[Git][noosfero/noosfero][master] 2 commits: avoid display private article in comment paragraph block

Thu Feb 21 11:19:03 BRT 2019

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
3d4f829a by Leandro Nunes dos Santos at 2019-02-06T12:31:58Z
avoid display private article in comment paragraph block

- - - - -
94568bd8 by Leandro Nunes at 2019-02-21T14:18:53Z
Merge branch 'avoid-display-private-discussion' into 'master'

avoid display private article in comment paragraph block

See merge request noosfero/noosfero!1672
- - - - -


2 changed files:

- plugins/comment_paragraph/lib/comment_paragraph_plugin/discussion_block.rb
- plugins/comment_paragraph/test/unit/discussion_block_test.rb


Changes:

=====================================
plugins/comment_paragraph/lib/comment_paragraph_plugin/discussion_block.rb
=====================================
@@ -8,7 +8,7 @@ class CommentParagraphPlugin::DiscussionBlock < Block
 
   attr_accessible :presentation_mode, :discussion_status, :use_portal_community, :total_items
 
-  VALID_CONTENT = ['CommentParagraphPlugin::Discussion']
+  DISCUSSION = ['CommentParagraphPlugin::Discussion']
 
   STATUS_NOT_OPENED = 0
   STATUS_AVAILABLE = 1
@@ -22,14 +22,14 @@ class CommentParagraphPlugin::DiscussionBlock < Block
     _("This block displays all profile's article discussion")
   end
 
-  def discussions
+  def discussions(person = nil)
     amount = self.total_items - self.fixed_documents_ids.length
     if(amount <= 0 )
       return [];
     end
     current_time = Time.now
     return [] if holder.blank?
-    discussions = holder.articles.where(type: VALID_CONTENT).order('start_date DESC, end_date ASC, created_at DESC').limit(amount)
+    discussions = holder.articles.accessible_to(person).where(type: DISCUSSION).order('start_date DESC, end_date ASC, created_at DESC').limit(amount)
     case discussion_status
     when STATUS_NOT_OPENED
       discussions = discussions.where("start_date > ?", current_time)
@@ -43,7 +43,7 @@ class CommentParagraphPlugin::DiscussionBlock < Block
   end
 
   def fixed_documents
-    holder.articles.where(type: VALID_CONTENT, id: self.fixed_documents_ids).order('start_date DESC, end_date ASC, created_at DESC')
+    holder.articles.where(type: DISCUSSION, id: self.fixed_documents_ids).order('start_date DESC, end_date ASC, created_at DESC')
   end
 
   def holder
@@ -61,7 +61,7 @@ class CommentParagraphPlugin::DiscussionBlock < Block
 
   def api_content(params = {})
     {
-      articles: Api::Entities::ArticleBase.represent(self.discussions),
+      articles: Api::Entities::ArticleBase.represent(self.discussions(params[:current_person])),
       fixed_documents: Api::Entities::ArticleBase.represent(self.fixed_documents),
       total_items: self.total_items,
       discussion_status: self.discussion_status


=====================================
plugins/comment_paragraph/test/unit/discussion_block_test.rb
=====================================
@@ -4,9 +4,10 @@ class DiscussionBlockTest < ActiveSupport::TestCase
   def setup
     @environment = Environment.default
     @environment.enable_plugin(CommentParagraphPlugin)
+    @user = create_user('testuser').person
   end
 
-  attr_reader :environment
+  attr_reader :environment, :user
 
   should 'describe itself' do
     assert_not_equal Block.description, CommentParagraphPlugin::DiscussionBlock.description
@@ -85,6 +86,19 @@ class DiscussionBlockTest < ActiveSupport::TestCase
     assert_equivalent [a1, a2], b.discussions
   end
 
+  should 'discussions return only article with user permissions' do
+    puts user.inspect
+    # assert false
+    community = fast_create(Community)
+    community.boxes << Box.new
+    b = CommentParagraphPlugin::DiscussionBlock.new
+    b.box = community.boxes.last
+    b.save
+    a1 = fast_create(CommentParagraphPlugin::Discussion, access: Entitlement::Levels.levels[:admin],  :profile_id => community.id)
+    a2 = fast_create(CommentParagraphPlugin::Discussion, :profile_id => community.id)
+    assert_equivalent [a2], b.discussions(user)
+  end
+
   should 'return only not opened discussions if discussion status is not opened odered by end_date' do
     community = fast_create(Community)
     community.boxes << Box.new



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/6be4e59ec9fa6bfb9edeb769ed3f31627a75d170...94568bd8d88ab68c2239364d89bba2c332fcad18

-- 
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/6be4e59ec9fa6bfb9edeb769ed3f31627a75d170...94568bd8d88ab68c2239364d89bba2c332fcad18
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20190221/7daf5664/attachment-0001.html>
