noosfero | 2 new commits pushed to repository
Antonio Terceiro
gitlab at gitlab.com
Fri Feb 13 12:06:58 BRST 2015
Antonio Terceiro pushed to refs/heads/master at <a href="https://gitlab.com/noosfero/noosfero">Noosfero / noosfero</a>
Commits:
<a href="https://gitlab.com/noosfero/noosfero/commit/2dbb8586db43409cc630c1ada1efcbfea5b5a7dd">2dbb8586</a> by Tallys Martins
Move privace methods of profile_controller to public_controller
- Create tests for private and invisible communities using the privace methods
- Executing filters for events and contact pages in private profiles
Signed-off-by: Arthur Del Esposte <arthurmde at gmail.com>
Signed-off-by: Gabriela Navarro <navarro1703 at gmail.com>
Signed-off-by: Luciano Prestes <lucianopcbr at gmail.com>
Signed-off-by: Tallys Martins <tallysmartins at yahoo.com.br>
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/42042b7444e1d9a2e832872492a5ba8847b87515">42042b74</a> by Antonio Terceiro
Merge branch 'private_profile_pages' into 'master'
Private profile pages
When the profile is private, some pages are still shown if using the URL. For example, pages like agenda and contact email.
We added a before_filter to make sure that doesn't happen.
See merge request !459
- - - - -
Changes:
=====================================
app/controllers/public/contact_controller.rb
=====================================
--- a/app/controllers/public/contact_controller.rb
+++ b/app/controllers/public/contact_controller.rb
@@ -1,6 +1,7 @@
class ContactController < PublicController
needs_profile
+ before_filter :allow_access_to_page
def new
@contact = build_contact
=====================================
app/controllers/public/events_controller.rb
=====================================
--- a/app/controllers/public/events_controller.rb
+++ b/app/controllers/public/events_controller.rb
@@ -1,6 +1,7 @@
class EventsController < PublicController
needs_profile
+ before_filter :allow_access_to_page
def events
@events = []
=====================================
app/controllers/public/profile_controller.rb
=====================================
--- a/app/controllers/public/profile_controller.rb
+++ b/app/controllers/public/profile_controller.rb
@@ -16,13 +16,7 @@ class ProfileController < PublicController
@activities = @profile.activities.paginate(:per_page => 15, :page => params[:page])
end
@tags = profile.article_tags
- unless profile.display_info_to?(user)
- if profile.visible?
- private_profile
- else
- invisible_profile
- end
- end
+ allow_access_to_page
end
def tags
@@ -396,17 +390,6 @@ class ProfileController < PublicController
end
end
- def private_profile
- private_profile_partial_parameters
- render :action => 'index', :status => 403
- end
-
- def invisible_profile
- unless profile.is_template?
- render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
- end
- end
-
def per_page
Noosfero::Constants::PROFILE_PER_PAGE
end
=====================================
app/controllers/public_controller.rb
=====================================
--- a/app/controllers/public_controller.rb
+++ b/app/controllers/public_controller.rb
@@ -1,2 +1,24 @@
class PublicController < ApplicationController
+ protected
+
+ def allow_access_to_page
+ unless profile.display_info_to?(user)
+ if profile.visible?
+ private_profile
+ else
+ invisible_profile
+ end
+ end
+ end
+
+ def private_profile
+ private_profile_partial_parameters
+ render :template => 'shared/access_denied.html.erb', :status => 403
+ end
+
+ def invisible_profile
+ unless profile.is_template?
+ render_access_denied(_("This profile is inaccessible. You don't have the permission to view the content here."), _("Oops ... you cannot go ahead here"))
+ end
+ end
end
=====================================
test/functional/contact_controller_test.rb
=====================================
--- a/test/functional/contact_controller_test.rb
+++ b/test/functional/contact_controller_test.rb
@@ -125,4 +125,31 @@ class ContactControllerTest < ActionController::TestCase
assert_equal 'Bahia', assigns(:contact).state
end
+ should 'not show send e-mail page to non members of private community' do
+ community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
+
+ post :new, :profile => community.identifier
+
+ assert_response :forbidden
+ assert_template :access_denied
+ end
+
+ should 'not show send e-mail page to non members of invisible community' do
+ community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false)
+
+ post :new, :profile => community.identifier
+
+ assert_response :forbidden
+ assert_template :access_denied
+ end
+
+ should 'show send e-mail page to members of private community' do
+ community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
+ community.add_member(@profile)
+
+ post :new, :profile => community.identifier
+
+ assert_response :success
+ end
+
end
=====================================
test/functional/events_controller_test.rb
=====================================
--- a/test/functional/events_controller_test.rb
+++ b/test/functional/events_controller_test.rb
@@ -54,4 +54,33 @@ class EventsControllerTest < ActionController::TestCase
assert_tag :tag => 'a', :content => /Joao Birthday/
end
+ should 'not show events page to non members of private community' do
+ community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
+
+ post :events, :profile => community.identifier
+
+ assert_response :forbidden
+ assert_template :access_denied
+ end
+
+ should 'not show events page to non members of invisible community' do
+ community = fast_create(Community, :identifier => 'invisible-community', :name => 'Private Community', :visible => false)
+
+ post :events, :profile => community.identifier
+
+ assert_response :forbidden
+ assert_template :access_denied
+ end
+
+ should 'show events page to members of private community' do
+ community = fast_create(Community, :identifier => 'private-community', :name => 'Private Community', :public_profile => false)
+ community.add_member(@profile)
+
+ login_as('testuser')
+
+ post :events, :profile => community.identifier
+
+ assert_response :success
+ end
+
end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150213/79c899bd/attachment.html>
More information about the Noosfero-dev
mailing list