[noosfero/noosfero][master] 4 commits: Add migration to change default private profile content
Rodrigo Souto
gitlab at gitlab.com
Wed May 13 17:24:59 BRT 2015
Rodrigo Souto pushed to branch master at Noosfero / noosfero
Commits:
9360f04a by Gabriela Navarro at 2015-05-13T16:32:28Z
Add migration to change default private profile content
Signed-off-by: Alvaro Fernando <alvarofernandoms at gmail.com>
Signed-off-by: Arthur Del Esposte <arthurmde at gmail.com>
Signed-off-by: David Carlos <ddavidcarlos1392 at gmail.com>
Signed-off-by: Eduardo Vital <vitaldu at gmail.com>
Signed-off-by: Fabio Teixeira <fabio1079 at gmail.com>
Signed-off-by: Gabriela Navarro <navarro1703 at gmail.com>
Signed-off-by: Luciano Prestes <lucianopcbr at gmail.com>
Signed-off-by: Tallys Martins <tallysmartins at gmail.com>
- - - - -
a710bcc7 by Gabriela Navarro at 2015-05-13T16:33:41Z
Change logic for showing public articles in private communities
Signed-off-by: Alvaro Fernando <alvarofernandoms at gmail.com>
Signed-off-by: Arthur Del Esposte <arthurmde at gmail.com>
Signed-off-by: David Carlos <ddavidcarlos1392 at gmail.com>
Signed-off-by: Eduardo Vital <vitaldu at gmail.com>
Signed-off-by: Fabio Teixeira <fabio1079 at gmail.com>
Signed-off-by: Gabriela Navarro <navarro1703 at gmail.com>
Signed-off-by: Luciano Prestes <lucianopcbr at gmail.com>
Signed-off-by: Tallys Martins <tallysmartins at gmail.com>
- - - - -
617f3a2f by André Bernardes at 2015-05-13T16:33:41Z
Changed migration to use find_each batch update
- - - - -
920a3d73 by Rodrigo Souto at 2015-05-13T17:21:25Z
content_privacy: further optimizations on migration
- - - - -
15 changed files:
- app/controllers/my_profile/cms_controller.rb
- app/controllers/public/content_viewer_controller.rb
- app/controllers/public_controller.rb
- app/models/article.rb
- + db/migrate/20150319114233_change_default_content_privacy.rb
- db/schema.rb
- features/article_versioning.feature
- features/edit_article.feature
- features/secret_community.feature
- test/functional/contact_controller_test.rb
- test/functional/content_viewer_controller_test.rb
- test/functional/events_controller_test.rb
- test/integration/http_caching_test.rb
- test/unit/article_test.rb
- test/unit/folder_helper_test.rb
Changes:
=====================================
app/controllers/my_profile/cms_controller.rb
=====================================
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -143,6 +143,7 @@ class CmsController < MyProfileController
klass = @type.constantize
article_data = environment.enabled?('articles_dont_accept_comments_by_default') ? { :accept_comments => false } : {}
article_data.merge!(params[:article]) if params[:article]
+ article_data.merge!(:profile => profile) if profile
@article = klass.new(article_data)
parent = check_parent(params[:parent_id])
@@ -220,7 +221,7 @@ class CmsController < MyProfileController
if @errors.any?
render :action => 'upload_files', :parent_id => @parent_id
else
- session[:notice] = _('File(s) successfully uploaded')
+ session[:notice] = _('File(s) successfully uploaded')
if @back_to
redirect_to @back_to
elsif @parent
=====================================
app/controllers/public/content_viewer_controller.rb
=====================================
--- a/app/controllers/public/content_viewer_controller.rb
+++ b/app/controllers/public/content_viewer_controller.rb
@@ -13,7 +13,7 @@ class ContentViewerController < ApplicationController
@version = params[:version].to_i
if path.blank?
- @page = profile.home_page
+ @page = profile.home_page
return if redirected_to_profile_index
else
@page = profile.articles.find_by_path(path)
@@ -121,21 +121,23 @@ class ContentViewerController < ApplicationController
helper_method :pass_without_comment_captcha?
def allow_access_to_page(path)
- allowed = true
if @page.nil? # page not found, give error
render_not_found(path)
- allowed = false
- elsif !@page.display_to?(user)
- if !profile.public?
+ return false
+ end
+
+ unless @page.display_to?(user)
+ if !profile.visible? || profile.secret? || (user && user.follows?(profile))
+ render_access_denied
+ else #!profile.public?
private_profile_partial_parameters
render :template => 'profile/_private_profile', :status => 403, :formats => [:html]
- allowed = false
- else #if !profile.visible?
- render_access_denied
- allowed = false
end
+
+ return false
end
- allowed
+
+ return true
end
def user_is_a_bot?
@@ -180,7 +182,7 @@ class ContentViewerController < ApplicationController
if @page.forum? && @page.has_terms_of_use && terms_accepted == "true"
@page.add_agreed_user(user)
end
- end
+ end
def is_a_forum_topic? (page)
return (!@page.parent.nil? && @page.parent.forum?)
=====================================
app/controllers/public_controller.rb
=====================================
--- a/app/controllers/public_controller.rb
+++ b/app/controllers/public_controller.rb
@@ -3,7 +3,7 @@ class PublicController < ApplicationController
def allow_access_to_page
unless profile.display_info_to?(user)
- if profile.visible?
+ if profile.visible? && !profile.secret
private_profile
else
invisible_profile
=====================================
app/models/article.rb
=====================================
--- a/app/models/article.rb
+++ b/app/models/article.rb
@@ -25,6 +25,16 @@ class Article < ActiveRecord::Base
:display => %w[full]
}
+ def initialize(*params)
+ super
+
+ if !params.blank? && params.first.has_key?(:profile)
+ profile = params.first[:profile]
+ self.published = false unless profile.public?
+ end
+
+ end
+
def self.default_search_display
'full'
end
@@ -488,14 +498,14 @@ class Article < ActiveRecord::Base
scope :display_filter, lambda {|user, profile|
return published if (user.nil? && profile && profile.public?)
- return [] if user.nil? || (profile && !profile.public? && !user.follows?(profile))
+ return [] if user.nil? || profile.nil? || (profile && !profile.public? && !user.follows?(profile))
where(
[
- "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ?
- OR (show_to_followers = ? AND ?)", true, user.id, user.id,
+ "published = ? OR last_changed_by_id = ? OR profile_id = ? OR ?
+ OR (show_to_followers = ? AND ? AND profile_id = ?)", true, user.id, user.id,
profile.nil? ? false : user.has_permission?(:view_private_content, profile),
- true, user.follows?(profile)
- ]
+ true, user.follows?(profile), profile.id
+ ]
)
}
@@ -509,7 +519,7 @@ class Article < ActiveRecord::Base
def display_to?(user = nil)
if published?
- profile.display_info_to?(user)
+ (profile.secret? || !profile.visible?) ? profile.display_info_to?(user) : true
else
if !user
false
=====================================
db/migrate/20150319114233_change_default_content_privacy.rb
=====================================
--- /dev/null
+++ b/db/migrate/20150319114233_change_default_content_privacy.rb
@@ -0,0 +1,19 @@
+class ChangeDefaultContentPrivacy < ActiveRecord::Migration
+ def up
+ update_sql('UPDATE articles SET published = (1>2), show_to_followers = (1=1)
+ FROM profiles WHERE articles.profile_id = profiles.id AND
+ NOT profiles.public_profile AND articles.published = (1=1)')
+
+ Block.select('blocks.*').joins("INNER JOIN boxes ON blocks.box_id = boxes.id
+ INNER JOIN profiles ON boxes.owner_id = profiles.id AND boxes.owner_type = 'Profile'").
+ where("NOT profiles.public_profile AND blocks.type != 'MainBlock'").find_each do |block|
+ block.display_user = 'followers'
+ block.save
+ end
+ change_column :articles, :show_to_followers, :boolean, :default => true
+ end
+
+ def down
+ say "this migration can't be reverted"
+ end
+end
=====================================
db/schema.rb
=====================================
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -150,7 +150,7 @@ ActiveRecord::Schema.define(:version => 20150408231524) do
t.integer "spam_comments_count", :default => 0
t.integer "author_id"
t.integer "created_by_id"
- t.boolean "show_to_followers", :default => false
+ t.boolean "show_to_followers", :default => true
end
add_index "articles", ["comments_count"], :name => "index_articles_on_comments_count"
=====================================
features/article_versioning.feature
=====================================
--- a/features/article_versioning.feature
+++ b/features/article_versioning.feature
@@ -80,8 +80,8 @@ Feature: article versioning
Scenario: deny access to specific version when disabled, private and not logged
Given the article "Edited Article" is updated with
- | display_versions | published |
- | false | false |
+ | display_versions | published | show_to_followers |
+ | false | false | false |
And I am not logged in
And I go to /joaosilva/edited-article?version=1
Then I should see "Access denied"
=====================================
features/edit_article.feature
=====================================
--- a/features/edit_article.feature
+++ b/features/edit_article.feature
@@ -41,6 +41,7 @@ Feature: edit article
When I follow "Folder"
And I fill in "Title" with "My Folder"
And I choose "article_published_false"
+ And I uncheck "article_show_to_followers"
And I press "Save"
And I log off
And I go to /freesoftware/my-folder
@@ -87,6 +88,7 @@ Feature: edit article
When I follow "Folder"
And I fill in "Title" with "My Folder"
And I choose "article_published_false"
+ And I uncheck "article_show_to_followers"
Then I should see "Fill in the search field to add the exception users to see this content"
@selenium
=====================================
features/secret_community.feature
=====================================
--- a/features/secret_community.feature
+++ b/features/secret_community.feature
@@ -33,7 +33,7 @@ Feature: Use a secret community
Scenario: Non members shouldn't see secret communit's content
Given I am logged in as "maria"
And I go to mycommunity's homepage
- And I should see "Access denied"
+ And I should see "Oops ... you cannot go ahead here"
And I follow "Communities"
Then I should not see "My Community"
=====================================
test/functional/contact_controller_test.rb
=====================================
--- a/test/functional/contact_controller_test.rb
+++ b/test/functional/contact_controller_test.rb
@@ -131,7 +131,7 @@ class ContactControllerTest < ActionController::TestCase
post :new, :profile => community.identifier
assert_response :forbidden
- assert_template :private_profile
+ assert_template "profile/_private_profile"
end
should 'not show send e-mail page to non members of invisible community' do
=====================================
test/functional/content_viewer_controller_test.rb
=====================================
--- a/test/functional/content_viewer_controller_test.rb
+++ b/test/functional/content_viewer_controller_test.rb
@@ -257,22 +257,22 @@ class ContentViewerControllerTest < ActionController::TestCase
end
should 'not give access to private articles if logged off' do
- profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+ profile = Community.create!(:name => 'test profile', :identifier => 'test_profile')
intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false)
get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
- assert_template 'access_denied'
+ assert_template "profile/_private_profile"
end
should 'not give access to private articles if logged in but not member' do
login_as('testinguser')
- profile = Profile.create!(:name => 'test profile', :identifier => 'test_profile')
+ profile = Community.create!(:name => 'test profile', :identifier => 'test_profile')
intranet = Folder.create!(:name => 'my_intranet', :profile => profile, :published => false)
get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
- assert_template 'access_denied'
+ assert_template "profile/_private_profile"
end
should 'not give access to private articles if logged in and only member' do
@@ -1428,7 +1428,7 @@ class ContentViewerControllerTest < ActionController::TestCase
article = TinyMceArticle.create(:name => 'Article to be shared with images',
:body => 'This article should be shared with all social networks',
- :profile => @profile,
+ :profile => community,
:published => false,
:show_to_followers => true)
article.parent = blog
=====================================
test/functional/events_controller_test.rb
=====================================
--- a/test/functional/events_controller_test.rb
+++ b/test/functional/events_controller_test.rb
@@ -60,7 +60,7 @@ class EventsControllerTest < ActionController::TestCase
post :events, :profile => community.identifier
assert_response :forbidden
- assert_template :private_profile
+ assert_template "profile/_private_profile"
end
should 'not show events page to non members of invisible community' do
=====================================
test/integration/http_caching_test.rb
=====================================
--- a/test/integration/http_caching_test.rb
+++ b/test/integration/http_caching_test.rb
@@ -85,7 +85,7 @@ class HttpCachingTest < ActionController::IntegrationTest
test 'private community content should not return cache headers' do
community = create_private_community('the-community')
- create(Article, profile_id: community.id, name: 'Test page')
+ create(Article, profile_id: community.id, name: 'Test page', published: false)
get "/the-community/test-page"
assert_response 403
@@ -139,4 +139,3 @@ class HttpCachingTest < ActionController::IntegrationTest
end
end
-
=====================================
test/unit/article_test.rb
=====================================
--- a/test/unit/article_test.rb
+++ b/test/unit/article_test.rb
@@ -484,7 +484,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'say that member user can not see private article' do
profile = fast_create(Profile, :name => 'test profile', :identifier => 'test_profile')
- article = fast_create(Article, :name => 'test article', :profile_id => profile.id, :published => false)
+ article = fast_create(Article, :name => 'test article', :profile_id => profile.id, :published => false, :show_to_followers => false)
person = create_user('test_user').person
profile.affiliate(person, Profile::Roles.member(profile.environment.id))
@@ -509,15 +509,15 @@ class ArticleTest < ActiveSupport::TestCase
assert article.display_to?(person)
end
- should 'not show article to non member if article public but profile private' do
+ should 'show article to non member if article public but profile private' do
profile = fast_create(Profile, :name => 'test profile', :identifier => 'test_profile', :public_profile => false)
article = fast_create(Article, :name => 'test article', :profile_id => profile.id, :published => true)
person1 = create_user('test_user1').person
profile.affiliate(person1, Profile::Roles.member(profile.environment.id))
person2 = create_user('test_user2').person
- assert !article.display_to?(nil)
- assert !article.display_to?(person2)
+ assert article.display_to?(nil)
+ assert article.display_to?(person2)
assert article.display_to?(person1)
end
@@ -543,7 +543,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'not allow friends of private person see the article' do
person = create_user('test_user').person
- article = create(Article, :name => 'test article', :profile => person, :published => false)
+ article = create(Article, :name => 'test article', :profile => person, :published => false, :show_to_followers => false)
friend = create_user('test_friend').person
person.add_friend(friend)
person.save!
@@ -1686,7 +1686,7 @@ class ArticleTest < ActiveSupport::TestCase
a.allow_members_to_edit = true
assert !a.allow_edit?(nil)
end
-
+
should 'allow author to edit topic' do
community = fast_create(Community)
admin = fast_create(Person)
@@ -1905,7 +1905,7 @@ class ArticleTest < ActiveSupport::TestCase
end
should 'display_filter display only public articles if there is no user' do
- p = fast_create(Person)
+ p = fast_create(Person)
Article.delete_all
a = fast_create(Article, :published => true, :profile_id => p.id)
fast_create(Article, :published => false, :profile_id => p.id)
@@ -1915,7 +1915,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter display public articles for users' do
user = create_user('someuser').person
- p = fast_create(Person)
+ p = fast_create(Person)
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => true, :profile_id => p.id)
@@ -1926,7 +1926,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter display private article last changed by user' do
user = create_user('someuser').person
- p = fast_create(Person)
+ p = fast_create(Person)
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => false, :last_changed_by_id => user.id, :profile_id => p.id)
@@ -1938,7 +1938,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter display user private article of his own profile' do
user = create_user('someuser').person
user.stubs(:has_permission?).with(:view_private_content, user).returns(false)
- p = fast_create(Person)
+ p = fast_create(Person)
Article.delete_all
a = fast_create(Article, :published => false, :profile_id => user.id)
fast_create(Article, :published => false, :profile_id => p.id)
@@ -1948,7 +1948,7 @@ class ArticleTest < ActiveSupport::TestCase
should 'display_filter show profile private content if the user has view_private_content permission' do
user = create_user('someuser').person
- p = fast_create(Person)
+ p = fast_create(Person)
Article.delete_all
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
a = fast_create(Article, :published => false, :profile_id => p.id)
@@ -1965,8 +1965,8 @@ class ArticleTest < ActiveSupport::TestCase
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
assert_equal [a], Article.display_filter(user, p)
end
@@ -1977,8 +1977,8 @@ class ArticleTest < ActiveSupport::TestCase
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => false, :show_to_followers => true, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
assert_equal [a], Article.display_filter(user, p)
end
@@ -2057,8 +2057,8 @@ class ArticleTest < ActiveSupport::TestCase
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => true, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
assert_equal [a], Article.display_filter(user, p)
end
@@ -2088,7 +2088,7 @@ class ArticleTest < ActiveSupport::TestCase
a1 = fast_create(Article, :published => true, :profile_id => user.id)
a2 = fast_create(Article, :published => true, :profile_id => p.id)
fast_create(Article, :published => false, :profile_id => p.id)
- assert_equivalent [a1,a2], Article.display_filter(user, nil)
+ assert_equivalent [a1,a2], Article.display_filter(nil, user)
end
should 'display_filter show person public content of private person profile for user friends' do
@@ -2099,8 +2099,8 @@ class ArticleTest < ActiveSupport::TestCase
user.stubs(:has_permission?).with(:view_private_content, p).returns(false)
Article.delete_all
a = fast_create(Article, :published => true, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
- fast_create(Article, :published => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
+ fast_create(Article, :published => false, :show_to_followers => false, :profile_id => p.id)
assert_equal [a], Article.display_filter(user, p)
end
@@ -2130,7 +2130,7 @@ class ArticleTest < ActiveSupport::TestCase
a1 = fast_create(Article, :published => true, :profile_id => user.id)
a2 = fast_create(Article, :published => true, :profile_id => p.id)
fast_create(Article, :published => false, :profile_id => p.id)
- assert_equivalent [a1,a2], Article.display_filter(user, nil)
+ assert_equivalent [a1,a2], Article.display_filter(nil, user)
end
end
=====================================
test/unit/folder_helper_test.rb
=====================================
--- a/test/unit/folder_helper_test.rb
+++ b/test/unit/folder_helper_test.rb
@@ -68,7 +68,7 @@ class FolderHelperTest < ActionView::TestCase
profile.public_profile = false
profile.save!
profile2 = create_user('Folder Viwer').person
- folder = fast_create(Folder, :profile_id => profile.id)
+ folder = fast_create(Folder, :profile_id => profile.id, :published => false)
article = fast_create(Article, {:parent_id => folder.id, :profile_id => profile.id})
result = available_articles(folder.children, profile2)
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/6e1949cf56bcd21d97924be81ce51257ee9f9dc3...920a3d7348c02e2bfed57b646101c06ae166b7ff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150513/98babea0/attachment-0001.html>
More information about the Noosfero-dev
mailing list