[Git][noosfero/noosfero][api] 2 commits: api: consider admin role when querying visible organizations for person
Larissa Reis
gitlab at gitlab.com
Fri Jun 19 01:02:22 BRT 2015
Larissa Reis pushed to branch api at Noosfero / noosfero
Commits:
ad416827 by Larissa Reis at 2015-06-19T01:01:50Z
api: consider admin role when querying visible organizations for person
- - - - -
6b9d32eb by Larissa Reis at 2015-06-19T01:01:50Z
api: scope to fetch visible products for person
- - - - -
4 changed files:
- app/models/organization.rb
- app/models/product.rb
- test/unit/organization_test.rb
- test/unit/product_test.rb
Changes:
=====================================
app/models/organization.rb
=====================================
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@@ -8,11 +8,28 @@ class Organization < Profile
:display => %w[compact]
}
+ # An Organization is considered visible to a given person if one of the
+ # following conditions are met:
+ # 1) The user is an environment administrator.
+ # 2) The user is an administrator of the organization.
+ # 3) The user is a member of the organization and the organization is
+ # visible.
+ # 4) The user is not a member of the organization but the organization is
+ # visible, public and enabled.
scope :visible_for_person, lambda { |person|
- joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
+ joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id"
+ AND "role_assignments"."resource_type" = \'Profile\') OR (
+ "role_assignments"."resource_id" = "profiles"."environment_id" AND
+ "role_assignments"."resource_type" = \'Environment\' )')
+ .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
.where(
- ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
- (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true]
+ ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? )
+ OR
+ ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
+ ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND
+ ( profiles.visible = ? ) )',
+ 'profile_admin', 'environment_administrator', Profile.name, person.id,
+ Profile.name, person.id, true, true, true]
).uniq
}
=====================================
app/models/product.rb
=====================================
--- a/app/models/product.rb
+++ b/app/models/product.rb
@@ -51,6 +51,25 @@ class Product < ActiveRecord::Base
{:joins => :product_category, :conditions => ['categories.path LIKE ?', "%#{category.slug}%"]} if category
}
+ scope :visible_for_person, lambda { |person|
+ joins('INNER JOIN "profiles" enterprises ON enterprises."id" = "products"."profile_id"')
+ .joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = enterprises."id"
+ AND "role_assignments"."resource_type" = \'Profile\') OR (
+ "role_assignments"."resource_id" = enterprises."environment_id" AND
+ "role_assignments"."resource_type" = \'Environment\' )')
+ .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
+ .where(
+ ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = \'Profile\' AND role_assignments.accessor_id = ? )
+ OR
+ ( ( ( role_assignments.accessor_type = \'Profile\' AND
+ role_assignments.accessor_id = ? ) OR
+ ( enterprises.public_profile = ? AND enterprises.enabled = ? ) ) AND
+ ( enterprises.visible = ? ) )',
+ 'profile_admin', 'environment_administrator', person.id, person.id,
+ true, true, true]
+ ).uniq
+ }
+
after_update :save_image
def lat
=====================================
test/unit/organization_test.rb
=====================================
--- a/test/unit/organization_test.rb
+++ b/test/unit/organization_test.rb
@@ -479,23 +479,57 @@ class OrganizationTest < ActiveSupport::TestCase
should 'fetch organizations there are visible for a user' do
person = create_user('some-person').person
+ admin = create_user('some-admin').person
+ env_admin = create_user('env-admin').person
+
o1 = fast_create(Organization, :public_profile => true , :visible => true )
+ o1.add_admin(admin)
o1.add_member(person)
+
o2 = fast_create(Organization, :public_profile => true , :visible => true )
o3 = fast_create(Organization, :public_profile => false, :visible => true )
+
o4 = fast_create(Organization, :public_profile => false, :visible => true)
+ o4.add_admin(admin)
o4.add_member(person)
+
o5 = fast_create(Organization, :public_profile => true , :visible => false)
- o6 = fast_create(Organization, :public_profile => false, :visible => false)
+ o5.add_admin(admin)
+ o5.add_member(person)
+
+ o6 = fast_create(Enterprise, :enabled => false, :visible => true)
+ o6.add_admin(admin)
+
+ o7 = fast_create(Organization, :public_profile => false, :visible => false)
+
+ Environment.default.add_admin(env_admin)
+
+ person_orgs = Organization.visible_for_person(person)
+ admin_orgs = Organization.visible_for_person(admin)
+ env_admin_orgs = Organization.visible_for_person(env_admin)
+
+ assert_includes person_orgs, o1
+ assert_includes admin_orgs, o1
+ assert_includes env_admin_orgs, o1
+
+ assert_includes person_orgs, o2
+ assert_includes env_admin_orgs, o2
+ assert_not_includes person_orgs, o3
+ assert_includes env_admin_orgs, o3
+
+ assert_includes person_orgs, o4
+ assert_includes admin_orgs, o4
+ assert_includes env_admin_orgs, o4
+
+ assert_not_includes person_orgs, o5
+ assert_includes admin_orgs, o5
+ assert_includes env_admin_orgs, o5
- organizations = Organization.visible_for_person(person)
+ assert_not_includes person_orgs, o6
+ assert_includes admin_orgs, o6
- assert_includes organizations, o1
- assert_includes organizations, o2
- assert_not_includes organizations, o3
- assert_includes organizations, o4
- assert_not_includes organizations, o5
- assert_not_includes organizations, o6
+ assert_not_includes person_orgs, o7
+ assert_includes env_admin_orgs, o7
end
end
=====================================
test/unit/product_test.rb
=====================================
--- a/test/unit/product_test.rb
+++ b/test/unit/product_test.rb
@@ -577,4 +577,68 @@ class ProductTest < ActiveSupport::TestCase
assert_includes products, p3
end
+ should 'fetch products from organizations that are visible for a user' do
+ person = create_user('some-person').person
+ admin = create_user('some-admin').person
+ env_admin = create_user('env-admin').person
+ env = Environment.default
+
+ e1 = fast_create(Enterprise, :public_profile => true , :visible => true)
+ p1 = fast_create(Product, :profile_id => e1.id)
+ e1.affiliate(admin, Profile::Roles.admin(env.id))
+ e1.affiliate(person, Profile::Roles.member(env.id))
+
+ e2 = fast_create(Enterprise, :public_profile => true , :visible => true)
+ p2 = fast_create(Product, :profile_id => e2.id)
+ e3 = fast_create(Enterprise, :public_profile => false, :visible => true)
+ p3 = fast_create(Product, :profile_id => e3.id)
+
+ e4 = fast_create(Enterprise, :public_profile => false, :visible => true)
+ p4 = fast_create(Product, :profile_id => e4.id)
+ e4.affiliate(admin, Profile::Roles.admin(env.id))
+ e4.affiliate(person, Profile::Roles.member(env.id))
+
+ e5 = fast_create(Enterprise, :public_profile => true, :visible => false)
+ p5 = fast_create(Product, :profile_id => e5.id)
+ e5.affiliate(admin, Profile::Roles.admin(env.id))
+ e5.affiliate(person, Profile::Roles.member(env.id))
+
+ e6 = fast_create(Enterprise, :enabled => false, :visible => true)
+ p6 = fast_create(Product, :profile_id => e6.id)
+ e6.affiliate(admin, Profile::Roles.admin(env.id))
+
+ e7 = fast_create(Enterprise, :public_profile => false, :visible => false)
+ p7 = fast_create(Product, :profile_id => e7.id)
+
+ Environment.default.add_admin(env_admin)
+
+ products_person = Product.visible_for_person(person)
+ products_admin = Product.visible_for_person(admin)
+ products_env_admin = Product.visible_for_person(env_admin)
+
+ assert_includes products_person, p1
+ assert_includes products_admin, p1
+ assert_includes products_env_admin, p1
+
+ assert_includes products_person, p2
+ assert_includes products_env_admin, p2
+ assert_not_includes products_person, p3
+ assert_includes products_env_admin, p3
+
+ assert_includes products_person, p4
+ assert_includes products_admin, p4
+ assert_includes products_env_admin, p4
+
+ assert_not_includes products_person, p5
+ assert_includes products_admin, p5
+ assert_includes products_env_admin, p5
+
+ assert_not_includes products_person, p6
+ assert_includes products_admin, p6
+ assert_includes products_env_admin, p6
+
+ assert_not_includes products_person, p7
+ assert_includes products_env_admin, p7
+ end
+
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/d3d8d79a5a357e959ec27a1e5e1cb55cc19099bb...6b9d32ebb18b6cf482b1bd7cf42e2c0e25168d7e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150619/2d1074b5/attachment-0001.html>
More information about the Noosfero-dev
mailing list