ENH: refs #445. Private user should be allowed to view their own userpage

zachmullen · zachmullen · commit c04240b26dd3 · 2012-01-16T14:56:47.000-05:00
Added a test to make sure this is true. Also made it so that a private user
will now see himself in the user index list.
diff --git a/core/controllers/UserController.php b/core/controllers/UserController.php
@@ -44,6 +44,7 @@ function indexAction()
 
     $order = $this->_getParam('order');
     $offset = $this->_getParam('offset');
+
     if(!isset($order))
       {
       $order = 'view';
@@ -59,7 +60,7 @@ function indexAction()
       }
     else
       {
-      $users = $this->User->getAll(true, 100, $order, $offset);
+      $users = $this->User->getAll(true, 100, $order, $offset, $this->userSession->Dao);
       }
 
     $this->view->order = $order;
@@ -668,7 +669,9 @@ public function userpageAction()
     else
       {
       $userDao = $this->User->load($user_id);
-      if($userDao->getPrivacy() == MIDAS_USER_PRIVATE && (!isset($this->userSession->Dao) || !$this->userSession->Dao->isAdmin()))
+      if($userDao->getPrivacy() == MIDAS_USER_PRIVATE &&
+        (!$this->logged || $this->userSession->Dao->getKey() != $userDao->getKey()) &&
+        (!isset($this->userSession->Dao) || !$this->userSession->Dao->isAdmin()))
         {
         throw new Zend_Exception("Permission error");
         }
diff --git a/core/models/base/UserModelBase.php b/core/models/base/UserModelBase.php
@@ -67,7 +67,7 @@ abstract function getByUuid($uuid);
   /** Returns a user given its folder (either public,private or base folder) */
   abstract function getByFolder($folder);
   /** Returns all the users */
-  abstract function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null);
+  abstract function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null, $currentUser = null);
 
   /** save */
   public function save($dao)
@@ -226,4 +226,4 @@ public function getGravatarUrl($email, $s = 32, $d = '404', $r = 'g', $img = fal
       }
     return $url;
     }
-} // end class UserModelBase
+} // end class UserModelBase
diff --git a/core/models/pdo/UserModel.php b/core/models/pdo/UserModel.php
@@ -83,26 +83,31 @@ public function getUserCommunities($userDao)
     } // end getUserCommunities
 
   /** Get all */
-  function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null)
+  function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null, $currentUser = null)
     {
     $sql = $this->database->select();
     if($onlyPublic)
       {
-      $sql ->where('privacy = ?', MIDAS_USER_PUBLIC);
+      $orClause = '';
+      if($currentUser !== null && $currentUser->getPrivacy() == MIDAS_USER_PRIVATE)
+        {
+        $orClause = ' OR '.$this->database->getDB()->quoteInto('user_id = ? ', $currentUser->getUserId());
+        }
+      $sql->where('privacy = ?'.$orClause, MIDAS_USER_PUBLIC);
       }
 
     if($offset == null)
       {
-      $sql  ->limit($limit);
+      $sql->limit($limit);
       }
     elseif(!is_numeric($offset))
       {
-      $sql ->where('lastname LIKE ?', $offset.'%');
-      $sql  ->limit($limit);
+      $sql->where('lastname LIKE ?', $offset.'%');
+      $sql->limit($limit);
       }
     else
       {
-      $sql  ->limit($limit, $offset);
+      $sql->limit($limit, $offset);
       }
     switch($order)
       {
@@ -127,6 +132,7 @@ function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset =
       }
     return $return;
     } // end getAll()
+
   /** Get admins */
   function getAdmins()
     {
diff --git a/core/tests/controllers/UserControllerTest.php b/core/tests/controllers/UserControllerTest.php
@@ -237,21 +237,29 @@ public function testUserpageAction()
     $this->resetAll();
     $usersFile = $this->loadData('User', 'default');
     $userDao = $this->User->load($usersFile[0]->getKey());
-    $this->dispatchUrI("/user/userpage", $userDao);
+    $this->dispatchUrI('/user/userpage', $userDao);
 
     $this->assertQuery('div.genericInfo');
 
     $folder = $userDao->getPublicFolder();
     $this->assertQuery("tr[element='".$folder->getKey()."']");
 
-    $this->params = array();
-    $this->params['user_id'] = $userDao->getKey();
-    $this->dispatchUrI("/user/userpage", null, false);
+    // Should be able to see this user page since user is public
+    $this->resetAll();
+    $this->dispatchUrI('/user/'.$userDao->getKey(), null);
 
     $userDao->setPrivacy(MIDAS_USER_PRIVATE);
     $this->User->save($userDao);
 
-    $this->dispatchUrI("/user/userpage", null, true);
+    // Should throw an exception since the user is now private
+    $this->resetAll();
+    $this->dispatchUrI('/user/'.$userDao->getKey(), null, true);
+
+    // Private user should be able to view his own user page
+    $this->resetAll();
+    $this->dispatchUrI('/user/'.$userDao->getKey(), $userDao);
+    $this->assertController('user');
+    $this->assertAction('userpage');
     }
 
   /** test validentry */

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ function indexAction()`
`44`	`44`
`45`	`45`	`$order = $this->_getParam('order');`
`46`	`46`	`$offset = $this->_getParam('offset');`
	`47`	`+`
`47`	`48`	`if(!isset($order))`
`48`	`49`	`{`
`49`	`50`	`$order = 'view';`
`@@ -59,7 +60,7 @@ function indexAction()`
`59`	`60`	`}`
`60`	`61`	`else`
`61`	`62`	`{`
`62`		`- $users = $this->User->getAll(true, 100, $order, $offset);`
	`63`	`+ $users = $this->User->getAll(true, 100, $order, $offset, $this->userSession->Dao);`
`63`	`64`	`}`
`64`	`65`
`65`	`66`	`$this->view->order = $order;`
`@@ -668,7 +669,9 @@ public function userpageAction()`
`668`	`669`	`else`
`669`	`670`	`{`
`670`	`671`	`$userDao = $this->User->load($user_id);`
`671`		`- if($userDao->getPrivacy() == MIDAS_USER_PRIVATE && (!isset($this->userSession->Dao) \|\| !$this->userSession->Dao->isAdmin()))`
	`672`	`+ if($userDao->getPrivacy() == MIDAS_USER_PRIVATE &&`
	`673`	`+ (!$this->logged \|\| $this->userSession->Dao->getKey() != $userDao->getKey()) &&`
	`674`	`+ (!isset($this->userSession->Dao) \|\| !$this->userSession->Dao->isAdmin()))`
`672`	`675`	`{`
`673`	`676`	`throw new Zend_Exception("Permission error");`
`674`	`677`	`}`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ abstract function getByUuid($uuid);`
`67`	`67`	`/** Returns a user given its folder (either public,private or base folder) */`
`68`	`68`	`abstract function getByFolder($folder);`
`69`	`69`	`/** Returns all the users */`
`70`		`- abstract function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null);`
	`70`	`+ abstract function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null, $currentUser = null);`
`71`	`71`
`72`	`72`	`/** save */`
`73`	`73`	`public function save($dao)`
`@@ -226,4 +226,4 @@ public function getGravatarUrl($email, $s = 32, $d = '404', $r = 'g', $img = fal`
`226`	`226`	`}`
`227`	`227`	`return $url;`
`228`	`228`	`}`
`229`		`-} // end class UserModelBase`
	`229`	`+} // end class UserModelBase`
Original file line number	Diff line number	Diff line change
`@@ -83,26 +83,31 @@ public function getUserCommunities($userDao)`
`83`	`83`	`} // end getUserCommunities`
`84`	`84`
`85`	`85`	`/** Get all */`
`86`		`- function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null)`
	`86`	`+ function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset = null, $currentUser = null)`
`87`	`87`	`{`
`88`	`88`	`$sql = $this->database->select();`
`89`	`89`	`if($onlyPublic)`
`90`	`90`	`{`
`91`		`- $sql ->where('privacy = ?', MIDAS_USER_PUBLIC);`
	`91`	`+ $orClause = '';`
	`92`	`+ if($currentUser !== null && $currentUser->getPrivacy() == MIDAS_USER_PRIVATE)`
	`93`	`+ {`
	`94`	`+ $orClause = ' OR '.$this->database->getDB()->quoteInto('user_id = ? ', $currentUser->getUserId());`
	`95`	`+ }`
	`96`	`+ $sql->where('privacy = ?'.$orClause, MIDAS_USER_PUBLIC);`
`92`	`97`	`}`
`93`	`98`
`94`	`99`	`if($offset == null)`
`95`	`100`	`{`
`96`		`- $sql ->limit($limit);`
	`101`	`+ $sql->limit($limit);`
`97`	`102`	`}`
`98`	`103`	`elseif(!is_numeric($offset))`
`99`	`104`	`{`
`100`		`- $sql ->where('lastname LIKE ?', $offset.'%');`
`101`		`- $sql ->limit($limit);`
	`105`	`+ $sql->where('lastname LIKE ?', $offset.'%');`
	`106`	`+ $sql->limit($limit);`
`102`	`107`	`}`
`103`	`108`	`else`
`104`	`109`	`{`
`105`		`- $sql ->limit($limit, $offset);`
	`110`	`+ $sql->limit($limit, $offset);`
`106`	`111`	`}`
`107`	`112`	`switch($order)`
`108`	`113`	`{`
`@@ -127,6 +132,7 @@ function getAll($onlyPublic = false, $limit = 20, $order = 'lastname', $offset =`
`127`	`132`	`}`
`128`	`133`	`return $return;`
`129`	`134`	`} // end getAll()`
	`135`	`+`
`130`	`136`	`/** Get admins */`
`131`	`137`	`function getAdmins()`
`132`	`138`	`{`