Fix Story permissions so that admin need not be turned on.

canEdit is now determined by the Story and the parent StoryArchive. With tests, and template changes.
2009-05-28 04:15:50 +00:00 · 2009-05-28 04:15:50 +00:00 · 83497b773e
commit 83497b773e
parent 1e6d9b7d18
6 changed files with 83 additions and 17 deletions
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@ -8,6 +8,7 @@
 - fixed a similar problem with metadata in the Shortcut Asset.
 - fixed #10396: Syndicated Content wobject not displaying edit controls
 - fixed #10386: Template override missing in nav shortcut
+ - fixed #10436: Story Manager - Story Edit/Delete links are Admin Only

 7.7.7
 - Added EMS Schedule table
--- a/docs/upgrades/packages-7.7.8/root_import_storymanager.wgpkg
+++ b/docs/upgrades/packages-7.7.8/root_import_storymanager.wgpkg
--- a/lib/WebGUI/Asset/Story.pm
+++ b/lib/WebGUI/Asset/Story.pm
@ -85,6 +85,25 @@ sub addRevision {

 #-------------------------------------------------------------------

+=head2 canEdit ( )
+
+You can't add children to a Story.
+
+=cut
+
+sub canEdit {
+    my $self = shift;
+    my $userId = shift || $self->session->user->userId;
+    if ($userId eq $self->get("ownerUserId")) {
+        return 1;
+    }
+    my $user = WebGUI::User->new($self->session, $userId);
+    return $self->SUPER::canEdit($userId)
+        || $self->getArchive->canPostStories($userId);
+}
+
+#-------------------------------------------------------------------
+
 =head2 definition ( session, definition )

 defines asset properties for New Asset instances.  You absolutely need 
@ -839,6 +858,7 @@ sub viewTemplateVariables {
    }
    $var->{hasPhotos}   = $photoCounter;
    $var->{singlePhoto} = $photoCounter == 1;
+    $var->{canEdit}     = $self->canEdit;
    return $var;
 }

--- a/lib/WebGUI/Help/Asset_Story.pm
+++ b/lib/WebGUI/Help/Asset_Story.pm
@ -55,6 +55,7 @@ our $HELP = {
        ],
        fields    => [],
        variables => [
+            { name      => 'canEdit', },
            { name      => 'highlights_loop',
              'variables' => [
                { name      => 'highlight', },
--- a/lib/WebGUI/i18n/English/Asset_Story.pm
+++ b/lib/WebGUI/i18n/English/Asset_Story.pm
@ -446,6 +446,11 @@ our $I18N = {
        lastUpdated => 0,
    },

+    'canEdit' => {
+        message => q|A boolean which will be true if the current user can edit this story.|,
+        lastUpdated => 0,
+    },
+
 };

 1;
--- a/t/Asset/Story.t
+++ b/t/Asset/Story.t
@ -13,33 +13,52 @@ use strict;
 use lib "$FindBin::Bin/../lib";

 use WebGUI::Test;
+use WebGUI::Test::Maker::Permission;
 use WebGUI::Session;
 use WebGUI::Storage;
+use WebGUI::User;
+use WebGUI::Group;

 use Test::More; # increment this value for each test you create
 use Test::Deep;
 use Data::Dumper;

-my $tests = 42;
-plan tests => 1
-            + $tests
-            ;
-
 #TODO: This script tests certain aspects of WebGUI::Storage and it should not

 my $session = WebGUI::Test->session;

-my $class  = 'WebGUI::Asset::Story';
-my $loaded = use_ok($class);
-my $story;
+my $story = 'placeholder for Test::Maker::Permission';
 my $wgBday = WebGUI::Test->webguiBirthday;

+my $canPostGroup = WebGUI::Group->new($session, 'new');
+my $postUser     = WebGUI::User->create($session);
+$canPostGroup->addUsers([$postUser->userId]);
+my $archiveOwner = WebGUI::User->create($session);
+my $reader       = WebGUI::User->create($session);
+$postUser->username('Can Post User');
+$reader->username('Average Reader');
+$archiveOwner->username('Archive Owner');
+WebGUI::Test->groupsToDelete($canPostGroup);
+WebGUI::Test->usersToDelete($postUser, $archiveOwner, $reader);
+
+my $canEditMaker = WebGUI::Test::Maker::Permission->new();
+$canEditMaker->prepare({
+    object   => $story,
+    session  => $session,
+    method   => 'canEdit',
+    pass     => [3, $postUser, $archiveOwner ],
+    fail     => [1, $reader                  ],
+});
+
+
 my $defaultNode = WebGUI::Asset->getDefault($session);
 my $archive     = $defaultNode->addChild({
-    className => 'WebGUI::Asset::Wobject::StoryArchive',
-    title     => 'Test Archive',
-                 #1234567890123456789012
-    assetId   => 'TestStoryArchiveAsset1',
+    className   => 'WebGUI::Asset::Wobject::StoryArchive',
+    title       => 'Test Archive',
+                   #1234567890123456789012
+    assetId     => 'TestStoryArchiveAsset1',
+    groupToPost => $canPostGroup->getId,
+    ownerUserId => $archiveOwner->userId,
 });
 my $topic       = $defaultNode->addChild({
    className => 'WebGUI::Asset::Wobject::StoryTopic',
@ -50,11 +69,26 @@ my $topic       = $defaultNode->addChild({
 });
 my $archiveTag  = WebGUI::VersionTag->getWorking($session);
 $archiveTag->commit;
+WebGUI::Test->tagsToRollback($archiveTag);

 my $storage1 = WebGUI::Storage->create($session);
 my $storage2 = WebGUI::Storage->create($session);
 WebGUI::Test->storagesToDelete($storage1, $storage2);

+############################################################
+#
+# PLAN
+#
+############################################################
+
+my $tests = 42;
+plan tests => 1
+            + $tests
+            + $canEditMaker->plan
+            ;
+
+my $class  = 'WebGUI::Asset::Story';
+my $loaded = use_ok($class);

 SKIP: {

@ -108,6 +142,16 @@ is($story->get('state'),    'published', 'Story is published');

 is($story->getArchive->getId, $archive->getId, 'getArchive gets the parent archive for the Story');

+############################################################
+#
+# canEdit
+#
+############################################################
+
+$canEditMaker->{_tests}->[0]->{object} = $story;
+
+$canEditMaker->run();
+
 ############################################################
 #
 # Photo JSON
@ -383,9 +427,4 @@ cmp_bag(
 }

 END {
-    $story->purge   if $story;
-    $archive->purge if $archive;
-    $topic->purge   if $topic;
-    $archiveTag->rollback;
-    WebGUI::VersionTag->getWorking($session)->rollback;
 }