Merge branch 'master' into staging

Leandro Santos
2 parents 8efc035e d86bcb8f
Showing 28 changed files with 575 additions and 38 deletions Show diff stats
app/api/entities.rb
app/api/helpers.rb
app/api/v1/activities.rb
app/api/v1/roles.rb
app/api/v1/tasks.rb
app/models/scrap.rb
plugins/profile_images/lib/profile_images_plugin.rb
plugins/profile_images/lib/profile_images_plugin/profile_images_block.rb
plugins/profile_images/public/style.css
plugins/profile_images/test/test_helper.rb
plugins/profile_images/test/unit/profile_images_block_test.rb
plugins/profile_images/views/blocks/profile_images.html.erb
plugins/profile_images/views/box_organizer/profile_images_plugin/_profile_images_block.html.erb
plugins/profile_images/views/profile_design
plugins/recent_activities/lib/ext/action_tracker_model.rb
plugins/recent_activities/lib/ext/entities.rb
plugins/recent_activities/locales/en.yml
plugins/recent_activities/locales/pt-BR.yml
plugins/recent_activities/locales/pt-PT.yml
plugins/recent_activities/locales/pt.yml
@@ -295,12 +295,19 @@ module Api
  
     class Activity < Entity
       root 'activities', 'activity'
-      expose :id, :params, :verb, :created_at, :updated_at, :comments_count, :visible
+      expose :id, :created_at, :updated_at
       expose :user, :using => Profile
+
       expose :target do |activity, opts|
         type_map = {Profile => ::Profile, ArticleBase => ::Article}.find {|h| activity.target.kind_of?(h.last)}
         type_map.first.represent(activity.target) unless type_map.nil?
       end
+      expose :params, :if => lambda { |activity, options| activity.kind_of?(ActionTracker::Record)}
+      expose :content, :if => lambda { |activity, options| activity.kind_of?(Scrap)}
+      expose :verb do |activity, options| 
+        activity.kind_of?(Scrap) ? 'leave_scrap' : activity.verb
+      end
+
     end
  
     class Role < Entity
@@ -198,6 +198,28 @@ module Api
       present_partial tasks, :with => Entities::Task
     end
  
+    ###########################
+    #        Activities       #
+    ###########################
+    def find_activities(asset, method_or_relation = 'activities')
+
+      not_found! if asset.blank? || asset.secret || !asset.visible
+      forbidden! if !asset.display_private_info_to?(current_person)
+
+      activities = select_filtered_collection_of(asset, method_or_relation, params)
+      activities = activities.map(&:activity)
+      activities
+    end
+
+    def present_activities_for_asset(asset, method_or_relation = 'activities')
+      tasks = find_activities(asset, method_or_relation)
+      present_activities(tasks)
+    end
+
+    def present_activities(activities)
+      present_partial activities, :with => Entities::Activity, :current_person => current_person
+    end
+
     def make_conditions_with_parameter(params = {})
       parsed_params = parser_params(params)
       conditions = {}
@@ -221,7 +243,7 @@ module Api
           order = 'RANDOM()'
         else
           field_name, direction = params[:order].split(' ')
-          assoc_class = extract_associated_classname(method_or_relation)
+          assoc_class = extract_associated_classname(object, method_or_relation)
           if !field_name.blank? and assoc_class
             if assoc_class.attribute_names.include? field_name
               if direction.present? and ['ASC','DESC'].include? direction.upcase
@@ -234,12 +256,12 @@ module Api
       return order
     end
  
-    def make_timestamp_with_parameters_and_method(params, method_or_relation)
+    def make_timestamp_with_parameters_and_method(object, method_or_relation, params)
       timestamp = nil
       if params[:timestamp]
         datetime = DateTime.parse(params[:timestamp])
-        table_name = extract_associated_tablename(method_or_relation)
-        assoc_class = extract_associated_classname(method_or_relation)
+        table_name = extract_associated_tablename(object, method_or_relation)
+        assoc_class = extract_associated_classname(object, method_or_relation)
         date_atrr = assoc_class.attribute_names.include?('updated_at') ? 'updated_at' : 'created_at'
         timestamp = "#{table_name}.#{date_atrr} >= '#{datetime}'"
       end
@@ -279,7 +301,7 @@ module Api
     def select_filtered_collection_of(object, method_or_relation, params)
       conditions = make_conditions_with_parameter(params)
       order = make_order_with_parameters(object,method_or_relation,params)
-      timestamp = make_timestamp_with_parameters_and_method(params, method_or_relation)
+      timestamp = make_timestamp_with_parameters_and_method(object, method_or_relation, params)
  
       objects = is_a_relation?(method_or_relation) ? method_or_relation : object.send(method_or_relation)
       objects = by_reference(objects, params)
@@ -450,15 +472,15 @@ module Api
     end
     private
  
-    def extract_associated_tablename(method_or_relation)
-      extract_associated_classname(method_or_relation).table_name
+    def extract_associated_tablename(object, method_or_relation)
+      extract_associated_classname(object, method_or_relation).table_name
     end
  
-    def extract_associated_classname(method_or_relation)
+    def extract_associated_classname(object, method_or_relation)
       if is_a_relation?(method_or_relation)
         method_or_relation.blank? ? '' : method_or_relation.first.class
       else
-        method_or_relation.to_s.singularize.camelize.constantize
+        object.send(method_or_relation).table_name.singularize.camelize.constantize
       end
     end
  
@@ -5,13 +5,8 @@ module Api
       resource :profiles do
  
         get ':id/activities' do
-          profile = Profile.find_by id: params[:id]
-
-          not_found! if profile.blank? || profile.secret || !profile.visible
-          forbidden! if !profile.display_private_info_to?(current_person)
-
-          activities = profile.activities.map(&:activity)
-          present activities, :with => Entities::Activity, :current_person => current_person
+          profile = environment.profiles.find_by id: params[:id]
+          present_activities_for_asset(profile)
         end
       end
     end
@@ -5,14 +5,15 @@ module Api
  
       MAX_PER_PAGE = 50
  
-      resource :organizations do
-        segment "/:organization_id" do
+      resource :profiles do
+        segment "/:profile_id" do
           resource :roles do
  
             paginate max_per_page: MAX_PER_PAGE
             get do
-              organization = environment.profiles.find(params[:organization_id])
-              roles = Profile::Roles.organization_roles(organization.environment.id, organization.id)
+              profile = environment.profiles.find(params[:profile_id])
+              return forbidden! unless profile.kind_of?(Organization)
+              roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
               present_partial paginate(roles), with: Entities::Role
             end
  
@@ -31,8 +31,13 @@ module Api
           desc "#{action.capitalize} a task"
           put ":id/#{action}" do
             task = find_task(current_person, Task.to(current_person), params[:id])
-            task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
-            present_partial task, :with => Entities::Task
+            begin
+              task.update(params[:task])
+              task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
+              present_partial task, :with => Entities::Task
+            rescue Exception => ex
+              render_api_error!(ex.message, 500)
+            end
           end
         end
       end
@@ -36,6 +36,9 @@ class Scrap &lt; ApplicationRecord
  
   before_validation :strip_all_html_tags
  
+  alias :user :sender
+  alias :target :receiver
+
   def top_root
     scrap = self
     scrap = Scrap.find(scrap.scrap_id) while scrap.scrap_id
@@ -0,0 +1,23 @@
+class ProfileImagesPlugin < Noosfero::Plugin
+  def self.plugin_name
+    'ProfileImagesPlugin'
+  end
+
+  def self.plugin_description
+    _('Adds a block that lists all images inside a profile.')
+  end
+
+  def self.extra_blocks
+    {
+      ProfileImagesPlugin::ProfileImagesBlock => { type: [Person, Community, Enterprise] }
+    }
+  end
+
+  def self.has_admin_url?
+    false
+  end
+
+  def stylesheet?
+    true
+  end
+end
@@ -0,0 +1,49 @@
+class ProfileImagesPlugin::ProfileImagesBlock < Block
+  attr_accessible :limit
+  settings_items :limit, type: :integer, default: 6
+
+  def view_title
+    self.default_title
+  end
+
+  def images
+    images = owner.articles.images
+    self.limit.nil? ? images : images.first(self.get_limit)
+  end
+
+  def extra_option
+    { }
+  end
+
+  def self.description
+    _('Display the images inside the context where the block is available.')
+  end
+
+  def help
+    _('This block lists the images inside this profile.')
+  end
+
+  def default_title
+    _('Profile images')
+  end
+
+  def api_content
+    content = []
+    images.each do |image|
+      content << { title: image.title, view_url: image.view_url, path: image.public_filename(:thumb), id: image.id }
+    end
+    { images: content }
+  end
+
+  def display_api_content_by_default?
+    false
+  end
+
+  def timeout
+    4.hours
+  end
+
+  def self.expire_on
+    { profile: [:article] }
+  end
+end
@@ -0,0 +1,28 @@
+.profile-images-block ul {
+  padding: 0;
+  display: block;
+  width: 100%;
+}
+
+.profile-images-block li {
+  list-style: none;
+}
+
+.profile-images-block a {
+  display: block;
+  width: 53px;
+  height: 53px;
+  float: left;
+  padding: 1px;
+  border: 1px solid #ccc;
+  margin: 3px;
+  background-size: cover;
+}
+
+.profile-images-block a:hover {
+  border: 1px solid #000;
+}
+
+.profile-images-block a span {
+  display: none;
+}
@@ -0,0 +1 @@
+require_relative '../../../test/test_helper'
@@ -0,0 +1,69 @@
+require_relative '../test_helper'
+
+class ProfileImagesBlockTest < ActiveSupport::TestCase
+  should 'describe itself' do
+    assert_not_equal Block.description, ProfileImagesPlugin::ProfileImagesBlock.description
+  end
+
+  should 'is editable' do
+    block = ProfileImagesPlugin::ProfileImagesBlock.new
+    assert block.editable?
+  end
+
+  should 'return images' do
+    # profile
+    # |- image1
+    # |- file
+    # |- folder1/
+    # |--- image2
+    # |--- folder2/
+    # |------ image3
+    profile = create(Profile, name: 'Test')
+    image1 = create(UploadedFile, uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'), profile: profile)
+    file = fast_create(UploadedFile, profile_id: profile.id)
+    folder1 = fast_create(Folder, profile_id: profile.id)
+    image2 = create(UploadedFile, uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'), profile: profile, parent: folder1)
+    folder2 = fast_create(Folder, parent_id: folder1.id)
+    image3 = create(UploadedFile, uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'), profile: profile, parent: folder2)
+
+    block = ProfileImagesPlugin::ProfileImagesBlock.new
+    block.stubs(:owner).returns(profile)
+
+    assert_equal [image1, image2, image3].map(&:id), block.images.map(&:id)
+  end
+
+  should 'return images with limit' do
+    # profile
+    # |- image1
+    # |- image2
+    profile = create(Profile, name: 'Test')
+    image1 = create(UploadedFile, uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'), profile: profile)
+    image2 = create(UploadedFile, uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'), profile: profile)
+
+    block = ProfileImagesPlugin::ProfileImagesBlock.new
+    block.stubs(:owner).returns(profile)
+    block.limit = 1
+
+    assert_equal [image1.id], block.images.map(&:id)
+  end
+end
+
+require 'boxes_helper'
+
+class ProfileImagesBlockViewTest < ActionView::TestCase
+  include BoxesHelper
+
+  should 'return images in api_content' do
+    # profile
+    # |- image1
+    # |- image2
+    profile = create(Profile, name: 'Test')
+    image1 = create(UploadedFile, uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'), profile: profile)
+    image2 = create(UploadedFile, uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'), profile: profile)
+
+    block = ProfileImagesPlugin::ProfileImagesBlock.new
+    block.stubs(:owner).returns(profile)
+
+    assert_equal [image1.id, image2.id], block.api_content[:images].map{ |a| a[:id] }
+  end
+end
@@ -0,0 +1,14 @@
+<%= block_title(block.view_title, block.subtitle) %>
+
+<div class="profile-images-block">
+  <% unless block.images.size == 0 %>
+    <ul>
+      <% block.images.each do |image| %>
+        <li><%= link_to content_tag(:span, image.title), image.view_url, style: "background-image: url(#{image.public_filename(:thumb)})" %></li>
+      <% end %>
+    </ul>
+    <br style="clear: both;" />
+  <% else %>
+    <div class="profile-images-block-none"><%= c_('None') %></div>
+  <% end %>
+</div>
@@ -0,0 +1,3 @@
+<div id="profile_images_block_plugin">
+  <%= labelled_form_field(_('Limit'), text_field(:block, :limit, size: 3)) %>
+</div>
@@ -0,0 +1 @@
+box_organizer/
 \ No newline at end of file
@@ -0,0 +1,16 @@
+require_dependency 'action_tracker_model'
+
+class ActionTracker::Record
+  def label
+    case self.target.class.name
+    when 'Event'
+      'events'
+    when 'Community'
+      'communities'
+    when 'Friendship'
+      'people'
+    else
+      'posts'
+    end
+  end
+end
@@ -0,0 +1,12 @@
+require_dependency 'api/entities'
+
+module Api
+  module Entities
+    class Activity
+      expose :label
+      expose :start_date do |activity|
+        activity.target.start_date if activity.target.is_a?(Event)
+      end
+    end
+  end
+end
@@ -0,0 +1,4 @@
+"en-US": &en-US
+  time:
+    formats:
+      medium: "%B %d, %Y"
@@ -0,0 +1,4 @@
+"pt-BR": &pt-BR
+  time:
+    formats:
+      medium: "%d de %B de %Y"
@@ -0,0 +1,4 @@
+"pt-PT": &pt-PT
+  time:
+    formats:
+      medium: "%d de %B de %Y"
@@ -0,0 +1,4 @@
+"pt": &pt
+  time:
+    formats:
+      medium: "%d de %B de %Y"
@@ -18,7 +18,8 @@
   color: #ccc;
 }
  
-.recent-activities-block img {
+.recent-activities-block img,
+.recent-activities-block .upimg {
   padding: 1px;
   border: 1px solid #ccc;
   margin: 3px 3px 0 0;
@@ -27,3 +28,45 @@
 .recent-activities-block p:first-letter {
   text-transform: capitalize
 }
+
+.recent-activities-block .upimg {
+  width: 20px;
+  height: 20px;
+  display: inline-block;
+  background-size: cover;
+}
+
+.recent-activities-block .recent-activity-date,
+.recent-activities-block .recent-activity-date a,
+.recent-activities-block .recent-activity-date a:visited {
+  color: #888a85;
+}
+
+.recent-activities-block .recent-activity-label {
+  padding: 2px;
+  text-transform: capitalize;
+  background: #333;
+  color: #fff;
+  margin-left: 5px;
+  display: inline-block;
+  font-size: 11px;
+}
+
+.recent-activities-block .recent-activity-event {
+  display: table-row;
+}
+
+.recent-activities-block .recent-activity-events img {
+  width: 32px;
+  height: 32px;
+  float: left;
+}
+
+.recent-activities-block .recent-activity-events .lead {
+  width: 148px;
+  margin-left: 2px;
+  margin-top: 2px;
+  float: left;
+  display: block;
+  text-align: justify;
+}
@@ -68,6 +68,31 @@ class RecentActivitiesBlockViewTest &lt; ActionView::TestCase
     block = RecentActivitiesPlugin::ActivitiesBlock.new
     block.stubs(:owner).returns(profile)
  
+    api_activity = block.api_content['activities'].last
     assert_equal [a.id], block.api_content['activities'].map{ |a| a[:id] }
+    assert_not_nil api_activity[:label]
+    assert_nil api_activity[:start_date]
+  end
+
+  should 'return event information in api_content' do
+    person = fast_create(Person)
+    event = build(Event, { name: 'Event', start_date: DateTime.new(2020, 1, 1) })
+    event.profile = person
+    event.save!
+    activity = create_activity(person, event)
+
+    block = RecentActivitiesPlugin::ActivitiesBlock.new
+    block.stubs(:owner).returns(person)
+
+    api_activity = block.api_content['activities'].last
+    assert_not_nil api_activity[:start_date]
+  end
+
+  protected
+
+  def create_activity(person, target)
+    activity = ActionTracker::Record.create! verb: :leave_scrap, user: person, target: target
+    ProfileActivity.create! profile_id: target.id, activity: activity
+    activity.reload
   end
 end
@@ -0,0 +1,46 @@
+require 'test_helper'
+
+class RecentActivitiesPluginTest < ActiveSupport::TestCase
+  def setup
+    @environment = Environment.default
+    @environment.enable_plugin(RecentActivitiesPlugin)
+  end
+
+  should 'have label for events' do
+    person = fast_create(Person)
+    event = build(Event, { name: 'Event', start_date: DateTime.new(2020, 1, 1) })
+    event.profile = person
+    event.save!
+    activity = create_activity(person, event)
+    assert_equal 'events', activity.label
+  end
+
+  should 'have label for communities' do
+    person = fast_create(Person)
+    community = fast_create(Community)
+    activity = create_activity(person, community)
+    assert_equal 'communities', activity.label
+  end
+
+  should 'have label for people' do
+    person = fast_create(Person)
+    friendship = fast_create(Friendship)
+    activity = create_activity(person, friendship)
+    assert_equal 'people', activity.label
+  end
+
+  should 'have label for posts' do
+    person = fast_create(Person)
+    article = fast_create(Article)
+    activity = create_activity(person, article)
+    assert_equal 'posts', activity.label
+  end
+
+  protected
+
+  def create_activity(person, target)
+    activity = ActionTracker::Record.create! verb: :leave_scrap, user: person, target: target
+    ProfileActivity.create! profile_id: target.id, activity: activity
+    activity.reload
+  end
+end
@@ -4,9 +4,37 @@
   <% unless block.activities.size == 0 %>
     <ul>
       <% block.activities.each do |activity| %>
-        <li>
+        <li class="recent-activity-<%= activity.label %>">
+          <p class="recent-activity-date">
+          <% if activity.label === 'events' %>
+          <%= 
+            _('Event on <b>%s</b> at %s - %s').html_safe %
+              [
+                l(activity.target.start_date, format: :medium),
+                activity.target.start_date.strftime("%H:%M"),
+                link_to(activity.user.name, activity.user.url)
+              ]
+          %>
+          <% else %>  
+          <%= 
+            _('On <b>%s</b> at %s - %s').html_safe %
+              [
+                l(activity.created_at, format: :medium),
+                activity.created_at.strftime("%H:%M"),
+                link_to(activity.user.name, activity.user.url)
+              ]
+          %>
+          <% end %>
+          <span class="recent-activity-label"><%= activity.label %></span>
+          </p>
+
+          <% if activity.label === 'events' %>
+          <%= image_tag(activity.params['first_image']) %>
+          <p class="lead"><b><%= activity.params['name'] %></b><br /><%= strip_tags(activity.params['lead']) %></p>
+          <br style="clear: both;" />
+          <% else %>
           <p><%= describe(activity).html_safe %></p>
-          <time datetime="<%= activity.created_at %>"><%= time_ago_in_words(activity.created_at) %></time>
+          <% end %>
         </li>
       <% end %>
     </ul>
@@ -8,7 +8,7 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
   end
  
   should 'get own activities' do
-    create_activity(person)
+    create_activity(:target => person)
  
     get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -19,7 +19,7 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
  
   should 'not get private community activities' do
     community = fast_create(Community, :public_profile => false)
-    create_activity(community)
+    create_activity(:target => community)
  
     get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -40,7 +40,7 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
  
   should 'get community activities for member' do
     community = fast_create(Community)
-    create_activity(community)
+    create_activity(:target => community)
     community.add_member(person)
  
     get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}"
@@ -50,7 +50,7 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
  
   should 'not get other person activities' do
     other_person = fast_create(Person)
-    create_activity(other_person)
+    create_activity(:target => other_person)
  
     get "/api/v1/profiles/#{other_person.id}/activities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -61,7 +61,7 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
   should 'get friend activities' do
     other_person = fast_create(Person)
     other_person.add_friend(person)
-    create_activity(other_person)
+    create_activity(:target => other_person)
  
     get "/api/v1/profiles/#{other_person.id}/activities?#{params.to_query}"
     json = JSON.parse(last_response.body)
@@ -70,16 +70,123 @@ class ActivitiesTest &lt; ActiveSupport::TestCase
  
   should 'get activities for non logged user in a public community' do
     community = fast_create(Community)
-    create_activity(community)
+    create_activity(:target => community)
     community.add_member(person)
     get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
   end
  
-  def create_activity(target)
-    activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target
-    ProfileActivity.create! profile_id: target.id, activity: activity
+  should 'not crash api if an scrap activity is in the list' do
+    create_activity(:target => person)
+    create(Scrap, :sender_id => person.id, :receiver_id => person.id)
+
+    assert_nothing_raised NoMethodError do
+      get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    end
+  end
+
+  should 'scrap activity be returned in acitivities list' do
+    create_activity(:target => person)
+    create(Scrap, :sender_id => person.id, :receiver_id => person.id)
+
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equivalent person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
+  end
+
+  should 'always return the activity verb parameter' do
+    ActionTracker::Record.destroy_all
+    ProfileActivity.destroy_all
+    create_activity(:target => person)
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 'create_article', json["activities"].last['verb']
+  end
+
+  should 'scrap activity return leave_scrap verb' do
+    ActionTracker::Record.destroy_all
+    create(TinyMceArticle, :name => 'Tracked Article 1', :profile_id => person.id)
+    create(Scrap, :sender_id => person.id, :receiver_id => person.id)
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent ['create_article', 'leave_scrap'], json["activities"].map{|a|a['verb']}
+  end
+
+  should 'the content be returned in scrap activities' do
+    ActionTracker::Record.destroy_all
+    content = 'some content'
+    create(Scrap, :sender_id => person.id, :receiver_id => person.id, :content => content)
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal content, json["activities"].last['content']
+  end
+
+  should 'not return the content in other kind of activities except scrap' do
+    ActionTracker::Record.destroy_all
+    create_activity(:target => person)
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_nil json["activities"].last['content']
+  end
+
+  should 'list activities with pagination' do
+    ActionTracker::Record.destroy_all
+    a1 = create_activity(:target => person)
+    a2 = create_activity(:target => person)
+
+    params[:page] = 1
+    params[:per_page] = 1
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json_page_one = JSON.parse(last_response.body)
+
+    params[:page] = 2
+    params[:per_page] = 1
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json_page_two = JSON.parse(last_response.body)
+
+    assert_includes json_page_one["activities"].map { |a| a["id"] }, a2.id
+    assert_not_includes json_page_one["activities"].map { |a| a["id"] }, a1.id
+
+    assert_includes json_page_two["activities"].map { |a| a["id"] }, a1.id
+    assert_not_includes json_page_two["activities"].map { |a| a["id"] }, a2.id
+  end
+
+  should 'list only 20 elements by page if no limit param is passed' do
+    ActionTracker::Record.destroy_all
+    1.upto(25).map do
+      create_activity(:target => person)
+    end
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 20, json["activities"].length
+  end
+
+  should 'list activities with timestamp' do
+    ActionTracker::Record.destroy_all
+    a1 = create_activity(:target => person)
+    a2 = create_activity(:target => person)
+    a2.updated_at = Time.zone.now
+    a2.save
+
+    a1.updated_at = Time.zone.now + 3.hours
+    a1.save!
+
+
+    params[:timestamp] = Time.zone.now + 1.hours
+    get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_includes json["activities"].map { |a| a["id"] }, a1.id
+    assert_not_includes json["activities"].map { |a| a["id"] }, a2.id
+  end
+
+
+
+  def create_activity(params = {})
+    params[:verb] ||= 'create_article'
+    ActionTracker::Record.create!(params.merge(:user => person))
   end
  
 end
@@ -16,8 +16,13 @@ class TolesTest &lt; ActiveSupport::TestCase
     role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
     role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
     profile.custom_roles << role2
-    get "/api/v1/organizations/#{profile.id}/roles?#{params.to_query}"
+    get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [role1.id, role2.id], json['roles'].map {|r| r['id']}
   end
+
+  should 'return forbidden status when profile is not an organization' do
+    get "/api/v1/profiles/#{person.id}/roles?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
 end
@@ -204,6 +204,24 @@ class TasksTest &lt; ActiveSupport::TestCase
       assert_nil task.reload.closed_by_id
       assert_equal Task::Status::ACTIVE, task.status
     end
+
+    should "person be able to #{action} a task with parameters" do
+      person1 = fast_create(Person)
+      task = create(Task, :requestor => person1, :target => person)
+      params[:task] = {reject_explanation: "reject explanation"}
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
+      assert_equal "reject explanation", task.reload.reject_explanation
+    end
+
+    should "not update a forbidden parameter when #{action} a task" do
+      person1 = fast_create(Person)
+      person2 = fast_create(Person)
+      task = create(Task, :requestor => person1, :target => person)
+      params[:task] = { requestor: {id: person2.id} }
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal 500, last_response.status
+    end
   end
  
   #################################################
@@ -87,8 +87,8 @@ class ActiveSupport::TestCase
     norm1 = enum1.group_by{|e|e}.values
     norm2 = enum2.group_by{|e|e}.values
     assert_equal norm1.size, norm2.size, "Size mismatch: #{enum1.inspect} vs #{enum2.inspect}"
-    assert_equal [], norm1 - norm2
-    assert_equal [], norm2 - norm1
+    assert_equal [], norm1 - norm2, "Arrays #{norm1} and #{norm2} are not equivalents"
+    assert_equal [], norm2 - norm1, "Arrays #{norm1} and #{norm2} are not equivalents"
   end
  
   def assert_mandatory(object, attribute, test_value = 'some random string')
...	...	@@ -295,12 +295,19 @@ module Api
295	295
296	296	class Activity < Entity
297	297	root 'activities', 'activity'
298		- expose :id, :params, :verb, :created_at, :updated_at, :comments_count, :visible
	298	+ expose :id, :created_at, :updated_at
299	299	expose :user, :using => Profile
	300	+
300	301	expose :target do \|activity, opts\|
301	302	type_map = {Profile => ::Profile, ArticleBase => ::Article}.find {\|h\| activity.target.kind_of?(h.last)}
302	303	type_map.first.represent(activity.target) unless type_map.nil?
303	304	end
	305	+ expose :params, :if => lambda { \|activity, options\| activity.kind_of?(ActionTracker::Record)}
	306	+ expose :content, :if => lambda { \|activity, options\| activity.kind_of?(Scrap)}
	307	+ expose :verb do \|activity, options\|
	308	+ activity.kind_of?(Scrap) ? 'leave_scrap' : activity.verb
	309	+ end
	310	+
304	311	end
305	312
306	313	class Role < Entity
...	...
...	...	@@ -198,6 +198,28 @@ module Api
198	198	present_partial tasks, :with => Entities::Task
199	199	end
200	200
	201	+ ###########################
	202	+ # Activities #
	203	+ ###########################
	204	+ def find_activities(asset, method_or_relation = 'activities')
	205	+
	206	+ not_found! if asset.blank? \|\| asset.secret \|\| !asset.visible
	207	+ forbidden! if !asset.display_private_info_to?(current_person)
	208	+
	209	+ activities = select_filtered_collection_of(asset, method_or_relation, params)
	210	+ activities = activities.map(&:activity)
	211	+ activities
	212	+ end
	213	+
	214	+ def present_activities_for_asset(asset, method_or_relation = 'activities')
	215	+ tasks = find_activities(asset, method_or_relation)
	216	+ present_activities(tasks)
	217	+ end
	218	+
	219	+ def present_activities(activities)
	220	+ present_partial activities, :with => Entities::Activity, :current_person => current_person
	221	+ end
	222	+
201	223	def make_conditions_with_parameter(params = {})
202	224	parsed_params = parser_params(params)
203	225	conditions = {}
...	...	@@ -221,7 +243,7 @@ module Api
221	243	order = 'RANDOM()'
222	244	else
223	245	field_name, direction = params[:order].split(' ')
224		- assoc_class = extract_associated_classname(method_or_relation)
	246	+ assoc_class = extract_associated_classname(object, method_or_relation)
225	247	if !field_name.blank? and assoc_class
226	248	if assoc_class.attribute_names.include? field_name
227	249	if direction.present? and ['ASC','DESC'].include? direction.upcase
...	...	@@ -234,12 +256,12 @@ module Api
234	256	return order
235	257	end
236	258
237		- def make_timestamp_with_parameters_and_method(params, method_or_relation)
	259	+ def make_timestamp_with_parameters_and_method(object, method_or_relation, params)
238	260	timestamp = nil
239	261	if params[:timestamp]
240	262	datetime = DateTime.parse(params[:timestamp])
241		- table_name = extract_associated_tablename(method_or_relation)
242		- assoc_class = extract_associated_classname(method_or_relation)
	263	+ table_name = extract_associated_tablename(object, method_or_relation)
	264	+ assoc_class = extract_associated_classname(object, method_or_relation)
243	265	date_atrr = assoc_class.attribute_names.include?('updated_at') ? 'updated_at' : 'created_at'
244	266	timestamp = "#{table_name}.#{date_atrr} >= '#{datetime}'"
245	267	end
...	...	@@ -279,7 +301,7 @@ module Api
279	301	def select_filtered_collection_of(object, method_or_relation, params)
280	302	conditions = make_conditions_with_parameter(params)
281	303	order = make_order_with_parameters(object,method_or_relation,params)
282		- timestamp = make_timestamp_with_parameters_and_method(params, method_or_relation)
	304	+ timestamp = make_timestamp_with_parameters_and_method(object, method_or_relation, params)
283	305
284	306	objects = is_a_relation?(method_or_relation) ? method_or_relation : object.send(method_or_relation)
285	307	objects = by_reference(objects, params)
...	...	@@ -450,15 +472,15 @@ module Api
450	472	end
451	473	private
452	474
453		- def extract_associated_tablename(method_or_relation)
454		- extract_associated_classname(method_or_relation).table_name
	475	+ def extract_associated_tablename(object, method_or_relation)
	476	+ extract_associated_classname(object, method_or_relation).table_name
455	477	end
456	478
457		- def extract_associated_classname(method_or_relation)
	479	+ def extract_associated_classname(object, method_or_relation)
458	480	if is_a_relation?(method_or_relation)
459	481	method_or_relation.blank? ? '' : method_or_relation.first.class
460	482	else
461		- method_or_relation.to_s.singularize.camelize.constantize
	483	+ object.send(method_or_relation).table_name.singularize.camelize.constantize
462	484	end
463	485	end
464	486
...	...
...	...	@@ -5,13 +5,8 @@ module Api
5	5	resource :profiles do
6	6
7	7	get ':id/activities' do
8		- profile = Profile.find_by id: params[:id]
9		-
10		- not_found! if profile.blank? \|\| profile.secret \|\| !profile.visible
11		- forbidden! if !profile.display_private_info_to?(current_person)
12		-
13		- activities = profile.activities.map(&:activity)
14		- present activities, :with => Entities::Activity, :current_person => current_person
	8	+ profile = environment.profiles.find_by id: params[:id]
	9	+ present_activities_for_asset(profile)
15	10	end
16	11	end
17	12	end
...	...
...	...	@@ -5,14 +5,15 @@ module Api
5	5
6	6	MAX_PER_PAGE = 50
7	7
8		- resource :organizations do
9		- segment "/:organization_id" do
	8	+ resource :profiles do
	9	+ segment "/:profile_id" do
10	10	resource :roles do
11	11
12	12	paginate max_per_page: MAX_PER_PAGE
13	13	get do
14		- organization = environment.profiles.find(params[:organization_id])
15		- roles = Profile::Roles.organization_roles(organization.environment.id, organization.id)
	14	+ profile = environment.profiles.find(params[:profile_id])
	15	+ return forbidden! unless profile.kind_of?(Organization)
	16	+ roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
16	17	present_partial paginate(roles), with: Entities::Role
17	18	end
18	19
...	...
...	...	@@ -31,8 +31,13 @@ module Api
31	31	desc "#{action.capitalize} a task"
32	32	put ":id/#{action}" do
33	33	task = find_task(current_person, Task.to(current_person), params[:id])
34		- task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
35		- present_partial task, :with => Entities::Task
	34	+ begin
	35	+ task.update(params[:task])
	36	+ task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
	37	+ present_partial task, :with => Entities::Task
	38	+ rescue Exception => ex
	39	+ render_api_error!(ex.message, 500)
	40	+ end
36	41	end
37	42	end
38	43	end
...	...
...	...	@@ -36,6 +36,9 @@ class Scrap < ApplicationRecord
36	36
37	37	before_validation :strip_all_html_tags
38	38
	39	+ alias :user :sender
	40	+ alias :target :receiver
	41	+
39	42	def top_root
40	43	scrap = self
41	44	scrap = Scrap.find(scrap.scrap_id) while scrap.scrap_id
...	...
...	...	@@ -0,0 +1,23 @@
	1	+class ProfileImagesPlugin < Noosfero::Plugin
	2	+ def self.plugin_name
	3	+ 'ProfileImagesPlugin'
	4	+ end
	5	+
	6	+ def self.plugin_description
	7	+ _('Adds a block that lists all images inside a profile.')
	8	+ end
	9	+
	10	+ def self.extra_blocks
	11	+ {
	12	+ ProfileImagesPlugin::ProfileImagesBlock => { type: [Person, Community, Enterprise] }
	13	+ }
	14	+ end
	15	+
	16	+ def self.has_admin_url?
	17	+ false
	18	+ end
	19	+
	20	+ def stylesheet?
	21	+ true
	22	+ end
	23	+end
...	...
...	...	@@ -0,0 +1,49 @@
	1	+class ProfileImagesPlugin::ProfileImagesBlock < Block
	2	+ attr_accessible :limit
	3	+ settings_items :limit, type: :integer, default: 6
	4	+
	5	+ def view_title
	6	+ self.default_title
	7	+ end
	8	+
	9	+ def images
	10	+ images = owner.articles.images
	11	+ self.limit.nil? ? images : images.first(self.get_limit)
	12	+ end
	13	+
	14	+ def extra_option
	15	+ { }
	16	+ end
	17	+
	18	+ def self.description
	19	+ _('Display the images inside the context where the block is available.')
	20	+ end
	21	+
	22	+ def help
	23	+ _('This block lists the images inside this profile.')
	24	+ end
	25	+
	26	+ def default_title
	27	+ _('Profile images')
	28	+ end
	29	+
	30	+ def api_content
	31	+ content = []
	32	+ images.each do \|image\|
	33	+ content << { title: image.title, view_url: image.view_url, path: image.public_filename(:thumb), id: image.id }
	34	+ end
	35	+ { images: content }
	36	+ end
	37	+
	38	+ def display_api_content_by_default?
	39	+ false
	40	+ end
	41	+
	42	+ def timeout
	43	+ 4.hours
	44	+ end
	45	+
	46	+ def self.expire_on
	47	+ { profile: [:article] }
	48	+ end
	49	+end
...	...
...	...	@@ -0,0 +1,28 @@
	1	+.profile-images-block ul {
	2	+ padding: 0;
	3	+ display: block;
	4	+ width: 100%;
	5	+}
	6	+
	7	+.profile-images-block li {
	8	+ list-style: none;
	9	+}
	10	+
	11	+.profile-images-block a {
	12	+ display: block;
	13	+ width: 53px;
	14	+ height: 53px;
	15	+ float: left;
	16	+ padding: 1px;
	17	+ border: 1px solid #ccc;
	18	+ margin: 3px;
	19	+ background-size: cover;
	20	+}
	21	+
	22	+.profile-images-block a:hover {
	23	+ border: 1px solid #000;
	24	+}
	25	+
	26	+.profile-images-block a span {
	27	+ display: none;
	28	+}
...	...
...	...	@@ -0,0 +1 @@
	1	+require_relative '../../../test/test_helper'
...	...