From 71129f1093d0aa17600fcf38c23d0ec3f71c2f36 Mon Sep 17 00:00:00 2001
From: Victor Costa <vfcosta@gmail.com>
Date: Mon, 30 Nov 2015 11:18:33 -0300
Subject: [PATCH] Fix merge

---
 lib/noosfero/api/entities.rb |  7 +++----
 lib/noosfero/api/helpers.rb  | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/lib/noosfero/api/entities.rb b/lib/noosfero/api/entities.rb
index f0bc410..8ae4a52 100644
--- a/lib/noosfero/api/entities.rb
+++ b/lib/noosfero/api/entities.rb
@@ -183,15 +183,14 @@ module Noosfero
       class User < Entity
         root 'users', 'user'
 
-        attrs = [:id,:login,:email,:activated?]
-        aliases = {:activated? => :activated}
+        attrs = [:id,:login,:email]
 
         attrs.each do |attribute|
-          name = aliases.has_key?(attribute) ? aliases[attribute] : attribute
-          expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)}
+          expose attribute, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)}
         end
 
         expose :person, :using => Person
+        expose :activated?, as: :activated
         expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options|
           output = {}
           user.person.role_assignments.map do |role_assigment|
diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb
index 02295b3..e9c4b31 100644
--- a/lib/noosfero/api/helpers.rb
+++ b/lib/noosfero/api/helpers.rb
@@ -20,6 +20,16 @@ require_relative '../../find_by_contents'
         plugins
       end
 
+      def current_tmp_user
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
+        @current_tmp_user = Noosfero::API::CaptchaSessionStore.get(private_token)
+        @current_tmp_user
+      end
+
+      def logout_tmp_user
+        @current_tmp_user = nil
+      end
+
       def current_user
         private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
         @current_user ||= User.find_by_private_token(private_token)
@@ -273,6 +283,12 @@ require_relative '../../find_by_contents'
         unauthorized! unless current_user
       end
 
+      # Allows the anonymous captcha user authentication
+      # to pass the check. Used by the articles/vote to allow
+      # the vote without login
+      def authenticate_allow_captcha!
+        unauthorized! unless current_tmp_user || current_user
+      end
 
       # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
       # or a Bad Request error is invoked.
@@ -348,6 +364,8 @@ require_relative '../../find_by_contents'
 
       def set_session_cookie
         cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+        # Set also the private_token for the current_tmp_user
+        cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
       end
 
       def setup_multitenancy
--
libgit2 0.21.2