Download as
Browse Code »

Commit ea969be6c37072b25d6c8ff640a4c92fcc4b9e2f

Authored by Victor Costa
2 parents 1d931f20 8a35817a
Exists in theme-brasil-digital-from-staging and in 9 other branches angular_poc, api-article-archived, backup-7-jan-2016, captcha_serpro_plugin, login-captcha, production, resend_confirmation_email, staging, staging_rails3

Merge branch 'staging' of gitlab.com:participa/noosfero into staging

Showing 9 changed files with 56 additions and 19 deletions   Show diff stats
app/models/person.rb
  Diff comments   View file @ea969be
@@ -221,7 +221,7 @@ class Person < Profile @@ -221,7 +221,7 @@ class Person < Profile
221 contact_informatioin 221 contact_informatioin
222 ] 222 ]
223 223
224 - xss_terminate :only => [ :custom_footer, :custom_header, :description, :nickname, :sex, :nationality, :country, :state, :city, :district, :zip_code, :address, :address_reference, :cell_phone, :comercial_phone, :personal_website, :jabber_id, :schooling, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization, :organization_website, :contact_phone, :contact_information ], :with => 'white_list' 224 + xss_terminate :only => [ :custom_footer, :custom_header, :description, :nickname, :sex, :nationality, :country, :district, :zip_code, :address, :address_reference, :cell_phone, :comercial_phone, :personal_website, :jabber_id, :schooling, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization, :organization_website, :contact_phone, :contact_information ], :with => 'white_list'
225 225
226 validates_multiparameter_assignments 226 validates_multiparameter_assignments
227 227
lib/noosfero/api/entities.rb
  Diff comments   View file @ea969be
@@ -48,6 +48,7 @@ module Noosfero @@ -48,6 +48,7 @@ module Noosfero
48 48
49 class Region < Category 49 class Region < Category
50 root 'regions', 'region' 50 root 'regions', 'region'
  51 + expose :parent_id
51 end 52 end
52 53
53 class Profile < Entity 54 class Profile < Entity
@@ -65,6 +66,7 @@ module Noosfero @@ -65,6 +66,7 @@ module Noosfero
65 class Person < Profile 66 class Person < Profile
66 root 'people', 'person' 67 root 'people', 'person'
67 expose :user, :using => UserBasic, documentation: {type: 'User', desc: 'The user data of a person' } 68 expose :user, :using => UserBasic, documentation: {type: 'User', desc: 'The user data of a person' }
  69 + expose :orientacao_sexual, :identidade_genero, :transgenero, :etnia
68 end 70 end
69 71
70 class Enterprise < Profile 72 class Enterprise < Profile
@@ -122,7 +124,7 @@ module Noosfero @@ -122,7 +124,7 @@ module Noosfero
122 expose :id 124 expose :id
123 expose :login 125 expose :login
124 expose :email 126 expose :email
125 - expose :person, :using => Profile 127 + expose :person, :using => Person
126 expose :activated?, as: :activated 128 expose :activated?, as: :activated
127 expose :permissions do |user, options| 129 expose :permissions do |user, options|
128 output = {} 130 output = {}
lib/noosfero/api/helpers.rb
  Diff comments   View file @ea969be
@@ -5,7 +5,7 @@ require &#39;grape&#39; @@ -5,7 +5,7 @@ require &#39;grape&#39;
5 module API 5 module API
6 module APIHelpers 6 module APIHelpers
7 PRIVATE_TOKEN_PARAM = :private_token 7 PRIVATE_TOKEN_PARAM = :private_token
8 - DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] 8 + DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id]
9 9
10 include SanitizeParams 10 include SanitizeParams
11 include Noosfero::Plugin::HotSpot 11 include Noosfero::Plugin::HotSpot
@@ -224,7 +224,7 @@ require &#39;grape&#39; @@ -224,7 +224,7 @@ require &#39;grape&#39;
224 224
225 objects = object.send(method) 225 objects = object.send(method)
226 objects = by_reference(objects, params) 226 objects = by_reference(objects, params)
227 - objects = objects.where(conditions).limit(limit).order(order) 227 + objects = objects.where(conditions).limit(limit).reorder(order)
228 228
229 objects 229 objects
230 end 230 end
plugins/comment_paragraph
  Diff comments   View file @ea969be
1 -Subproject commit 74ffd8112495761fe6c8dee327780fd1721b6d5a 1 +Subproject commit 934756d1a39e0643d64867a80c3962dfc3bd7092
plugins/email_article
  Diff comments   View file @ea969be
1 -Subproject commit 17c3d38b62c93516a204bfe77fcd155f4f7b4cdb 1 +Subproject commit 53f8a41e372ee5f9bf4952be38e20d607daceb13
plugins/gamification
  Diff comments   View file @ea969be
1 -Subproject commit 6d35008cb36aca609a4e2a9bf80a63d956b51d28 1 +Subproject commit c584e1d2b6393e21a9bd1c163b0ccd7a8df728ea
plugins/juventude
  Diff comments   View file @ea969be
1 -Subproject commit db16ebfe36bb1ad94d25eec6f8193c7fa4906912 1 +Subproject commit 1aa48652e63b9fc1a29002ede8df2a1906b2d7bc
test/fixtures/article_followers.yml
View file @1d931f2
@@ -1,11 +0,0 @@ @@ -1,11 +0,0 @@
1 -# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html  
2 -  
3 -one:  
4 - person_id: 1  
5 - article_id: 1  
6 - since: 2015-06-16 17:02:01  
7 -  
8 -two:  
9 - person_id: 1  
10 - article_id: 1  
11 - since: 2015-06-16 17:02:01  
test/unit/api/articles_test.rb
  Diff comments   View file @ea969be
@@ -149,6 +149,52 @@ class ArticlesTest &lt; ActiveSupport::TestCase @@ -149,6 +149,52 @@ class ArticlesTest &lt; ActiveSupport::TestCase
149 end 149 end
150 end 150 end
151 151
  152 + should "update body of article created by me" do
  153 + new_value = "Another body"
  154 + params[:article] = {:body => new_value}
  155 + article = fast_create(Article, :profile_id => person.id)
  156 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  157 + json = JSON.parse(last_response.body)
  158 + assert_equal new_value, json["article"]["body"]
  159 + end
  160 +
  161 + should "update title of article created by me" do
  162 + new_value = "Another name"
  163 + params[:article] = {:name => new_value}
  164 + article = fast_create(Article, :profile_id => person.id)
  165 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  166 + json = JSON.parse(last_response.body)
  167 + assert_equal new_value, json["article"]["title"]
  168 + end
  169 +
  170 + should 'not update article of another user' do
  171 + another_person = fast_create(Person, :environment_id => environment.id)
  172 + article = fast_create(Article, :profile_id => another_person.id)
  173 + params[:article] = {:title => 'Some title'}
  174 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  175 + assert_equal 403, last_response.status
  176 + end
  177 +
  178 + should 'not update article without permission in community' do
  179 + community = fast_create(Community, :environment_id => environment.id)
  180 + article = fast_create(Article, :profile_id => community.id)
  181 + params[:article] = {:name => 'New title'}
  182 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  183 + assert_equal 403, last_response.status
  184 + end
  185 +
  186 +
  187 + should 'update article of community if user has permission' do
  188 + community = fast_create(Community, :environment_id => environment.id)
  189 + give_permission(person, 'post_content', community)
  190 + article = fast_create(Article, :profile_id => community.id)
  191 + new_value = "Another body"
  192 + params[:article] = {:body => new_value}
  193 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  194 + json = JSON.parse(last_response.body)
  195 + assert_equal new_value, json["article"]["body"]
  196 + end
  197 +
152 ############################# 198 #############################
153 # Profile Articles # 199 # Profile Articles #
154 ############################# 200 #############################