In the CS, do not show a profile link unless the user is not a visitor. Fixes bug #11084

If the post is owned by Visitor, do not show the link because no one is allowed to see Visitor's profile. If the current user is Visitor, do not show the link because Visitor is not allowed to view anyone's profile.
2009-10-02 12:45:03 -07:00 · 2009-10-02 12:45:03 -07:00 · 247166baf2
commit 247166baf2
parent 3fb3644389
9 changed files with 194 additions and 50 deletions
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@ -35,6 +35,7 @@
 - fixed #11083: TGC template bug fixes, round #1
 - fixed #10544: Child assets under uncommitted parents
 - fixed failure in test 250 of t/00_compile.t
+ - fixed #11084: option to view private profiles

 7.8.0
 - upgraded YUI to 2.8.0r4
--- a/docs/upgrades/packages-7.7.22/root_import_collaboration.wgpkg
+++ b/docs/upgrades/packages-7.7.22/root_import_collaboration.wgpkg
--- a/lib/WebGUI/Asset/Post.pm
+++ b/lib/WebGUI/Asset/Post.pm
@ -710,30 +710,31 @@ Returns a hash reference of template variables for this Post.
 =cut

 sub getTemplateVars {
-	my $self    = shift;
+    my $self    = shift;
    my $session = $self->session;
-	my %var     = %{$self->get};
+    my %var     = %{$self->get};
    my $postUser   = WebGUI::User->new($session, $self->get("ownerUserId"));
-	$var{"userId"} = $self->get("ownerUserId");
-	$var{"user.isPoster"} = $self->isPoster;
-	$var{"avatar.url"}    = $self->getAvatarUrl;
-	$var{"userProfile.url"} = $postUser->getProfileUrl($self->getUrl());
-	$var{"dateSubmitted.human"} =$self->session->datetime->epochToHuman($self->get("creationDate"));
-	$var{"dateUpdated.human"} =$self->session->datetime->epochToHuman($self->get("revisionDate"));
-	$var{'title.short'} = $self->chopTitle;
-	$var{content} = $self->formatContent if ($self->getThread);
-	$var{'user.canEdit'} = $self->canEdit if ($self->getThread);
-	$var{"delete.url"} = $self->getDeleteUrl;
-	$var{"edit.url"} = $self->getEditUrl;
-	$var{"status"} = $self->getStatus;
-	$var{"reply.url"} = $self->getReplyUrl;
-	$var{'reply.withquote.url'} = $self->getReplyUrl(1);
-	$var{'url'} = $self->getUrl.'#id'.$self->getId;
-        $var{'url.raw'} = $self->getUrl;
-	$var{'rating.value'} = $self->get("rating")+0;
-	$var{'rate.url.thumbsUp'} = $self->getRateUrl(1);
-	$var{'rate.url.thumbsDown'} = $self->getRateUrl(-1);
-	$var{'hasRated'} = $self->hasRated;
+    $var{"userId"}              = $self->get("ownerUserId");
+    $var{"user.isPoster"}       = $self->isPoster;
+    $var{"avatar.url"}          = $self->getAvatarUrl;
+    $var{"userProfile.url"}     = $postUser->getProfileUrl($self->getUrl());
+    $var{"hideProfileUrl" }     = $self->get('ownerUserId') eq '1' || $session->user->isVisitor;
+    $var{"dateSubmitted.human"} = $self->session->datetime->epochToHuman($self->get("creationDate"));
+    $var{"dateUpdated.human"}   = $self->session->datetime->epochToHuman($self->get("revisionDate"));
+    $var{'title.short'}         = $self->chopTitle;
+    $var{content}               = $self->formatContent if ($self->getThread);
+    $var{'user.canEdit'}        = $self->canEdit if ($self->getThread);
+    $var{"delete.url"}          = $self->getDeleteUrl;
+    $var{"edit.url"}            = $self->getEditUrl;
+    $var{"status"}              = $self->getStatus;
+    $var{"reply.url"}           = $self->getReplyUrl;
+    $var{'reply.withquote.url'} = $self->getReplyUrl(1);
+    $var{'url'}                 = $self->getUrl.'#id'.$self->getId;
+    $var{'url.raw'}             = $self->getUrl;
+    $var{'rating.value'}        = $self->get("rating")+0;
+    $var{'rate.url.thumbsUp'}   = $self->getRateUrl(1);
+    $var{'rate.url.thumbsDown'} = $self->getRateUrl(-1);
+    $var{'hasRated'}            = $self->hasRated;
 	my $gotImage;
 	my $gotAttachment;
 	@{$var{'attachment_loop'}} = ();
--- a/lib/WebGUI/Asset/Wobject/Collaboration.pm
+++ b/lib/WebGUI/Asset/Wobject/Collaboration.pm
@ -100,14 +100,16 @@ A reference to a WebGUI::Paginator object.
 =cut

 sub appendPostListTemplateVars {
-	my $self = shift;
-	my $var = shift;
-	my $p = shift;
-	my $page = $p->getPageData;
-	my $i = 0;
-    my ($icon, $datetime) = $self->session->quick(qw(icon datetime));
+	my $self    = shift;
+    my $session = $self->session;
+	my $var     = shift;
+	my $p       = shift;
+	my $page    = $p->getPageData;
+	my $i       = 0;
+    my ($icon, $datetime) = $session->quick(qw(icon datetime));
+    my $isVisitor         = $session->user->isVisitor;
 	foreach my $row (@$page) {
-		my $post = WebGUI::Asset->new($self->session,$row->{assetId}, $row->{className}, $row->{revisionDate});
+		my $post = WebGUI::Asset->new($session,$row->{assetId}, $row->{className}, $row->{revisionDate});
 		$post->{_parent} = $self; # caching parent for efficiency 
 		my $controls = $icon->delete('func=delete',$post->get("url"),"Delete") . $icon->edit('func=edit',$post->get("url"));
 		if ($self->get("sortBy") eq "lineage") {
@ -132,6 +134,7 @@ sub appendPostListTemplateVars {
                    "lastReply.title"               => $lastPost->get("title"),
                    "lastReply.user.isVisitor"      => $lastPost->get("ownerUserId") eq "1",
                    "lastReply.username"            => $lastPost->get("username"),
+                    "lastReply.hideProfileUrl"      => $lastPost->get("ownerUserId") eq "1" || $isVisitor,
                    "lastReply.userProfile.url"     => $lastPost->getPosterProfileUrl(),
                    "lastReply.dateSubmitted.human" => $datetime->epochToHuman($lastPost->get("creationDate"),"%z"),
                    "lastReply.timeSubmitted.human" => $datetime->epochToHuman($lastPost->get("creationDate"),"%Z"),
@ -158,6 +161,7 @@ sub appendPostListTemplateVars {
            "dateUpdated.human"     => $datetime->epochToHuman($post->get("revisionDate"),"%z"),
            "timeSubmitted.human"   => $datetime->epochToHuman($post->get("creationDate"),"%Z"),
            "timeUpdated.human"     => $datetime->epochToHuman($post->get("revisionDate"),"%Z"),
+            "hideProfileUrl"        => $post->get('ownerUserId') eq '1' || $isVisitor,
            "userProfile.url"       => $post->getPosterProfileUrl,
            "user.isVisitor"        => $post->get("ownerUserId") eq "1",
        	"edit.url"              => $post->getEditUrl,
@ -175,7 +179,7 @@ sub appendPostListTemplateVars {
 		if ($row->{className} =~ m/^WebGUI::Asset::Post::Thread/) {
 			$postVars{'rating'} = $post->get('threadRating');
 		}
-                push(@{$var->{post_loop}}, \%postVars );
+        push(@{$var->{post_loop}}, \%postVars );
 		$i++;
 	}
 	$p->appendTemplateVars($var);
@ -1222,10 +1226,10 @@ sub getViewTemplateVars {
 	my %var;
 	$var{'user.canPost'} = $self->canPost;
 	$var{'user.canStartThread'} = $self->canStartThread;
-        $var{"add.url"} = $self->getNewThreadUrl;
-        $var{"rss.url"} = $self->getRssFeedUrl;
-        $var{'user.isModerator'} = $self->canModerate;
-        $var{'user.isVisitor'} = ($self->session->user->isVisitor);
+    $var{"add.url"} = $self->getNewThreadUrl;
+    $var{"rss.url"} = $self->getRssFeedUrl;
+    $var{'user.isModerator'} = $self->canModerate;
+    $var{'user.isVisitor'} = ($self->session->user->isVisitor);
 	$var{'user.isSubscribed'} = $self->isSubscribed;
 	$var{'sortby.title.url'} = $self->getSortByUrl("title");
 	$var{'sortby.username.url'} = $self->getSortByUrl("username");
--- a/lib/WebGUI/Help/Asset_Collaboration.pm
+++ b/lib/WebGUI/Help/Asset_Collaboration.pm
@ -103,7 +103,9 @@ our $HELP = {
                    { 'name' => 'timeSubmitted.human' },
                    { 'name' => 'timeUpdated.human' },
                    { 'name' => 'userProfile.url' },
-                    { 'name' => 'user.isVisitor' },
+                    { 'name' => 'hideProfileUrl' },
+                    { 'name' => 'user.isVisitor',
+                      'description' => 'post_loop_user.isVisitor' },
                    { 'name' => 'edit.url' },
                    { 'name' => 'controls' },
                    { 'name' => 'isSecond' },
@ -116,6 +118,7 @@ our $HELP = {
                    { 'name' => 'lastReply.url' },
                    { 'name' => 'lastReply.title' },
                    { 'name' => 'lastReply.user.isVisitor' },
+                    { 'name' => 'lastReply.hideProfileUrl' },
                    { 'name' => 'lastReply.username' },
                    { 'name' => 'lastReply.userProfile.url' },
                    { 'name' => 'lastReply.dateSubmitted.human' },
--- a/lib/WebGUI/i18n/English/Asset_Collaboration.pm
+++ b/lib/WebGUI/i18n/English/Asset_Collaboration.pm
@ -1293,11 +1293,21 @@ the preview is displayed, the Post can either be edited or canceled.|,
 		lastUpdated => 1149655722,
 	},

-	'user.isVisitor' => {
+	'post_loop_user.isVisitor' => {
 		message => q|A conditional that is true if the poster is a visitor.|,
 		lastUpdated => 1149655722,
 	},

+	'user.isVisitor' => {
+		message => q|A conditional that is true if the current user is a visitor.|,
+		lastUpdated => 1149655722,
+	},
+
+	'hideProfileUrl' => {
+		message => q|A conditional that is true if the poster is a visitor, or the current user is a visitor.  In the first case, Visitor's profile is not visible to any user.  In the second case, Visitor is not allowed to view any user's profile|,
+		lastUpdated => 1254506340,
+	},
+
 	'edit.url' => {
 		message => q|The URL to edit this Post.|,
 		lastUpdated => 1149655722,
@ -1359,6 +1369,11 @@ user has an avatar.|,
 		lastUpdated => 1149655722,
 	},

+	'lastReply.hideProfileUrl' => {
+		message => q|A conditional that is true if the poster of the last reply is a visitor, or the current user is a visitor.  In the first case, Visitor's profile is not visible to any user.  In the second case, Visitor is not allowed to view any user's profile|,
+		lastUpdated => 1254506340,
+	},
+
 	'lastReply.username' => {
 		message => q|The name of user who submitted the last reply.|,
 		lastUpdated => 1149655722,
--- a/lib/WebGUI/i18n/English/Asset_Template.pm
+++ b/lib/WebGUI/i18n/English/Asset_Template.pm
@ -33,9 +33,9 @@ our $I18N = {
 	},

 	'template error' => {
-		message => q|There is a syntax error in this template, %s, %s. Please correct.|,
+		message => q|There is a syntax error in this template, %s, %s, %s. Please correct.|,
 		context => q|Error when executing template|,
-		lastUpdated => 1244476530,
+		lastUpdated => 1254512327,
 	},

        'namespace description' => {
--- a/t/Asset/Post.t
+++ b/t/Asset/Post.t
@ -8,13 +8,6 @@
 # http://www.plainblack.com                     info@plainblack.com
 #-------------------------------------------------------------------

-# XXX I (chrisn) started this file to test the features I added to the
-# Collaboration / Post system for 7.5, but didn't have the time available to me
-# to do a full test suite for the Post Wobject. This means that this test suite
-# is *largely incomplete* and should be finished. What is here *is* the
-# following:
-#
-#
 # 1. The basic framework for a test suite for the Post Asset.
 # Includes setup, cleanup, boilerplate, etc. Basically the really boring,
 # repetitive parts of the test that you don't want to write yourself.
@ -26,7 +19,7 @@ use strict;
 use lib "$FindBin::Bin/../lib";
 use WebGUI::Test;
 use WebGUI::Session;
-use Test::More tests => 9; # increment this value for each test you create
+use Test::More tests => 16; # increment this value for each test you create
 use WebGUI::Asset::Wobject::Collaboration;
 use WebGUI::Asset::Post;
 use WebGUI::Asset::Post::Thread;
@ -114,7 +107,11 @@ ok($post->canEdit(), "User in groupToEditPost group can edit post after the time
 $session->user({userId => $groupIdEditUser->userId});
 ok($post->canEdit(), "User in groupIdEditUserGroup group can edit post after the timeout");

+######################################################################
+#
 # getSynopsisAndContent
+#
+######################################################################

 my ($synopsis, $content) = $post->getSynopsisAndContent('', q|Brandheiße Neuigkeiten rund um's Klettern für euch aus der Region |);
 is($synopsis, q|Brandheiße Neuigkeiten rund um's Klettern für euch aus der Region |, 'getSynopsisAndContent: UTF8 characters okay');
@ -132,9 +129,40 @@ is($synopsis, q|less than &lt; greater than &gt;|, '... HTML escaped characters
 ($synopsis, $content) = $post->getSynopsisAndContent('', q|<p>less than &lt; greater than &gt;</p>|);
 is($synopsis, q|less than < greater than >|, '... HTML entities decoded by HTML::splitTag');

-TODO: {
-    local $TODO = "Tests to make later";
-	ok(0, 'Whole lot more work to do here');
-}
+######################################################################
+#
+# getTemplateVars
+#
+######################################################################
+
+my $versionTag2 = WebGUI::VersionTag->getWorking($session);
+my $post1 = $collab->addChild({
+    className   => 'WebGUI::Asset::Post::Thread',
+    content     => 'hello, world!',
+    ownerUserId => 3,
+}, @addArgs);
+my $post2 = $collab->addChild({
+    className   => 'WebGUI::Asset::Post::Thread',
+    content     => 'hello, world!',
+    ownerUserId => 1,
+}, @addArgs);
+$versionTag2->commit();
+WebGUI::Test->tagsToRollback($versionTag);
+my $variables;
+$session->user({userId => 1});
+$variables = $post1->getTemplateVars();
+is(  $variables->{'ownerUserId'}, 3, 'first post owned by admin');
+ok(  $variables->{'hideProfileUrl'}, 'hide profile url, since current user is visitor');
+$variables = $post2->getTemplateVars();
+is(  $variables->{'ownerUserId'}, 1, 'first post owned by admin');
+ok(  $variables->{'hideProfileUrl'}, 'hide profile url, since current user is visitor');
+
+$session->user({userId => 3});
+$variables = $post1->getTemplateVars();
+is(  $variables->{'ownerUserId'}, 3, 'first post owned by admin');
+ok( !$variables->{'hideProfileUrl'}, 'show profile url');
+$variables = $post2->getTemplateVars();
+is(  $variables->{'ownerUserId'}, 1, 'first post owned by admin');
+ok(  $variables->{'hideProfileUrl'}, 'hide profile url, since poster is visitor');

 # vim: syntax=perl filetype=perl
--- a/t/Asset/Wobject/Collaboration/templateVariables.t
+++ b/t/Asset/Wobject/Collaboration/templateVariables.t
@ -0,0 +1,92 @@
+# vim:syntax=perl
+#-------------------------------------------------------------------
+# WebGUI is Copyright 2001-2009 Plain Black Corporation.
+#-------------------------------------------------------------------
+# Please read the legal notices (docs/legal.txt) and the license
+# (docs/license.txt) that came with this distribution before using
+# this software.
+#------------------------------------------------------------------
+# http://www.plainblack.com                     info@plainblack.com
+#------------------------------------------------------------------
+
+# Test the Collaboration system template variables
+# 
+#
+
+use FindBin;
+use strict;
+use lib "$FindBin::Bin/../../../lib";
+use WebGUI::Test; # Must use this before any other WebGUI modules
+use Test::More;
+use Test::Deep;
+use Data::Dumper;
+use WebGUI::Session;
+
+#----------------------------------------------------------------------------
+# Tests
+plan tests => 20;        # Increment this number for each test you create
+
+#----------------------------------------------------------------------------
+# Init
+my $session         = WebGUI::Test->session;
+my @addChildArgs    = ( {skipAutoCommitWorkflows=>1} );
+my $collab          = WebGUI::Asset->getImportNode( $session )->addChild({
+    className        => 'WebGUI::Asset::Wobject::Collaboration',
+    threadsPerPage   => 20,
+    displayLastReply => 1,
+});
+
+my @threads = (
+    $collab->addChild( {
+        className       => 'WebGUI::Asset::Post::Thread',
+        title           => "X - Foo",
+        isSticky        => 0,
+        ownerUserId     => 1,
+    }, undef, 1, @addChildArgs),
+    $collab->addChild( {
+        className       => 'WebGUI::Asset::Post::Thread',
+        title           => "X - Bar",
+        isSticky        => 0,
+        ownerUserId     => 3,
+    }, undef, 2, @addChildArgs),
+);
+
+$_->setSkipNotification for @threads; # 100+ messages later...
+my $versionTag = WebGUI::VersionTag->getWorking( $session );
+$versionTag->commit;
+WebGUI::Test->tagsToRollback($versionTag);
+
+my $templateVars;
+my $posts;
+$session->user({userId => 3});
+$templateVars = $collab->getViewTemplateVars();
+
+##Threads come in reverse order, most recent first
+$posts = $templateVars->{post_loop};
+is(  $posts->[1]->{'ownerUserId'}, 1, 'first post owned by visitor');
+ok(  $posts->[1]->{'user.isVisitor'}, 'first post made by visitor');
+ok(  $posts->[1]->{'hideProfileUrl'}, 'hide profile url, since post made by visitor');
+ok(  $posts->[1]->{'lastReply.user.isVisitor'}, 'lastReply not made by visitor');
+ok(  $posts->[1]->{'lastReply.hideProfileUrl'}, 'lastReply show profile url, since post not made by visitor, and user is not visitor');
+is(  $posts->[0]->{'ownerUserId'}, 3, 'second post owned by admin');
+ok( !$posts->[0]->{'user.isVisitor'}, 'first post made by visitor');
+ok( !$posts->[0]->{'hideProfileUrl'}, 'show profile url, since post made by admin, and user is not visitor');
+ok( !$posts->[0]->{'lastReply.user.isVisitor'}, 'lastReply not made by visitor');
+ok( !$posts->[0]->{'lastReply.hideProfileUrl'}, 'lastReply show profile url, since post not made by visitor, and user is not visitor');
+
+$session->user({userId => 1});
+$templateVars = $collab->getViewTemplateVars();
+
+##Threads come in reverse order, most recent first
+$posts = $templateVars->{post_loop};
+is(  $posts->[1]->{'ownerUserId'}, 1, 'first post owned by visitor');
+ok(  $posts->[1]->{'user.isVisitor'}, 'first post made by visitor');
+ok(  $posts->[1]->{'hideProfileUrl'}, 'hide profile url, since current user is visitor');
+ok(  $posts->[1]->{'lastReply.user.isVisitor'}, 'lastReply not made by visitor');
+ok(  $posts->[1]->{'lastReply.hideProfileUrl'}, 'lastReply hide profile url, since user is visitor');
+is(  $posts->[0]->{'ownerUserId'}, 3, 'second post owned by admin');
+ok( !$posts->[0]->{'user.isVisitor'}, 'first post made by visitor');
+ok(  $posts->[0]->{'hideProfileUrl'}, 'hide profile url, and user is visitor');
+ok( !$posts->[0]->{'lastReply.user.isVisitor'}, 'lastReply not made by visitor');
+ok(  $posts->[0]->{'lastReply.hideProfileUrl'}, 'lastReply hide profile url, since user is visitor');
+#vim:ft=perl