Changes in endpoints to verify archived article validation

Michel Felipe
1 parent 37e45606
Showing 5 changed files with 50 additions and 11 deletions Show diff stats
lib/noosfero/api/entities.rb
lib/noosfero/api/v1/articles.rb
lib/noosfero/api/v1/comments.rb
test/unit/api/articles_test.rb
test/unit/api/comments_test.rb
@@ -120,6 +120,7 @@ module Noosfero
         expose :followers_count
         expose :votes_count
         expose :comments_count
+        expose :archived, :documentation => {:type => "Boolean", :desc => "Defines if a article is readonly"}
       end
  
       class Article < ArticleBase
@@ -131,9 +131,8 @@ module Noosfero
             failure [[403, 'Forbidden']]
             named 'ArticleFollowers'
           end
-
-           #FIXME refactor this method
           get 'voted_by_me' do
+            #FIXME refactor this method
             present_articles_paginated(current_person.votes.where(:voteable_type => 'Article').collect(&:voteable))
           end
  
@@ -150,8 +149,14 @@ module Noosfero
             # FIXME verify allowed values
             render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value)
             article = find_article(environment.articles, params[:id])
-            vote = Vote.new(:voteable => article, :voter => current_person, :vote => value)
-            {:vote => vote.save}
+
+            begin
+              vote = Vote.new(:voteable => article, :voter => current_person, :vote => value)
+              saved = vote.save!
+              {:vote => saved}
+            rescue ActiveRecord::RecordInvalid => e
+              render_api_error!(e.message, 400)
+            end
           end
  
           desc 'Return the children of a article identified by id' do
@@ -31,7 +31,13 @@ module Noosfero
           post ":id/comments" do
             article = find_article(environment.articles, params[:id])
             options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
-            present Comment.create(options), :with => Entities::Comment
+            begin
+              comment = Comment.create(options)
+              comment.save!
+            rescue ActiveRecord::RecordInvalid => e
+              render_api_error!(e.message, 400)
+            end
+            present comment, :with => Entities::Comment
           end
         end
  
@@ -138,6 +138,16 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     assert_equal true, json['vote']
   end
  
+  should 'not perform a vote in a archived article' do
+    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing", :archived => true)
+    @params[:value] = 1
+
+    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal 400, last_response.status
+  end
+
   expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count)
  
   expose_attributes.each do |attr|
@@ -151,7 +161,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
  
   should "update body of article created by me" do
     new_value = "Another body"
-    params[:article] = {:body => new_value} 
+    params[:article] = {:body => new_value}
     article = fast_create(Article, :profile_id => person.id)
     post "/api/v1/articles/#{article.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -160,7 +170,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
  
   should "update title of article created by me" do
     new_value = "Another name"
-    params[:article] = {:name => new_value} 
+    params[:article] = {:name => new_value}
     article = fast_create(Article, :profile_id => person.id)
     post "/api/v1/articles/#{article.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -170,7 +180,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   should 'not update article of another user' do
     another_person = fast_create(Person, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => another_person.id)
-    params[:article] = {:title => 'Some title'} 
+    params[:article] = {:title => 'Some title'}
     post "/api/v1/articles/#{article.id}?#{params.to_query}"
     assert_equal 403, last_response.status
   end
@@ -178,7 +188,7 @@ class ArticlesTest &lt; ActiveSupport::TestCase
   should 'not update article without permission in community' do
     community = fast_create(Community, :environment_id => environment.id)
     article = fast_create(Article, :profile_id => community.id)
-    params[:article] = {:name => 'New title'} 
+    params[:article] = {:name => 'New title'}
     post "/api/v1/articles/#{article.id}?#{params.to_query}"
     assert_equal 403, last_response.status
   end
@@ -189,11 +199,11 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     give_permission(person, 'post_content', community)
     article = fast_create(Article, :profile_id => community.id)
     new_value = "Another body"
-    params[:article] = {:body => new_value} 
+    params[:article] = {:body => new_value}
     post "/api/v1/articles/#{article.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equal new_value, json["article"]["body"]
-  end 
+  end
  
   should 'list articles with pagination' do
     Article.destroy_all
@@ -520,6 +530,14 @@ class ArticlesTest &lt; ActiveSupport::TestCase
     assert_equal 1, json['article']['hits']
   end
  
+  should 'not update hit attribute of a specific child if a article is archived' do
+    folder = fast_create(Folder, :profile_id => user.person.id, :archived => true)
+    article = fast_create(Article, :parent_id => folder.id, :profile_id => user.person.id)
+    get "/api/v1/articles/#{folder.id}/children/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 0, json['article']['hits']
+  end
+
   should 'list all events of a community in a given category' do
     co = Community.create(identifier: 'my-community', name: 'name-my-community')
     c1 = Category.create(environment: Environment.default, name: 'my-category')
@@ -66,6 +66,15 @@ class CommentsTest &lt; ActiveSupport::TestCase
     assert_equal body, json['comment']['body']
   end
  
+  should 'not comment an archived article' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true)
+    body = 'My comment'
+    params.merge!({:body => body})
+
+    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    assert_equal 400, last_response.status
+  end
+
   should 'comment creation define the source' do
     amount = Comment.count
     article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
...	...	@@ -120,6 +120,7 @@ module Noosfero
120	120	expose :followers_count
121	121	expose :votes_count
122	122	expose :comments_count
	123	+ expose :archived, :documentation => {:type => "Boolean", :desc => "Defines if a article is readonly"}
123	124	end
124	125
125	126	class Article < ArticleBase
...	...
...	...	@@ -131,9 +131,8 @@ module Noosfero
131	131	failure [[403, 'Forbidden']]
132	132	named 'ArticleFollowers'
133	133	end
134		-
135		- #FIXME refactor this method
136	134	get 'voted_by_me' do
	135	+ #FIXME refactor this method
137	136	present_articles_paginated(current_person.votes.where(:voteable_type => 'Article').collect(&:voteable))
138	137	end
139	138
...	...	@@ -150,8 +149,14 @@ module Noosfero
150	149	# FIXME verify allowed values
151	150	render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value)
152	151	article = find_article(environment.articles, params[:id])
153		- vote = Vote.new(:voteable => article, :voter => current_person, :vote => value)
154		- {:vote => vote.save}
	152	+
	153	+ begin
	154	+ vote = Vote.new(:voteable => article, :voter => current_person, :vote => value)
	155	+ saved = vote.save!
	156	+ {:vote => saved}
	157	+ rescue ActiveRecord::RecordInvalid => e
	158	+ render_api_error!(e.message, 400)
	159	+ end
155	160	end
156	161
157	162	desc 'Return the children of a article identified by id' do
...	...
...	...	@@ -31,7 +31,13 @@ module Noosfero
31	31	post ":id/comments" do
32	32	article = find_article(environment.articles, params[:id])
33	33	options = params.select { \|key,v\| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
34		- present Comment.create(options), :with => Entities::Comment
	34	+ begin
	35	+ comment = Comment.create(options)
	36	+ comment.save!
	37	+ rescue ActiveRecord::RecordInvalid => e
	38	+ render_api_error!(e.message, 400)
	39	+ end
	40	+ present comment, :with => Entities::Comment
35	41	end
36	42	end
37	43
...	...
...	...	@@ -138,6 +138,16 @@ class ArticlesTest < ActiveSupport::TestCase
138	138	assert_equal true, json['vote']
139	139	end
140	140
	141	+ should 'not perform a vote in a archived article' do
	142	+ article = fast_create(Article, :profile_id => @person.id, :name => "Some thing", :archived => true)
	143	+ @params[:value] = 1
	144	+
	145	+ post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
	146	+ json = JSON.parse(last_response.body)
	147	+
	148	+ assert_equal 400, last_response.status
	149	+ end
	150	+
141	151	expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count)
142	152
143	153	expose_attributes.each do \|attr\|
...	...	@@ -151,7 +161,7 @@ class ArticlesTest < ActiveSupport::TestCase
151	161
152	162	should "update body of article created by me" do
153	163	new_value = "Another body"
154		- params[:article] = {:body => new_value}
	164	+ params[:article] = {:body => new_value}
155	165	article = fast_create(Article, :profile_id => person.id)
156	166	post "/api/v1/articles/#{article.id}?#{params.to_query}"
157	167	json = JSON.parse(last_response.body)
...	...	@@ -160,7 +170,7 @@ class ArticlesTest < ActiveSupport::TestCase
160	170
161	171	should "update title of article created by me" do
162	172	new_value = "Another name"
163		- params[:article] = {:name => new_value}
	173	+ params[:article] = {:name => new_value}
164	174	article = fast_create(Article, :profile_id => person.id)
165	175	post "/api/v1/articles/#{article.id}?#{params.to_query}"
166	176	json = JSON.parse(last_response.body)
...	...	@@ -170,7 +180,7 @@ class ArticlesTest < ActiveSupport::TestCase
170	180	should 'not update article of another user' do
171	181	another_person = fast_create(Person, :environment_id => environment.id)
172	182	article = fast_create(Article, :profile_id => another_person.id)
173		- params[:article] = {:title => 'Some title'}
	183	+ params[:article] = {:title => 'Some title'}
174	184	post "/api/v1/articles/#{article.id}?#{params.to_query}"
175	185	assert_equal 403, last_response.status
176	186	end
...	...	@@ -178,7 +188,7 @@ class ArticlesTest < ActiveSupport::TestCase
178	188	should 'not update article without permission in community' do
179	189	community = fast_create(Community, :environment_id => environment.id)
180	190	article = fast_create(Article, :profile_id => community.id)
181		- params[:article] = {:name => 'New title'}
	191	+ params[:article] = {:name => 'New title'}
182	192	post "/api/v1/articles/#{article.id}?#{params.to_query}"
183	193	assert_equal 403, last_response.status
184	194	end
...	...	@@ -189,11 +199,11 @@ class ArticlesTest < ActiveSupport::TestCase
189	199	give_permission(person, 'post_content', community)
190	200	article = fast_create(Article, :profile_id => community.id)
191	201	new_value = "Another body"
192		- params[:article] = {:body => new_value}
	202	+ params[:article] = {:body => new_value}
193	203	post "/api/v1/articles/#{article.id}?#{params.to_query}"
194	204	json = JSON.parse(last_response.body)
195	205	assert_equal new_value, json["article"]["body"]
196		- end
	206	+ end
197	207
198	208	should 'list articles with pagination' do
199	209	Article.destroy_all
...	...	@@ -520,6 +530,14 @@ class ArticlesTest < ActiveSupport::TestCase
520	530	assert_equal 1, json['article']['hits']
521	531	end
522	532
	533	+ should 'not update hit attribute of a specific child if a article is archived' do
	534	+ folder = fast_create(Folder, :profile_id => user.person.id, :archived => true)
	535	+ article = fast_create(Article, :parent_id => folder.id, :profile_id => user.person.id)
	536	+ get "/api/v1/articles/#{folder.id}/children/#{article.id}?#{params.to_query}"
	537	+ json = JSON.parse(last_response.body)
	538	+ assert_equal 0, json['article']['hits']
	539	+ end
	540	+
523	541	should 'list all events of a community in a given category' do
524	542	co = Community.create(identifier: 'my-community', name: 'name-my-community')
525	543	c1 = Category.create(environment: Environment.default, name: 'my-category')
...	...
...	...	@@ -66,6 +66,15 @@ class CommentsTest < ActiveSupport::TestCase
66	66	assert_equal body, json['comment']['body']
67	67	end
68	68
	69	+ should 'not comment an archived article' do
	70	+ article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true)
	71	+ body = 'My comment'
	72	+ params.merge!({:body => body})
	73	+
	74	+ post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
	75	+ assert_equal 400, last_response.status
	76	+ end
	77	+
69	78	should 'comment creation define the source' do
70	79	amount = Comment.count
71	80	article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
...	...