noosfero | 6 new commits pushed to repository
Leandro Nunes
gitlab at gitlab.com
Sun Mar 15 20:53:18 BRT 2015
Leandro Nunes pushed to refs/heads/master at <a href="https://gitlab.com/noosfero/noosfero">Noosfero / noosfero</a>
Commits:
<a href="https://gitlab.com/noosfero/noosfero/commit/8e6100cdf6f92de41fcf225a8494730a464f273f">8e6100cd</a> by Leandro Nunes dos Santos
display_filter: adding more tests
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/6efd86fd938628867682de9bc2e59af6cae1085d">6efd86fd</a> by Leandro Nunes dos Santos
not allow show public content of private profiles
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/a2289792784d7652efb8f9c3bdfca85e0aa9ebb4">a2289792</a> by Leandro Nunes dos Santos
not show content of private profile
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/d70939498abb44ac6e94700b8df922c000dcab16">d7093949</a> by Leandro Nunes dos Santos
Merge branch 'display_filter_refactoring'
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/5d5380a79a2e21e05619d03f4bbb6cca4ac957f3">5d5380a7</a> by Leandro Nunes dos Santos
return empty array when nil profile is passed as parameter
- - - - -
<a href="https://gitlab.com/noosfero/noosfero/commit/12a8cc021cd89ef98f03cf9b4eea4c0b92d3cba6">12a8cc02</a> by Leandro Nunes dos Santos
display public content
- - - - -
Changes:
=====================================
app/models/article.rb
=====================================
--- a/app/models/article.rb
+++ b/app/models/article.rb
@@ -487,15 +487,16 @@ class Article < ActiveRecord::Base
scope :more_recent, :order => "created_at DESC"
scope :display_filter, lambda {|user, profile|
- user.nil? ?
- {:conditions => ['articles.published = ?', true]} :
- {:conditions => [" articles.published = ? OR
- articles.last_changed_by_id = ? OR
- articles.profile_id = ? OR
- ? OR articles.show_to_followers = ? AND ? ",
- true, user.id, user.id, user.has_permission?(:view_private_content, profile),
- true, user.follows?(profile)]
- }
+ return published if (user.nil? && profile && profile.public?)
+ return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile))
+ where(
+ [
+ "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ?
+ OR (show_to_followers = ? AND ?)", true, user.id, user.id,
+ profile.nil? ? false : user.has_permission?(:view_private_content, profile),
+ true, user.follows?(profile)
+ ]
+ )
}
=====================================
app/models/person.rb
=====================================
--- a/app/models/person.rb
+++ b/app/models/person.rb
@@ -435,6 +435,7 @@ roles] }
end
def follows?(profile)
+ return false if profile.nil?
profile.followed_by?(self)
end
=====================================
test/unit/article_test.rb
=====================================
--- a/test/unit/article_test.rb
+++ b/test/unit/article_test.rb
@@ -2018,4 +2018,107 @@ class ArticleTest < ActiveSupport::TestCase
assert_equal [a], Article.display_filter(user, p)
end
+ should 'display_filter do not show person private content to non friends passing nil as profile parameter' do
+ user = create_user('someuser').person
+ p = fast_create(Person)
+ assert !p.is_a_friend?(user)
+ assert !user.is_admin?
+ Article.delete_all
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [], Article.display_filter(user, nil)
+ end
+
+ should 'display_filter do not show community private content to non members passing nil as profile parameter' do
+ user = create_user('someuser').person
+ p = fast_create(Community)
+ assert !user.is_member_of?(p)
+ Article.delete_all
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [], Article.display_filter(user, nil)
+ end
+
+ should 'display_filter show community public content of private community for user members' do
+ user = create_user('someuser').person
+ p = fast_create(Community, :public_profile => false)
+ p.add_member(user)
+ assert user.is_member_of?(p)
+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+ Article.delete_all
+ a = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [a], Article.display_filter(user, p)
+ end
+
+ should 'display_filter not show public content of private community for non members' do
+ user = create_user('someuser').person
+ p = fast_create(Community, :public_profile => false)
+ assert !user.is_member_of?(p)
+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+ Article.delete_all
+ a = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [], Article.display_filter(user, p)
+ end
+
+ should 'display_filter not show public content of private community for non members when user is nil' do
+ p = fast_create(Community, :public_profile => false)
+ Article.delete_all
+ a = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [], Article.display_filter(nil, p)
+ end
+
+ should 'display_filter show public content for non members when profile is nil' do
+ user = create_user('someuser').person
+ p = fast_create(Community, :public_profile => true)
+ Article.delete_all
+ a1 = fast_create(Article, :published => true, :profile_id => user.id)
+ a2 = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equivalent [a1,a2], Article.display_filter(user, nil)
+ end
+
+ should 'display_filter show person public content of private person profile for user friends' do
+ user = create_user('someuser').person
+ p = fast_create(Person, :public_profile => false)
+ p.add_friend(user)
+ assert p.is_a_friend?(user)
+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+ Article.delete_all
+ a = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [a], Article.display_filter(user, p)
+ end
+
+ should 'display_filter not show public content of private person for non friends' do
+ user = create_user('someuser').person
+ p = fast_create(Person, :public_profile => false)
+ assert !user.is_a_friend?(p)
+ user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
+ Article.delete_all
+ a = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [], Article.display_filter(user, p)
+ end
+
+ should 'display_filter not show public content of private person for non friends when user is nil' do
+ p = fast_create(Person, :public_profile => false)
+ Article.delete_all
+ a = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equal [], Article.display_filter(nil, p)
+ end
+
+ should 'display_filter show public content for non friends when profile is nil' do
+ user = create_user('someuser').person
+ p = fast_create(Person, :public_profile => true)
+ Article.delete_all
+ a1 = fast_create(Article, :published => true, :profile_id => user.id)
+ a2 = fast_create(Article, :published => true, :profile_id => p.id)
+ fast_create(Article, :published => false, :profile_id => p.id)
+ assert_equivalent [a1,a2], Article.display_filter(user, nil)
+ end
+
end
=====================================
test/unit/person_test.rb
=====================================
--- a/test/unit/person_test.rb
+++ b/test/unit/person_test.rb
@@ -1631,4 +1631,9 @@ class PersonTest < ActiveSupport::TestCase
assert person.can_change_homepage?
end
+ should 'follow? return false when no profile is passed as parameter' do
+ person = Person.new
+ assert_equal false, person.follows?(nil)
+ end
+
end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150315/88d8465c/attachment.html>
More information about the Noosfero-dev
mailing list