[Git][noosfero/noosfero][api] 2 commits: api: consider admin role when querying visible organizations for person

Larissa Reis gitlab at gitlab.com
Fri Jun 19 01:02:22 BRT 2015 

Larissa Reis pushed to branch api at Noosfero / noosfero


Commits:
ad416827 by Larissa Reis at 2015-06-19T01:01:50Z
api: consider admin role when querying visible organizations for person

- - - - -
6b9d32eb by Larissa Reis at 2015-06-19T01:01:50Z
api: scope to fetch visible products for person

- - - - -


4 changed files:

- app/models/organization.rb
- app/models/product.rb
- test/unit/organization_test.rb
- test/unit/product_test.rb


Changes:

=====================================
app/models/organization.rb
=====================================
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@@ -8,11 +8,28 @@ class Organization < Profile
     :display => %w[compact]
   }
 
+  # An Organization is considered visible to a given person if one of the
+  # following conditions are met:
+  #   1) The user is an environment administrator.
+  #   2) The user is an administrator of the organization.
+  #   3) The user is a member of the organization and the organization is
+  #   visible.
+  #   4) The user is not a member of the organization but the organization is
+  #   visible, public and enabled.
   scope :visible_for_person, lambda { |person|
-    joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
+    joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id"
+          AND "role_assignments"."resource_type" = \'Profile\') OR (
+          "role_assignments"."resource_id" = "profiles"."environment_id" AND
+          "role_assignments"."resource_type" = \'Environment\' )')
+    .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
     .where(
-      ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
-          (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id,  true, true]
+      ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? )
+        OR
+        ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
+            ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND
+          ( profiles.visible = ? ) )',
+      'profile_admin', 'environment_administrator', Profile.name, person.id,
+      Profile.name, person.id,  true, true, true]
     ).uniq
   }
 


=====================================
app/models/product.rb
=====================================
--- a/app/models/product.rb
+++ b/app/models/product.rb
@@ -51,6 +51,25 @@ class Product < ActiveRecord::Base
     {:joins => :product_category, :conditions => ['categories.path LIKE ?', "%#{category.slug}%"]} if category
   }
 
+  scope :visible_for_person, lambda { |person|
+    joins('INNER JOIN "profiles" enterprises ON enterprises."id" = "products"."profile_id"')
+    .joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = enterprises."id"
+          AND "role_assignments"."resource_type" = \'Profile\') OR (
+          "role_assignments"."resource_id" = enterprises."environment_id" AND
+          "role_assignments"."resource_type" = \'Environment\' )')
+    .joins('LEFT JOIN "roles" ON "role_assignments"."role_id" = "roles"."id"')
+    .where(
+      ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = \'Profile\' AND role_assignments.accessor_id = ? )
+        OR
+        ( ( ( role_assignments.accessor_type = \'Profile\' AND
+              role_assignments.accessor_id = ? ) OR
+            ( enterprises.public_profile = ? AND enterprises.enabled = ? ) ) AND
+          ( enterprises.visible = ? ) )',
+      'profile_admin', 'environment_administrator', person.id, person.id,
+      true, true, true]
+    ).uniq
+  }
+
   after_update :save_image
 
   def lat


=====================================
test/unit/organization_test.rb
=====================================
--- a/test/unit/organization_test.rb
+++ b/test/unit/organization_test.rb
@@ -479,23 +479,57 @@ class OrganizationTest < ActiveSupport::TestCase
 
   should 'fetch organizations there are visible for a user' do
     person = create_user('some-person').person
+    admin = create_user('some-admin').person
+    env_admin = create_user('env-admin').person
+
     o1 = fast_create(Organization, :public_profile => true , :visible => true )
+    o1.add_admin(admin)
     o1.add_member(person)
+
     o2 = fast_create(Organization, :public_profile => true , :visible => true )
     o3 = fast_create(Organization, :public_profile => false, :visible => true )
+
     o4 = fast_create(Organization, :public_profile => false, :visible => true)
+    o4.add_admin(admin)
     o4.add_member(person)
+
     o5 = fast_create(Organization, :public_profile => true , :visible => false)
-    o6 = fast_create(Organization, :public_profile => false, :visible => false)
+    o5.add_admin(admin)
+    o5.add_member(person)
+
+    o6 = fast_create(Enterprise, :enabled => false, :visible => true)
+    o6.add_admin(admin)
+
+    o7 = fast_create(Organization, :public_profile => false, :visible => false)
+
+    Environment.default.add_admin(env_admin)
+
+    person_orgs    = Organization.visible_for_person(person)
+    admin_orgs     = Organization.visible_for_person(admin)
+    env_admin_orgs = Organization.visible_for_person(env_admin)
+
+    assert_includes     person_orgs,    o1
+    assert_includes     admin_orgs,     o1
+    assert_includes     env_admin_orgs, o1
+
+    assert_includes     person_orgs,    o2
+    assert_includes     env_admin_orgs, o2
+    assert_not_includes person_orgs,    o3
+    assert_includes     env_admin_orgs, o3
+
+    assert_includes     person_orgs,    o4
+    assert_includes     admin_orgs,     o4
+    assert_includes     env_admin_orgs, o4
+
+    assert_not_includes person_orgs,    o5
+    assert_includes     admin_orgs,     o5
+    assert_includes     env_admin_orgs, o5
 
-    organizations = Organization.visible_for_person(person)
+    assert_not_includes person_orgs,    o6
+    assert_includes     admin_orgs,     o6
 
-    assert_includes     organizations, o1
-    assert_includes     organizations, o2
-    assert_not_includes organizations, o3
-    assert_includes     organizations, o4
-    assert_not_includes organizations, o5
-    assert_not_includes organizations, o6
+    assert_not_includes person_orgs,    o7
+    assert_includes     env_admin_orgs, o7
   end
 
 end


=====================================
test/unit/product_test.rb
=====================================
--- a/test/unit/product_test.rb
+++ b/test/unit/product_test.rb
@@ -577,4 +577,68 @@ class ProductTest < ActiveSupport::TestCase
     assert_includes products, p3
   end
 
+  should 'fetch products from organizations that are visible for a user' do
+    person = create_user('some-person').person
+    admin = create_user('some-admin').person
+    env_admin = create_user('env-admin').person
+    env = Environment.default
+
+    e1 = fast_create(Enterprise, :public_profile => true , :visible => true)
+    p1 = fast_create(Product, :profile_id => e1.id)
+    e1.affiliate(admin, Profile::Roles.admin(env.id))
+    e1.affiliate(person, Profile::Roles.member(env.id))
+
+    e2 = fast_create(Enterprise, :public_profile => true , :visible => true)
+    p2 = fast_create(Product, :profile_id => e2.id)
+    e3 = fast_create(Enterprise, :public_profile => false, :visible => true)
+    p3 = fast_create(Product, :profile_id => e3.id)
+
+    e4 = fast_create(Enterprise, :public_profile => false, :visible => true)
+    p4 = fast_create(Product, :profile_id => e4.id)
+    e4.affiliate(admin, Profile::Roles.admin(env.id))
+    e4.affiliate(person, Profile::Roles.member(env.id))
+
+    e5 = fast_create(Enterprise, :public_profile => true, :visible => false)
+    p5 = fast_create(Product, :profile_id => e5.id)
+    e5.affiliate(admin, Profile::Roles.admin(env.id))
+    e5.affiliate(person, Profile::Roles.member(env.id))
+
+    e6 = fast_create(Enterprise, :enabled => false, :visible => true)
+    p6 = fast_create(Product, :profile_id => e6.id)
+    e6.affiliate(admin, Profile::Roles.admin(env.id))
+
+    e7 = fast_create(Enterprise, :public_profile => false, :visible => false)
+    p7 = fast_create(Product, :profile_id => e7.id)
+
+    Environment.default.add_admin(env_admin)
+
+    products_person    = Product.visible_for_person(person)
+    products_admin     = Product.visible_for_person(admin)
+    products_env_admin = Product.visible_for_person(env_admin)
+
+    assert_includes     products_person,    p1
+    assert_includes     products_admin,     p1
+    assert_includes     products_env_admin, p1
+
+    assert_includes     products_person,    p2
+    assert_includes     products_env_admin, p2
+    assert_not_includes products_person,    p3
+    assert_includes     products_env_admin, p3
+
+    assert_includes     products_person,    p4
+    assert_includes     products_admin,     p4
+    assert_includes     products_env_admin, p4
+
+    assert_not_includes products_person,    p5
+    assert_includes     products_admin,     p5
+    assert_includes     products_env_admin, p5
+
+    assert_not_includes products_person,    p6
+    assert_includes     products_admin,     p6
+    assert_includes     products_env_admin, p6
+
+    assert_not_includes products_person,    p7
+    assert_includes     products_env_admin, p7
+  end
+
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/d3d8d79a5a357e959ec27a1e5e1cb55cc19099bb...6b9d32ebb18b6cf482b1bd7cf42e2c0e25168d7e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150619/2d1074b5/attachment-0001.html>

More information about the Noosfero-dev mailing list