Fix merge

Victor Costa
1 parent 9c7cf5bc
Showing 2 changed files with 21 additions and 4 deletions Show diff stats
lib/noosfero/api/entities.rb
lib/noosfero/api/helpers.rb
@@ -183,15 +183,14 @@ module Noosfero
       class User < Entity
         root 'users', 'user'
  
-        attrs = [:id,:login,:email,:activated?]
-        aliases = {:activated? => :activated}
+        attrs = [:id,:login,:email]
  
         attrs.each do |attribute|
-          name = aliases.has_key?(attribute) ? aliases[attribute] : attribute
-          expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)}
+          expose attribute, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)}
         end
  
         expose :person, :using => Person
+        expose :activated?, as: :activated
         expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options|
           output = {}
           user.person.role_assignments.map do |role_assigment|
@@ -20,6 +20,16 @@ require_relative &#39;../../find_by_contents&#39;
         plugins
       end
  
+      def current_tmp_user
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
+        @current_tmp_user = Noosfero::API::CaptchaSessionStore.get(private_token)
+        @current_tmp_user
+      end
+
+      def logout_tmp_user
+        @current_tmp_user = nil
+      end
+
       def current_user
         private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
         @current_user ||= User.find_by_private_token(private_token)
@@ -273,6 +283,12 @@ require_relative &#39;../../find_by_contents&#39;
         unauthorized! unless current_user
       end
  
+      # Allows the anonymous captcha user authentication
+      # to pass the check. Used by the articles/vote to allow
+      # the vote without login
+      def authenticate_allow_captcha!
+        unauthorized! unless current_tmp_user || current_user
+      end
  
       # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
       # or a Bad Request error is invoked.
@@ -348,6 +364,8 @@ require_relative &#39;../../find_by_contents&#39;
  
       def set_session_cookie
         cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+        # Set also the private_token for the current_tmp_user
+        cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
       end
  
       def setup_multitenancy
...	...	@@ -183,15 +183,14 @@ module Noosfero
183	183	class User < Entity
184	184	root 'users', 'user'
185	185
186		- attrs = [:id,:login,:email,:activated?]
187		- aliases = {:activated? => :activated}
	186	+ attrs = [:id,:login,:email]
188	187
189	188	attrs.each do \|attribute\|
190		- name = aliases.has_key?(attribute) ? aliases[attribute] : attribute
191		- expose attribute, :as => name, :if => lambda{\|user,options\| Entities.can_display?(user.person, options, attribute)}
	189	+ expose attribute, :if => lambda{\|user,options\| Entities.can_display?(user.person, options, attribute)}
192	190	end
193	191
194	192	expose :person, :using => Person
	193	+ expose :activated?, as: :activated
195	194	expose :permissions, :if => lambda{\|user,options\| Entities.can_display?(user.person, options, :permissions, :self)} do \|user, options\|
196	195	output = {}
197	196	user.person.role_assignments.map do \|role_assigment\|
...	...
...	...	@@ -20,6 +20,16 @@ require_relative '../../find_by_contents'
20	20	plugins
21	21	end
22	22
	23	+ def current_tmp_user
	24	+ private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s
	25	+ @current_tmp_user = Noosfero::API::CaptchaSessionStore.get(private_token)
	26	+ @current_tmp_user
	27	+ end
	28	+
	29	+ def logout_tmp_user
	30	+ @current_tmp_user = nil
	31	+ end
	32	+
23	33	def current_user
24	34	private_token = (params[PRIVATE_TOKEN_PARAM] \|\| headers['Private-Token']).to_s
25	35	@current_user \|\|= User.find_by_private_token(private_token)
...	...	@@ -273,6 +283,12 @@ require_relative '../../find_by_contents'
273	283	unauthorized! unless current_user
274	284	end
275	285
	286	+ # Allows the anonymous captcha user authentication
	287	+ # to pass the check. Used by the articles/vote to allow
	288	+ # the vote without login
	289	+ def authenticate_allow_captcha!
	290	+ unauthorized! unless current_tmp_user \|\| current_user
	291	+ end
276	292
277	293	# Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
278	294	# or a Bad Request error is invoked.
...	...	@@ -348,6 +364,8 @@ require_relative '../../find_by_contents'
348	364
349	365	def set_session_cookie
350	366	cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
	367	+ # Set also the private_token for the current_tmp_user
	368	+ cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
351	369	end
352	370
353	371	def setup_multitenancy
...	...