diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index adce98e..7a305c9 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -56,7 +56,7 @@ def find_article(articles, id) article = articles.find(id) - article.display_to?(current_user.person) ? article : forbidden! + article.display_to?(current_person) ? article : forbidden! end def post_article(asset, params) diff --git a/lib/noosfero/api/v1/articles.rb b/lib/noosfero/api/v1/articles.rb index 204e3e5..189aa8a 100644 --- a/lib/noosfero/api/v1/articles.rb +++ b/lib/noosfero/api/v1/articles.rb @@ -96,7 +96,7 @@ module Noosfero #TODO make tests for this situation votes_order = params.delete(:order) if params[:order]=='votes_score' articles = select_filtered_collection_of(article, 'children', params) - articles = articles.display_filter(current_person, nil) + articles = articles.display_filter(current_person, article.profile) #TODO make tests for this situation diff --git a/test/unit/api/articles_test.rb b/test/unit/api/articles_test.rb index a9dcbd0..ce5e4a3 100644 --- a/test/unit/api/articles_test.rb +++ b/test/unit/api/articles_test.rb @@ -48,6 +48,15 @@ class ArticlesTest < ActiveSupport::TestCase assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } end + should 'list public article children for not logged in access' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children" + json = JSON.parse(last_response.body) + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } + end + should 'not list children of forbidden article' do person = fast_create(Person) article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) -- libgit2 0.21.2