From: Anton Khorev Date: Sat, 13 Jul 2024 11:48:44 +0000 (+0300) Subject: Merge branch 'pull/4961' X-Git-Tag: live~401 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/392d3d12264c83d7ab03d34471792476fac31cf6?hp=6d217da3b65be4f2973c536fd8fb0765e2a6e450 Merge branch 'pull/4961' --- diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb index c0b2f3982..a0eea302f 100644 --- a/app/abilities/ability.rb +++ b/app/abilities/ability.rb @@ -42,7 +42,8 @@ class Ability can [:new, :show, :create, :destroy], :oauth2_authorization can [:edit, :update, :destroy], :account can [:show], :dashboard - can [:new, :create, :edit, :update, :comment, :subscribe, :unsubscribe], DiaryEntry + can [:new, :create, :edit, :update, :subscribe, :unsubscribe], DiaryEntry + can [:create], DiaryComment can [:make_friend, :remove_friend], Friendship can [:new, :create, :reply, :show, :inbox, :outbox, :muted, :mark, :unmute, :destroy], Message can [:close, :reopen], Note diff --git a/app/assets/javascripts/auth_providers.js b/app/assets/javascripts/auth_providers.js index 75eca253e..38a7287a0 100644 --- a/app/assets/javascripts/auth_providers.js +++ b/app/assets/javascripts/auth_providers.js @@ -12,11 +12,9 @@ $(document).ready(function () { $("#openid_open_url").click(function () { $("#openid_url").val("http://"); $("#login_auth_buttons").hide(); - $("#login_openid_url").show(); - $("#openid_login_button").show(); + $("#openid_login_form").show(); }); // Hide OpenID field for now - $("#login_openid_url").hide(); - $("#openid_login_button").hide(); + $("#openid_login_form").hide(); }); diff --git a/app/controllers/diary_comments_controller.rb b/app/controllers/diary_comments_controller.rb index 8abf2071b..a9a7a2641 100644 --- a/app/controllers/diary_comments_controller.rb +++ b/app/controllers/diary_comments_controller.rb @@ -11,7 +11,7 @@ class DiaryCommentsController < ApplicationController authorize_resource before_action :lookup_user, :only => :index - before_action :check_database_writable, :only => [:hide, :unhide] + before_action :check_database_writable, :only => [:create, :hide, :unhide] allow_thirdparty_images :only => :index @@ -26,6 +26,29 @@ class DiaryCommentsController < ApplicationController @comments, @newer_comments_id, @older_comments_id = get_page_items(comments, :includes => [:user]) end + def create + @entry = DiaryEntry.find(params[:id]) + @comments = @entry.visible_comments + @diary_comment = @entry.comments.build(comment_params) + @diary_comment.user = current_user + if @diary_comment.save + + # Notify current subscribers of the new comment + @entry.subscribers.visible.each do |user| + UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user + end + + # Add the commenter to the subscribers if necessary + @entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id) + + redirect_to diary_entry_path(@entry.user, @entry) + else + render :action => "new" + end + rescue ActiveRecord::RecordNotFound + render "diary_entries/no_such_entry", :status => :not_found + end + def hide comment = DiaryComment.find(params[:comment]) comment.update(:visible => false) @@ -37,4 +60,12 @@ class DiaryCommentsController < ApplicationController comment.update(:visible => true) redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry) end + + private + + ## + # return permitted diary comment parameters + def comment_params + params.require(:diary_comment).permit(:body) + end end diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb index bf6e8d0b1..1a888547d 100644 --- a/app/controllers/diary_entries_controller.rb +++ b/app/controllers/diary_entries_controller.rb @@ -11,7 +11,7 @@ class DiaryEntriesController < ApplicationController authorize_resource before_action :lookup_user, :only => :show - before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :unhide, :subscribe, :unsubscribe] + before_action :check_database_writable, :only => [:new, :create, :edit, :update, :hide, :unhide, :subscribe, :unsubscribe] allow_thirdparty_images :only => [:new, :create, :edit, :update, :index, :show] @@ -136,29 +136,6 @@ class DiaryEntriesController < ApplicationController render :action => "no_such_entry", :status => :not_found end - def comment - @entry = DiaryEntry.find(params[:id]) - @comments = @entry.visible_comments - @diary_comment = @entry.comments.build(comment_params) - @diary_comment.user = current_user - if @diary_comment.save - - # Notify current subscribers of the new comment - @entry.subscribers.visible.each do |user| - UserMailer.diary_comment_notification(@diary_comment, user).deliver_later if current_user != user - end - - # Add the commenter to the subscribers if necessary - @entry.subscriptions.create(:user => current_user) unless @entry.subscribers.exists?(current_user.id) - - redirect_to diary_entry_path(@entry.user, @entry) - else - render :action => "show" - end - rescue ActiveRecord::RecordNotFound - render :action => "no_such_entry", :status => :not_found - end - def subscribe @diary_entry = DiaryEntry.find(params[:id]) @@ -239,12 +216,6 @@ class DiaryEntriesController < ApplicationController ActionController::Parameters.new.permit(:title, :body, :language_code, :latitude, :longitude) end - ## - # return permitted diary comment parameters - def comment_params - params.require(:diary_comment).permit(:body) - end - ## # decide on a location for the diary entry map def set_map_location diff --git a/app/views/application/_auth_providers.html.erb b/app/views/application/_auth_providers.html.erb index ddf143d96..96a20fd85 100644 --- a/app/views/application/_auth_providers.html.erb +++ b/app/views/application/_auth_providers.html.erb @@ -44,7 +44,7 @@ <%# :tabindex starts high to allow rendering at the bottom of the template %> <%= form_tag(auth_path(:provider => "openid"), :id => "openid_login_form") do %> -
+
- <%= submit_tag t(".openid_login_button"), :tabindex => 21, :id => "openid_login_button", :class => "btn btn-primary" %> + <%= submit_tag t(".openid_login_button"), :tabindex => 21, :class => "btn btn-primary" %> <% end %>
diff --git a/app/views/diary_comments/new.html.erb b/app/views/diary_comments/new.html.erb new file mode 100644 index 000000000..91e646944 --- /dev/null +++ b/app/views/diary_comments/new.html.erb @@ -0,0 +1,12 @@ +<% content_for :heading do %> +

<%= t ".heading" %>

+<% end %> + +<%= render :partial => "diary_entries/diary_entry_heading", :object => @entry, :as => "diary_entry" %> + +

<%= t "diary_entries.show.leave_a_comment" %>

+ +<%= bootstrap_form_for @diary_comment, :url => comment_diary_entry_path(@entry.user, @entry) do |f| %> + <%= f.richtext_field :body, :cols => 80, :rows => 20, :hide_label => true %> + <%= f.primary %> +<% end %> diff --git a/app/views/diary_entries/show.html.erb b/app/views/diary_entries/show.html.erb index 1830c9ced..cfed1c46d 100644 --- a/app/views/diary_entries/show.html.erb +++ b/app/views/diary_entries/show.html.erb @@ -34,7 +34,7 @@ <% if current_user %>

<%= t ".leave_a_comment" %>

- <%= bootstrap_form_for @entry.comments.new, :url => { :action => "comment" } do |f| %> + <%= bootstrap_form_for @entry.comments.new, :url => comment_diary_entry_path(@entry.user, @entry) do |f| %> <%= f.richtext_field :body, :cols => 80, :rows => 20, :hide_label => true %> <%= f.primary %> <% end %> diff --git a/config/locales/en.yml b/config/locales/en.yml index c5978b5d7..1d86de208 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -609,6 +609,8 @@ en: comment: Comment newer_comments: "Newer Comments" older_comments: "Older Comments" + new: + heading: Add a comment to the following diary entry discussion? doorkeeper: errors: messages: diff --git a/config/routes.rb b/config/routes.rb index 98c8ba15e..0d1df9678 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -237,7 +237,7 @@ OpenStreetMap::Application.routes.draw do scope "/user/:display_name" do resources :diary_entries, :path => "diary", :only => [:edit, :update, :show], :id => /\d+/ end - post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/, :as => :comment_diary_entry + post "/user/:display_name/diary/:id/newcomment" => "diary_comments#create", :id => /\d+/, :as => :comment_diary_entry post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry post "/user/:display_name/diary/:id/unhide" => "diary_entries#unhide", :id => /\d+/, :as => :unhide_diary_entry post "/user/:display_name/diary/:id/hidecomment/:comment" => "diary_comments#hide", :id => /\d+/, :comment => /\d+/, :as => :hide_diary_comment diff --git a/test/abilities/abilities_test.rb b/test/abilities/abilities_test.rb index 58ef2b514..cc981b792 100644 --- a/test/abilities/abilities_test.rb +++ b/test/abilities/abilities_test.rb @@ -25,11 +25,11 @@ class GuestAbilityTest < AbilityTest assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments" end - [:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action| + [:create, :edit, :subscribe, :unsubscribe, :hide, :unhide].each do |action| assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries" end - [:hide, :unhide].each do |action| + [:create, :hide, :unhide].each do |action| assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryComments" end end @@ -55,11 +55,11 @@ class UserAbilityTest < AbilityTest test "Diary permissions" do ability = Ability.new create(:user) - [:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe].each do |action| + [:index, :rss, :show, :create, :edit, :subscribe, :unsubscribe].each do |action| assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries" end - [:index].each do |action| + [:index, :create].each do |action| assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments" end @@ -100,11 +100,11 @@ end class AdministratorAbilityTest < AbilityTest test "Diary for an administrator" do ability = Ability.new create(:administrator_user) - [:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action| + [:index, :rss, :show, :create, :edit, :subscribe, :unsubscribe, :hide, :unhide].each do |action| assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries" end - [:index, :hide, :unhide].each do |action| + [:index, :create, :hide, :unhide].each do |action| assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments" end end diff --git a/test/controllers/diary_comments_controller_test.rb b/test/controllers/diary_comments_controller_test.rb index e2ad4c91b..2ebf52d16 100644 --- a/test/controllers/diary_comments_controller_test.rb +++ b/test/controllers/diary_comments_controller_test.rb @@ -12,6 +12,10 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest { :path => "/user/username/diary/comments", :method => :get }, { :controller => "diary_comments", :action => "index", :display_name => "username" } ) + assert_routing( + { :path => "/user/username/diary/1/newcomment", :method => :post }, + { :controller => "diary_comments", :action => "create", :display_name => "username", :id => "1" } + ) assert_routing( { :path => "/user/username/diary/1/hidecomment/2", :method => :post }, { :controller => "diary_comments", :action => "hide", :display_name => "username", :id => "1", :comment => "2" } @@ -69,6 +73,113 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest end end + def test_create + user = create(:user) + other_user = create(:user) + entry = create(:diary_entry, :user => user) + create(:diary_entry_subscription, :diary_entry => entry, :user => user) + + # Make sure that you are denied when you are not logged in + post comment_diary_entry_path(entry.user, entry) + assert_response :forbidden + + session_for(other_user) + + # Verify that you get a not found error, when you pass a bogus id + post comment_diary_entry_path(entry.user, :id => 9999) + assert_response :not_found + assert_select "div.content-heading", :count => 1 do + assert_select "h1", :text => "No entry with the id: 9999", :count => 1 + end + + # Now try an invalid comment with an empty body + assert_no_difference "ActionMailer::Base.deliveries.size" do + assert_no_difference "DiaryComment.count" do + assert_no_difference "entry.subscribers.count" do + perform_enqueued_jobs do + post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "" }) + end + end + end + end + assert_response :success + assert_template :new + + # Now try again with the right id + assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do + assert_difference "DiaryComment.count", 1 do + assert_difference "entry.subscribers.count", 1 do + perform_enqueued_jobs do + post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "New comment" }) + end + end + end + end + assert_redirected_to diary_entry_path(entry.user, entry) + email = ActionMailer::Base.deliveries.first + assert_equal [user.email], email.to + assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject + assert_match(/New comment/, email.text_part.decoded) + assert_match(/New comment/, email.html_part.decoded) + ActionMailer::Base.deliveries.clear + comment = DiaryComment.order(:id).last + assert_equal entry.id, comment.diary_entry_id + assert_equal other_user.id, comment.user_id + assert_equal "New comment", comment.body + + # Now show the diary entry, and check the new comment is present + get diary_entry_path(entry.user, entry) + assert_response :success + assert_select ".diary-comment", :count => 1 do + assert_select "#comment#{comment.id}", :count => 1 do + assert_select "a[href='/user/#{ERB::Util.u(other_user.display_name)}']", :text => other_user.display_name, :count => 1 + end + assert_select ".richtext", :text => /New comment/, :count => 1 + end + end + + def test_create_spammy + user = create(:user) + other_user = create(:user) + entry = create(:diary_entry, :user => user) + create(:diary_entry_subscription, :diary_entry => entry, :user => user) + + session_for(other_user) + + # Generate some spammy content + spammy_text = 1.upto(50).map { |n| "http://example.com/spam#{n}" }.join(" ") + + # Try creating a spammy comment + assert_difference "ActionMailer::Base.deliveries.size", 1 do + assert_difference "DiaryComment.count", 1 do + perform_enqueued_jobs do + post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => spammy_text }) + end + end + end + assert_redirected_to diary_entry_path(entry.user, entry) + email = ActionMailer::Base.deliveries.first + assert_equal [user.email], email.to + assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject + assert_match %r{http://example.com/spam}, email.text_part.decoded + assert_match %r{http://example.com/spam}, email.html_part.decoded + ActionMailer::Base.deliveries.clear + comment = DiaryComment.order(:id).last + assert_equal entry.id, comment.diary_entry_id + assert_equal other_user.id, comment.user_id + assert_equal spammy_text, comment.body + assert_equal "suspended", User.find(other_user.id).status + + # Follow the redirect + get diary_entries_path(:display_name => user.display_name) + assert_redirected_to :controller => :users, :action => :suspended + + # Now show the diary entry, and check the new comment is not present + get diary_entry_path(entry.user, entry) + assert_response :success + assert_select ".diary-comment", :count => 0 + end + def test_hide user = create(:user) diary_entry = create(:diary_entry, :user => user) diff --git a/test/controllers/diary_entries_controller_test.rb b/test/controllers/diary_entries_controller_test.rb index d0453bf08..9acd72c67 100644 --- a/test/controllers/diary_entries_controller_test.rb +++ b/test/controllers/diary_entries_controller_test.rb @@ -69,10 +69,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest { :path => "/user/username/diary/1", :method => :put }, { :controller => "diary_entries", :action => "update", :display_name => "username", :id => "1" } ) - assert_routing( - { :path => "/user/username/diary/1/newcomment", :method => :post }, - { :controller => "diary_entries", :action => "comment", :display_name => "username", :id => "1" } - ) assert_routing( { :path => "/user/username/diary/1/hide", :method => :post }, { :controller => "diary_entries", :action => "hide", :display_name => "username", :id => "1" } @@ -340,113 +336,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry" end - def test_comment - user = create(:user) - other_user = create(:user) - entry = create(:diary_entry, :user => user) - create(:diary_entry_subscription, :diary_entry => entry, :user => user) - - # Make sure that you are denied when you are not logged in - post comment_diary_entry_path(entry.user, entry) - assert_response :forbidden - - session_for(other_user) - - # Verify that you get a not found error, when you pass a bogus id - post comment_diary_entry_path(entry.user, :id => 9999) - assert_response :not_found - assert_select "div.content-heading", :count => 1 do - assert_select "h1", :text => "No entry with the id: 9999", :count => 1 - end - - # Now try an invalid comment with an empty body - assert_no_difference "ActionMailer::Base.deliveries.size" do - assert_no_difference "DiaryComment.count" do - assert_no_difference "entry.subscribers.count" do - perform_enqueued_jobs do - post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "" }) - end - end - end - end - assert_response :success - assert_template :show - - # Now try again with the right id - assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do - assert_difference "DiaryComment.count", 1 do - assert_difference "entry.subscribers.count", 1 do - perform_enqueued_jobs do - post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => "New comment" }) - end - end - end - end - assert_redirected_to :action => :show, :display_name => entry.user.display_name, :id => entry.id - email = ActionMailer::Base.deliveries.first - assert_equal [user.email], email.to - assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject - assert_match(/New comment/, email.text_part.decoded) - assert_match(/New comment/, email.html_part.decoded) - ActionMailer::Base.deliveries.clear - comment = DiaryComment.order(:id).last - assert_equal entry.id, comment.diary_entry_id - assert_equal other_user.id, comment.user_id - assert_equal "New comment", comment.body - - # Now show the diary entry, and check the new comment is present - get diary_entry_path(entry.user, entry) - assert_response :success - assert_select ".diary-comment", :count => 1 do - assert_select "#comment#{comment.id}", :count => 1 do - assert_select "a[href='/user/#{ERB::Util.u(other_user.display_name)}']", :text => other_user.display_name, :count => 1 - end - assert_select ".richtext", :text => /New comment/, :count => 1 - end - end - - def test_comment_spammy - user = create(:user) - other_user = create(:user) - entry = create(:diary_entry, :user => user) - create(:diary_entry_subscription, :diary_entry => entry, :user => user) - - session_for(other_user) - - # Generate some spammy content - spammy_text = 1.upto(50).map { |n| "http://example.com/spam#{n}" }.join(" ") - - # Try creating a spammy comment - assert_difference "ActionMailer::Base.deliveries.size", 1 do - assert_difference "DiaryComment.count", 1 do - perform_enqueued_jobs do - post comment_diary_entry_path(entry.user, entry, :diary_comment => { :body => spammy_text }) - end - end - end - assert_redirected_to :action => :show, :display_name => entry.user.display_name, :id => entry.id - email = ActionMailer::Base.deliveries.first - assert_equal [user.email], email.to - assert_equal "[OpenStreetMap] #{other_user.display_name} commented on a diary entry", email.subject - assert_match %r{http://example.com/spam}, email.text_part.decoded - assert_match %r{http://example.com/spam}, email.html_part.decoded - ActionMailer::Base.deliveries.clear - comment = DiaryComment.order(:id).last - assert_equal entry.id, comment.diary_entry_id - assert_equal other_user.id, comment.user_id - assert_equal spammy_text, comment.body - assert_equal "suspended", User.find(other_user.id).status - - # Follow the redirect - get diary_entries_path(:display_name => user.display_name) - assert_redirected_to :controller => :users, :action => :suspended - - # Now show the diary entry, and check the new comment is not present - get diary_entry_path(entry.user, entry) - assert_response :success - assert_select ".diary-comment", :count => 0 - end - def test_index_all diary_entry = create(:diary_entry) geo_entry = create(:diary_entry, :latitude => 51.50763, :longitude => -0.10781) diff --git a/test/system/user_signup_test.rb b/test/system/user_signup_test.rb index 0835df741..0e02b904f 100644 --- a/test/system/user_signup_test.rb +++ b/test/system/user_signup_test.rb @@ -8,4 +8,16 @@ class UserSignupTest < ApplicationSystemTestCase assert_content "Confirm Password" end + + test "Show OpenID form when OpenID provider button is clicked" do + visit login_path + + assert_no_field "OpenID URL" + assert_no_button "Continue" + + click_on "Log in with OpenID" + + assert_field "OpenID URL" + assert_button "Continue" + end end