Commit 0ac23124e3948954d082c3c8348f29814ec34afd
1 parent
b164af65
Exists in
master
and in
11 other branches
api: fixes to merge api to rails 4
Signed-off-by: Tallys Martins <tallysmartins@yahoo.com.br> Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>
Showing
8 changed files
with
41 additions
and
62 deletions
Show diff stats
lib/noosfero/api/entities.rb
| @@ -6,15 +6,33 @@ module Noosfero | @@ -6,15 +6,33 @@ module Noosfero | ||
| 6 | date.strftime('%Y/%m/%d %H:%M:%S') if date | 6 | date.strftime('%Y/%m/%d %H:%M:%S') if date |
| 7 | end | 7 | end |
| 8 | 8 | ||
| 9 | - def self.can_display? profile, options, field, admin_only = false | ||
| 10 | - current = options[:current_person] | ||
| 11 | - admin = !current.blank? && current.is_admin? | ||
| 12 | - owner = !current.blank? && current == profile | ||
| 13 | - public_field = profile.public_fields.include? field.to_s | ||
| 14 | - friend = !current.blank? && current.friends.include?(profile) | 9 | + PERMISSIONS = { |
| 10 | + :admin => 0, | ||
| 11 | + :self => 10, | ||
| 12 | + :friend => 20, | ||
| 13 | + :logged_user => 30, | ||
| 14 | + :anonymous => 40 | ||
| 15 | + } | ||
| 16 | + | ||
| 17 | + def self.can_display? profile, options, field, permission = :friend | ||
| 18 | + return true if profile.public_fields.include?(field) | ||
| 19 | + current_person = options[:current_person] | ||
| 20 | + | ||
| 21 | + current_permission = if current_person.present? | ||
| 22 | + if current_person.is_admin? | ||
| 23 | + :admin | ||
| 24 | + elsif current_person == profile | ||
| 25 | + :self | ||
| 26 | + elsif current_person.friends.include?(profile) | ||
| 27 | + :friend | ||
| 28 | + else | ||
| 29 | + :logged_user | ||
| 30 | + end | ||
| 31 | + else | ||
| 32 | + :anonymous | ||
| 33 | + end | ||
| 15 | 34 | ||
| 16 | - return true if admin | ||
| 17 | - return !admin_only && (owner||friend||public_field) | 35 | + PERMISSIONS[current_permission] <= PERMISSIONS[permission] |
| 18 | end | 36 | end |
| 19 | 37 | ||
| 20 | class Image < Entity | 38 | class Image < Entity |
| @@ -144,7 +162,7 @@ module Noosfero | @@ -144,7 +162,7 @@ module Noosfero | ||
| 144 | end | 162 | end |
| 145 | 163 | ||
| 146 | expose :person, :using => Person | 164 | expose :person, :using => Person |
| 147 | - expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, true)} do |user, options| | 165 | + expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options| |
| 148 | output = {} | 166 | output = {} |
| 149 | user.person.role_assignments.map do |role_assigment| | 167 | user.person.role_assignments.map do |role_assigment| |
| 150 | if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil? | 168 | if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil? |
| @@ -156,6 +174,7 @@ module Noosfero | @@ -156,6 +174,7 @@ module Noosfero | ||
| 156 | end | 174 | end |
| 157 | 175 | ||
| 158 | class UserLogin < User | 176 | class UserLogin < User |
| 177 | + root 'users', 'user' | ||
| 159 | expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'} | 178 | expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'} |
| 160 | end | 179 | end |
| 161 | 180 |
lib/noosfero/api/session.rb
| @@ -47,7 +47,7 @@ module Noosfero | @@ -47,7 +47,7 @@ module Noosfero | ||
| 47 | begin | 47 | begin |
| 48 | user.signup! | 48 | user.signup! |
| 49 | user.generate_private_token! if user.activated? | 49 | user.generate_private_token! if user.activated? |
| 50 | - present user, :with => Entities::UserLogin, :current_person => current_person | 50 | + present user, :with => Entities::UserLogin, :current_person => user.person |
| 51 | rescue ActiveRecord::RecordInvalid | 51 | rescue ActiveRecord::RecordInvalid |
| 52 | message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json | 52 | message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json |
| 53 | render_api_error!(message, 400) | 53 | render_api_error!(message, 400) |
lib/noosfero/api/v1/search.rb
| @@ -13,7 +13,7 @@ module Noosfero | @@ -13,7 +13,7 @@ module Noosfero | ||
| 13 | context = environment | 13 | context = environment |
| 14 | 14 | ||
| 15 | profile = environment.profiles.find(params[:profile_id]) if params[:profile_id] | 15 | profile = environment.profiles.find(params[:profile_id]) if params[:profile_id] |
| 16 | - scope = profile.nil? ? environment.articles.public : profile.articles.public | 16 | + scope = profile.nil? ? environment.articles.is_public : profile.articles.is_public |
| 17 | scope = scope.where(:type => params[:type]) if params[:type] && !(params[:type] == 'Article') | 17 | scope = scope.where(:type => params[:type]) if params[:type] && !(params[:type] == 'Article') |
| 18 | scope = scope.where(:parent_id => params[:parent_id]) if params[:parent_id].present? | 18 | scope = scope.where(:parent_id => params[:parent_id]) if params[:parent_id].present? |
| 19 | scope = scope.joins(:categories).where(:categories => {:id => params[:category_ids]}) if params[:category_ids].present? | 19 | scope = scope.joins(:categories).where(:categories => {:id => params[:category_ids]}) if params[:category_ids].present? |
| @@ -22,11 +22,11 @@ module Noosfero | @@ -22,11 +22,11 @@ module Noosfero | ||
| 22 | 22 | ||
| 23 | options = {:filter => order, :template_id => params[:template_id]} | 23 | options = {:filter => order, :template_id => params[:template_id]} |
| 24 | 24 | ||
| 25 | - paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)} | 25 | + paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)}.symbolize_keys |
| 26 | paginate_options.each_pair{|k,v| v=v.to_i} | 26 | paginate_options.each_pair{|k,v| v=v.to_i} |
| 27 | paginate_options[:page]=1 if !paginate_options.keys.include?(:page) | 27 | paginate_options[:page]=1 if !paginate_options.keys.include?(:page) |
| 28 | 28 | ||
| 29 | - search_result = find_by_contents(asset, context, scope, query, paginate_options.symbolize_keys, options) | 29 | + search_result = find_by_contents(asset, context, scope, query, paginate_options, options) |
| 30 | 30 | ||
| 31 | articles = search_result[:results] | 31 | articles = search_result[:results] |
| 32 | 32 |
lib/noosfero/api/v1/users.rb
| @@ -12,19 +12,6 @@ module Noosfero | @@ -12,19 +12,6 @@ module Noosfero | ||
| 12 | present users, :with => Entities::User, :current_person => current_person | 12 | present users, :with => Entities::User, :current_person => current_person |
| 13 | end | 13 | end |
| 14 | 14 | ||
| 15 | - # Example Request: | ||
| 16 | - # POST api/v1/users?user[login]=some_login&user[password]=some | ||
| 17 | - post do | ||
| 18 | - user = User.new(params[:user]) | ||
| 19 | - user.terms_of_use = environment.terms_of_use | ||
| 20 | - user.environment = environment | ||
| 21 | - if !user.save | ||
| 22 | - render_api_errors!(user.errors.full_messages) | ||
| 23 | - end | ||
| 24 | - | ||
| 25 | - present user, :with => Entities::User, :current_person => current_person | ||
| 26 | - end | ||
| 27 | - | ||
| 28 | get "/me" do | 15 | get "/me" do |
| 29 | present current_user, :with => Entities::User, :current_person => current_person | 16 | present current_user, :with => Entities::User, :current_person => current_person |
| 30 | end | 17 | end |
test/unit/api/search_test.rb
| 1 | -require File.dirname(__FILE__) + '/test_helper' | 1 | +require_relative 'test_helper' |
| 2 | 2 | ||
| 3 | class SearchTest < ActiveSupport::TestCase | 3 | class SearchTest < ActiveSupport::TestCase |
| 4 | 4 | ||
| @@ -130,9 +130,10 @@ class SearchTest < ActiveSupport::TestCase | @@ -130,9 +130,10 @@ class SearchTest < ActiveSupport::TestCase | ||
| 130 | article2.categories<< category2 | 130 | article2.categories<< category2 |
| 131 | get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}" | 131 | get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}" |
| 132 | json = JSON.parse(last_response.body) | 132 | json = JSON.parse(last_response.body) |
| 133 | + ids = [article1.id, article2.id] | ||
| 133 | assert_equal 2, json['articles'].count | 134 | assert_equal 2, json['articles'].count |
| 134 | - assert_equal article1.id, json['articles'].first["id"] | ||
| 135 | - assert_equal article2.id, json['articles'].last["id"] | ||
| 136 | - end | 135 | + assert_includes ids, json['articles'].first["id"] |
| 136 | + assert_includes ids, json['articles'].last["id"] | ||
| 137 | + end | ||
| 137 | 138 | ||
| 138 | end | 139 | end |
test/unit/api/session_test.rb
| @@ -156,10 +156,8 @@ class SessionTest < ActiveSupport::TestCase | @@ -156,10 +156,8 @@ class SessionTest < ActiveSupport::TestCase | ||
| 156 | end | 156 | end |
| 157 | 157 | ||
| 158 | should 'change user password and close task' do | 158 | should 'change user password and close task' do |
| 159 | - user = create_user | ||
| 160 | - user.activate | ||
| 161 | - task = ChangePassword.create!(:requestor => user.person) | ||
| 162 | - params = {:code => task.code, :password => 'secret', :password_confirmation => 'secret'} | 159 | + task = ChangePassword.create!(:requestor => @person) |
| 160 | + params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'}) | ||
| 163 | patch "/api/v1/new_password?#{params.to_query}" | 161 | patch "/api/v1/new_password?#{params.to_query}" |
| 164 | assert_equal Task::Status::FINISHED, task.reload.status | 162 | assert_equal Task::Status::FINISHED, task.reload.status |
| 165 | assert user.reload.authenticated?('secret') | 163 | assert user.reload.authenticated?('secret') |
test/unit/api/test_helper.rb
test/unit/api/users_test.rb
| 1 | # encoding: UTF-8 | 1 | # encoding: UTF-8 |
| 2 | -require File.dirname(__FILE__) + '/test_helper' | 2 | +require_relative 'test_helper' |
| 3 | 3 | ||
| 4 | class UsersTest < ActiveSupport::TestCase | 4 | class UsersTest < ActiveSupport::TestCase |
| 5 | 5 | ||
| @@ -13,32 +13,6 @@ class UsersTest < ActiveSupport::TestCase | @@ -13,32 +13,6 @@ class UsersTest < ActiveSupport::TestCase | ||
| 13 | assert_includes json["users"].map { |a| a["login"] }, user.login | 13 | assert_includes json["users"].map { |a| a["login"] }, user.login |
| 14 | end | 14 | end |
| 15 | 15 | ||
| 16 | - should 'create a user' do | ||
| 17 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | ||
| 18 | - post "/api/v1/users?#{params.to_query}" | ||
| 19 | - json = JSON.parse(last_response.body) | ||
| 20 | - assert_equal 'some', json['user']['login'] | ||
| 21 | - end | ||
| 22 | - | ||
| 23 | - should 'not create duplicate user' do | ||
| 24 | - params[:lang] = :"pt-BR" | ||
| 25 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | ||
| 26 | - post "/api/v1/users?#{params.to_query}" | ||
| 27 | - json = JSON.parse(last_response.body) | ||
| 28 | - assert_equal 'some', json['user']['login'] | ||
| 29 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | ||
| 30 | - post "/api/v1/users?#{params.to_query}" | ||
| 31 | - json = JSON.parse(last_response.body) | ||
| 32 | - assert_equal 'Username / Email já está em uso,e-Mail já está em uso', json['message'] | ||
| 33 | - end | ||
| 34 | - | ||
| 35 | - should 'return 400 status for invalid user creation' do | ||
| 36 | - params[:user] = {:login => 'some'} | ||
| 37 | - post "/api/v1/users?#{params.to_query}" | ||
| 38 | - json = JSON.parse(last_response.body) | ||
| 39 | - assert_equal 400, last_response.status | ||
| 40 | - end | ||
| 41 | - | ||
| 42 | should 'get user' do | 16 | should 'get user' do |
| 43 | get "/api/v1/users/#{user.id}?#{params.to_query}" | 17 | get "/api/v1/users/#{user.id}?#{params.to_query}" |
| 44 | json = JSON.parse(last_response.body) | 18 | json = JSON.parse(last_response.body) |