Added test to block basic user edits, closes issue #397 (#1114)

* Added test to block basic user edits * Added feature * upate wiki_controller_test.rb * Update wiki_controller_test.rb * Update wiki_controller_test.rb * Update wiki_controller_test.rb * Update wiki_controller_test.rb * Update wiki_controller_test.rb * Update on flash[] * Added flash test * update wiki_controller.rb * update * Removed assert_select * removed assert flash * removed assert_redirected_to test * Update * Back to 961812c state * Update wiki_controller_test.rb
publiclab · Dec 31, 2016 · 940286e · 940286e
1 parent ac621be
commit 940286e
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 39 deletions.
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
@@ -7,9 +7,9 @@ class WikiController < ApplicationController
   def subdomain
     url = "//#{request.host}/wiki/"
     case request.subdomain
-    when "new-york-city", 
-         "gulf-coast", 
-         "boston", 
+    when "new-york-city",
+         "gulf-coast",
+         "boston",
          "espana" then
       redirect_to url+request.subdomain
     when "nyc"
@@ -72,6 +72,10 @@ def edit
     else
       @node = DrupalNode.find_wiki(params[:id])
     end
+    if @node.has_tag('locked') && (current_user.role != "admin" && current_user.role != "moderator")
+      flash[:warning] = "This page is <a href='/wiki/power-tags#Locking'>locked</a>, and only <a href='/wiki/moderators'>moderators</a> can edit it."
+      redirect_to @node.path
+    end
     if ((Time.now.to_i - @node.latest.timestamp) < 5.minutes.to_i) && @node.latest.author.uid != current_user.uid
       flash.now[:warning] = I18n.t('wiki_controller.someone_clicked_edit_5_minutes_ago')
     end
@@ -146,7 +150,7 @@ def update
         # update vid (version id) of main image
         if @node.drupal_main_image && params[:main_image].nil?
           i = @node.drupal_main_image
-          i.vid = @revision.vid 
+          i.vid = @revision.vid
           i.save
         end
         @node.title = @revision.title

diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb
@@ -74,10 +74,10 @@ def teardown
   test "post wiki no login" do
     UserSession.find.destroy
 
-    post :create, 
-         uid:   rusers(:bob).id, 
-         title: "All about balloon mapping", 
-         body:  "This is fascinating documentation about balloon mapping.", 
+    post :create,
+         uid:   rusers(:bob).id,
+         title: "All about balloon mapping",
+         body:  "This is fascinating documentation about balloon mapping.",
          tags:  "balloon-mapping,event"
 
     assert_redirected_to('/login')
@@ -86,19 +86,19 @@ def teardown
   test "post wiki" do
     title = "All about balloon mapping"
 
-    post :create, 
-         uid:   rusers(:bob).id, 
-         title: title, 
-         body:  "This is fascinating documentation about balloon mapping.", 
+    post :create,
+         uid:   rusers(:bob).id,
+         title: title,
+         body:  "This is fascinating documentation about balloon mapping.",
          tags:  "balloon-mapping,event"
 
     assert_redirected_to "/wiki/" + title.parameterize
   end
 
   test "post wiki with bad title" do
 
-    post :create, 
-         uid:   rusers(:bob).id, 
+    post :create,
+         uid:   rusers(:bob).id,
          title: "",
          body:  "This is fascinating documentation about balloon mapping."
 
@@ -108,21 +108,21 @@ def teardown
 
   test "viewing edit wiki page" do
 
-    get :edit, 
+    get :edit,
          id: 'organizers'
 
     assert_template "wiki/edit"
     assert_not_nil assigns(:title)
     assert_not_nil assigns(:node)
     assert_response :success
   end
-  
+
   test "updating wiki" do
     wiki = node(:organizers)
     newtitle = "New Title"
 
-    post :update, 
-         id:    wiki.nid, 
+    post :update,
+         id:    wiki.nid,
          uid:   rusers(:bob).id,
          title: newtitle,
          body:  "Editing about Page"
@@ -132,11 +132,23 @@ def teardown
     assert_equal flash[:notice], "Edits saved."
   end
 
+  test "basic user blocked from editing a locked wiki page" do
+    node(:organizers).add_tag('locked', rusers(:admin)) # lock the page with a tag
+    # then try editing it
+    assert_difference 'DrupalNodeRevision.count', 0 do
+      post :edit,
+          id: 'organizers'
+    end
+    assert_equal flash[:warning] , "This page is <a href='/wiki/power-tags#Locking'>locked</a>, and only <a href='/wiki/moderators'>moderators</a> can edit it."
+    assert_redirected_to node(:organizers).path
+  end
+
+
   test "updating wiki with bad title" do
 
-    post :update, 
-         id:  node(:organizers).id, 
-         uid:   rusers(:bob).id, 
+    post :update,
+         id:  node(:organizers).id,
+         uid:   rusers(:bob).id,
          title: ""
 
     assert_template "wiki/edit"
@@ -148,8 +160,8 @@ def teardown
     newtitle = "New Title"
     assert_equal wiki.path, "/about"
 
-    post :update, 
-         id:    wiki.nid, 
+    post :update,
+         id:    wiki.nid,
          uid:   rusers(:bob).id,
          title: newtitle,
          body:  "Editing about Page"
@@ -163,13 +175,13 @@ def teardown
     node = node(:about)
     image = fixture_file_upload 'rails.png'
 
-    post :update, 
-         id:    node.nid, 
+    post :update,
+         id:    node.nid,
          uid:   rusers(:bob).id,
          title: "New Title",
-         body:  "Editing about Page", 
+         body:  "Editing about Page",
          image: { :title => "new image",
-                  :photo => image 
+                  :photo => image
                 }
 
     node.reload
@@ -181,10 +193,10 @@ def teardown
     node = node(:about)
     image = node.images.where(photo_file_name: 'filename-1.jpg').last
 
-    post :update, 
+    post :update,
          id:             node.nid,
          uid:            rusers(:bob).id,
-         title:          "New Title", 
+         title:          "New Title",
          body:           "Editing about Page",
          image_revision: image.path(:default)
 
@@ -239,7 +251,7 @@ def teardown
 #    UserSession.create(rusers(:admin))
 #  end
 
-  # hmm, was this modified? 
+  # hmm, was this modified?
   test "should display wiki pages with slug in root" do
     UserSession.find.destroy
     UserSession.create(rusers(:admin))
@@ -336,7 +348,7 @@ def teardown
 
     assert_response :success
     assert_template :index
-    assert_select "title", "Public Lab: Popular wiki pages" 
+    assert_select "title", "Public Lab: Popular wiki pages"
   end
 
   test  "should display well liked wiki pages" do
@@ -346,25 +358,25 @@ def teardown
     assert_template :index
     assert_select "title", "Public Lab: Well-liked wiki pages"
   end
-  
+
   test "should choose I18n for wiki controller" do
     available_testing_locales.each do |lang|
       old_controller = @controller
       @controller = SettingsController.new
-      
+
       get :change_locale, :locale => lang.to_s
-      
+
       @controller = old_controller
-      
+
       wiki = node(:organizers)
       newtitle = "New Title"
-  
-      post :update, 
-           id:    wiki.nid, 
+
+      post :update,
+           id:    wiki.nid,
            uid:   rusers(:bob).id,
            title: newtitle,
            body:  "Editing about Page"
-  
+
       wiki.reload
       assert_redirected_to wiki.path
       assert_equal flash[:notice], I18n.t('wiki_controller.edits_saved')