From 594a8693a2c5f0dfee7e74bcf01483ecbd6066b2 Mon Sep 17 00:00:00 2001 From: Rob Orton Date: Tue, 14 Jul 2015 10:43:57 -0600 Subject: [PATCH] allow account admins to use brand configs fixes CNVS-21826 test plan - as an account admin you should be able to use brand configs Change-Id: I907e856a9b675681c5d1bc099cec6b7c3cab7b34 Reviewed-on: https://gerrit.instructure.com/58521 Tested-by: Jenkins QA-Review: Jeremy Putnam Reviewed-by: Cody Cutrer Product-Review: Rob Orton --- app/controllers/brand_configs_controller.rb | 8 ++-- .../_accounts_right_side_shared.html.erb | 2 +- .../brand_configs_controller_spec.rb | 43 +++++++++++++++++++ 3 files changed, 49 insertions(+), 4 deletions(-) create mode 100644 spec/controllers/brand_configs_controller_spec.rb diff --git a/app/controllers/brand_configs_controller.rb b/app/controllers/brand_configs_controller.rb index 5726006cd4c..c95a975ce3d 100644 --- a/app/controllers/brand_configs_controller.rb +++ b/app/controllers/brand_configs_controller.rb @@ -1,6 +1,6 @@ class BrandConfigsController < ApplicationController before_filter :require_user - before_filter :require_manage_site_settings, except: [:destroy] + before_filter :require_manage_account_settings, except: [:destroy] def new @page_title = join_title(t('Theme Editor'), @domain_root_account.name) @@ -46,8 +46,10 @@ class BrandConfigsController < ApplicationController protected - def require_manage_site_settings - return false unless authorized_action(@domain_root_account, @current_user, :manage_site_settings) && use_new_styles? + def require_manage_account_settings + return false unless authorized_action(@domain_root_account, + @current_user, + :manage_account_settings) && use_new_styles? end def create_brand_config(variables) diff --git a/app/views/shared/_accounts_right_side_shared.html.erb b/app/views/shared/_accounts_right_side_shared.html.erb index c3d7c0aa352..33884399491 100644 --- a/app/views/shared/_accounts_right_side_shared.html.erb +++ b/app/views/shared/_accounts_right_side_shared.html.erb @@ -10,7 +10,7 @@ <% end %> -<% if @account == @domain_root_account && use_new_styles? && can_do(@account, @current_user, :manage_site_settings) %> +<% if @account == @domain_root_account && use_new_styles? && can_do(@account, @current_user, :manage_account_settings) %>
<%= link_to t("Open Theme Editor"), brand_configs_new_path, :class => 'btn button-sidebar-wide' %>
diff --git a/spec/controllers/brand_configs_controller_spec.rb b/spec/controllers/brand_configs_controller_spec.rb new file mode 100644 index 00000000000..90f3a4c85e5 --- /dev/null +++ b/spec/controllers/brand_configs_controller_spec.rb @@ -0,0 +1,43 @@ +# +# Copyright (C) 2015 Instructure, Inc. +# +# This file is part of Canvas. +# +# Canvas is free software: you can redistribute it and/or modify it under +# the terms of the GNU Affero General Public License as published by the Free +# Software Foundation, version 3 of the License. +# +# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more +# details. +# +# You should have received a copy of the GNU Affero General Public License along +# with this program. If not, see . +# + +require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') + +describe BrandConfigsController do + before :each do + @account = Account.default + @account.enable_feature!(:use_new_styles) + @bc = BrandConfig.create(variables: {"ic-brand-primary" => "red"}) + end + + describe '#new' do + it "should allow authorized admin to create" do + admin = account_admin_user(account: @account) + user_session(admin) + post 'new', {brand_config: @bc} + assert_status(200) + end + + it "should not allow non admin access" do + user = user_with_pseudonym(active_all: true) + user_session(user) + post 'new', {brand_config: @bc} + assert_status(401) + end + end +end \ No newline at end of file