[Git][noosfero/noosfero][master] 2 commits: public-access-restriction: allow access to posts link on portal
Rodrigo Souto
gitlab at mg.gitlab.com
Tue Feb 27 16:53:37 BRT 2018
Rodrigo Souto pushed to branch master at Noosfero / noosfero
Commits:
c9839682 by Rodrigo Souto at 2018-02-01T17:40:00-03:00
public-access-restriction: allow access to posts link on portal
- - - - -
8ae15036 by Rodrigo Souto at 2018-02-27T19:53:27+00:00
Merge branch 'public-access-on-portal-news' into 'master'
public-access-restriction: allow access to posts link on portal
See merge request noosfero/noosfero!1395
- - - - -
2 changed files:
- plugins/public_access_restriction/lib/public_access_restriction_plugin.rb
- plugins/public_access_restriction/test/unit/public_access_restriction_test.rb
Changes:
=====================================
plugins/public_access_restriction/lib/public_access_restriction_plugin.rb
=====================================
--- a/plugins/public_access_restriction/lib/public_access_restriction_plugin.rb
+++ b/plugins/public_access_restriction/lib/public_access_restriction_plugin.rb
@@ -20,7 +20,8 @@ class PublicAccessRestrictionPlugin < Noosfero::Plugin
(profile && environment.is_portal_community?(profile)) ||
params['controller'] == 'account' ||
params['controller'] == 'home' ||
- params['controller'] == 'public_access_restriction_plugin_public_page'
+ params['controller'] == 'public_access_restriction_plugin_public_page' ||
+ linked_on_portal_news(environment, params, profile)
)
end
@@ -61,4 +62,15 @@ class PublicAccessRestrictionPlugin < Noosfero::Plugin
end
end
+ private
+
+ def linked_on_portal_news(environment, params, profile)
+ return false unless params['controller'] == 'content_viewer' && params['action'] == 'view_page'
+ article = profile.articles.find_by(path: params['page'].join('/'))
+ portal = environment.portal_community
+ portal.articles.
+ where(type: 'LinkArticle').
+ where(reference_article_id: article.id).first.present?
+ end
+
end
=====================================
plugins/public_access_restriction/test/unit/public_access_restriction_test.rb
=====================================
--- a/plugins/public_access_restriction/test/unit/public_access_restriction_test.rb
+++ b/plugins/public_access_restriction/test/unit/public_access_restriction_test.rb
@@ -6,7 +6,7 @@ class PublicAccessRestrictionPluginTest < ActiveSupport::TestCase
@plugin = PublicAccessRestrictionPlugin.new
@context = mock()
@plugin.context = @context
- @env = Environment.new
+ @env = Environment.default
@context.stubs(:environment).returns(@env)
end
@@ -68,4 +68,19 @@ class PublicAccessRestrictionPluginTest < ActiveSupport::TestCase
refute @plugin.should_display_public_page?(profile: nil)
end
+ should 'not block unauthenticated user on portal news from other profiles' do
+ user = nil
+ portal = fast_create(Community)
+ @env.portal_community = portal
+ @env.save!
+
+ community = fast_create(Community)
+ article = fast_create(TextArticle, profile_id: community.id)
+
+ task = ApproveArticle.create!(article: article, name: article.name, target: portal, requestor: fast_create(Person), create_link: true)
+ task.finish
+
+ refute @plugin.should_block?(user, @env, article.url, community)
+ end
+
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/80954522a12fb452bdbeb4fbfca56047d985bec7...8ae1503608d303028003a92cd9f6e609c4e218d8
---
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/80954522a12fb452bdbeb4fbfca56047d985bec7...8ae1503608d303028003a92cd9f6e609c4e218d8
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20180227/a62608b9/attachment-0001.html>
More information about the Noosfero-dev
mailing list