cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/2226'

Browse source
This commit is contained in:
Tom Hughes 2019-06-18 21:10:07 +01:00
commit 31edc7dff6
5 changed files with 33 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/abilities/ability.rb
View file

@ -44,6 +44,7 @@ class Ability
can [:account, :go_public, :make_friend, :remove_friend], User can [:account, :go_public, :make_friend, :remove_friend], User
if user.moderator? if user.moderator?
can [:hide, :hidecomment], DiaryEntry
can [:index, :show, :resolve, :ignore, :reopen], Issue can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment can :create, IssueComment
can [:new, :create, :edit, :update, :destroy], Redaction can [:new, :create, :edit, :update, :destroy], Redaction
@ -51,7 +52,7 @@ class Ability
end end
if user.administrator? if user.administrator?
can [:hide, :unhide, :hidecomment, :unhidecomment], [DiaryEntry, DiaryComment] can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry
can [:index, :show, :resolve, :ignore, :reopen], Issue can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment can :create, IssueComment
can [:set_status, :delete, :index], User can [:set_status, :delete, :index], User

2
app/views/diary_entries/_diary_comment.html.erb
View file

@ -7,7 +7,7 @@
</p> </p>
<div class="richtext"><%= diary_comment.body.to_html %></div> <div class="richtext"><%= diary_comment.body.to_html %></div>
<% if current_user && current_user.administrator? %> <% if can? :hidecomment, DiaryEntry %>
<span> <span>
<% if diary_comment.visible? %> <% if diary_comment.visible? %>
<%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %> <%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %>

2
app/views/diary_entries/_diary_entry.html.erb
View file

@ -37,7 +37,7 @@
</li> </li>
<% end %> <% end %>
<% if current_user && current_user.administrator? %> <% if can? :hide, DiaryEntry %>
<li> <li>
<% if diary_entry.visible %> <% if diary_entry.visible %>
<%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %> <%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>

10
test/abilities/abilities_test.rb
View file

@ -23,7 +23,6 @@ class GuestAbilityTest < AbilityTest
[:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action| [:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries" assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryEntries"
end end
end end
@ -54,7 +53,6 @@ class UserAbilityTest < AbilityTest
[:hide, :hidecomment].each do |action| [:hide, :hidecomment].each do |action|
assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries" assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryEntries"
end end
[:index, :show, :resolve, :ignore, :reopen].each do |action| [:index, :show, :resolve, :ignore, :reopen].each do |action|
@ -78,6 +76,10 @@ class ModeratorAbilityTest < AbilityTest
[:grant, :revoke].each do |action| [:grant, :revoke].each do |action|
assert ability.cannot?(action, UserRole), "should not be able to #{action} UserRoles" assert ability.cannot?(action, UserRole), "should not be able to #{action} UserRoles"
end end
[:hide, :hidecomment].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
end end
end end
@ -87,10 +89,6 @@ class AdministratorAbilityTest < AbilityTest
[:index, :rss, :show, :comments, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action| [:index, :rss, :show, :comments, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries" assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end end
[:hide, :hidecomment].each do |action|
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
end
end end
test "User Roles permissions for an administrator" do test "User Roles permissions for an administrator" do

28
test/controllers/diary_entries_controller_test.rb
View file

@ -733,9 +733,9 @@ class DiaryEntriesControllerTest < ActionController::TestCase
def test_hide def test_hide
user = create(:user) user = create(:user)
diary_entry = create(:diary_entry, :user => user)
# Try without logging in # Try without logging in
diary_entry = create(:diary_entry, :user => user)
post :hide, post :hide,
:params => { :display_name => user.display_name, :id => diary_entry.id } :params => { :display_name => user.display_name, :id => diary_entry.id }
assert_response :forbidden assert_response :forbidden
@ -749,6 +749,17 @@ class DiaryEntriesControllerTest < ActionController::TestCase
assert_redirected_to :controller => :errors, :action => :forbidden assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal true, DiaryEntry.find(diary_entry.id).visible assert_equal true, DiaryEntry.find(diary_entry.id).visible
# Now try as a moderator
post :hide,
:params => { :display_name => user.display_name, :id => diary_entry.id },
:session => { :user => create(:moderator_user) }
assert_response :redirect
assert_redirected_to :action => :index, :display_name => user.display_name
assert_equal false, DiaryEntry.find(diary_entry.id).visible
# Reset
diary_entry.reload.update(:visible => true)
# Finally try as an administrator # Finally try as an administrator
post :hide, post :hide,
:params => { :display_name => user.display_name, :id => diary_entry.id }, :params => { :display_name => user.display_name, :id => diary_entry.id },
@ -787,9 +798,9 @@ class DiaryEntriesControllerTest < ActionController::TestCase
def test_hidecomment def test_hidecomment
user = create(:user) user = create(:user)
administrator_user = create(:administrator_user)
diary_entry = create(:diary_entry, :user => user) diary_entry = create(:diary_entry, :user => user)
diary_comment = create(:diary_comment, :diary_entry => diary_entry) diary_comment = create(:diary_comment, :diary_entry => diary_entry)
# Try without logging in # Try without logging in
post :hidecomment, post :hidecomment,
:params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id } :params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }
@ -804,10 +815,21 @@ class DiaryEntriesControllerTest < ActionController::TestCase
assert_redirected_to :controller => :errors, :action => :forbidden assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal true, DiaryComment.find(diary_comment.id).visible assert_equal true, DiaryComment.find(diary_comment.id).visible
# Try as a moderator
post :hidecomment,
:params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id },
:session => { :user => create(:moderator_user) }
assert_response :redirect
assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
assert_equal false, DiaryComment.find(diary_comment.id).visible
# Reset
diary_comment.reload.update(:visible => true)
# Finally try as an administrator # Finally try as an administrator
post :hidecomment, post :hidecomment,
:params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }, :params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id },
:session => { :user => administrator_user } :session => { :user => create(:administrator_user) }
assert_response :redirect assert_response :redirect
assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
assert_equal false, DiaryComment.find(diary_comment.id).visible assert_equal false, DiaryComment.find(diary_comment.id).visible