Merge remote-tracking branch 'origin/master'

Weblate
2 parents de7a1b73 12a8cc02
Showing 4 changed files with 119 additions and 9 deletions Show diff stats
app/models/article.rb
app/models/person.rb
test/unit/article_test.rb
test/unit/person_test.rb
@@ -487,15 +487,16 @@ class Article &lt; ActiveRecord::Base
   scope :more_recent, :order => "created_at DESC"
  
   scope :display_filter, lambda {|user, profile|
-    user.nil? ? 
-    {:conditions => ['articles.published = ?', true]} :  
-    {:conditions => ["  articles.published = ? OR
-                        articles.last_changed_by_id = ? OR
-                        articles.profile_id = ? OR
-                        ? OR  articles.show_to_followers = ? AND ? ",
-                        true, user.id, user.id, user.has_permission?(:view_private_content, profile),
-                        true, user.follows?(profile)]
-    }
+    return published if (user.nil? && profile && profile.public?)
+    return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile))
+    where(
+      [
+       "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ? 
+        OR  (show_to_followers = ? AND ?)", true, user.id, user.id, 
+        profile.nil? ?  false : user.has_permission?(:view_private_content, profile),
+        true, user.follows?(profile)
+      ] 
+    )
   }
  
  
@@ -435,6 +435,7 @@ roles] }
   end
  
   def follows?(profile)
+    return false if profile.nil?
     profile.followed_by?(self)
   end
  
@@ -2018,4 +2018,107 @@ class ArticleTest &lt; ActiveSupport::TestCase
     assert_equal [a], Article.display_filter(user, p)
   end
  
+  should 'display_filter do not show person private content to non friends passing nil as profile parameter' do
+    user = create_user('someuser').person
+    p = fast_create(Person)
+    assert !p.is_a_friend?(user)
+    assert !user.is_admin?
+    Article.delete_all
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [], Article.display_filter(user, nil)
+  end
+
+  should 'display_filter do not show community private content to non members passing nil as profile parameter' do
+    user = create_user('someuser').person
+    p = fast_create(Community)
+    assert !user.is_member_of?(p)
+    Article.delete_all
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [], Article.display_filter(user, nil)
+  end
+
+  should 'display_filter show community public content of private community for user members' do
+    user = create_user('someuser').person
+    p = fast_create(Community, :public_profile => false)
+    p.add_member(user)
+    assert user.is_member_of?(p)
+    user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+    Article.delete_all
+    a = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [a], Article.display_filter(user, p)
+  end
+
+  should 'display_filter not show public content of private community for non members' do
+    user = create_user('someuser').person
+    p = fast_create(Community, :public_profile => false)
+    assert !user.is_member_of?(p)
+    user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+    Article.delete_all
+    a = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [], Article.display_filter(user, p)
+  end
+
+  should 'display_filter not show public content of private community for non members when user is nil' do
+    p = fast_create(Community, :public_profile => false)
+    Article.delete_all
+    a = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [], Article.display_filter(nil, p)
+  end
+
+  should 'display_filter show public content for non members when profile is nil' do
+    user = create_user('someuser').person
+    p = fast_create(Community, :public_profile => true)
+    Article.delete_all
+    a1 = fast_create(Article, :published => true, :profile_id => user.id)
+    a2 = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equivalent [a1,a2], Article.display_filter(user, nil)
+  end
+
+  should 'display_filter show person public content of private person profile for user friends' do
+    user = create_user('someuser').person
+    p = fast_create(Person, :public_profile => false)
+    p.add_friend(user)
+    assert p.is_a_friend?(user)
+    user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+    Article.delete_all
+    a = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [a], Article.display_filter(user, p)
+  end
+
+  should 'display_filter not show public content of private person for non friends' do
+    user = create_user('someuser').person
+    p = fast_create(Person, :public_profile => false)
+    assert !user.is_a_friend?(p)
+    user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+    Article.delete_all
+    a = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [], Article.display_filter(user, p)
+  end
+
+  should 'display_filter not show public content of private person for non friends when user is nil' do
+    p = fast_create(Person, :public_profile => false)
+    Article.delete_all
+    a = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equal [], Article.display_filter(nil, p)
+  end
+
+  should 'display_filter show public content for non friends when profile is nil' do
+    user = create_user('someuser').person
+    p = fast_create(Person, :public_profile => true)
+    Article.delete_all
+    a1 = fast_create(Article, :published => true, :profile_id => user.id)
+    a2 = fast_create(Article, :published => true, :profile_id => p.id)
+    fast_create(Article, :published => false, :profile_id => p.id)
+    assert_equivalent [a1,a2], Article.display_filter(user, nil)
+  end
+
 end
@@ -1631,4 +1631,9 @@ class PersonTest &lt; ActiveSupport::TestCase
     assert person.can_change_homepage?
   end
  
+  should 'follow? return false when no profile is passed as parameter' do
+    person = Person.new
+    assert_equal false, person.follows?(nil)
+  end
+
 end
...	...	@@ -487,15 +487,16 @@ class Article < ActiveRecord::Base
487	487	scope :more_recent, :order => "created_at DESC"
488	488
489	489	scope :display_filter, lambda {\|user, profile\|
490		- user.nil? ?
491		- {:conditions => ['articles.published = ?', true]} :
492		- {:conditions => [" articles.published = ? OR
493		- articles.last_changed_by_id = ? OR
494		- articles.profile_id = ? OR
495		- ? OR articles.show_to_followers = ? AND ? ",
496		- true, user.id, user.id, user.has_permission?(:view_private_content, profile),
497		- true, user.follows?(profile)]
498		- }
	490	+ return published if (user.nil? && profile && profile.public?)
	491	+ return [] if user.nil? \|\| (profile && !profile.public? && !user.follows?(profile))
	492	+ where(
	493	+ [
	494	+ "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ?
	495	+ OR (show_to_followers = ? AND ?)", true, user.id, user.id,
	496	+ profile.nil? ? false : user.has_permission?(:view_private_content, profile),
	497	+ true, user.follows?(profile)
	498	+ ]
	499	+ )
499	500	}
500	501
501	502
...	...
...	...	@@ -435,6 +435,7 @@ roles] }
435	435	end
436	436
437	437	def follows?(profile)
	438	+ return false if profile.nil?
438	439	profile.followed_by?(self)
439	440	end
440	441
...	...
...	...	@@ -2018,4 +2018,107 @@ class ArticleTest < ActiveSupport::TestCase
2018	2018	assert_equal [a], Article.display_filter(user, p)
2019	2019	end
2020	2020
	2021	+ should 'display_filter do not show person private content to non friends passing nil as profile parameter' do
	2022	+ user = create_user('someuser').person
	2023	+ p = fast_create(Person)
	2024	+ assert !p.is_a_friend?(user)
	2025	+ assert !user.is_admin?
	2026	+ Article.delete_all
	2027	+ fast_create(Article, :published => false, :profile_id => p.id)
	2028	+ assert_equal [], Article.display_filter(user, nil)
	2029	+ end
	2030	+
	2031	+ should 'display_filter do not show community private content to non members passing nil as profile parameter' do
	2032	+ user = create_user('someuser').person
	2033	+ p = fast_create(Community)
	2034	+ assert !user.is_member_of?(p)
	2035	+ Article.delete_all
	2036	+ fast_create(Article, :published => false, :profile_id => p.id)
	2037	+ assert_equal [], Article.display_filter(user, nil)
	2038	+ end
	2039	+
	2040	+ should 'display_filter show community public content of private community for user members' do
	2041	+ user = create_user('someuser').person
	2042	+ p = fast_create(Community, :public_profile => false)
	2043	+ p.add_member(user)
	2044	+ assert user.is_member_of?(p)
	2045	+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
	2046	+ Article.delete_all
	2047	+ a = fast_create(Article, :published => true, :profile_id => p.id)
	2048	+ fast_create(Article, :published => false, :profile_id => p.id)
	2049	+ fast_create(Article, :published => false, :profile_id => p.id)
	2050	+ assert_equal [a], Article.display_filter(user, p)
	2051	+ end
	2052	+
	2053	+ should 'display_filter not show public content of private community for non members' do
	2054	+ user = create_user('someuser').person
	2055	+ p = fast_create(Community, :public_profile => false)
	2056	+ assert !user.is_member_of?(p)
	2057	+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
	2058	+ Article.delete_all
	2059	+ a = fast_create(Article, :published => true, :profile_id => p.id)
	2060	+ fast_create(Article, :published => false, :profile_id => p.id)
	2061	+ assert_equal [], Article.display_filter(user, p)
	2062	+ end
	2063	+
	2064	+ should 'display_filter not show public content of private community for non members when user is nil' do
	2065	+ p = fast_create(Community, :public_profile => false)
	2066	+ Article.delete_all
	2067	+ a = fast_create(Article, :published => true, :profile_id => p.id)
	2068	+ fast_create(Article, :published => false, :profile_id => p.id)
	2069	+ assert_equal [], Article.display_filter(nil, p)
	2070	+ end
	2071	+
	2072	+ should 'display_filter show public content for non members when profile is nil' do
	2073	+ user = create_user('someuser').person
	2074	+ p = fast_create(Community, :public_profile => true)
	2075	+ Article.delete_all
	2076	+ a1 = fast_create(Article, :published => true, :profile_id => user.id)
	2077	+ a2 = fast_create(Article, :published => true, :profile_id => p.id)
	2078	+ fast_create(Article, :published => false, :profile_id => p.id)
	2079	+ assert_equivalent [a1,a2], Article.display_filter(user, nil)
	2080	+ end
	2081	+
	2082	+ should 'display_filter show person public content of private person profile for user friends' do
	2083	+ user = create_user('someuser').person
	2084	+ p = fast_create(Person, :public_profile => false)
	2085	+ p.add_friend(user)
	2086	+ assert p.is_a_friend?(user)
	2087	+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
	2088	+ Article.delete_all
	2089	+ a = fast_create(Article, :published => true, :profile_id => p.id)
	2090	+ fast_create(Article, :published => false, :profile_id => p.id)
	2091	+ fast_create(Article, :published => false, :profile_id => p.id)
	2092	+ assert_equal [a], Article.display_filter(user, p)
	2093	+ end
	2094	+
	2095	+ should 'display_filter not show public content of private person for non friends' do
	2096	+ user = create_user('someuser').person
	2097	+ p = fast_create(Person, :public_profile => false)
	2098	+ assert !user.is_a_friend?(p)
	2099	+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
	2100	+ Article.delete_all
	2101	+ a = fast_create(Article, :published => true, :profile_id => p.id)
	2102	+ fast_create(Article, :published => false, :profile_id => p.id)
	2103	+ assert_equal [], Article.display_filter(user, p)
	2104	+ end
	2105	+
	2106	+ should 'display_filter not show public content of private person for non friends when user is nil' do
	2107	+ p = fast_create(Person, :public_profile => false)
	2108	+ Article.delete_all
	2109	+ a = fast_create(Article, :published => true, :profile_id => p.id)
	2110	+ fast_create(Article, :published => false, :profile_id => p.id)
	2111	+ assert_equal [], Article.display_filter(nil, p)
	2112	+ end
	2113	+
	2114	+ should 'display_filter show public content for non friends when profile is nil' do
	2115	+ user = create_user('someuser').person
	2116	+ p = fast_create(Person, :public_profile => true)
	2117	+ Article.delete_all
	2118	+ a1 = fast_create(Article, :published => true, :profile_id => user.id)
	2119	+ a2 = fast_create(Article, :published => true, :profile_id => p.id)
	2120	+ fast_create(Article, :published => false, :profile_id => p.id)
	2121	+ assert_equivalent [a1,a2], Article.display_filter(user, nil)
	2122	+ end
	2123	+
2021	2124	end
...	...
...	...	@@ -1631,4 +1631,9 @@ class PersonTest < ActiveSupport::TestCase
1631	1631	assert person.can_change_homepage?
1632	1632	end
1633	1633
	1634	+ should 'follow? return false when no profile is passed as parameter' do
	1635	+ person = Person.new
	1636	+ assert_equal false, person.follows?(nil)
	1637	+ end
	1638	+
1634	1639	end
...	...