[Git][noosfero/noosfero][master] Environment permisson to delete a profile.
Daniela Feitosa
gitlab at gitlab.com
Mon Aug 10 15:14:15 BRT 2015
Daniela Feitosa pushed to branch master at Noosfero / noosfero
Commits:
6573492a by Thiago Ribeiro at 2015-08-10T15:10:55Z
Environment permisson to delete a profile.
Add environment permission to not allow user to delete a profile
Signed-off-by: Gabriela Navarro <navarro1703 at gmail.com>
Signed-off-by: Thiago Ribeiro <thiagitosouza at gmail.com>
- - - - -
6 changed files:
- app/controllers/my_profile/profile_editor_controller.rb
- app/models/environment.rb
- app/views/profile_editor/edit.html.erb
- app/views/shared/_list_groups.html.erb
- test/functional/memberships_controller_test.rb
- test/functional/profile_editor_controller_test.rb
Changes:
=====================================
app/controllers/my_profile/profile_editor_controller.rb
=====================================
--- a/app/controllers/my_profile/profile_editor_controller.rb
+++ b/app/controllers/my_profile/profile_editor_controller.rb
@@ -5,6 +5,7 @@ class ProfileEditorController < MyProfileController
before_filter :access_welcome_page, :only => [:welcome_page]
before_filter :back_to
+ before_filter :forbid_destroy_profile, :only => [:destroy_profile]
helper_method :has_welcome_page
def index
@@ -155,4 +156,10 @@ class ProfileEditorController < MyProfileController
end
end
+ def forbid_destroy_profile
+ if environment.enabled?('forbid_destroy_profile') && !current_person.is_admin?(environment)
+ session[:notice] = _('You can not destroy the profile.')
+ redirect_to_previous_location
+ end
+ end
end
=====================================
app/models/environment.rb
=====================================
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -128,6 +128,7 @@ class Environment < ActiveRecord::Base
'disable_select_city_for_contact' => _('Disable state/city select for contact form'),
'disable_contact_person' => _('Disable contact for people'),
'disable_contact_community' => _('Disable contact for groups/communities'),
+ 'forbid_destroy_profile' => _('Forbid users of removing profiles'),
'products_for_enterprises' => _('Enable products for enterprises'),
'enterprise_registration' => _('Enterprise registration'),
=====================================
app/views/profile_editor/edit.html.erb
=====================================
--- a/app/views/profile_editor/edit.html.erb
+++ b/app/views/profile_editor/edit.html.erb
@@ -75,14 +75,23 @@
<% if user && user.has_permission?('destroy_profile', profile) %>
<% button_bar(:id => 'delete-profile') do %>
- <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
- <% if environment.admins.include?(current_person) %>
+ <% if !environment.enabled?('forbid_destroy_profile') || user.is_admin?(environment) %>
+ <%= button(:remove, _('Delete profile'), {:action => :destroy_profile}) %>
+ <% end %>
+ <% if user.is_admin?(environment) %>
<% if profile.visible? %>
- <%= button(:remove, _('Deactivate profile'), {:action => :deactivate_profile, :id=>profile.id}, :id=>'deactivate_profile_button', :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
+ <%= button(:remove, _('Deactivate profile'),
+ {:action => :deactivate_profile, :id=>profile.id},
+ :id=>'deactivate_profile_button',
+ :data => {:confirm=>_("Are you sure you want to deactivate this profile?")})
+ %>
<% else %>
- <%= button(:add, _('Activate profile'), {:action => :activate_profile, :id=>profile.id}, :data => {:confirm=>_("Are you sure you want to deactivate this profile?")}) %>
+ <%= button(:add, _('Activate profile'),
+ {:action => :activate_profile, :id=>profile.id},
+ :data => {:confirm=>_("Are you sure you want to deactivate this profile?")})
+ %>
<% end %>
<% end %>
<% end %>
=====================================
app/views/shared/_list_groups.html.erb
=====================================
--- a/app/views/shared/_list_groups.html.erb
+++ b/app/views/shared/_list_groups.html.erb
@@ -1,28 +1,32 @@
<ul id="groups-list">
-<% for group in groups %>
- <li>
- <div class='common-profile-list-block'>
- <%= profile_image_link(group, :portrait, 'div') %>
- </div>
- <span class='profile-details'>
- <strong><%= group.name %></strong><br/>
- <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %>
- <%= _('Type: %s') % _(group.class.identification) %> <br/>
- <%= _('Description: %s') % group.description + '<br/>' if group.community? %>
- <%= _('Members: %s') % group.members_count.to_s %> <br/>
- <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
- <% button_bar do %>
- <% if user.has_permission?(:edit_profile, group) %>
- <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
- <% end %>
- <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %>
- <% if (group.community? && user.has_permission?(:destroy_profile, group)) %>
- <%= button 'delete', _('Remove'), { :controller => 'profile_editor', :action => 'destroy_profile', :profile => group.identifier } %>
+ <% for group in groups %>
+ <li>
+ <div class='common-profile-list-block'>
+ <%= profile_image_link(group, :portrait, 'div') %>
+ </div>
+ <span class='profile-details'>
+ <strong><%= group.name %></strong><br/>
+ <%= _('Role: %s') % rolename_for(profile, group) + '<br/>' if profile.role_assignments.find_by_resource_id(group.id) %>
+ <%= _('Type: %s') % _(group.class.identification) %> <br/>
+ <%= _('Description: %s') % group.description + '<br/>' if group.community? %>
+ <%= _('Members: %s') % group.members_count.to_s %> <br/>
+ <%= _('Created at: %s') % show_date(group.created_at) unless group.enterprise? %> <br/>
+ <% button_bar do %>
+ <% if user.has_permission?(:edit_profile, group) %>
+ <%= button 'menu-ctrl-panel', _('Control panel of this group'), group.admin_url %>
+ <% end %>
+ <%= button 'menu-logout', _('Leave community'), group.leave_url(true), :class => 'leave-community' %>
+
+ <% if (user.has_permission?(:destroy_profile, group) && !environment.enabled?('forbid_destroy_profile')) || user.is_admin?(environment) %>
+ <%= button 'delete', _('Remove'),
+ { :controller => 'profile_editor',
+ :action => 'destroy_profile',
+ :profile => group.identifier }
+ %>
+ <% end %>
<% end %>
- <% end %>
- </span>
- <br class="may-clear" />
- </li>
-<% end %>
+ </span>
+ <br class="may-clear" />
+ </li>
+ <% end %>
</ul>
-
=====================================
test/functional/memberships_controller_test.rb
=====================================
--- a/test/functional/memberships_controller_test.rb
+++ b/test/functional/memberships_controller_test.rb
@@ -95,7 +95,7 @@ class MembershipsControllerTest < ActionController::TestCase
assert_tag :tag => 'a', :attributes => { :href => "/myprofile/testuser/memberships/new_community" }
end
- should 'display destroy link only to communities' do
+ should 'display destroy link to communities and enterprise' do
community = Community.create!(:name => 'A community to destroy')
enterprise = fast_create(Enterprise, :name => 'A enterprise test')
@@ -106,7 +106,7 @@ class MembershipsControllerTest < ActionController::TestCase
get :index, :profile => 'testuser'
assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
- assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" }
+ assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{enterprise.identifier}/profile_editor/destroy_profile" }
end
should 'not display destroy link to normal members' do
=====================================
test/functional/profile_editor_controller_test.rb
=====================================
--- a/test/functional/profile_editor_controller_test.rb
+++ b/test/functional/profile_editor_controller_test.rb
@@ -824,6 +824,38 @@ class ProfileEditorControllerTest < ActionController::TestCase
assert_template 'destroy_profile'
end
+ should 'not be able to destroy profile if forbid_destroy_profile is enabled' do
+ environment = Environment.default
+ user = create_user('user').person
+ login_as('user')
+ environment.enable('forbid_destroy_profile')
+ assert_no_difference 'Profile.count' do
+ post :destroy_profile, :profile => user.identifier
+ end
+ end
+
+ should 'display destroy_profile button' do
+ environment = Environment.default
+ user = create_user_with_permission('user', 'destroy_profile')
+ login_as('user')
+ community = fast_create(Community)
+ community.add_admin(user)
+ get :edit, :profile => community.identifier
+ assert_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
+ end
+
+ should 'not display destroy_profile button' do
+ environment = Environment.default
+ environment.enable('forbid_destroy_profile')
+ environment.save!
+ user = create_user_with_permission('user', 'destroy_profile')
+ login_as('user')
+ community = fast_create(Community)
+ community.add_admin(user)
+ get :edit, :profile => community.identifier
+ assert_no_tag :tag => 'a', :attributes => { :href => "/myprofile/#{community.identifier}/profile_editor/destroy_profile" }
+ end
+
should 'be able to destroy a person' do
person = fast_create(Person)
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/6573492abf02c36843d8eb23a8e1da2e05777471
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150810/dfa0e7f6/attachment-0001.html>
More information about the Noosfero-dev
mailing list