RubyGems - we5-browsercms - Versions diffs - 3.0.2 → 3.0.5 - Mend

we5-browsercms 3.0.2 → 3.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

data/README.markdown +1 -0
data/app/controllers/cms/content_block_controller.rb +25 -2
data/app/controllers/cms/content_controller.rb +31 -2
data/app/controllers/cms/dashboard_controller.rb +2 -1
data/app/controllers/cms/error_handling.rb +9 -2
data/app/controllers/cms/links_controller.rb +2 -0
data/app/controllers/cms/pages_controller.rb +22 -18
data/app/controllers/cms/section_nodes_controller.rb +1 -1
data/app/controllers/cms/sections_controller.rb +12 -7
data/app/controllers/cms/sessions_controller.rb +17 -10
data/app/controllers/cms/users_controller.rb +8 -6
data/app/helpers/cms/application_helper.rb +2 -6
data/app/helpers/cms/menu_helper.rb +118 -146
data/app/helpers/cms/page_helper.rb +2 -2
data/app/models/attachment.rb +2 -2
data/app/models/forgot_password_mailer.rb +12 -0
data/app/models/group.rb +13 -2
data/app/models/guest_user.rb +9 -3
data/app/models/link.rb +2 -2
data/app/models/page.rb +1 -1
data/app/models/section.rb +7 -2
data/app/models/user.rb +35 -17
data/app/portlets/forgot_password_portlet.rb +27 -0
data/app/portlets/reset_password_portlet.rb +28 -0
data/app/views/cms/blocks/_toolbar_for_member.html.erb +3 -3
data/app/views/cms/blocks/index.html.erb +11 -6
data/app/views/cms/content/show.html.erb +3 -3
data/app/views/cms/forgot_password_mailer/reset_password.text.html.erb +3 -0
data/app/views/cms/forgot_password_mailer/reset_password.text.plain.erb +3 -0
data/app/views/cms/menus/_menu.html.erb +9 -0
data/app/views/cms/menus/_menu_item.html.erb +11 -0
data/app/views/cms/pages/_edit_connector.html.erb +1 -1
data/app/views/cms/pages/_edit_container.html.erb +1 -1
data/app/views/cms/section_nodes/_node.html.erb +1 -1
data/app/views/cms/sections/_form.html.erb +36 -34
data/app/views/cms/shared/access_denied.html.erb +3 -0
data/app/views/cms/users/change_password.html.erb +8 -6
data/app/views/cms/users/index.html.erb +1 -1
data/app/views/cms/users/show.html.erb +50 -0
data/app/views/layouts/_cms_toolbar.html.erb +1 -1
data/app/views/layouts/_page_toolbar.html.erb +7 -7
data/app/views/layouts/cms/administration.html.erb +24 -7
data/app/views/portlets/forgot_password/_form.html.erb +5 -0
data/app/views/portlets/forgot_password/render.html.erb +14 -0
data/app/views/portlets/reset_password/_form.html.erb +3 -0
data/app/views/portlets/reset_password/render.html.erb +24 -0
data/{we5-browsercms.gemspec → browsercms.gemspec} +72 -54
data/db/migrate/20091109175123_browsercms_3_0_5.rb +9 -0
data/lib/acts_as_list.rb +8 -4
data/lib/cms/acts/content_block.rb +1 -1
data/lib/cms/authentication/controller.rb +26 -7
data/lib/cms/behaviors/attaching.rb +3 -3
data/lib/cms/behaviors/publishing.rb +12 -1
data/lib/cms/behaviors/rendering.rb +17 -4
data/lib/cms/behaviors/versioning.rb +2 -2
data/lib/cms/routes.rb +4 -0
data/lib/tasks/cms.rake +0 -18
data/public/javascripts/cms/content_library.js +36 -0
data/public/javascripts/cms/sitemap.js +21 -9
data/public/stylesheets/cms/form_layout.css +16 -2
data/public/stylesheets/cms/nav.css +4 -3
data/test/functional/cms/content_block_controller_test.rb +120 -0
data/test/functional/cms/content_controller_test.rb +135 -80
data/test/functional/cms/links_controller_test.rb +89 -1
data/test/functional/cms/pages_controller_test.rb +138 -0
data/test/functional/cms/section_nodes_controller_test.rb +45 -5
data/test/functional/cms/sections_controller_test.rb +148 -1
data/test/functional/cms/sessions_controller_test.rb +26 -2
data/test/functional/cms/users_controller_test.rb +49 -2
data/test/integration/cms/password_management_test.rb +57 -0
data/test/test_helper.rb +3 -1
data/test/unit/behaviors/attaching_test.rb +26 -0
data/test/unit/helpers/menu_helper_test.rb +118 -278
data/test/unit/models/group_test.rb +6 -0
data/test/unit/models/user_test.rb +127 -29
metadata +20 -3

data/test/functional/cms/content_controller_test.rb CHANGED Viewed

@@ -2,26 +2,26 @@ require File.join(File.dirname(__FILE__), '/../../test_helper')
 class Cms::ContentControllerTest < ActionController::TestCase
   include Cms::ControllerTestHelper
   def test_show_home_page
     get :show
     assert_response :success
     assert_select "title", "Home"
   end
   def test_show_another_page
     @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
     get :show, :path => ["about"]
     assert_select "title", "Test About"
   end
   def test_page_not_found_to_guest
     get :show, :path => ["foo"]
     assert_response :not_found
     assert_select "title", "Not Found"
     assert_select "h1", "Page Not Found"
   end
   def test_page_not_found_to_cms_admin
     login_as_cms_admin
     get :show, :path => ["foo"]
@@ -29,25 +29,25 @@ class Cms::ContentControllerTest < ActionController::TestCase
     assert_select "title", "Page Not Found"
     assert_select "h2", "There is no page at /foo"
   end
   def test_show_protected_page_to_guest
     create_protected_page
     get :show, :path => ["secret"]
     assert_response :forbidden
     assert_select "title", "Access Denied"
   end
   def test_show_protected_page_to_privileged_user
     create_protected_page
     login_as @privileged_user
     get :show, :path => ["secret"]
     assert_response :success
     assert_select "title", "Shhh... It's a Secret"
   end
   def test_show_archived_page_to_guest
     create_archived_page
@@ -67,14 +67,14 @@ class Cms::ContentControllerTest < ActionController::TestCase
   def test_show_file
     create_file
     get :show, :path => ["test.txt"]
     assert_response :success
     assert_equal "text/plain", @response.content_type
     assert_equal "This is a test", streaming_file_contents
   end
   def test_show_archived_file
     create_file
@@ -82,46 +82,46 @@ class Cms::ContentControllerTest < ActionController::TestCase
     @file_block.update_attributes(:archived => true, :publish_on_save => true)
     reset(:file_block)
     assert @file_block.attachment.archived?
     get :show, :path => ["test.txt"]
     assert_response :not_found
     assert_select "title", "Not Found"
   end
   def test_show_protected_file_to_guest
     create_protected_file
     get :show, :path => ["test.txt"]
     assert_response :forbidden
     assert_select "title", "Access Denied"
   end
   def test_show_protected_file_to_privileged_user
     create_protected_file
     login_as @privileged_user
     get :show, :path => ["test.txt"]
     assert_response :success
     assert_equal "text/plain", @response.content_type
     assert_equal "This is a test", streaming_file_contents
   end
   def test_show_page_route
     @page_template = Factory(:page_template, :name => "test_show_page_route")
-    @page = Factory(:page,
-      :section => root_section,
+    @page = Factory(:page,
+      :section => root_section,
       :template_file_name => "test_show_page_route.html.erb")
-    @portlet = DynamicPortlet.create!(:name => "Test",
+    @portlet = DynamicPortlet.create!(:name => "Test",
       :template => "<h1><%= @foo %></h1>",
       :connect_to_page_id => @page.id, :connect_to_container => "main")
     @page_route = @page.page_routes.create(:pattern => "/foo", :code => "@foo = params[:foo]")
     reset(:page)
     @page.publish!
     get :show_page_route, :foo => "42", :_page_route_id => @page_route.id
     assert_response :success
     assert_select "h1", "42"
@@ -137,10 +137,10 @@ class Cms::ContentControllerTest < ActionController::TestCase
   def test_show_draft_page_with_content_as_editor
     login_as_cms_admin
     create_page_with_content
     @block.update_attributes(:content => "<h3>I've been edited</h3>")
     reset(:page, :block)
     get :show, :path => ["page_with_content"]
     assert_response :success
     assert_select "h3", "I've been edited"
@@ -154,42 +154,42 @@ class Cms::ContentControllerTest < ActionController::TestCase
       @secret_group = Factory(:group, :name => "Secret")
       @secret_group.sections << @protected_section
       @privileged_user = Factory(:user, :login => "privileged")
-      @privileged_user.groups << @secret_group
+      @privileged_user.groups << @secret_group
     end
     def create_protected_page
-      create_protected_user_section_group
-      @page = Factory(:page,
-        :section => @protected_section,
-        :path => "/secret",
-        :name => "Shhh... It's a Secret",
-        :template_file_name => "default.html.erb",
+      create_protected_user_section_group
+      @page = Factory(:page,
+        :section => @protected_section,
+        :path => "/secret",
+        :name => "Shhh... It's a Secret",
+        :template_file_name => "default.html.erb",
         :publish_on_save => true)
     end
     def create_file
       @file = mock_file(:read => "This is a test", :content_type => "text/plain")
-      @file_block = Factory(:file_block, :attachment_section => root_section, :attachment_file => @file, :attachment_file_path => "/test.txt", :publish_on_save => true)
+      @file_block = Factory(:file_block, :attachment_section => root_section, :attachment_file => @file, :attachment_file_path => "/test.txt", :publish_on_save => true)
     end
     def create_protected_file
-      create_protected_user_section_group
+      create_protected_user_section_group
       create_file
       reset(:file_block)
       @file_block.update_attributes(:attachment_section => @protected_section)
       reset(:file_block)
     end
     def create_archived_page
-      @page = Factory(:page,
-        :section => root_section,
-        :path => "/archived",
-        :name => "Archived",
-        :archived => true,
-        :template_file_name => "default.html.erb",
+      @page = Factory(:page,
+        :section => root_section,
+        :path => "/archived",
+        :name => "Archived",
+        :archived => true,
+        :template_file_name => "default.html.erb",
         :publish_on_save => true)
     end
     def create_page_with_content
       @page_template = Factory(:page_template, :name => "testing_editting_content")
@@ -200,14 +200,14 @@ class Cms::ContentControllerTest < ActionController::TestCase
       @block = HtmlBlock.create!(:name => "Test",
         :content => "<h3>TEST</h3>",
-        :connect_to_page_id => @page.id,
+        :connect_to_page_id => @page.id,
         :connect_to_container => "main")
       reset(:page)
       @page.publish!
     end
 end
 # CMS Page Caching Enabled (Production Mode)
@@ -225,18 +225,18 @@ end
 class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
   tests Cms::ContentController
   include Cms::ControllerTestHelper
   def setup
     ActionController::Base.perform_caching = true
     @page = Factory(:page, :section => root_section, :name => "Test Page", :path => "/page", :publish_on_save => true)
     @registered_user = Factory(:user)
-    @registered_user.groups << Group.with_code("guest").first
+    @registered_user.groups << Group.guest
   end
   def teardown
     ActionController::Base.perform_caching = false
   end
   def test_guest_user_views_page_on_public_site
     @request.host = "mysite.com"
     get :show, :path => ["page"]
@@ -253,9 +253,9 @@ class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_public_site
     login_as @registered_user
     @request.host = "mysite.com"
     get :show, :path => ["page"]
     assert_response :success
     assert_select "title", "Test Page"
   end
@@ -263,19 +263,19 @@ class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_cms_site
     login_as @registered_user
     @request.host = "cms.mysite.com"
     get :show, :path => ["page"]
     assert_redirected_to "http://mysite.com/page"
   end
   def test_cms_user_views_page_on_public_site
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "mysite.com"
     get :show, :path => ["page"]
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe", {:count => 0}
@@ -285,14 +285,14 @@ class Cms::ContentCachingEnabledControllerTest < ActionController::TestCase
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "cms.mysite.com"
     get :show, :path => ["page"]
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe"
-  end
+  end
 end
 # CMS Page Caching Disabled (Development Mode)
@@ -310,14 +310,14 @@ end
 class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
   tests Cms::ContentController
   include Cms::ControllerTestHelper
   def setup
     ActionController::Base.perform_caching = false
     @page = Factory(:page, :section => root_section, :name => "Test Page", :path => "/page", :publish_on_save => true)
     @registered_user = Factory(:user)
-    @registered_user.groups << Group.with_code("guest").first
+    @registered_user.groups << Group.guest
   end
   def test_guest_user_views_page_on_public_site
     @request.host = "mysite.com"
     get :show, :path => ["page"]
@@ -335,9 +335,9 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_public_site
     login_as @registered_user
     @request.host = "mysite.com"
     get :show, :path => ["page"]
     assert_response :success
     assert_select "title", "Test Page"
   end
@@ -345,20 +345,20 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
   def test_registered_user_views_page_on_cms_site
     login_as @registered_user
     @request.host = "mysite.com"
     get :show, :path => ["page"]
     assert_response :success
     assert_select "title", "Test Page"
   end
   def test_cms_user_views_page_on_public_site
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "mysite.com"
     get :show, :path => ["page"]
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe"
@@ -368,12 +368,67 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
     login_as_cms_admin
     @request.session[:page_mode] = "edit"
     @request.host = "cms.mysite.com"
     get :show, :path => ["page"]
     assert_response :success
     assert_select "title", "Test Page"
     assert_select "iframe"
   end
-end
+  def test_portlet_throw_access_denied_goes_to_access_denied_page
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_access_denied = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise Cms::Errors::AccessDenied')
+    reset(:page)
+    get :show, :path => ["about"]
+    assert_response :forbidden
+    assert_select "title", "Access Denied"
+  end
+  def test_portlet_throw_not_found_goes_to_not_found_page
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_not_found = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise ActiveRecord::RecordNotFound')
+    reset(:page)
+    get :show, :path => ["about"]
+    assert_response :not_found
+    assert_select "title", "Not Found"
+  end
+  def test_portlets_throw_multiple_goes_to_not_found
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_not_found = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise ActiveRecord::RecordNotFound')
+    @portlet_raise_access_denied = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise Cms::Errors::AccessDenied')
+    @portlet_raise_generic = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise')
+    reset(:page)
+    get :show, :path => ["about"]
+    assert_response :not_found
+    assert_select "title", "Not Found"
+  end
+  def test_portlets_throw_multiple_goes_to_access_denied
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_access_denied = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise Cms::Errors::AccessDenied')
+    @portlet_raise_generic = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise')
+    reset(:page)
+    get :show, :path => ["about"]
+    assert_response :forbidden
+    assert_select "title", "Access Denied"
+  end
+  def test_portlet_throw_generic_exception_still_render_page
+    @page = Factory(:page, :section => root_section, :path => "/about", :name => "Test About", :template_file_name => "default.html.erb", :publish_on_save => true)
+    @portlet_render = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :template => '<p id="hi">hello</p>')
+    @portlet_raise_generic = DynamicPortlet.create!(:name => "Test", :connect_to_page_id => @page.id, :connect_to_container => "main", :code => 'raise')
+    reset(:page)
+    get :show, :path => ["about"]
+    assert_select "#hi", "hello"
+  end
+end

data/test/functional/cms/links_controller_test.rb CHANGED Viewed

@@ -57,4 +57,92 @@ class Cms::LinksControllerTest < ActionController::TestCase
       @link = Factory(:link, :section => root_section, :url => "http://v1.example.com")
     end
-end
+end
+class Cms::LinksControllerPermissionsTest < ActionController::TestCase
+  tests Cms::LinksController
+  include Cms::ControllerTestHelper
+  def setup
+    # DRYME copypaste from UserPermissionTest
+    @user = Factory(:user)
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    @group.permissions << create_or_find_permission_named("edit_content")
+    @group.permissions << create_or_find_permission_named("publish_content")
+    @user.groups << @group
+    @editable_section = Factory(:section, :parent => root_section, :name => "Editable")
+    @editable_subsection = Factory(:section, :parent => @editable_section, :name => "Editable Subsection")
+    @group.sections << @editable_section
+    @editable_page = Factory(:page, :section => @editable_section, :name => "Editable Page")
+    @editable_subpage = Factory(:page, :section => @editable_subsection, :name => "Editable SubPage")
+    @editable_link = Factory(:link, :section => @editable_section, :name => "Editable Link")
+    @editable_sublink = Factory(:link, :section => @editable_subsection, :name => "Editable SubLink")
+    @noneditable_section = Factory(:section, :parent => root_section, :name => "Not Editable")
+    @noneditable_page = Factory(:page, :section => @noneditable_section, :name => "Non-Editable Page")
+    @noneditable_link = Factory(:link, :section => @noneditable_section, :name => "Non-Editable Link")
+    @noneditables = [@noneditable_section, @noneditable_page, @noneditable_link]
+    @editables = [@editable_section, @editable_subsection,
+      @editable_page, @editable_subpage,
+      @editable_link, @editable_sublink]
+  end
+  def test_new_permissions
+    login_as(@user)
+    get :new, :section_id => @editable_section
+    assert_response :success
+    get :new, :section_id => @noneditable_section
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+  def test_create_permissions
+    login_as(@user)
+    post :create, :section_id => @editable_section, :name => "Another editable link"
+    assert_response :success
+    post :create, :section_id => @noneditable_section, :name => "Another non-editable link"
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+  def test_edit_permissions
+    login_as(@user)
+    get :edit, :id => @editable_link
+    assert_response :success
+    get :edit, :id => @noneditable_link
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+  def test_update_permissions
+    login_as(@user)
+    put :update, :id => @editable_link, :name => "Modified editable link"
+    assert_response :redirect
+    put :update, :id => @noneditable_link, :name => "Modified non-editable link"
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+  def test_destroy_permissions
+    login_as(@user)
+    delete :destroy, :id => @editable_link
+    assert_response :redirect
+    delete :destroy, :id => @noneditable_link
+    assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+end