[stoa] Blocking access to invite friends if user doesn't have usp id

* Adding new hotspots to remove links of invite friends * Adding new link on the control panel to invite friend

[stoa] Blocking access to invite friends if user doesn't have usp id
* Adding new hotspots to remove links of invite friends * Adding new link on the control panel to invite friend
Rodrigo Souto
1 parent 8b4f7289
Showing 8 changed files with 92 additions and 2 deletions Show diff stats
app/views/friends/index.rhtml
lib/noosfero/plugin.rb
plugins/stoa/lib/stoa_plugin.rb
plugins/stoa/public/images/control-panel/invite-friends.gif
plugins/stoa/public/images/control-panel/invite-friends.png
plugins/stoa/public/style.css
plugins/stoa/test/functional/invite_controller_test.rb
test/functional/friends_controller_test.rb
@@ -14,7 +14,9 @@
     <% button_bar do %>
       <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
       <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
-      <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+      <% if !@plugins.dispatch(:remove_invite_friends_button).include?(true) %>
+        <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+      <% end %>
     <% end %>
   <% end %>
@@ -43,7 +45,9 @@
   <% button_bar do %>
     <%= button(:back, _('Back to control panel'), :controller => 'profile_editor') %>
     <%= button(:search, _('Find people'), :controller => 'search', :action => 'assets', :asset => 'people') %>
-    <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+    <% if !@plugins.dispatch(:remove_invite_friends_button).include?(true) %>
+      <%= button(:search, _('Invite people from my e-mail contacts'), :controller => 'invite', :action => 'select_address_book') %>
+    <% end %>
   <% end %>
 <% end %>
@@ -244,4 +244,10 @@ class Noosfero::Plugin
     nil
   end
+  # -> Removes the invite friend button from the friends controller
+  # returns = boolean
+  def remove_invite_friends_button
+    nil
+  end
+
 end
@@ -64,4 +64,21 @@ class StoaPlugin &lt; Noosfero::Plugin
       :block => block }]
   end
+  def invite_controller_filters
+    [{ :type => 'before_filter',
+      :method_name => 'check_usp_id_existence',
+      :block => lambda {render_access_denied if profile.usp_id.blank?} }]
+  end
+
+  def control_panel_buttons
+    { :title => _('Invite friends'),
+      :icon => 'invite-friends',
+      :url => {:controller => 'invite',
+               :action => 'select_address_book'} } if !context.profile.usp_id.blank?
+  end
+
+  def remove_invite_friends_button
+    true
+  end
+
 end
@@ -3,3 +3,6 @@
   display: block;
 }
+.controller-profile_editor a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.png)}
+.controller-profile_editor .msie6 a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.gif)}
+
@@ -0,0 +1,40 @@
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+require File.dirname(__FILE__) + '/../../../../app/controllers/public/invite_controller'
+
+# Re-raise errors caught by the controller.
+class InviteController; def rescue_action(e) raise e end; end
+
+class InviteControllerTest < ActionController::TestCase
+
+  def setup
+    @controller = InviteController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    environment = Environment.default
+    environment.enabled_plugins = ['StoaPlugin']
+    environment.save!
+  end
+
+  should 'not enable access to invitation if the user has not an usp_id' do
+    Task.create!(:code => 12345678)
+    person_without_usp_id = User.create!(:login => 'user-without', :email => 'user-without@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:invitation_code => 12345678}).person
+
+    login_as(person_without_usp_id.identifier)
+    get :select_address_book, :profile => person_without_usp_id.identifier
+    assert_response 403
+    get :select_friends, :profile => person_without_usp_id.identifier
+    assert_response 403
+  end
+
+  should 'enable access to invitation if the user has an usp_id' do
+    person_with_usp_id = User.create!(:login => 'user-with', :email => 'user-with@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:usp_id => 12345678}).person
+
+    login_as(person_with_usp_id.identifier)
+    get :select_address_book, :profile => person_with_usp_id.identifier
+    assert_response 200
+    get :select_friends, :profile => person_with_usp_id.identifier, :contact_list => ContactList.create.id
+    assert_response 200
+  end
+
+end
+
@@ -57,4 +57,24 @@ class FriendsControllerTest &lt; ActionController::TestCase
     assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/assets/people' }
   end
+  should 'not display invite friends button if any plugin tells not to' do
+    class Plugin1 < Noosfero::Plugin
+      def remove_invite_friends_button
+        true
+      end
+    end
+    class Plugin2 < Noosfero::Plugin
+      def remove_invite_friends_button
+        false
+      end
+    end
+
+    e = profile.environment
+    e.enable_plugin(Plugin1.name)
+    e.enable_plugin(Plugin2.name)
+
+    get :index, :profile => 'testuser'
+    assert_no_tag :tag => 'a', :attributes => { :href => "/profile/testuser/invite/friends" }
+  end
+
 end
	@@ -244,4 +244,10 @@ class Noosfero::Plugin		@@ -244,4 +244,10 @@ class Noosfero::Plugin
244	nil	244	nil
245	end	245	end
246		246
		247	+ # -> Removes the invite friend button from the friends controller
		248	+ # returns = boolean
		249	+ def remove_invite_friends_button
		250	+ nil
		251	+ end
		252	+
247	end	253	end
	@@ -64,4 +64,21 @@ class StoaPlugin < Noosfero::Plugin		@@ -64,4 +64,21 @@ class StoaPlugin < Noosfero::Plugin
64	:block => block }]	64	:block => block }]
65	end	65	end
66		66
		67	+ def invite_controller_filters
		68	+ [{ :type => 'before_filter',
		69	+ :method_name => 'check_usp_id_existence',
		70	+ :block => lambda {render_access_denied if profile.usp_id.blank?} }]
		71	+ end
		72	+
		73	+ def control_panel_buttons
		74	+ { :title => _('Invite friends'),
		75	+ :icon => 'invite-friends',
		76	+ :url => {:controller => 'invite',
		77	+ :action => 'select_address_book'} } if !context.profile.usp_id.blank?
		78	+ end
		79	+
		80	+ def remove_invite_friends_button
		81	+ true
		82	+ end
		83	+
67	end	84	end
	@@ -3,3 +3,6 @@		@@ -3,3 +3,6 @@
3	display: block;	3	display: block;
4	}	4	}
5		5
		6	+.controller-profile_editor a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.png)}
		7	+.controller-profile_editor .msie6 a.control-panel-invite-friends {background-image: url(../stoa/images/control-panel/invite-friends.gif)}
		8	+
@@ -0,0 +1,40 @@		@@ -0,0 +1,40 @@
	1	+require File.dirname(__FILE__) + '/../../../../test/test_helper'
	2	+require File.dirname(__FILE__) + '/../../../../app/controllers/public/invite_controller'
	3	+
	4	+# Re-raise errors caught by the controller.
	5	+class InviteController; def rescue_action(e) raise e end; end
	6	+
	7	+class InviteControllerTest < ActionController::TestCase
	8	+
	9	+ def setup
	10	+ @controller = InviteController.new
	11	+ @request = ActionController::TestRequest.new
	12	+ @response = ActionController::TestResponse.new
	13	+ environment = Environment.default
	14	+ environment.enabled_plugins = ['StoaPlugin']
	15	+ environment.save!
	16	+ end
	17	+
	18	+ should 'not enable access to invitation if the user has not an usp_id' do
	19	+ Task.create!(:code => 12345678)
	20	+ person_without_usp_id = User.create!(:login => 'user-without', :email => 'user-without@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:invitation_code => 12345678}).person
	21	+
	22	+ login_as(person_without_usp_id.identifier)
	23	+ get :select_address_book, :profile => person_without_usp_id.identifier
	24	+ assert_response 403
	25	+ get :select_friends, :profile => person_without_usp_id.identifier
	26	+ assert_response 403
	27	+ end
	28	+
	29	+ should 'enable access to invitation if the user has an usp_id' do
	30	+ person_with_usp_id = User.create!(:login => 'user-with', :email => 'user-with@example.com', :password => 'test', :password_confirmation => 'test', :person_data => {:usp_id => 12345678}).person
	31	+
	32	+ login_as(person_with_usp_id.identifier)
	33	+ get :select_address_book, :profile => person_with_usp_id.identifier
	34	+ assert_response 200
	35	+ get :select_friends, :profile => person_with_usp_id.identifier, :contact_list => ContactList.create.id
	36	+ assert_response 200
	37	+ end
	38	+
	39	+end
	40	+
	@@ -57,4 +57,24 @@ class FriendsControllerTest < ActionController::TestCase		@@ -57,4 +57,24 @@ class FriendsControllerTest < ActionController::TestCase
57	assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/assets/people' }	57	assert_tag :tag => 'a', :content => 'Find people', :attributes => { :href => '/assets/people' }
58	end	58	end
59		59
		60	+ should 'not display invite friends button if any plugin tells not to' do
		61	+ class Plugin1 < Noosfero::Plugin
		62	+ def remove_invite_friends_button
		63	+ true
		64	+ end
		65	+ end
		66	+ class Plugin2 < Noosfero::Plugin
		67	+ def remove_invite_friends_button
		68	+ false
		69	+ end
		70	+ end
		71	+
		72	+ e = profile.environment
		73	+ e.enable_plugin(Plugin1.name)
		74	+ e.enable_plugin(Plugin2.name)
		75	+
		76	+ get :index, :profile => 'testuser'
		77	+ assert_no_tag :tag => 'a', :attributes => { :href => "/profile/testuser/invite/friends" }
		78	+ end
		79	+
60	end	80	end