From b31b2de6f581ac193d6db8360772486a1a7918cb Mon Sep 17 00:00:00 2001 From: ilya Date: Tue, 19 Oct 2010 18:25:59 -0700 Subject: [PATCH 1/9] MS IZ aspect add and delete for a person --- app/models/user.rb | 18 +++- lib/diaspora/user/querying.rb | 5 + spec/models/aspect_spec.rb | 134 +++++++++++++++++++------ spec/models/user/visible_posts_spec.rb | 15 ++- 4 files changed, 138 insertions(+), 34 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 1593ee29c..f5b9b7ffa 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -54,7 +54,7 @@ class User many :visible_people, :in => :visible_person_ids, :class_name => 'Person' # One of these needs to go many :pending_requests, :in => :pending_request_ids, :class_name => 'Request' many :raw_visible_posts, :in => :visible_post_ids, :class_name => 'Post' - many :aspects, :class_name => 'Aspect', :dependent => :destroy + many :aspects, :class_name => 'Aspect' after_create :seed_aspects @@ -118,6 +118,22 @@ class User false end + def add_person_to_aspect(person_id, aspect_id) + raise "Can not add person to an aspect you do not own" unless aspect = self.aspects.find_by_id(aspect_id) + raise "Can not add person you are not friends with" unless person = self.find_friend_by_id(person_id) + raise 'Can not add person who is already in the aspect' if aspect.person_ids.include?(person_id) + aspect.people << person + aspect.save + end + + def delete_person_from_aspect(person_id, aspect_id) + raise "Can not delete a person from an aspect you do not own" unless aspect = self.aspects.find_by_id(aspect_id) + aspect.person_ids.delete(person_id) + id_array = aspect.posts.find_all_by_person_id(person_id).collect{|x| x.id} + aspect.post_ids = aspect.post_ids - id_array + aspect.save + end + ######## Posting ######## def post(class_name, options = {}) if class_name == :photo diff --git a/lib/diaspora/user/querying.rb b/lib/diaspora/user/querying.rb index 7e6413749..eae34862b 100644 --- a/lib/diaspora/user/querying.rb +++ b/lib/diaspora/user/querying.rb @@ -34,6 +34,11 @@ module Diaspora aspects.detect{|x| x.id == id } end + def find_friend_by_id(id) + id = id.to_id + friends.detect{|x| x.id == id } + end + def aspects_with_post( id ) self.aspects.find_all_by_post_ids( id.to_id ) end diff --git a/spec/models/aspect_spec.rb b/spec/models/aspect_spec.rb index e91d4a258..abb995ebd 100644 --- a/spec/models/aspect_spec.rb +++ b/spec/models/aspect_spec.rb @@ -129,59 +129,129 @@ describe Aspect do end end - describe "aspect editing" do + context "aspect editing" do + let(:aspect) {@user.aspect(:name => 'losers')} + let(:aspect2) {@user2.aspect(:name => 'failures')} + let(:aspect1) {@user.aspect(:name => 'cats')} + let(:not_friend) { Factory(:person, :diaspora_handle => "not@person.com")} + let(:user3) {Factory(:user)} + let(:aspect3) {user3.aspect(:name => "lala")} + before do - @aspect = @user.aspect(:name => 'losers') - @aspect2 = @user2.aspect(:name => 'failures') - friend_users(@user, @aspect, @user2, @aspect2) - @aspect.reload - @aspect3 = @user.aspect(:name => 'cats') + friend_users(@user, aspect, @user2, aspect2) + aspect.reload @user.reload end it 'should be able to move a friend from one of users existing aspects to another' do - @user.move_friend(:friend_id => @user2.person.id, :from => @aspect.id, :to => @aspect3.id) - @aspect.reload - @aspect3.reload + @user.move_friend(:friend_id => @user2.person.id, :from => aspect.id, :to => aspect1.id) + aspect.reload + aspect1.reload - @aspect.person_ids.include?(@user2.person.id).should be false - @aspect3.people.include?(@user2.person).should be true + aspect.person_ids.include?(@user2.person.id).should be false + aspect1.people.include?(@user2.person).should be true end it "should not move a person who is not a friend" do - @user.move_friend(:friend_id => @friend.id, :from => @aspect.id, :to => @aspect3.id) - @aspect.reload - @aspect3.reload - @aspect.people.include?(@friend).should be false - @aspect3.people.include?(@friend).should be false + @user.move_friend(:friend_id => @friend.id, :from => aspect.id, :to => aspect1.id) + aspect.reload + aspect1.reload + aspect.people.include?(@friend).should be false + aspect1.people.include?(@friend).should be false end it "should not move a person to a aspect that's not his" do - @user.move_friend(:friend_id => @user2.person.id, :from => @aspect.id, :to => @aspect2.id) - @aspect.reload - @aspect2.reload - @aspect.people.include?(@user2.person).should be true - @aspect2.people.include?(@user2.person).should be false + @user.move_friend(:friend_id => @user2.person.id, :from => aspect.id, :to => aspect2.id) + aspect.reload + aspect2.reload + aspect.people.include?(@user2.person).should be true + aspect2.people.include?(@user2.person).should be false end - it 'should move all the by that user to the new aspect' do - message = @user2.post(:status_message, :message => "Hey Dude", :to => @aspect2.id) + it 'should move all posts by that user to the new aspect' do + message = @user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) @user.receive message.to_diaspora_xml, @user2.person - @aspect.reload + aspect.reload - @aspect.posts.count.should == 1 - @aspect3.posts.count.should == 0 + aspect.posts.count.should == 1 + aspect1.posts.count.should == 0 @user.reload - @user.move_friend(:friend_id => @user2.person.id, :from => @aspect.id, :to => @aspect3.id) - @aspect.reload - @aspect3.reload - - @aspect3.posts.count.should == 1 - @aspect.posts.count.should == 0 + @user.move_friend(:friend_id => @user2.person.id, :from => aspect.id, :to => aspect1.id) + aspect.reload + aspect1.reload + aspect1.posts.count.should == 1 + aspect.posts.count.should == 0 end + describe "#add_person_to_aspect" do + it 'adds the user to the aspect' do + aspect1.people.should_not include @user2.person + @user.add_person_to_aspect(@user2.person.id, aspect1.id) + aspect1.reload + aspect1.people.should include @user2.person + end + + it 'raises if its an aspect that the user does not own'do + proc{@user.add_person_to_aspect(@user2.person.id, aspect2.id) }.should raise_error /Can not add person to an aspect you do not own/ + end + + it 'does not allow to have duplicate people in an aspect' do + proc{@user.add_person_to_aspect(not_friend.id, aspect1.id) }.should raise_error /Can not add person you are not friends with/ + end + + it 'does not allow you to add a person if they are already in the aspect' do + proc{@user.add_person_to_aspect(@user2.person.id, aspect.id) }.should raise_error /Can not add person who is already in the aspect/ + end + end + + describe '#delete_person_from_aspect' do + it 'deletes a user from the aspect' do + @user.add_person_to_aspect(@user2.person.id, aspect1.id) + @user.reload + @user.aspects.find_by_id(aspect1.id).people.include?(@user2.person).should be true + @user.delete_person_from_aspect(@user2.person.id, aspect1.id) + @user.reload + @user.aspects.find_by_id(aspect1.id).people.include?(@user2.person).should be false + end + + it 'should check to make sure you have the aspect ' do + proc{@user.delete_person_from_aspect(@user2.person.id, aspect2.id) }.should raise_error /Can not delete a person from an aspect you do not own/ + end + + context 'removing posts' do + before do + friend_users(@user, aspect, user3, aspect3) + + message = @user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) + @user.receive message.to_diaspora_xml, @user2.person + aspect.reload + aspect.posts.count.should == 1 + end + + it 'should remove the users posts from that aspect' do + @user.reload + @user.delete_person_from_aspect(@user2.person.id, aspect.id) + aspect.reload + aspect.posts.count.should == 0 + end + + it 'should not delete other peoples posts' do + message2 = user3.post(:status_message, :message => "other post", :to => aspect3.id) + + @user.receive message2.to_diaspora_xml, user3.person + + aspect.reload + aspect.posts.count.should == 2 + + @user.reload + @user.delete_person_from_aspect(@user2.person.id, aspect.id) + aspect.reload + aspect.posts.should == [message2] + end + end + end end end diff --git a/spec/models/user/visible_posts_spec.rb b/spec/models/user/visible_posts_spec.rb index 6f4345251..4c06643c1 100644 --- a/spec/models/user/visible_posts_spec.rb +++ b/spec/models/user/visible_posts_spec.rb @@ -23,6 +23,7 @@ describe User do before do friend_users(user, first_aspect, user2, user2.aspects.first) + friend_users(user, second_aspect, user3, user3.aspects.first) end describe "#visible_posts" do @@ -48,7 +49,6 @@ describe User do end it "queries by aspect" do - friend_users(user, second_aspect, user3, user3.aspects.first) friend_users(user, second_aspect, user4, user4.aspects.first) user.receive status_message4.to_diaspora_xml, user2.person @@ -67,6 +67,19 @@ describe User do user.find_visible_post_by_id(status_message1.id).should == nil end end + + describe '#find_friend_by_id' do + it 'should find both friends' do + user.reload + user.find_friend_by_id(user2.person.id).should == user2.person + user.find_friend_by_id(user3.person.id).should == user3.person + end + + it 'should not find a non-friend' do + user3.find_friend_by_id(user4.person.id).should be nil + end + + end end context 'albums' do From 38e8af23001d3ded1c0ac43419fd965db5cf3ade Mon Sep 17 00:00:00 2001 From: ilya Date: Tue, 19 Oct 2010 19:16:44 -0700 Subject: [PATCH 2/9] better querying --- Gemfile.lock | 21 +++++++-------------- app/models/user.rb | 2 +- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 91fca3349..14e3f10ef 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -97,7 +97,6 @@ GEM activesupport (= 3.0.1) activesupport (3.0.1) addressable (2.2.2) - archive-tar-minitar (0.5.2) arel (1.0.1) activesupport (~> 3.0.0) aws (2.3.21) @@ -164,8 +163,7 @@ GEM i18n (0.4.1) json (1.4.6) json_pure (1.4.6) - linecache19 (0.5.11) - ruby_core_source (>= 0.1.4) + linecache (0.43) mail (2.2.7) activesupport (>= 2.3.6) mime-types @@ -227,16 +225,11 @@ GEM rspec-expectations (= 2.0.0) rspec-rails (2.0.0) rspec (= 2.0.0) - ruby-debug-base19 (0.11.24) - columnize (>= 0.3.1) - linecache19 (>= 0.5.11) - ruby_core_source (>= 0.1.4) - ruby-debug19 (0.11.6) - columnize (>= 0.3.1) - linecache19 (>= 0.5.11) - ruby-debug-base19 (>= 0.11.19) - ruby_core_source (0.1.4) - archive-tar-minitar (>= 0.5.2) + ruby-debug (0.10.3) + columnize (>= 0.1) + ruby-debug-base (~> 0.10.3.0) + ruby-debug-base (0.10.3) + linecache (>= 0.3) rubyzip (0.9.4) selenium-webdriver (0.0.29) childprocess (>= 0.0.7) @@ -294,7 +287,7 @@ DEPENDENCIES roxml! rspec (>= 2.0.0) rspec-rails (>= 2.0.0) - ruby-debug19 + ruby-debug sprinkle! thin webmock diff --git a/app/models/user.rb b/app/models/user.rb index e79a51de3..9c1305430 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -129,7 +129,7 @@ class User def delete_person_from_aspect(person_id, aspect_id) raise "Can not delete a person from an aspect you do not own" unless aspect = self.aspects.find_by_id(aspect_id) aspect.person_ids.delete(person_id) - id_array = aspect.posts.find_all_by_person_id(person_id).collect{|x| x.id} + id_array = aspect.posts.all(:person_id => person_id, :select => "_id").collect{|x| x.id} aspect.post_ids = aspect.post_ids - id_array aspect.save end From 98a8fbcfb6647ebc76413460b55dca7840e30c23 Mon Sep 17 00:00:00 2001 From: danielvincent Date: Wed, 20 Oct 2010 10:37:00 -0700 Subject: [PATCH 3/9] request badge text color fix --- public/stylesheets/sass/application.sass | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/public/stylesheets/sass/application.sass b/public/stylesheets/sass/application.sass index 064017959..56a781be5 100644 --- a/public/stylesheets/sass/application.sass +++ b/public/stylesheets/sass/application.sass @@ -733,6 +733,11 @@ h1.big_text :display inline :float right + form + :margin + :right 0 + :top 0 + .back :font :size 12px @@ -936,6 +941,7 @@ h1.big_text :color #333 :border-radius 5px + :color #ccc a :color #ccc From ea1ab59c3a2e7878b93f96e152f07397a5d75ebe Mon Sep 17 00:00:00 2001 From: ilya Date: Wed, 20 Oct 2010 11:28:56 -0700 Subject: [PATCH 4/9] MS, IZ finished adding and removing people from aspects methods, refactored the move friend method --- app/models/user.rb | 28 ++-- spec/models/aspect_spec.rb | 268 +++++++++++++++++++------------------ 2 files changed, 148 insertions(+), 148 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 83ce569f6..971311471 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -100,37 +100,33 @@ class User def move_friend(opts = {}) return true if opts[:to] == opts[:from] - friend = Person.first(:_id => opts[:friend_id]) - if self.friend_ids.include?(friend.id) - from_aspect = self.aspect_by_id(opts[:from]) - to_aspect = self.aspect_by_id(opts[:to]) - if from_aspect && to_aspect - posts_to_move = from_aspect.posts.find_all_by_person_id(friend.id) - to_aspect.people << friend - to_aspect.posts << posts_to_move - from_aspect.person_ids.delete(friend.id.to_id) - posts_to_move.each { |x| from_aspect.post_ids.delete(x.id) } - from_aspect.save - to_aspect.save + if opts[:friend_id] && opts[:to] && opts[:from] + from_aspect = self.aspects.first(:_id => opts[:from]) + posts_to_move = from_aspect.posts.find_all_by_person_id(opts[:friend_id]) + if add_person_to_aspect(opts[:friend_id], opts[:to], :posts => posts_to_move) + delete_person_from_aspect(opts[:friend_id], opts[:from], :posts => posts_to_move) return true end end false end - def add_person_to_aspect(person_id, aspect_id) + def add_person_to_aspect(person_id, aspect_id, opts = {}) raise "Can not add person to an aspect you do not own" unless aspect = self.aspects.find_by_id(aspect_id) raise "Can not add person you are not friends with" unless person = self.find_friend_by_id(person_id) raise 'Can not add person who is already in the aspect' if aspect.person_ids.include?(person_id) aspect.people << person + opts[:posts] ||= self.raw_visible_posts.all(:person_id => person_id) + + aspect.posts += opts[:posts] aspect.save end - def delete_person_from_aspect(person_id, aspect_id) + def delete_person_from_aspect(person_id, aspect_id, opts = {}) raise "Can not delete a person from an aspect you do not own" unless aspect = self.aspects.find_by_id(aspect_id) aspect.person_ids.delete(person_id) - id_array = aspect.posts.all(:person_id => person_id, :select => "_id").collect{|x| x.id} - aspect.post_ids = aspect.post_ids - id_array + opts[:posts] ||= aspect.posts.all(:person_id => person_id) + aspect.posts -= opts[:posts] aspect.save end diff --git a/spec/models/aspect_spec.rb b/spec/models/aspect_spec.rb index abb995ebd..1c10f9bf1 100644 --- a/spec/models/aspect_spec.rb +++ b/spec/models/aspect_spec.rb @@ -5,123 +5,128 @@ require 'spec_helper' describe Aspect do - before do - @user = Factory.create(:user) - @friend = Factory.create(:person) - @user2 = Factory.create(:user) - @friend_2 = Factory.create(:person) - end + let(:user ) { Factory.create(:user) } + let(:friend) { Factory.create(:person) } + let(:user2) { Factory.create(:user) } + let(:friend_2) { Factory.create(:person) } + + let(:aspect) {user.aspect(:name => 'losers')} + let(:aspect2) {user2.aspect(:name => 'failures')} + let(:aspect1) {user.aspect(:name => 'cats')} + let(:not_friend) { Factory(:person, :diaspora_handle => "not@person.com")} + let(:user3) {Factory(:user)} + let(:aspect3) {user3.aspect(:name => "lala")} describe 'creation' do it 'should have a name' do - aspect = @user.aspect(:name => 'losers') + aspect = user.aspect(:name => 'losers') aspect.name.should == "losers" end it 'should be creatable with people' do - aspect = @user.aspect(:name => 'losers', :people => [@friend, @friend_2]) + aspect = user.aspect(:name => 'losers', :people => [friend, friend_2]) aspect.people.size.should == 2 end it 'should be able to have other users' do - aspect = @user.aspect(:name => 'losers', :people => [@user2.person]) - aspect.people.include?(@user.person).should be false - aspect.people.include?(@user2.person).should be true + aspect = user.aspect(:name => 'losers', :people => [user2.person]) + aspect.people.include?(user.person).should be false + aspect.people.include?(user2.person).should be true aspect.people.size.should == 1 end it 'should be able to have users and people' do - aspect = @user.aspect(:name => 'losers', :people => [@user2.person, @friend_2]) - aspect.people.include?(@user.person).should be false - aspect.people.include?(@user2.person).should be true - aspect.people.include?(@friend_2).should be true + aspect = user.aspect(:name => 'losers', :people => [user2.person, friend_2]) + aspect.people.include?(user.person).should be false + aspect.people.include?(user2.person).should be true + aspect.people.include?(friend_2).should be true aspect.people.size.should == 2 end end describe 'validation' do before do - @aspect = @user.aspect(:name => 'losers') + @aspect = user.aspect(:name => 'losers') end it 'has a unique name for one user' do - aspect2 = @user.aspect(:name => @aspect.name) + aspect2 = user.aspect(:name => @aspect.name) aspect2.valid?.should be_false end it 'has no uniqueness between users' do - aspect2 = @user2.aspect(:name => @aspect.name) + aspect2 = user2.aspect(:name => @aspect.name) aspect2.valid?.should be_true end end describe 'querying' do before do - @aspect = @user.aspect(:name => 'losers') - @user.activate_friend(@friend, @aspect) - @aspect2 = @user2.aspect(:name => 'failures') - friend_users(@user, @aspect, @user2, @aspect2) + @aspect = user.aspect(:name => 'losers') + user.activate_friend(friend, @aspect) + @aspect2 = user2.aspect(:name => 'failures') + friend_users(user, @aspect, user2, @aspect2) @aspect.reload end it 'belong to a user' do - @aspect.user.id.should == @user.id - @user.aspects.size.should == 3 + @aspect.user.id.should == user.id + user.aspects.size.should == 3 end it 'should have people' do - @aspect.people.all.include?(@friend).should be true + @aspect.people.all.include?(friend).should be true @aspect.people.size.should == 2 end it 'should be accessible through the user' do - aspects = @user.aspects_with_person(@friend) + aspects = user.aspects_with_person(friend) aspects.size.should == 1 aspects.first.id.should == @aspect.id aspects.first.people.size.should == 2 - aspects.first.people.include?(@friend).should be true - aspects.first.people.include?(@user2.person).should be true + aspects.first.people.include?(friend).should be true + aspects.first.people.include?(user2.person).should be true end end describe 'posting' do it 'should add post to aspect via post method' do - aspect = @user.aspect(:name => 'losers', :people => [@friend]) + aspect = user.aspect(:name => 'losers', :people => [friend]) - status_message = @user.post( :status_message, :message => "hey", :to => aspect.id ) + status_message = user.post( :status_message, :message => "hey", :to => aspect.id ) aspect.reload aspect.posts.include?(status_message).should be true end it 'should add post to aspect via receive method' do - aspect = @user.aspect(:name => 'losers') - aspect2 = @user2.aspect(:name => 'winners') - friend_users(@user, aspect, @user2, aspect2) + aspect = user.aspect(:name => 'losers') + aspect2 = user2.aspect(:name => 'winners') + friend_users(user, aspect, user2, aspect2) - message = @user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) + message = user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) - @user.receive message.to_diaspora_xml, @user2.person + user.receive message.to_diaspora_xml, user2.person aspect.reload aspect.posts.include?(message).should be true - @user.visible_posts(:by_members_of => aspect).include?(message).should be true + user.visible_posts(:by_members_of => aspect).include?(message).should be true end it 'should retract the post from the aspects as well' do - aspect = @user.aspect(:name => 'losers') - aspect2 = @user2.aspect(:name => 'winners') - friend_users(@user, aspect, @user2, aspect2) + aspect = user.aspect(:name => 'losers') + aspect2 = user2.aspect(:name => 'winners') + friend_users(user, aspect, user2, aspect2) - message = @user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) + message = user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) - @user.receive message.to_diaspora_xml, @user2.person + user.receive message.to_diaspora_xml, user2.person aspect.reload aspect.post_ids.include?(message.id).should be true - retraction = @user2.retract(message) - @user.receive retraction.to_diaspora_xml, @user2.person + retraction = user2.retract(message) + user.receive retraction.to_diaspora_xml, user2.person aspect.reload @@ -129,129 +134,128 @@ describe Aspect do end end - context "aspect editing" do - let(:aspect) {@user.aspect(:name => 'losers')} - let(:aspect2) {@user2.aspect(:name => 'failures')} - let(:aspect1) {@user.aspect(:name => 'cats')} - let(:not_friend) { Factory(:person, :diaspora_handle => "not@person.com")} - let(:user3) {Factory(:user)} - let(:aspect3) {user3.aspect(:name => "lala")} + context "aspect management" do + before do - friend_users(@user, aspect, @user2, aspect2) + friend_users(user, aspect, user2, aspect2) aspect.reload - @user.reload - end - - it 'should be able to move a friend from one of users existing aspects to another' do - @user.move_friend(:friend_id => @user2.person.id, :from => aspect.id, :to => aspect1.id) - aspect.reload - aspect1.reload - - aspect.person_ids.include?(@user2.person.id).should be false - aspect1.people.include?(@user2.person).should be true - end - - it "should not move a person who is not a friend" do - @user.move_friend(:friend_id => @friend.id, :from => aspect.id, :to => aspect1.id) - aspect.reload - aspect1.reload - aspect.people.include?(@friend).should be false - aspect1.people.include?(@friend).should be false - end - - it "should not move a person to a aspect that's not his" do - @user.move_friend(:friend_id => @user2.person.id, :from => aspect.id, :to => aspect2.id) - aspect.reload - aspect2.reload - aspect.people.include?(@user2.person).should be true - aspect2.people.include?(@user2.person).should be false - end - - it 'should move all posts by that user to the new aspect' do - message = @user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) - - @user.receive message.to_diaspora_xml, @user2.person - aspect.reload - - aspect.posts.count.should == 1 - aspect1.posts.count.should == 0 - - @user.reload - @user.move_friend(:friend_id => @user2.person.id, :from => aspect.id, :to => aspect1.id) - aspect.reload - aspect1.reload - - aspect1.posts.count.should == 1 - aspect.posts.count.should == 0 + user.reload end + describe "#add_person_to_aspect" do it 'adds the user to the aspect' do - aspect1.people.should_not include @user2.person - @user.add_person_to_aspect(@user2.person.id, aspect1.id) + aspect1.people.should_not include user2.person + user.add_person_to_aspect(user2.person.id, aspect1.id) aspect1.reload - aspect1.people.should include @user2.person + aspect1.people.should include user2.person end it 'raises if its an aspect that the user does not own'do - proc{@user.add_person_to_aspect(@user2.person.id, aspect2.id) }.should raise_error /Can not add person to an aspect you do not own/ + proc{user.add_person_to_aspect(user2.person.id, aspect2.id) }.should raise_error /Can not add person to an aspect you do not own/ end it 'does not allow to have duplicate people in an aspect' do - proc{@user.add_person_to_aspect(not_friend.id, aspect1.id) }.should raise_error /Can not add person you are not friends with/ + proc{user.add_person_to_aspect(not_friend.id, aspect1.id) }.should raise_error /Can not add person you are not friends with/ end it 'does not allow you to add a person if they are already in the aspect' do - proc{@user.add_person_to_aspect(@user2.person.id, aspect.id) }.should raise_error /Can not add person who is already in the aspect/ + proc{user.add_person_to_aspect(user2.person.id, aspect.id) }.should raise_error /Can not add person who is already in the aspect/ end end describe '#delete_person_from_aspect' do it 'deletes a user from the aspect' do - @user.add_person_to_aspect(@user2.person.id, aspect1.id) - @user.reload - @user.aspects.find_by_id(aspect1.id).people.include?(@user2.person).should be true - @user.delete_person_from_aspect(@user2.person.id, aspect1.id) - @user.reload - @user.aspects.find_by_id(aspect1.id).people.include?(@user2.person).should be false + user.add_person_to_aspect(user2.person.id, aspect1.id) + user.reload + user.aspects.find_by_id(aspect1.id).people.include?(user2.person).should be true + user.delete_person_from_aspect(user2.person.id, aspect1.id) + user.reload + user.aspects.find_by_id(aspect1.id).people.include?(user2.person).should be false end it 'should check to make sure you have the aspect ' do - proc{@user.delete_person_from_aspect(@user2.person.id, aspect2.id) }.should raise_error /Can not delete a person from an aspect you do not own/ + proc{user.delete_person_from_aspect(user2.person.id, aspect2.id) }.should raise_error /Can not delete a person from an aspect you do not own/ + end + end + + context 'moving and removing posts' do + + let(:message) { user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id)} + let(:message2){user3.post(:status_message, :message => "other post", :to => aspect3.id)} + + before do + friend_users(user, aspect, user3, aspect3) + user.receive message.to_diaspora_xml, user2.person + user.receive message2.to_diaspora_xml, user3.person + aspect.reload + @post_count = aspect.posts.count + @post_count1 = aspect1.posts.count + + user.reload + end + + it 'moves the persons posts into the new aspect' do + user.add_person_to_aspect(user2.person.id, aspect1.id, :posts => [message] ) + aspect1.reload + aspect1.posts.should == [message] end - context 'removing posts' do - before do - friend_users(@user, aspect, user3, aspect3) + + it 'should remove the users posts from that aspect' do + user.delete_person_from_aspect(user2.person.id, aspect.id) + aspect.reload + aspect.posts.count.should == @post_count - 1 + end - message = @user2.post(:status_message, :message => "Hey Dude", :to => aspect2.id) - @user.receive message.to_diaspora_xml, @user2.person - aspect.reload - aspect.posts.count.should == 1 - end + it 'should not delete other peoples posts' do + user.delete_person_from_aspect(user2.person.id, aspect.id) + aspect.reload + aspect.posts.should == [message2] + end - it 'should remove the users posts from that aspect' do - @user.reload - @user.delete_person_from_aspect(@user2.person.id, aspect.id) - aspect.reload - aspect.posts.count.should == 0 - end + describe '#move_friend' do + it 'should be able to move a friend from one of users existing aspects to another' do + user.move_friend(:friend_id => user2.person.id, :from => aspect.id, :to => aspect1.id) + aspect.reload + aspect1.reload - it 'should not delete other peoples posts' do - message2 = user3.post(:status_message, :message => "other post", :to => aspect3.id) + aspect.person_ids.include?(user2.person.id).should be false + aspect1.people.include?(user2.person).should be true + end - @user.receive message2.to_diaspora_xml, user3.person + it "should not move a person who is not a friend" do + proc{ user.move_friend(:friend_id => friend.id, :from => aspect.id, :to => aspect1.id) }.should raise_error /Can not add person you are not friends with/ + aspect.reload + aspect1.reload + aspect.people.include?(friend).should be false + aspect1.people.include?(friend).should be false + end - aspect.reload - aspect.posts.count.should == 2 + it "should not move a person to a aspect that's not his" do + proc {user.move_friend(:friend_id => user2.person.id, :from => aspect.id, :to => aspect2.id )}.should raise_error /Can not add person to an aspect you do not own/ + aspect.reload + aspect2.reload + aspect.people.include?(user2.person).should be true + aspect2.people.include?(user2.person).should be false + end - @user.reload - @user.delete_person_from_aspect(@user2.person.id, aspect.id) - aspect.reload - aspect.posts.should == [message2] - end + it 'should move all posts by that user to the new aspect' do + user.move_friend(:friend_id => user2.person.id, :from => aspect.id, :to => aspect1.id) + aspect.reload + aspect1.reload + + aspect1.posts.count.should == @post_count1 + 1 + aspect.posts.count.should == @post_count - 1 + end + + it 'does not try to delete if add person did not go through' do + user.should_receive(:add_person_to_aspect).and_return(false) + user.should_not_receive(:delete_person_from_aspect) + user.move_friend(:friend_id => user2.person.id, :from => aspect.id, :to => aspect1.id) end end + end end end From e6de6179e9c925166b8413b4ad2ee94378232295 Mon Sep 17 00:00:00 2001 From: ilya Date: Wed, 20 Oct 2010 11:47:09 -0700 Subject: [PATCH 5/9] MS IZ dependant destroy is back for aspects --- app/models/user.rb | 2 +- spec/models/aspect_spec.rb | 32 ++++++++++++++------------------ 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index dff616ef5..bf301bc10 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -60,7 +60,7 @@ class User many :visible_people, :in => :visible_person_ids, :class_name => 'Person' # One of these needs to go many :pending_requests, :in => :pending_request_ids, :class_name => 'Request' many :raw_visible_posts, :in => :visible_post_ids, :class_name => 'Post' - many :aspects, :class_name => 'Aspect' + many :aspects, :class_name => 'Aspect', :dependent => :destroy #after_create :seed_aspects diff --git a/spec/models/aspect_spec.rb b/spec/models/aspect_spec.rb index ef217042c..9e6d01200 100644 --- a/spec/models/aspect_spec.rb +++ b/spec/models/aspect_spec.rb @@ -46,47 +46,43 @@ describe Aspect do describe 'validation' do before do - @aspect = user.aspect(:name => 'losers') + aspect end it 'has a unique name for one user' do - aspect2 = user.aspect(:name => @aspect.name) + aspect2 = user.aspect(:name => aspect.name) aspect2.valid?.should be_false end it 'has no uniqueness between users' do - aspect2 = user2.aspect(:name => @aspect.name) + aspect2 = user2.aspect(:name => aspect.name) aspect2.valid?.should be_true end end describe 'querying' do before do - @aspect = user.aspect(:name => 'losers') - user.activate_friend(friend, @aspect) - @aspect2 = user2.aspect(:name => 'failures') - friend_users(user, @aspect, user2, @aspect2) - @aspect.reload + aspect + user.activate_friend(friend, aspect) + aspect2 + friend_users(user, aspect, user2, aspect2) + aspect.reload + user.reload end it 'belong to a user' do -<<<<<<< HEAD - @aspect.user.id.should == user.id - user.aspects.size.should == 3 -======= - @aspect.user.id.should == @user.id - @user.aspects.size.should == 1 ->>>>>>> 961510a8ed06590109a8090686355ffdcde71180 + aspect.user.id.should == user.id + user.aspects.should == [aspect] end it 'should have people' do - @aspect.people.all.include?(friend).should be true - @aspect.people.size.should == 2 + aspect.people.all.include?(friend).should be true + aspect.people.size.should == 2 end it 'should be accessible through the user' do aspects = user.aspects_with_person(friend) aspects.size.should == 1 - aspects.first.id.should == @aspect.id + aspects.first.id.should == aspect.id aspects.first.people.size.should == 2 aspects.first.people.include?(friend).should be true aspects.first.people.include?(user2.person).should be true From 9c8e514642751eda55acc2963b82a7a7a5c52788 Mon Sep 17 00:00:00 2001 From: Raphael Date: Wed, 20 Oct 2010 12:15:13 -0700 Subject: [PATCH 6/9] Adding a spec for a mass-assignment attack through profile update --- spec/controllers/users_controller_spec.rb | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 502353f6a..f00a519db 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -24,17 +24,26 @@ describe UsersController do before do @user.person.profile.image_url = "http://tom.joindiaspora.com/images/user/tom.jpg" @user.person.profile.save + + @params = {"profile"=> + {"image_url" => "", + "last_name" => @user.person.profile.last_name, + "first_name" => @user.person.profile.first_name}} end it "doesn't overwrite the profile photo when an empty string is passed in" do image_url = @user.person.profile.image_url - put("update", :id => @user.id, "user"=> {"profile"=> - {"image_url" => "", - "last_name" => @user.person.profile.last_name, - "first_name" => @user.person.profile.first_name}}) + put("update", :id => @user.id, "user" => @params) @user.person.profile.image_url.should == image_url end + it "doesn't overwrite random attributes" do + new_user = Factory.create(:user) + @params[:owner_id] = new_user.id + person = @user.person + put('update', :id => @user.id, "user" => @params) + Person.find(person.id).owner_id.should == @user.id + end end context 'should allow the user to update their password' do From 61122b83d041216b3a12dc2bbf8ce6b3ac0b4dda Mon Sep 17 00:00:00 2001 From: danielvincent Date: Wed, 20 Oct 2010 12:19:06 -0700 Subject: [PATCH 7/9] make profile button on photo show page. (removed clean hash on usercontroller) --- app/controllers/users_controller.rb | 17 ++-------------- app/models/user.rb | 2 +- app/views/photos/show.html.haml | 5 ++++- public/javascripts/view.js | 13 +++++++++++- public/stylesheets/sass/application.sass | 26 ++++++++++++++++++++++++ 5 files changed, 45 insertions(+), 18 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index a0f03877d..aacff8504 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -36,10 +36,8 @@ class UsersController < ApplicationController flash[:error] = "Password Change Failed" end else - data = clean_hash params[:user] - prep_image_url(data) - - if @user.update_profile data + prep_image_url(params[:user]) + if @user.update_profile params[:user][:profile] flash[:notice] = "Profile updated" else flash[:error] = "Failed to update profile" @@ -120,15 +118,4 @@ class UsersController < ApplicationController end end - def clean_hash(params) - return { - :profile => - { - :first_name => params[:profile][:first_name], - :last_name => params[:profile][:last_name], - :image_url => params[:profile][:image_url] - } - } - end - end diff --git a/app/models/user.rb b/app/models/user.rb index cc9531c8c..0e28357f2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -281,7 +281,7 @@ class User ########### Profile ###################### def update_profile(params) - if self.person.update_attributes(params) + if self.person.profile.update_attributes(params) push_to_aspects profile, :all true else diff --git a/app/views/photos/show.html.haml b/app/views/photos/show.html.haml index 8fe22cc9b..12b6a1af1 100644 --- a/app/views/photos/show.html.haml +++ b/app/views/photos/show.html.haml @@ -76,7 +76,10 @@ %div{:id => @photo.id} #show_photo - = linked_scaled_photo @photo, @album + .edit_pane + .controls{:data=>{:actor=>"#{@photo.person.owner.id}",:image_url=>"#{@photo.url(:thumb_medium)}"}} + = link_to 'make profile photo', '#', :class => "make_profile_photo" + = linked_scaled_photo @photo, @album .caption -if current_user.owns? @photo -if @photo.caption and @photo.caption != "" diff --git a/public/javascripts/view.js b/public/javascripts/view.js index 1096b532c..575007819 100644 --- a/public/javascripts/view.js +++ b/public/javascripts/view.js @@ -67,7 +67,6 @@ $(document).ready(function(){ }; }); - });//end document ready @@ -105,3 +104,15 @@ function openVideo(type, videoid, link) { $(container).slideDown('fast', function() { }); link.onclick = function() { $(container).slideToggle('fast', function() { } ); } } + +$(".make_profile_photo").live("click", function(){ + var user_id = $(this).closest(".controls").attr('data-actor'); + photo_url = $(this).closest(".controls").attr('data-image_url'); + + $.ajax({ + type: "PUT", + url: '/users/'+user_id, + data: {"user":{"profile":{ "image_url": photo_url }}}, + success: window.location.reload() + }); +}); diff --git a/public/stylesheets/sass/application.sass b/public/stylesheets/sass/application.sass index 56a781be5..716c4e238 100644 --- a/public/stylesheets/sass/application.sass +++ b/public/stylesheets/sass/application.sass @@ -1089,3 +1089,29 @@ header img :height 27px :width 27px + + +.edit_pane + :display inline + :position relative + + .controls + :display none + :background + :color rgba(51,51,51,0.9) + :padding 10px + :position absolute + :right 0 + + a + :font + :weight bold + :color #eee + :text-shadow 0 1px #000 + + &:hover + :color #fff + + &:hover + .controls + :display inline From 4d81583533d4b241f2d0792268f71771299c2491 Mon Sep 17 00:00:00 2001 From: Raphael Date: Wed, 20 Oct 2010 12:29:36 -0700 Subject: [PATCH 8/9] Backfill spec on mass-assignment in aspect update --- spec/controllers/aspects_controller_spec.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/spec/controllers/aspects_controller_spec.rb b/spec/controllers/aspects_controller_spec.rb index 81571fb54..c69954d17 100644 --- a/spec/controllers/aspects_controller_spec.rb +++ b/spec/controllers/aspects_controller_spec.rb @@ -46,4 +46,17 @@ describe AspectsController do end end end + + describe "#update" do + before do + @aspect = @user.aspect(:name => "Bruisers") + end + it "doesn't overwrite random attributes" do + new_user = Factory.create :user + params = {"name" => "Bruisers"} + params[:user_id] = new_user.id + put('update', :id => @aspect.id, "aspect" => params) + Aspect.find(@aspect.id).user_id.should == @user.id + end + end end From e9ced7b2e6d748920cd9a6a91b088ec1d134f358 Mon Sep 17 00:00:00 2001 From: danielvincent Date: Wed, 20 Oct 2010 12:35:16 -0700 Subject: [PATCH 9/9] changing photo now updates all user images in page --- app/helpers/application_helper.rb | 2 +- app/views/photos/show.html.haml | 2 +- public/javascripts/view.js | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 73ee0ec79..4e9f94c24 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -60,7 +60,7 @@ module ApplicationHelper image_location = person.profile.image_url image_location ||= "/images/user/default.png" - image_tag image_location, :class => "avatar", :alt => person.real_name, :title => person.real_name + image_tag image_location, :class => "avatar", :alt => person.real_name, :title => person.real_name, "data-person_id" => person.id end def person_image_link(person) diff --git a/app/views/photos/show.html.haml b/app/views/photos/show.html.haml index 12b6a1af1..58f6a97bd 100644 --- a/app/views/photos/show.html.haml +++ b/app/views/photos/show.html.haml @@ -77,7 +77,7 @@ %div{:id => @photo.id} #show_photo .edit_pane - .controls{:data=>{:actor=>"#{@photo.person.owner.id}",:image_url=>"#{@photo.url(:thumb_medium)}"}} + .controls{:data=>{:actor=>"#{@photo.person.owner.id}",:actor_person=>"#{@photo.person.id}",:image_url=>"#{@photo.url(:thumb_medium)}"}} = link_to 'make profile photo', '#', :class => "make_profile_photo" = linked_scaled_photo @photo, @album .caption diff --git a/public/javascripts/view.js b/public/javascripts/view.js index 575007819..74687f668 100644 --- a/public/javascripts/view.js +++ b/public/javascripts/view.js @@ -107,12 +107,17 @@ function openVideo(type, videoid, link) { $(".make_profile_photo").live("click", function(){ var user_id = $(this).closest(".controls").attr('data-actor'); + person_id = $(this).closest(".controls").attr('data-actor_person'); photo_url = $(this).closest(".controls").attr('data-image_url'); $.ajax({ type: "PUT", url: '/users/'+user_id, data: {"user":{"profile":{ "image_url": photo_url }}}, - success: window.location.reload() + success: function(){ + $("img[data-person_id='"+ person_id +"']").each( function() { + $(this).attr('src', photo_url); + }); + } }); });