webficient-browsercms 3.0.1 → 3.0.2

data/lib/cms/acts/content_block.rb

@@ -28,4 +28,4 @@ module Cms
       end
     end
   end
-end
+end

data/lib/cms/behaviors/publishing.rb

@@ -23,7 +23,17 @@ module Cms
           after_save :publish_for_non_versioned
         
           named_scope :published, :conditions => {:published => true}
-          named_scope :unpublished, :conditions => {:published => false}        
+          named_scope :unpublished, lambda {
+            if versioned?
+              { :joins => :versions,
+                :conditions =>
+                  "#{connection.quote_table_name(version_table_name)}.#{connection.quote_column_name('version')} > " + 
+                  "#{connection.quote_table_name(table_name)}.#{connection.quote_column_name('version')}",
+                :select => "distinct #{connection.quote_table_name(table_name)}.*" }
+            else
+              { :conditions => { :published => false } }
+            end
+          }
         end
       end
       module ClassMethods

data/lib/cms/behaviors/versioning.rb

@@ -22,7 +22,9 @@ module Cms
           before_validation_on_create :initialize_version
 
           attr_accessor :revert_to_version
-
+          
+          versioned_class = self
+          
           #Define the version class
           const_set("Version", Class.new(ActiveRecord::Base)).class_eval do 
             class << self; attr_accessor :versioned_class end
@@ -35,7 +37,11 @@ module Cms
             end
             def versioned_object
               send(versioned_class.name.underscore.to_sym)
-            end                 
+            end       
+            
+            named_scope :recent_updates, :order => "updated_at desc", :limit => 10,
+                        :joins => versioned_class.table_name.singularize.to_sym,
+                        :conditions => { "#{versioned_class.table_name}.deleted" => false }
           end
 
           version_class.versioned_class = self

data/lib/cms/routes.rb

@@ -1,5 +1,8 @@
 module Cms::Routes
-  
+
+  #
+  # content_block_name - Should be a plural symbol matching the name of the content_block, like :dogs or donation_statuses
+  #
   def content_blocks(content_block_name, options={}, &block)
     content_block = content_block_name.to_s.classify.constantize
     resources(*[content_block_name, default_routes_for_content_block(content_block).deep_merge(options)], &block)
@@ -129,6 +132,10 @@ module Cms::Routes
         :enable => :put
       }
       
+      if RAILS_ENV == "test" && File.expand_path(RAILS_ROOT) == File.expand_path(File.dirname(__FILE__) + "/../..")
+        cms.content_blocks :content_block
+      end
+      
     end
 
     if PageRoute.table_exists?

data/lib/tasks/db.rake

@@ -18,7 +18,7 @@ namespace :db do
       puts "Models: " + models.join(', ')
       
       models.each do |m|
-        model = m.classify.constantize
+        model = m.tableize.classify.constantize
         create_fixture(model)
         create_fixture(model.version_class) if model.versioned?
       end

data/public/stylesheets/cms/dashboard.css

@@ -4,6 +4,11 @@ margin: -4px 5px 0 5px;
 background-color: #FFFFFF;
 }
 
+.dashboard_unit.wide {
+  clear: both;
+  width: 990px;
+}
+
 .dashboard_unit h2 {
 height: 12px;
 color: #FFF;
@@ -13,12 +18,18 @@ font-size: 10pt;
 text-transform: uppercase;
 letter-spacing: 1px;
 }
+.dashboard_unit h2 {
+background: #4679B8 url(/images/cms/dashboard/header_bg.gif) repeat-x 0 0;
+}
 .dashboard_unit h2.left {
 background: #4679B8 url(/images/cms/dashboard/header_left_bg.gif) no-repeat 0 0;
 }
 
+.dashboard_unit .roundedcorners {
+  margin: 6px;
+}
 .dashboard_unit form {
-padding: 6px;
+  padding: 0;
 }
 
 .dashboard_unit {
@@ -113,6 +124,12 @@ background: transparent url(/images/cms/dashboard/bottom_cap_content.png) no-rep
 div.top_cap {
   background: url(/images/cms/dashboard/top_cap.png) no-repeat 0 0;
 }
+div.wide_top_cap {
+  background: url(/images/cms/top_cap.png) no-repeat 0 0;
+  width: 1000px;
+  height: 9px;
+  margin: 20px 0 0 0;
+}
 #contentwrapbig {
   background: none;
 }

data/test/functional/cms/content_block_controller_test.rb

@@ -0,0 +1,120 @@
+require File.join(File.dirname(__FILE__), '/../../test_helper')
+
+class PermissionsForContentBlockControllerTest < ActionController::TestCase
+  include Cms::ControllerTestHelper
+  tests Cms::ContentBlockController
+  
+  # We're stubbing a lot because we *just* want to isolate the behaviour for checking permissions
+  def setup
+    login_as_cms_admin
+    @user = User.first
+    @controller.stubs(:current_user).returns(@user)
+    @controller.stubs(:render)
+    @controller.stubs(:model_class).returns(ContentBlock)
+    @controller.stubs(:set_default_category)
+    @controller.stubs(:blocks_path).returns("/cms/content_block")
+    @controller.stubs(:redirect_to_first).returns("/cms/content_block")
+    
+    @block = stub_everything("block")
+    @block.stubs(:as_of_draft_version).returns(@block)
+    @block.stubs(:as_of_version).returns(@block)
+    @block.stubs(:connected_pages).returns(stub(:all => stub))
+    
+    ContentBlock.stubs(:find).returns(@block)
+    ContentBlock.stubs(:new).returns(@block)
+    ContentBlock.stubs(:paginate)
+  end
+  
+  def expect_access_denied
+    @controller.expects(:render).with(has_entry(:status => 403))
+  end
+  
+  def expect_success
+    expect_access_denied.never
+  end
+  
+  test "GET index allows any user" do
+    expect_success
+    get :index
+  end
+  
+  test "GET show allows any user" do
+    expect_success
+    get :show, :id => 5
+  end
+  
+  test "GET new allows any user" do
+    expect_success
+    get :new
+  end
+  
+  test "POST create allows any user" do
+    expect_success
+    post :create
+  end
+  
+  test "GET version allows any user" do
+    expect_success
+    get :version, :id => 5, :version => 3
+  end
+  
+  test "GET versions allows any user" do
+    expect_success
+    get :versions, :id => 5
+  end
+  
+  test "GET usages allows any user" do
+    expect_success
+    get :usages, :id => 5
+  end
+  
+  test "GET edit allows only users who are able to edit the block" do
+    @user.stubs(:able_to_edit?).with(@block).returns(false)
+    expect_access_denied
+    get :edit, :id => 5
+    
+    @user.stubs(:able_to_edit?).with(@block).returns(true)
+    expect_success
+    get :edit, :id => 5
+  end
+  
+  test "PUT update allows only users who are able to edit the block" do
+    @user.stubs(:able_to_edit?).with(@block).returns(false)
+    expect_access_denied
+    put :update, :id => 5
+    
+    @user.stubs(:able_to_edit?).with(@block).returns(true)
+    expect_success
+    put :update, :id => 5
+  end
+  
+  test "DELETE destroy allows only users who are able to publish the block" do
+    @user.stubs(:able_to_publish?).with(@block).returns(false)
+    expect_access_denied
+    delete :destroy, :id => 5
+    
+    @user.stubs(:able_to_publish?).with(@block).returns(true)
+    expect_success
+    delete :destroy, :id => 5
+  end
+  
+  test "PUT publish allows only users who are able to publish the block" do
+    @user.stubs(:able_to_publish?).with(@block).returns(false)
+    expect_access_denied
+    put :publish, :id => 5
+    
+    @user.stubs(:able_to_publish?).with(@block).returns(true)
+    expect_success
+    put :publish, :id => 5
+  end
+  
+  test "PUT revert_to allows only users who are able to publish the block" do
+    @user.stubs(:able_to_publish?).with(@block).returns(false)
+    expect_access_denied
+    put :revert_to, :id => 5, :version => 1
+    
+    @user.stubs(:able_to_publish?).with(@block).returns(true)
+    expect_success
+    put :revert_to, :id => 5, :version => 1
+  end
+end

data/test/functional/cms/content_controller_test.rb

@@ -109,6 +109,15 @@ class Cms::ContentControllerTest < ActionController::TestCase
     assert_equal "This is a test", streaming_file_contents
   end
   
+  def test_use_x_sendfile
+    create_file
+    Attachment.use_x_sendfile = true
+    get :show, :path => ["test.txt"]
+    assert_response :success
+    assert_equal @file_block.attachment.full_file_location, @response.headers["X-Sendfile"]
+    Attachment.use_x_sendfile = false
+  end
+  
   def test_show_page_route
     @page_template = Factory(:page_template, :name => "test_show_page_route")
     @page = Factory(:page, 
@@ -376,4 +385,4 @@ class Cms::ContentCachingDisabledControllerTest < ActionController::TestCase
     assert_select "iframe"
   end
   
-end
+end

data/test/functional/cms/links_controller_test.rb

@@ -97,6 +97,7 @@ class Cms::LinksControllerPermissionsTest < ActionController::TestCase
 
     get :new, :section_id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_create_permissions
@@ -107,6 +108,7 @@ class Cms::LinksControllerPermissionsTest < ActionController::TestCase
 
     post :create, :section_id => @noneditable_section, :name => "Another non-editable link"
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_edit_permissions
@@ -117,6 +119,7 @@ class Cms::LinksControllerPermissionsTest < ActionController::TestCase
 
     get :edit, :id => @noneditable_link
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_update_permissions
@@ -127,6 +130,7 @@ class Cms::LinksControllerPermissionsTest < ActionController::TestCase
 
     put :update, :id => @noneditable_link, :name => "Modified non-editable link"
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_destroy_permissions
@@ -137,6 +141,7 @@ class Cms::LinksControllerPermissionsTest < ActionController::TestCase
 
     delete :destroy, :id => @noneditable_link
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 end
 

data/test/functional/cms/pages_controller_test.rb

@@ -126,6 +126,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     get :new, :section_id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_create_permissions
@@ -136,6 +137,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     post :create, :section_id => @noneditable_section, :name => "Another non-editable page"
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_edit_permissions
@@ -146,6 +148,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     get :edit, :id => @noneditable_page
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_update_permissions
@@ -157,6 +160,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     put :update, :id => @noneditable_page, :name => "Modified non-editable page"
     assert_response 403
+    assert_template "cms/shared/access_denied"
 
     # archive
     put :archive, :id => @editable_page
@@ -164,6 +168,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     put :archive, :id => @noneditable_page
     assert_response 403
+    assert_template "cms/shared/access_denied"
 
     # hide
     put :hide, :id => @editable_page
@@ -171,6 +176,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     put :hide, :id => @noneditable_page
     assert_response 403
+    assert_template "cms/shared/access_denied"
 
     # publish
     put :publish, :id => @editable_page
@@ -178,6 +184,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     put :publish, :id => @noneditable_page
     assert_response 403
+    assert_template "cms/shared/access_denied"
 
     # revert_to
     # can't find route...
@@ -196,6 +203,7 @@ class Cms::PagesControllerPermissionsTest < ActionController::TestCase
 
     delete :destroy, :id => @noneditable_page
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 end
 

data/test/functional/cms/sections_controller_test.rb

@@ -13,6 +13,13 @@ class Cms::SectionsControllerTest < ActionController::TestCase
     assert_select "input[name=?][value=?]", "section[name]", root_section.name
   end
   
+  test "GET new should set the groups to the parent section's groups by default" do
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    get :new, :section_id => root_section.to_param
+    assert_equal root_section.groups, assigns(:section).groups
+    assert !assigns(:section).groups.include?(@group)
+  end
+  
   def test_update
     @section = Factory(:section, :name => "V1", :parent => root_section)
     
@@ -115,6 +122,15 @@ class Cms::SectionsControllerPermissionsTest < ActionController::TestCase
 
     get :new, :section_id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+  
+  test "POST create should set the groups to the parent section's groups for non-admin user" do
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    login_as(@user)
+    get :new, :section_id => @editable_section
+    assert_equal @editable_section.groups, assigns(:section).groups
+    assert !assigns(:section).groups.include?(@group)
   end
 
   def test_create_permissions
@@ -125,6 +141,7 @@ class Cms::SectionsControllerPermissionsTest < ActionController::TestCase
 
     post :create, :section_id => @noneditable_section, :name => "Another non-editable subsection"
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_edit_permissions
@@ -135,6 +152,7 @@ class Cms::SectionsControllerPermissionsTest < ActionController::TestCase
 
     get :edit, :id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
 
   def test_update_permissions
@@ -145,6 +163,15 @@ class Cms::SectionsControllerPermissionsTest < ActionController::TestCase
 
     put :update, :id => @noneditable_section, :name => "Modified non-editable subsection"
     assert_response 403
+    assert_template "cms/shared/access_denied"
+  end
+  
+  test "PUT update should set the groups to the parent section's groups for non-admin user" do
+    @group = Factory(:group, :name => "Test", :group_type => Factory(:group_type, :name => "CMS User", :cms_access => true))
+    login_as(@user)
+    put :update, :id => @editable_subsection
+    assert_equal @editable_section.groups, assigns(:section).groups
+    assert !assigns(:section).groups.include?(@group)
   end
 
   def test_destroy_permissions
@@ -155,7 +182,6 @@ class Cms::SectionsControllerPermissionsTest < ActionController::TestCase
 
     delete :destroy, :id => @noneditable_section
     assert_response 403
+    assert_template "cms/shared/access_denied"
   end
-end
-
-
+end

data/test/unit/lib/routes_test.rb

@@ -0,0 +1,57 @@
+require File.join(File.dirname(__FILE__), '/../../test_helper')
+
+class RouteBuilder
+  include Cms::Routes
+end
+
+class Bear < ActiveRecord::Base
+  acts_as_content_block
+end
+
+class Kindness < ActiveRecord::Base
+  acts_as_content_block
+end
+
+class RoutesTest < ActiveSupport::TestCase
+
+  test "Verify behavior of classify, and how it works with already pluralized symbols" do
+    assert_equal "Kindness", :kindnesses.to_s.classify, "routes will pass 'plural' symbols to 'content_block', rather than single"    
+  end
+
+
+  test "behavior of 'content_blocks' route generator" do
+    rb = RouteBuilder.new
+
+    # Expect
+    rb.expects(:resources).with(:bears, {:member => {:publish => :put, :usages => :get, :versions => :get}})
+    rb.expects(:version_cms_bears).with("/cms/bears/:id/version/:version", :controller => "cms/bears", :action => "version", :conditions => {:method => :get})
+    rb.expects(:revert_to_cms_bears).with(
+            "/cms/bears/:id/revert_to/:version",
+            :controller => "cms/bears",
+            :action => "revert_to",
+            :conditions => {:method => :put})
+
+    rb.content_blocks :bears
+
+    # Verifies the exact messages being passed to the route generator
+  end
+
+  test "behavior of 'content_blocks' route generator with model names with s at the end" do
+    rb = RouteBuilder.new
+
+    # Expect
+    rb.expects(:resources).with(:kindnesses, {:member => {:publish => :put, :usages => :get, :versions => :get}})
+    rb.expects(:version_cms_kindnesses).with("/cms/kindnesses/:id/version/:version", :controller => "cms/kindnesses", :action => "version", :conditions => {:method => :get})
+    rb.expects(:revert_to_cms_kindnesses).with(
+            "/cms/kindnesses/:id/revert_to/:version",
+            :controller => "cms/kindnesses",
+            :action => "revert_to",
+            :conditions => {:method => :put})
+
+    rb.content_blocks :kindnesses
+
+    # Verifies the exact messages being passed to the route generator
+  end
+  
+
+end

data/test/unit/models/content_type_test.rb

@@ -1,5 +1,10 @@
 require File.join(File.dirname(__FILE__), '/../../test_helper')
 
+# Sample Model for testing naming/model classes
+class Kindness < ActiveRecord::Base
+  acts_as_content_block
+end
+
 class ContentTypeTest < ActiveSupport::TestCase
   def setup
     @c = ContentType.new(:name => "HtmlBlock")
@@ -20,4 +25,20 @@ class ContentTypeTest < ActiveSupport::TestCase
   def test_content_block_type
     assert_equal "html_blocks", @c.content_block_type
   end
-end
+
+  test "find_by_key handles names that end with s correctly" do
+    ContentType.create!(:name => "Kindness", :group_name => "Anything")
+
+    ct = ContentType.find_by_key("kindness")
+    assert_not_nil ct
+    assert_equal "Kindness", ct.display_name
+  end
+
+  test "calculate the model_class name with s" do
+    ct = ContentType.new(:name=>"Kindness")
+    assert_equal Kindness, ct.model_class
+  end
+
+
+end
+

data/test/unit/models/page_test.rb

@@ -237,9 +237,15 @@ class PageTest < ActiveRecord::TestCase
     assert_equal 1, @page.connectors.for_page_version(@page.draft.version).count    
     assert !@page.live?
     assert !@block.live?
-      
   end
-
+  
+  def test_internal_name
+    @page = Factory(:page, :name => 'Foo')
+    assert_equal 'foo', @page.internal_name
+    
+    @page = Factory(:page, :name => 'Foo Bar')
+    assert_equal 'foo_bar', @page.internal_name
+  end
 end
 
 class PageVersioningTest < ActiveRecord::TestCase
@@ -724,3 +730,14 @@ class PortletsDontHaveDraftsTest < ActiveRecord::TestCase
   end
 end
 
+class PageInSectionTest < ActiveRecord::TestCase
+  def test_deleting_page_in_section
+    @section = Factory(:section)
+    @page = Factory(:page, :section => @section)
+    
+    assert_equal 1, @section.child_nodes.length
+    @page.destroy
+    @section.reload
+    assert_equal 0, @section.child_nodes.length
+  end
+end