Download as
Browse Code »

Commit 71129f1093d0aa17600fcf38c23d0ec3f71c2f36

Authored by Victor Costa
1 parent 9c7cf5bc
Exists in theme-brasil-digital-from-staging and in 4 other branches angular_poc, backup-7-jan-2016, login-captcha, staging

Fix merge

Showing 2 changed files with 21 additions and 4 deletions   Show diff stats
lib/noosfero/api/entities.rb
  Diff comments   View file @71129f1
@@ -183,15 +183,14 @@ module Noosfero @@ -183,15 +183,14 @@ module Noosfero
183 class User < Entity 183 class User < Entity
184 root 'users', 'user' 184 root 'users', 'user'
185 185
186 - attrs = [:id,:login,:email,:activated?]  
187 - aliases = {:activated? => :activated} 186 + attrs = [:id,:login,:email]
188 187
189 attrs.each do |attribute| 188 attrs.each do |attribute|
190 - name = aliases.has_key?(attribute) ? aliases[attribute] : attribute  
191 - expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)} 189 + expose attribute, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)}
192 end 190 end
193 191
194 expose :person, :using => Person 192 expose :person, :using => Person
  193 + expose :activated?, as: :activated
195 expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options| 194 expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options|
196 output = {} 195 output = {}
197 user.person.role_assignments.map do |role_assigment| 196 user.person.role_assignments.map do |role_assigment|
lib/noosfero/api/helpers.rb
  Diff comments   View file @71129f1
@@ -20,6 +20,16 @@ require_relative &#39;../../find_by_contents&#39; @@ -20,6 +20,16 @@ require_relative &#39;../../find_by_contents&#39;
20 plugins 20 plugins
21 end 21 end
22 22
  23 + def current_tmp_user
  24 + private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
  25 + @current_tmp_user = Noosfero::API::CaptchaSessionStore.get(private_token)
  26 + @current_tmp_user
  27 + end
  28 +
  29 + def logout_tmp_user
  30 + @current_tmp_user = nil
  31 + end
  32 +
23 def current_user 33 def current_user
24 private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s 34 private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s
25 @current_user ||= User.find_by_private_token(private_token) 35 @current_user ||= User.find_by_private_token(private_token)
@@ -273,6 +283,12 @@ require_relative &#39;../../find_by_contents&#39; @@ -273,6 +283,12 @@ require_relative &#39;../../find_by_contents&#39;
273 unauthorized! unless current_user 283 unauthorized! unless current_user
274 end 284 end
275 285
  286 + # Allows the anonymous captcha user authentication
  287 + # to pass the check. Used by the articles/vote to allow
  288 + # the vote without login
  289 + def authenticate_allow_captcha!
  290 + unauthorized! unless current_tmp_user || current_user
  291 + end
276 292
277 # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash 293 # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash
278 # or a Bad Request error is invoked. 294 # or a Bad Request error is invoked.
@@ -348,6 +364,8 @@ require_relative &#39;../../find_by_contents&#39; @@ -348,6 +364,8 @@ require_relative &#39;../../find_by_contents&#39;
348 364
349 def set_session_cookie 365 def set_session_cookie
350 cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present? 366 cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
  367 + # Set also the private_token for the current_tmp_user
  368 + cookies['_noosfero_api_session'] = { value: @current_tmp_user.private_token, httponly: true } if @current_tmp_user.present?
351 end 369 end
352 370
353 def setup_multitenancy 371 def setup_multitenancy