diff --git a/lib/noosfero/api/entities.rb b/lib/noosfero/api/entities.rb index 8b47b48..53b101d 100644 --- a/lib/noosfero/api/entities.rb +++ b/lib/noosfero/api/entities.rb @@ -48,6 +48,7 @@ module Noosfero class Region < Category root 'regions', 'region' + expose :parent_id end class Profile < Entity @@ -55,6 +56,8 @@ module Noosfero expose :created_at, :format_with => :timestamp expose :image, :using => Image expose :region, :using => Region + expose :city, :using => Region + expose :state, :using => Region end class UserBasic < Entity @@ -65,6 +68,7 @@ module Noosfero class Person < Profile root 'people', 'person' expose :user, :using => UserBasic + expose :orientacao_sexual, :identidade_genero, :transgenero, :etnia end class Enterprise < Profile @@ -120,7 +124,7 @@ module Noosfero expose :id expose :login expose :email - expose :person, :using => Profile + expose :person, :using => Person expose :activated?, as: :activated expose :permissions do |user, options| output = {} diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 63c6f72..b5871b5 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -5,7 +5,7 @@ require 'grape' module API module APIHelpers PRIVATE_TOKEN_PARAM = :private_token - DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] + DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id] include SanitizeParams include Noosfero::Plugin::HotSpot diff --git a/plugins/juventude b/plugins/juventude index 8fb44a4..abd9f8d 160000 --- a/plugins/juventude +++ b/plugins/juventude @@ -1 +1 @@ -Subproject commit 8fb44a478abb5ccd345b8ffaf1f37817d273ad30 +Subproject commit abd9f8d52f84c2292f91ae96d7dcbf063eac6570 diff --git a/test/unit/api/articles_test.rb b/test/unit/api/articles_test.rb index 6240bf1..ebd41ad 100644 --- a/test/unit/api/articles_test.rb +++ b/test/unit/api/articles_test.rb @@ -102,6 +102,52 @@ class ArticlesTest < ActiveSupport::TestCase end end + should "update body of article created by me" do + new_value = "Another body" + params[:article] = {:body => new_value} + article = fast_create(Article, :profile_id => person.id) + post "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal new_value, json["article"]["body"] + end + + should "update title of article created by me" do + new_value = "Another name" + params[:article] = {:name => new_value} + article = fast_create(Article, :profile_id => person.id) + post "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal new_value, json["article"]["title"] + end + + should 'not update article of another user' do + another_person = fast_create(Person, :environment_id => environment.id) + article = fast_create(Article, :profile_id => another_person.id) + params[:article] = {:title => 'Some title'} + post "/api/v1/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not update article without permission in community' do + community = fast_create(Community, :environment_id => environment.id) + article = fast_create(Article, :profile_id => community.id) + params[:article] = {:name => 'New title'} + post "/api/v1/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + + should 'update article of community if user has permission' do + community = fast_create(Community, :environment_id => environment.id) + give_permission(person, 'post_content', community) + article = fast_create(Article, :profile_id => community.id) + new_value = "Another body" + params[:article] = {:body => new_value} + post "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal new_value, json["article"]["body"] + end + ############################# # Profile Articles # ############################# -- libgit2 0.21.2