noosfero | 3 new commits pushed to repository
Leandro Nunes
gitlab at gitlab.com
Thu Jan 22 12:51:32 BRST 2015
Leandro Nunes pushed to refs/heads/master at <a href="https://gitlab.com/noosfero/noosfero">Noosfero / noosfero</a>
Commits:
<a href="https://gitlab.com/noosfero/noosfero/commit/83dd0faf85c086defa56b7f2a1bbf5c4dd1f9b59">83dd0faf</a> by Victor Costa
Always allow environment admins to change homepage
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/cd15a410a4673db619f96d52b11ffc293f0a1eba">cd15a410</a> by Victor Costa
Deny access to set_home_page for unauthorized users
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/0dd4a2445565adc24253b53221c06098a1de00ed">0dd4a244</a> by Leandro Nunes
Merge branch 'allow_admin_change_homepage' into 'master'
Always allow admin to change profiles homepage
See merge request !412
- - - - -
Changes:
=====================================
app/controllers/my_profile/cms_controller.rb
=====================================
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -174,6 +174,8 @@ class CmsController < MyProfileController
post_only :set_home_page
def set_home_page
+ return render_access_denied unless user.can_change_homepage?
+
article = params[:id].nil? ? nil : profile.articles.find(params[:id])
profile.update_attribute(:home_page, article)
=====================================
app/models/person.rb
=====================================
--- a/app/models/person.rb
+++ b/app/models/person.rb
@@ -80,6 +80,10 @@ roles] }
belongs_to :user, :dependent => :delete
+ def can_change_homepage?
+ !environment.enabled?('cant_change_homepage') || is_admin?
+ end
+
def can_control_scrap?(scrap)
begin
!self.scraps(scrap).nil?
=====================================
app/views/cms/view.html.erb
=====================================
--- a/app/views/cms/view.html.erb
+++ b/app/views/cms/view.html.erb
@@ -2,7 +2,7 @@
<%= _('Content management') %>
</h1>
-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+<% if user.can_change_homepage? && !remove_content_button(:home) %>
<div class="cms-homepage">
<%= _('Profile homepage:') %>
<% if profile.home_page %>
@@ -69,7 +69,7 @@
<%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
<%= button_without_text :eyes, _('Public view'), article.view_url %>
<%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
- <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+ <% if user.can_change_homepage? && !remove_content_button(:home) %>
<% if profile.home_page != article %>
<%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
<% else %>
=====================================
test/functional/cms_controller_test.rb
=====================================
--- a/test/functional/cms_controller_test.rb
+++ b/test/functional/cms_controller_test.rb
@@ -101,12 +101,26 @@ class CmsControllerTest < ActionController::TestCase
assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
end
+ should 'display the profile homepage if logged user is an environment admin' do
+ env = Environment.default; env.enable('cant_change_homepage'); env.save!
+ env.add_admin(profile)
+ get :index, :profile => profile.identifier
+ assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
+ end
+
should 'not display the profile homepage if cannot change homepage' do
env = Environment.default; env.enable('cant_change_homepage')
get :index, :profile => profile.identifier
assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
end
+ should 'not allow profile homepage changes if cannot change homepage' do
+ env = Environment.default; env.enable('cant_change_homepage')
+ a = profile.articles.create!(:name => 'my new home page')
+ post :set_home_page, :profile => profile.identifier, :id => a.id
+ assert_response 403
+ end
+
should 'be able to set home page' do
a = profile.articles.build(:name => 'my new home page')
a.save!
=====================================
test/unit/person_test.rb
=====================================
--- a/test/unit/person_test.rb
+++ b/test/unit/person_test.rb
@@ -1470,4 +1470,18 @@ class PersonTest < ActiveSupport::TestCase
person.reload
end
end
+
+ should 'allow homepage change if user is an environment admin' do
+ person = create_user('person').person
+ person.environment.expects(:enabled?).with('cant_change_homepage').returns(true)
+ person.expects(:is_admin?).returns(true)
+ assert person.can_change_homepage?
+ end
+
+ should 'allow homepage change if environment feature permit it' do
+ person = create_user('person').person
+ person.environment.expects(:enabled?).with('cant_change_homepage').returns(false)
+ assert person.can_change_homepage?
+ end
+
end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150122/327f4aa1/attachment-0001.html>
More information about the Noosfero-dev
mailing list