noosfero | 3 new commits pushed to repository

Leandro Nunes gitlab at gitlab.com
Thu Jan 22 12:51:32 BRST 2015 

Leandro Nunes pushed to refs/heads/master at <a href="https://gitlab.com/noosfero/noosfero">Noosfero / noosfero</a>

Commits:
<a href="https://gitlab.com/noosfero/noosfero/commit/83dd0faf85c086defa56b7f2a1bbf5c4dd1f9b59">83dd0faf</a> by Victor Costa
Always allow environment admins to change homepage

- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/cd15a410a4673db619f96d52b11ffc293f0a1eba">cd15a410</a> by Victor Costa
Deny access to set_home_page for unauthorized users

- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/0dd4a2445565adc24253b53221c06098a1de00ed">0dd4a244</a> by Leandro Nunes
Merge branch 'allow_admin_change_homepage' into 'master'

Always allow admin to change profiles homepage

See merge request !412

- - - - -


Changes:

=====================================
app/controllers/my_profile/cms_controller.rb
=====================================
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -174,6 +174,8 @@ class CmsController < MyProfileController
 
   post_only :set_home_page
   def set_home_page
+    return render_access_denied unless user.can_change_homepage?
+
     article = params[:id].nil? ? nil : profile.articles.find(params[:id])
     profile.update_attribute(:home_page, article)
 

=====================================
app/models/person.rb
=====================================
--- a/app/models/person.rb
+++ b/app/models/person.rb
@@ -80,6 +80,10 @@ roles] }
 
   belongs_to :user, :dependent => :delete
 
+  def can_change_homepage?
+    !environment.enabled?('cant_change_homepage') || is_admin?
+  end
+
   def can_control_scrap?(scrap)
     begin
       !self.scraps(scrap).nil?

=====================================
app/views/cms/view.html.erb
=====================================
--- a/app/views/cms/view.html.erb
+++ b/app/views/cms/view.html.erb
@@ -2,7 +2,7 @@
   <%= _('Content management') %>
 </h1>
 
-<% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+<% if user.can_change_homepage? && !remove_content_button(:home) %>
   <div class="cms-homepage">
     <%= _('Profile homepage:') %>
     <% if profile.home_page %>
@@ -69,7 +69,7 @@
         <%= expirable_button article, :edit, _('Edit'), {:action => 'edit', :id => article.id} if !remove_content_button(:edit) %>
         <%= button_without_text :eyes, _('Public view'), article.view_url %>
         <%= display_spread_button(profile, article) unless article.folder? || remove_content_button(:spread)%>
-        <% if !environment.enabled?('cant_change_homepage') && !remove_content_button(:home) %>
+        <% if user.can_change_homepage? && !remove_content_button(:home) %>
           <% if profile.home_page != article %>
             <%= expirable_button article, :home, _('Use as homepage'), { :action => 'set_home_page', :id => article.id }, :method => :post %>
           <% else %>

=====================================
test/functional/cms_controller_test.rb
=====================================
--- a/test/functional/cms_controller_test.rb
+++ b/test/functional/cms_controller_test.rb
@@ -101,12 +101,26 @@ class CmsControllerTest < ActionController::TestCase
     assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
 
+  should 'display the profile homepage if logged user is an environment admin' do
+    env = Environment.default; env.enable('cant_change_homepage'); env.save!
+    env.add_admin(profile)
+    get :index, :profile => profile.identifier
+    assert_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
+  end
+
   should 'not display the profile homepage if cannot change homepage' do
     env = Environment.default; env.enable('cant_change_homepage')
     get :index, :profile => profile.identifier
     assert_no_tag :tag => 'div', :content => /Profile homepage/, :attributes => { :class => "cms-homepage"}
   end
 
+  should 'not allow profile homepage changes if cannot change homepage' do
+    env = Environment.default; env.enable('cant_change_homepage')
+    a = profile.articles.create!(:name => 'my new home page')
+    post :set_home_page, :profile => profile.identifier, :id => a.id
+    assert_response 403
+  end
+
   should 'be able to set home page' do
     a = profile.articles.build(:name => 'my new home page')
     a.save!

=====================================
test/unit/person_test.rb
=====================================
--- a/test/unit/person_test.rb
+++ b/test/unit/person_test.rb
@@ -1470,4 +1470,18 @@ class PersonTest < ActiveSupport::TestCase
       person.reload
     end
   end
+
+  should 'allow homepage change if user is an environment admin' do
+    person = create_user('person').person
+    person.environment.expects(:enabled?).with('cant_change_homepage').returns(true)
+    person.expects(:is_admin?).returns(true)
+    assert person.can_change_homepage?
+  end
+
+  should 'allow homepage change if environment feature permit it' do
+    person = create_user('person').person
+    person.environment.expects(:enabled?).with('cant_change_homepage').returns(false)
+    assert person.can_change_homepage?
+  end
+
 end

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150122/327f4aa1/attachment-0001.html>

More information about the Noosfero-dev mailing list