Improve the formatting of the converted budgeting projects

- Apply the same presenter content methods to budgeting project converting that the presenters are using. - Improve the test to check for specific tags in the content and title
mainio · Mar 7, 2019 · 0db3245 · 0db3245
1 parent 50a3521
commit 0db3245
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 9 deletions.
diff --git a/app/controllers/decidim/plans/plans_controller.rb b/app/controllers/decidim/plans/plans_controller.rb
@@ -17,9 +17,9 @@ class PlansController < Decidim::Plans::ApplicationController
 
       helper_method :attached_proposals_picker_field
 
-      before_action :authenticate_user!, only: [:new, :create, :edit, :update, :withdraw, :preview, :publish, :close, :reopen, :destroy]
+      before_action :authenticate_user!, only: [:new, :create, :edit, :update, :withdraw, :preview, :publish, :close, :destroy]
       before_action :check_draft, only: [:new]
-      before_action :retrieve_plan, only: [:show, :edit, :update, :withdraw, :preview, :publish, :close, :reopen, :destroy]
+      before_action :retrieve_plan, only: [:show, :edit, :update, :withdraw, :preview, :publish, :close, :destroy]
       before_action :ensure_published!, only: [:show, :withdraw]
 
       def index

diff --git a/app/helpers/decidim/plans/links_helper.rb b/app/helpers/decidim/plans/links_helper.rb
@@ -4,7 +4,7 @@ module Decidim
   module Plans
     module LinksHelper
       # This is for generating the links so that they maintain the search status
-      def request_params(extra_params={}, exclude_params=[])
+      def request_params(extra_params = {}, exclude_params = [])
         @request_params ||= request.params.except(
           *(exclude_params + [
             :action,
@@ -17,7 +17,7 @@ def request_params(extra_params={}, exclude_params=[])
         ).merge(prepare_extra_params(extra_params))
       end
 
-      def request_params_query(extra_params={}, exclude_params=[])
+      def request_params_query(extra_params = {}, exclude_params = [])
         return "" unless request_params(extra_params, exclude_params).any?
 
         "?#{request_params.to_query}"

diff --git a/app/presenters/concerns/decidim/plans/rich_presenter.rb b/app/presenters/concerns/decidim/plans/rich_presenter.rb
@@ -17,7 +17,7 @@ def rich_content(content)
       protected
 
       def allowed_rich_tags
-        ["strong", "em", "b", "i"]
+        %w(strong em b i)
       end
     end
   end

diff --git a/spec/commands/decidim/plans/admin/export_plans_to_budgets_spec.rb b/spec/commands/decidim/plans/admin/export_plans_to_budgets_spec.rb
@@ -64,7 +64,14 @@
       end
 
       context "when the plans contain malicious HTML" do
-        let(:malicious_content) { "<script>alert('XSS');</script>" }
+        let(:malicious_content_array) do
+          [
+            "<script>alert('XSS');</script>",
+            "<img src='https://www.decidim.org'>",
+            "<a href='http://www.decidim.org'>Link</a>"
+          ]
+        end
+        let(:malicious_content) { malicious_content_array.join("\n") }
 
         let!(:plans) do
           create_list(
@@ -94,12 +101,14 @@
           end
         end
 
-        it "should sanitize the malicious content" do
+        it "sanitizes the malicious content" do
           command.call
 
           Decidim::Budgets::Project.all.each do |project|
-            expect(project.title).not_to include(malicious_content)
-            expect(project.description).not_to include(malicious_content)
+            malicious_content_array.each do |mc|
+              expect(project.title).not_to include(mc)
+              expect(project.description).not_to include(mc)
+            end
           end
         end
       end