_with_usp_id = User.create!(:login => 'user-with', :email => 'user-with@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:usp_id => 12345678}).person
+
+    login_as(person_with_usp_id.identifier)
+    get :select_address_book, :profile => person_with_usp_id.identifier
+    assert_response 200
+    get :select_friends, :profile => person_with_usp_id.identifier, :contact_list => ContactList.create.id
+    assert_response 200
+  end
+
+end
+
@@ -57,4 +57,24 @@ class FriendsControllerTest &lt; ActionController::TestCase
     assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/assets/people' }
   end
  
+  should 'not display invite friends button if any plugin tells not to' do
+    class Plugin1 < Noosfero::Plugin
+      def remove_invite_friends_button
+        true
+      end
+    end
+    class Plugin2 < Noosfero::Plugin
+      def remove_invite_friends_button
+        false
+      end
+    end
+
+    e = profile.environment
+    e.enable_plugin(Plugin1.name)
+    e.enable_plugin(Plugin2.name)
+
+    get :index, :profile => 'testuser'
+    assert_no_tag :tag => 'a', :attributes => { :href => "/profile/testuser/invite/friends" }
+  end
+
 end
...	...	@@ -14,7 +14,9 @@
14	14	<% button_bar do %>
15	15	<%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
16	16	<%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
17		- <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
	17	+ <% if !@plugins.dispatch(:remove_invite_friends_button).include?(true) %>
	18	+ <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
	19	+ <% end %>
18	20	<% end %>
19	21	<% end %>
20	22
...	...	@@ -43,7 +45,9 @@
43	45	<% button_bar do %>
44	46	<%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
45	47	<%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
46		- <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
	48	+ <% if !@plugins.dispatch(:remove_invite_friends_button).include?(true) %>
	49	+ <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
	50	+ <% end %>
47	51	<% end %>
48	52	<% end %>
49	53
...	...
...	...	@@ -244,4 +244,10 @@ class Noosfero::Plugin
244	244	nil
245	245	end
246	246
	247	+ # -> Removes the invite friend button from the friends controller
	248	+ # returns = boolean
	249	+ def remove_invite_friends_button
	250	+ nil
	251	+ end
	252	+
247	253	end
...	...
...	...	@@ -64,4 +64,21 @@ class StoaPlugin < Noosfero::Plugin
64	64	:block => block }]
65	65	end
66	66
	67	+ def invite_controller_filters
	68	+ [{ :type => 'before_filter',
	69	+ :method_name => 'check_usp_id_existence',
	70	+ :block => lambda {render_access_denied if profile.usp_id.blank?} }]
	71	+ end
	72	+
	73	+ def control_panel_buttons
	74	+ { :title => _('Invite friends'),
	75	+ :icon => 'invite-friends',
	76	+ :url => {:controller => 'invite',
	77	+ :action => 'select_address_book'} } if !context.profile.usp_id.blank?
	78	+ end
	79	+
	80	+ def remove_invite_friends_button
	81	+ true
	82	+ end
	83	+
67	84	end
...	...
...	...	@@ -3,3 +3,6 @@
3	3	display: block;
4	4	}
5	5
	6	+.controller-profile_editor a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.png)}
	7	+.controller-profile_editor .msie6 a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.gif)}
	8	+
...	...
...	...	@@ -0,0 +1,40 @@
	1	+require File.dirname(__FILE__) + '/../../../../test/test_helper'
	2	+require File.dirname(__FILE__) + '/../../../../app/controllers/public/invite_controller'
	3	+
	4	+# Re-raise errors caught by the controller.
	5	+class InviteController; def rescue_action(e) raise e end; end
	6	+
	7	+class InviteControllerTest < ActionController::TestCase
	8	+
	9	+ def setup
	10	+ @controller = InviteController.new
	11	+ @request = ActionController::TestRequest.new
	12	+ @response = ActionController::TestResponse.new
	13	+ environment = Environment.default
	14	+ environment.enabled_plugins = ['StoaPlugin']
	15	+ environment.save!
	16	+ end
	17	+
	18	+ should 'not enable access to invitation if the user has not an usp_id' do
	19	+ Task.create!(:code => 12345678)
	20	+ person_without_usp_id = User.create!(:login => 'user-without', :email => 'user-without@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:invitation_code => 12345678}).person
	21	+
	22	+ login_as(person_without_usp_id.identifier)
	23	+ get :select_address_book, :profile => person_without_usp_id.identifier
	24	+ assert_response 403
	25	+ get :select_friends, :profile => person_without_usp_id.identifier
	26	+ assert_response 403
	27	+ end
	28	+
	29	+ should 'enable access to invitation if the user has an usp_id' do
	30	+ person_with_usp_id = User.create!(:login => 'user-with', :email => 'user-with@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:usp_id => 12345678}).person
	31	+
	32	+ login_as(person_with_usp_id.identifier)
	33	+ get :select_address_book, :profile => person_with_usp_id.identifier
	34	+ assert_response 200
	35	+ get :select_friends, :profile => person_with_usp_id.identifier, :contact_list => ContactList.create.id
	36	+ assert_response 200
	37	+ end
	38	+
	39	+end
	40	+
...	...
...	...	@@ -57,4 +57,24 @@ class FriendsControllerTest < ActionController::TestCase
57	57	assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/assets/people' }
58	58	end
59	59
	60	+ should 'not display invite friends button if any plugin tells not to' do
	61	+ class Plugin1 < Noosfero::Plugin
	62	+ def remove_invite_friends_button
	63	+ true
	64	+ end
	65	+ end
	66	+ class Plugin2 < Noosfero::Plugin
	67	+ def remove_invite_friends_button
	68	+ false
	69	+ end
	70	+ end
	71	+
	72	+ e = profile.environment
	73	+ e.enable_plugin(Plugin1.name)
	74	+ e.enable_plugin(Plugin2.name)
	75	+
	76	+ get :index, :profile => 'testuser'
	77	+ assert_no_tag :tag => 'a', :attributes => { :href => "/profile/testuser/invite/friends" }
	78	+ end
	79	+
60	80	end
...	...