Separate api tests

Braulio Bhavamitra
1 parent 0694e6bf
Showing 38 changed files with 2480 additions and 2467 deletions Show diff stats
.gitlab-ci.yml
.travis.yml
lib/tasks/test.rake
script/ci
test/api/activities_test.rb
test/api/api_test.rb
test/api/articles_test.rb
test/api/boxes_test.rb
test/api/categories_test.rb
test/api/comments_test.rb
test/api/communities_test.rb
test/api/enterprises_test.rb
test/api/environment_test.rb
test/api/helpers_test.rb
test/api/people_test.rb
test/api/profiles_test.rb
test/api/search_test.rb
test/api/session_test.rb
test/api/task_test.rb
test/api/test_helper.rb
@@ -14,6 +14,10 @@ stages:
 #  script: bundle exec rake ci:smoke
 #  stage: smoke-tests
  
+api:
+  script: bundle exec rake test:api
+  stage: all-tests
+
 units:
   script: bundle exec rake test:units
   stage: all-tests
@@ -44,6 +44,7 @@ before_script:
   - bundle exec rake db:migrate &>/dev/null
  
 env:
+  - TASK=test:api
   - TASK=test:units
   - TASK=test:functionals
   - TASK=test:integration
-
+namespace :test do
+  desc "Run the API tests in test/api"
+  Rake::TestTask.new api: "db:test:prepare" do |t|
+    t.libs << 'test'
+    t.pattern = 'test/api/**/*_test.rb'
+    t.warning = false
+  end
+end
 #!/usr/bin/env ruby
  
 tasks = %w[
+  test:api
   test:units
   test:functionals
   test:integration
@@ -0,0 +1,22 @@
+require_relative 'test_helper'
+
+class ActivitiesTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'get activity from profile' do
+    person = fast_create(Person)
+    organization = fast_create(Organization)
+    assert_difference 'organization.activities_count' do
+      ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization
+      organization.reload
+    end
+    get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert 1, json["activities"].count
+    assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"]
+  end
+
+end
@@ -0,0 +1,29 @@
+require_relative 'test_helper'
+
+class MyPlugin < Noosfero::Plugin;end
+class MyPlugin::API;end
+
+class APITest < ActiveSupport::TestCase
+
+  should 'endpoint should not be available if its plugin is unavailable' do
+    endpoint = mock()
+    environment = Environment.default
+    environment.stubs(:plugin_enabled?).returns(false)
+    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+
+    assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+  end
+
+  should 'endpoint should be available if its plugin is available' do
+    class MyPlugin < Noosfero::Plugin;end
+    class MyPlugin::API;end
+
+    endpoint = mock()
+    environment = Environment.default
+    environment.stubs(:plugin_enabled?).returns(true)
+    endpoint.stubs(:options).returns({:for => MyPlugin::API})
+
+    assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
+  end
+
+end
@@ -0,0 +1,667 @@
+require_relative 'test_helper'
+
+class ArticlesTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'list articles' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    get "/api/v1/articles/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["articles"].map { |a| a["id"] }, article.id
+  end
+
+  should 'get profile homepage' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    person.home_page=article
+    person.save!
+
+    get "/api/v1/profiles/#{person.id}/home_page?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal article.id, json["article"]["id"]
+  end
+
+  should 'not list forbidden article when listing articles' do
+    person = fast_create(Person)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    assert !article.published?
+
+    get "/api/v1/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_includes json['articles'].map {|a| a['id']}, article.id
+  end
+
+  should 'return article by id' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    get "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal article.id, json["article"]["id"]
+  end
+
+  should 'not return article if user has no permission to view it' do
+    person = fast_create(Person, :environment_id => environment.id)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    assert !article.published?
+
+    get "/api/v1/articles/#{article.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'follow a article identified by id' do
+    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
+    post "/api/v1/articles/#{article.id}/follow?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_not_equal 401, last_response.status
+    assert_equal true, json['success']
+  end
+
+  should 'return the followers count of an article' do
+    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
+    article.person_followers << @person
+
+    get "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal 200, last_response.status
+    assert_equal 1, json['article']['followers_count']
+  end
+
+  should 'return the followers of a article identified by id' do
+    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
+
+    article_follower = ArticleFollower.new
+    article_follower.article = article
+    article_follower.person = @person
+    article_follower.save!
+
+    get "/api/v1/articles/#{article.id}/followers?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal 200, last_response.status
+    assert_equal 1, json['total_followers']
+  end
+
+  should 'list articles followed by me' do
+    article1 = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    fast_create(Article, :profile_id => user.person.id, :name => "Some other thing")
+    article1.person_followers << @person
+    get "/api/v1/articles/followed_by_me?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [article1.id], json['articles'].map { |a| a['id'] }
+  end
+
+
+  should 'list article children' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
+    child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
+    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
+  end
+
+  should 'list public article children for not logged in access' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
+    child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
+    get "/api/v1/articles/#{article.id}/children"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
+  end
+
+  should 'not list children of forbidden article' do
+    person = fast_create(Person, :environment_id => environment.id)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
+    child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
+    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not return child of forbidden article' do
+    person = fast_create(Person, :environment_id => environment.id)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
+    get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not return private child' do
+    person = fast_create(Person, :environment_id => environment.id)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
+    child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
+    get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not list private child' do
+    person = fast_create(Person, :environment_id => environment.id)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
+    child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
+    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_includes json['articles'].map {|a| a['id']}, child.id
+  end
+
+  should 'perform a vote in a article identified by id' do
+    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
+    @params[:value] = 1
+
+    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_not_equal 401, last_response.status
+    assert_equal true, json['vote']
+  end
+
+  expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count)
+
+  expose_attributes.each do |attr|
+    should "expose article #{attr} attribute by default" do
+      article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+      get "/api/v1/articles/?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+     assert json["articles"].last.has_key?(attr)
+    end
+  end
+
+  should 'not perform a vote twice in same article' do
+    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
+    @params[:value] = 1
+    ## Perform a vote twice in API should compute only one vote
+    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
+    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
+
+    total = article.votes_total
+
+    assert_equal 1, total
+  end
+
+  should 'not perform a vote in favor and against a proposal' do
+    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
+    @params[:value] = 1
+    ## Perform a vote in favor a proposal
+    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 201, last_response.status
+    ## Perform a vote against a proposal
+    @params[:value] = -1
+    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    ## The api should not allow to save this vote
+    assert_equal 400, last_response.status
+  end
+
+  should "update body of article created by me" do
+    new_value = "Another body"
+    params[:article] = {:body => new_value}
+    article = fast_create(Article, :profile_id => person.id)
+    post "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal new_value, json["article"]["body"]
+  end
+
+  should "update title of article created by me" do
+    new_value = "Another name"
+    params[:article] = {:name => new_value}
+    article = fast_create(Article, :profile_id => person.id)
+    post "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal new_value, json["article"]["title"]
+  end
+
+  should 'not update article of another user' do
+    another_person = fast_create(Person, :environment_id => environment.id)
+    article = fast_create(Article, :profile_id => another_person.id)
+    params[:article] = {:title => 'Some title'}
+    post "/api/v1/articles/#{article.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not update article without permission in community' do
+    community = fast_create(Community, :environment_id => environment.id)
+    article = fast_create(Article, :profile_id => community.id)
+    params[:article] = {:name => 'New title'}
+    post "/api/v1/articles/#{article.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+
+  should 'update article of community if user has permission' do
+    community = fast_create(Community, :environment_id => environment.id)
+    give_permission(person, 'post_content', community)
+    article = fast_create(Article, :profile_id => community.id)
+    new_value = "Another body"
+    params[:article] = {:body => new_value}
+    post "/api/v1/articles/#{article.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal new_value, json["article"]["body"]
+  end
+
+  should 'list articles with pagination' do
+    Article.destroy_all
+    article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing", :created_at => 2.days.ago)
+    article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :created_at => 1.day.ago)
+
+    params[:page] = 1
+    params[:per_page] = 1
+    get "/api/v1/articles/?#{params.to_query}"
+    json_page_one = JSON.parse(last_response.body)
+
+    params[:page] = 2
+    params[:per_page] = 1
+    get "/api/v1/articles/?#{params.to_query}"
+    json_page_two = JSON.parse(last_response.body)
+
+    assert_includes json_page_one["articles"].map { |a| a["id"] }, article_two.id
+    assert_not_includes json_page_one["articles"].map { |a| a["id"] }, article_one.id
+
+    assert_includes json_page_two["articles"].map { |a| a["id"] }, article_one.id
+    assert_not_includes json_page_two["articles"].map { |a| a["id"] }, article_two.id
+  end
+
+  should 'list articles with timestamp' do
+    article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing")
+    article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+
+    article_one.updated_at = Time.now + 3.hours
+    article_one.save!
+
+    params[:timestamp] = Time.now + 1.hours
+    get "/api/v1/articles/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_includes json["articles"].map { |a| a["id"] }, article_one.id
+    assert_not_includes json["articles"].map { |a| a["id"] }, article_two.id
+  end
+
+  #############################
+  #     Profile Articles      #
+  #############################
+
+  profile_kinds = %w(community person enterprise)
+  profile_kinds.each do |kind|
+    should "return article by #{kind}" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      article = fast_create(Article, :profile_id => profile.id, :name => "Some thing")
+      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal article.id, json["article"]["id"]
+    end
+
+    should "not return article by #{kind} if user has no permission to view it" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
+      assert !article.published?
+
+      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
+      assert_equal 403, last_response.status
+    end
+
+    should "not list forbidden article when listing articles by #{kind}" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
+      assert !article.published?
+
+      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_not_includes json['articles'].map {|a| a['id']}, article.id
+    end
+
+    should "return article by #{kind} and path" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
+      article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article)
+
+      params[:path] = parent_article.slug+'/'+article.slug
+      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal article.id, json["article"]["id"]
+    end
+
+    should "not return article by #{kind} and path if user has no permission to view it" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
+      article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article, :published => false)
+
+      assert !article.published?
+
+      params[:path] = parent_article.slug+'/'+article.slug
+      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      assert_equal 403, last_response.status
+    end
+  end
+
+  #############################
+  #  Group Profile Articles   #
+  #############################
+
+  group_kinds = %w(community enterprise)
+  group_kinds.each do |kind|
+    should "#{kind}: create article" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      give_permission(user.person, 'post_content', profile)
+      params[:article] = {:name => "Title"}
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal "Title", json["article"]["title"]
+    end
+
+    should "#{kind}: do not create article if user has no permission to post content" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      give_permission(user.person, 'invite_members', profile)
+      params[:article] = {:name => "Title"}
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      assert_equal 403, last_response.status
+    end
+
+    should "#{kind} create article with parent" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
+      article = fast_create(Article)
+
+      params[:article] = {:name => "Title", :parent_id => article.id}
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal article.id, json["article"]["parent"]["id"]
+    end
+
+    should "#{kind} create article with content type passed as parameter" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
+
+      Article.delete_all
+      params[:article] = {:name => "Title"}
+      params[:content_type] = 'TextArticle'
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+
+      assert_kind_of TextArticle, Article.last
+    end
+
+    should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
+
+      params[:article] = {:name => "Title"}
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+
+      assert_kind_of TinyMceArticle, Article.last
+    end
+
+    should "#{kind}: not create article with invalid article content type" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      profile.add_member(user.person)
+
+      params[:article] = {:name => "Title"}
+      params[:content_type] = 'Person'
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+
+      assert_equal 403, last_response.status
+    end
+
+    should "#{kind} create article defining the correct profile" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
+
+      params[:article] = {:name => "Title"}
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+
+      assert_equal profile.id, json['article']['profile']['id']
+    end
+
+    should "#{kind}: create article defining the created_by" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
+
+      params[:article] = {:name => "Title"}
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+
+      assert_equal user.person, Article.last.created_by
+    end
+
+    should "#{kind}: create article defining the last_changed_by" do
+      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
+
+      params[:article] = {:name => "Title"}
+      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+
+      assert_equal user.person, Article.last.last_changed_by
+    end
+  end
+
+  #############################
+  #       Person Articles     #
+  #############################
+
+  should 'create article in a person' do
+    params[:article] = {:name => "Title"}
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal "Title", json["article"]["title"]
+  end
+
+  should 'person do not create article if user has no permission to post content' do
+    person = fast_create(Person, :environment_id => environment.id)
+    params[:article] = {:name => "Title"}
+    post "/api/v1/people/#{person.id}/articles?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'person create article with parent' do
+    article = fast_create(Article)
+
+    params[:article] = {:name => "Title", :parent_id => article.id}
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal article.id, json["article"]["parent"]["id"]
+  end
+
+  should 'person create article with content type passed as parameter' do
+    Article.delete_all
+    params[:article] = {:name => "Title"}
+    params[:content_type] = 'TextArticle'
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_kind_of TextArticle, Article.last
+  end
+
+  should 'person create article of TinyMceArticle type if no content type is passed as parameter' do
+    params[:article] = {:name => "Title"}
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_kind_of TinyMceArticle, Article.last
+  end
+
+  should 'person not create article with invalid article content type' do
+    params[:article] = {:name => "Title"}
+    params[:content_type] = 'Person'
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal 403, last_response.status
+  end
+
+  should 'person create article defining the correct profile' do
+    params[:article] = {:name => "Title"}
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal user.person, Article.last.profile
+  end
+
+  should 'person create article defining the created_by' do
+    params[:article] = {:name => "Title"}
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal user.person, Article.last.created_by
+  end
+
+  should 'person create article defining the last_changed_by' do
+    params[:article] = {:name => "Title"}
+    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal user.person, Article.last.last_changed_by
+  end
+
+  should 'list article children with partial fields' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
+    params[:fields] = [:title]
+    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal ['title'], json['articles'].first.keys
+  end
+
+  should 'suggest article children' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    params[:target_id] = user.person.id
+    params[:article] = {:name => "Article name", :body => "Article body"}
+    assert_difference "SuggestArticle.count" do
+      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
+    end
+    json = JSON.parse(last_response.body)
+    assert_equal 'SuggestArticle', json['task']['type']
+  end
+
+  should 'suggest event children' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    params[:target_id] = user.person.id
+    params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"}
+    assert_difference "SuggestArticle.count" do
+      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
+    end
+    json = JSON.parse(last_response.body)
+    assert_equal 'SuggestArticle', json['task']['type']
+  end
+
+  should 'update hit attribute of article children' do
+    a1 = fast_create(Article, :profile_id => user.person.id)
+    a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
+    a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
+    get "/api/v1/articles/#{a1.id}/children?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [1, 1], json['articles'].map { |a| a['hits']}
+    assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits]
+  end
+
+  should 'update hit attribute of article specific children' do
+    a1 = fast_create(Article, :profile_id => user.person.id)
+    a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
+    get "/api/v1/articles/#{a1.id}/children/#{a2.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 1, json['article']['hits']
+  end
+
+  should 'list all events of a community in a given category' do
+    co = Community.create(identifier: 'my-community', name: 'name-my-community')
+    c1 = Category.create(environment: Environment.default, name: 'my-category')
+    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
+    e1 = fast_create(Event, :profile_id => co.id)
+    e2 = fast_create(Event, :profile_id => co.id)
+    e1.categories << c1
+    e2.categories << c2
+    e1.save!
+    e2.save!
+    params['content_type']='Event'
+    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['articles'].count, 2
+  end
+
+  should 'list a event of a community in a given category' do
+    co = Community.create(identifier: 'my-community', name: 'name-my-community')
+    c1 = Category.create(environment: Environment.default, name: 'my-category')
+    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
+    e1 = fast_create(Event, :profile_id => co.id)
+    e2 = fast_create(Event, :profile_id => co.id)
+    e1.categories << c1
+    e2.categories << c2
+    e1.save!
+    e2.save!
+    params['category_ids[]']=c1.id
+    params['content_type']='Event'
+    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    #should show only one article, since the other not in the same category
+    assert_equal 1, json['articles'].count
+    assert_equal e1.id, json['articles'][0]['id']
+  end
+
+  should 'not list uncategorized event of a community if a category is given' do
+    co = Community.create(identifier: 'my-community', name: 'name-my-community')
+    c1 = Category.create(environment: Environment.default, name: 'my-category')
+    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
+    e1 = fast_create(Event, :profile_id => co.id)
+    e2 = fast_create(Event, :profile_id => co.id)
+    e3 = fast_create(Event, :profile_id => co.id)
+    e1.categories << c1
+    e2.categories << c2
+    params['category_ids[]']=c1.id
+    params['content_type']='Event'
+    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 1, json['articles'].count
+    assert_equal e1.id, json['articles'][0]['id']
+  end
+
+  should 'list events of a community in a given 2 categories' do
+    co = Community.create(identifier: 'my-community', name: 'name-my-community')
+    c1 = Category.create(environment: Environment.default, name: 'my-category')
+    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
+    e1 = fast_create(Event, :profile_id => co.id)
+    e2 = fast_create(Event, :profile_id => co.id)
+    e1.categories << c1
+    e2.categories << c2
+    e1.save!
+    e2.save!
+    params['content_type']='Event'
+    params['categories_ids'] = [c1.id, c2.id]
+    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['articles'].count, 2
+  end
+
+  should 'Show 2 events since it uses an IN operator for category instead of an OR' do
+    co = Community.create(identifier: 'my-community', name: 'name-my-community')
+    c1 = Category.create(environment: Environment.default, name: 'my-category')
+    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
+    c3 = Category.create(environment: Environment.default, name: 'extra-category')
+    e1 = fast_create(Event, :profile_id => co.id)
+    e2 = fast_create(Event, :profile_id => co.id)
+    e1.categories << c1
+    e2.categories << c2
+    e1.save!
+    e2.save!
+    params['content_type']='Event'
+    params['categories_ids'] = [c1.id, c2.id, c3.id]
+    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['articles'].count, 2
+  end
+
+  ARTICLE_ATTRIBUTES = %w(votes_count comments_count)
+
+  ARTICLE_ATTRIBUTES.map do |attribute|
+
+    define_method "test_should_expose_#{attribute}_attribute_in_article_enpoints" do
+      article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+      get "/api/v1/articles/#{article.id}?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_not_nil json['article'][attribute]
+    end
+  end
+end
@@ -0,0 +1,42 @@
+require_relative 'test_helper'
+
+class BoxesTest < ActiveSupport::TestCase
+
+  def setup
+    @controller = AccountController.new
+    @request = ActionController::TestRequest.new
+    login_api
+#    @request = ActionController::TestRequest.new
+  end
+
+  kinds= %w[Profile Community Person Enterprise Environment]
+  kinds.each do |kind|
+    should "get_boxes_from_#{kind.downcase.pluralize}" do
+      context_obj = fast_create(kind.constantize)
+      box = fast_create(Box, :owner_id => context_obj.id, :owner_type => (kind == 'Environment') ? 'Environment' : 'Profile')
+      get "/api/v1/#{kind.downcase.pluralize}/#{context_obj.id}/boxes?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal box.id, json["boxes"].first["id"]
+    end
+  end
+
+  should 'get boxes from default environment' do
+    Environment.delete_all
+    environment = fast_create(Environment, :is_default => true)
+    box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
+    get "/api/v1/environments/default/boxes?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal box.id, json["boxes"].first["id"]
+  end
+
+  should 'get boxes from context environment' do
+    env = fast_create(Environment, :is_default => true)
+    env2 = fast_create(Environment).domains << Domain.new(:name => 'test.host')
+    box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
+    get "/api/v1/environments/context/boxes?#{params.to_query}"
+
+    json = JSON.parse(last_response.body)
+    assert_equal box.id, json["boxes"].first["id"]
+  end
+
+end
@@ -0,0 +1,97 @@
+require_relative 'test_helper'
+
+class CategoriesTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'list categories' do
+    category = fast_create(Category, :environment_id => environment.id)
+    get "/api/v1/categories/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["categories"].map { |c| c["name"] }, category.name
+  end
+
+  should 'get category by id' do
+    category = fast_create(Category, :environment_id => environment.id)
+    get "/api/v1/categories/#{category.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal category.name, json["category"]["name"]
+  end
+
+  should 'list parent and children when get category by id' do
+    parent = fast_create(Category, :environment_id => environment.id)
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
+
+    category = fast_create(Category, :environment_id => environment.id)
+    category.parent = parent
+    category.children << child_1
+    category.children << child_2
+    category.save
+
+    get "/api/v1/categories/#{category.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent'])
+    assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] }
+  end
+
+  should 'include parent in categories list if params is true' do
+    parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
+
+    parent_2 = fast_create(Category, :environment_id => environment.id)
+    parent_2.parent = parent_1
+    parent_2.children << child_1
+    parent_2.children << child_2
+    parent_2.save
+
+    get "/api/v1/categories/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq
+
+    params[:include_parent] = true
+    get "/api/v1/categories/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id],
+      json["categories"].map { |c| c['parent'] && c['parent']['id'] }
+  end
+
+  should 'include children in categories list if params is true' do
+    category = fast_create(Category, :environment_id => environment.id)
+    child_1 = fast_create(Category, :environment_id => environment.id)
+    child_2 = fast_create(Category, :environment_id => environment.id)
+    child_3 = fast_create(Category, :environment_id => environment.id)
+
+    category.children << child_1
+    category.children << child_2
+    category.save
+
+    child_1.children << child_3
+    child_1.save
+
+    get "/api/v1/categories/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq
+
+    params[:include_children] = true
+    get "/api/v1/categories/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort],
+      json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort  }
+  end
+
+  expose_attributes = %w(id name full_name image display_color)
+
+  expose_attributes.each do |attr|
+    should "expose category #{attr} attribute by default" do
+      category = fast_create(Category, :environment_id => environment.id)
+      get "/api/v1/categories/?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+     assert json["categories"].last.has_key?(attr)
+    end
+  end
+
+end
@@ -0,0 +1,81 @@
+require_relative 'test_helper'
+
+class CommentsTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'not list comments if user has no permission to view the source article' do
+    person = fast_create(Person)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    assert !article.published?
+
+    get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not return comment if user has no permission to view the source article' do
+    person = fast_create(Person)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    comment = article.comments.create!(:body => "another comment", :author => user.person)
+    assert !article.published?
+
+    get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not comment an article if user has no permission to view it' do
+    person = fast_create(Person)
+    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
+    assert !article.published?
+
+    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'return comments of an article' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    article.comments.create!(:body => "some comment", :author => user.person)
+    article.comments.create!(:body => "another comment", :author => user.person)
+
+    get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 200, last_response.status
+    assert_equal 2, json["comments"].length
+  end
+
+  should 'return comment of an article' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    comment = article.comments.create!(:body => "another comment", :author => user.person)
+
+    get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 200, last_response.status
+    assert_equal comment.id, json['comment']['id']
+  end
+
+  should 'comment an article' do
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    body = 'My comment'
+    params.merge!({:body => body})
+
+    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 201, last_response.status
+    assert_equal body, json['comment']['body']
+  end
+
+  should 'comment creation define the source' do
+    amount = Comment.count
+    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
+    body = 'My comment'
+    params.merge!({:body => body})
+
+    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+    assert_equal amount + 1, Comment.count
+    comment = Comment.last
+    assert_not_nil comment.source
+  end
+
+end
@@ -0,0 +1,160 @@
+require_relative 'test_helper'
+
+class CommunitiesTest < ActiveSupport::TestCase
+
+  def setup
+    Community.delete_all
+    login_api
+  end
+
+  should 'list only communities' do
+    community = fast_create(Community, :environment_id => environment.id)
+    enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id
+    assert_includes json['communities'].map {|c| c['id']}, community.id
+  end
+
+  should 'list all communities' do
+    community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
+    community2 = fast_create(Community, :environment_id => environment.id)
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'not list invisible communities' do
+    community1 = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :visible => false)
+
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [community1.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'not list private communities without permission' do
+    community1 = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :public_profile => false)
+
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [community1.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'list private community for members' do
+    c1 = fast_create(Community, :environment_id => environment.id)
+    c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
+    c2.add_member(person)
+
+    get "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'create a community' do
+    params[:community] = {:name => 'some'}
+    post "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 'some', json['community']['name']
+  end
+
+  should 'return 400 status for invalid community creation' do
+    post "/api/v1/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 400, last_response.status
+  end
+
+  should 'get community' do
+    community = fast_create(Community, :environment_id => environment.id)
+
+    get "/api/v1/communities/#{community.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal community.id, json['community']['id']
+  end
+
+  should 'not get invisible community' do
+    community = fast_create(Community, :environment_id => environment.id, :visible => false)
+
+    get "/api/v1/communities/#{community.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['community'].blank?
+  end
+
+  should 'not get private communities without permission' do
+    community = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id, :public_profile => false)
+
+    get "/api/v1/communities/#{community.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal community.id, json['community']['id']
+  end
+
+  should 'get private community for members' do
+    community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)
+    community.add_member(person)
+
+
+    get "/api/v1/communities/#{community.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal community.id, json['community']['id']
+  end
+
+  should 'list person communities' do
+    community = fast_create(Community, :environment_id => environment.id)
+    fast_create(Community, :environment_id => environment.id)
+    community.add_member(person)
+
+    get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [community.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'not list person communities invisible' do
+    c1 = fast_create(Community, :environment_id => environment.id)
+    c2 = fast_create(Community, :environment_id => environment.id, :visible => false)
+    c1.add_member(person)
+    c2.add_member(person)
+
+    get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [c1.id], json['communities'].map {|c| c['id']}
+  end
+
+  should 'list communities with pagination' do
+    community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago)
+    community2 = fast_create(Community, :created_at => 2.days.ago)
+
+    params[:page] = 2
+    params[:per_page] = 1
+    get "/api/v1/communities?#{params.to_query}"
+    json_page_two = JSON.parse(last_response.body)
+
+    params[:page] = 1
+    params[:per_page] = 1
+    get "/api/v1/communities?#{params.to_query}"
+    json_page_one = JSON.parse(last_response.body)
+
+
+    assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id
+    assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id
+
+    assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id
+    assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id
+  end
+
+  should 'list communities with timestamp' do
+    community1 = fast_create(Community, :public_profile => true)
+    community2 = fast_create(Community)
+
+    community1.updated_at = Time.now + 3.hours
+    community1.save!
+
+    params[:timestamp] = Time.now + 1.hours
+    get "/api/v1/communities/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_includes json["communities"].map { |a| a["id"] }, community1.id
+    assert_not_includes json["communities"].map { |a| a["id"] }, community2.id
+  end
+end
@@ -0,0 +1,110 @@
+require_relative 'test_helper'
+
+class EnterprisesTest < ActiveSupport::TestCase
+
+  def setup
+    Enterprise.delete_all
+    login_api
+  end
+
+  should 'list only enterprises' do
+    community = fast_create(Community, :environment_id => environment.id) # should not list this community
+    enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id
+    assert_not_includes json['enterprises'].map {|c| c['id']}, community.id
+  end
+
+  should 'list all enterprises' do
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
+    enterprise2 = fast_create(Enterprise, :environment_id => environment.id)
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'not list invisible enterprises' do
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :visible => false)
+
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'not list private enterprises without permission' do
+    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
+
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'list private enterprise for members' do
+    c1 = fast_create(Enterprise, :environment_id => environment.id)
+    c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
+    c2.add_member(person)
+
+    get "/api/v1/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'get enterprise' do
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
+
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal enterprise.id, json['enterprise']['id']
+  end
+
+  should 'not get invisible enterprise' do
+    enterprise = fast_create(Enterprise, :visible => false)
+
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['enterprise'].blank?
+  end
+
+  should 'not get private enterprises without permission' do
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
+
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal enterprise.id, json['enterprise']['id']
+  end
+
+  should 'get private enterprise for members' do
+    enterprise = fast_create(Enterprise, :public_profile => false)
+    enterprise.add_member(person)
+
+    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal enterprise.id, json['enterprise']['id']
+  end
+
+  should 'list person enterprises' do
+    enterprise = fast_create(Enterprise, :environment_id => environment.id)
+    fast_create(Enterprise, :environment_id => environment.id)
+    enterprise.add_member(person)
+
+    get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [enterprise.id], json['enterprises'].map {|c| c['id']}
+  end
+
+  should 'not list person enterprises invisible' do
+    c1 = fast_create(Enterprise, :environment_id => environment.id)
+    c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false)
+    c1.add_member(person)
+    c2.add_member(person)
+
+    get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']}
+  end
+
+end
@@ -0,0 +1,38 @@
+require_relative 'test_helper'
+
+class EnvironmentTest < ActiveSupport::TestCase
+
+  def setup
+    @person = create_user('testing').person
+  end
+  attr_reader :person
+
+  should 'return the default environment' do
+    environment = Environment.default
+    get "/api/v1/environment/default"
+    json = JSON.parse(last_response.body)
+    assert_equal environment.id, json['id']
+  end
+
+  should 'return created environment' do
+    environment = fast_create(Environment)
+    default_env = Environment.default
+    assert_not_equal environment.id, default_env.id
+    get "/api/v1/environment/#{environment.id}"
+    json = JSON.parse(last_response.body)
+    assert_equal environment.id, json['id']
+  end
+
+  should 'return context environment' do
+    context_env = fast_create(Environment)
+    context_env.name = "example org"
+    context_env.save
+    context_env.domains<< Domain.new(:name => 'example.org')
+    default_env = Environment.default
+    assert_not_equal context_env.id, default_env.id
+    get "/api/v1/environment/context"
+    json = JSON.parse(last_response.body)
+    assert_equal context_env.id, json['id']
+  end  
+
+end
@@ -0,0 +1,245 @@
+require_relative 'test_helper'
+require 'noosfero/api/helpers'
+
+class APIHelpersTest < ActiveSupport::TestCase
+
+  include Noosfero::API::APIHelpers
+
+  def setup
+    @headers = {}
+  end
+
+  attr_accessor :headers
+
+  should 'get the current user with valid token' do
+    user = create_user('someuser')
+    user.generate_private_token!
+    self.params = {:private_token => user.private_token}
+    assert_equal user, current_user
+  end
+
+  should 'get the current user with valid token in header' do
+    user = create_user('someuser')
+    user.generate_private_token!
+    headers['Private-Token'] = user.private_token
+    assert_equal user, current_user
+  end
+
+  should 'get the current user even with expired token' do
+    user = create_user('someuser')
+    user.generate_private_token!
+    user.private_token_generated_at = DateTime.now.prev_year
+    user.save
+    self.params = {:private_token => user.private_token}
+    assert_equal user, current_user
+  end
+
+  should 'get the person of current user' do
+    user = create_user('someuser')
+    user.generate_private_token!
+    self.params = {:private_token => user.private_token}
+    assert_equal user.person, current_person
+  end
+
+#  #FIXME see how to make this test. Get the current_user variable
+#  should 'set current_user to nil after logout' do
+#    user = create_user('someuser')
+#    user.stubs(:private_token_expired?).returns(false)
+#    User.stubs(:find_by_private_token).returns(user)
+#    assert_not_nil current_user
+#    assert false
+#    logout
+#  end
+
+  should 'limit be defined as the params limit value' do
+    local_limit = 30
+    self.params= {:limit => local_limit}
+    assert_equal local_limit, limit
+  end
+
+  should 'return default limit if the limit parameter is minor than zero' do
+    self.params= {:limit => -1}
+    assert_equal 20, limit
+  end
+
+  should 'the default limit be 20' do
+    assert_equal 20, limit
+  end
+
+  should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do
+    assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0]
+  end
+
+  should 'the beginning of the period be from date passsed as parameter' do
+    from = DateTime.now
+    assert_equal from, period(from, nil).min
+  end
+
+  should 'the end of the period be now if no until date is passsed as parameter' do
+    assert_in_delta DateTime.now, period(nil, nil).max
+  end
+
+  should 'the end of the period be until date passsed as parameter' do
+    until_date = DateTime.now
+    assert_equal until_date, period(nil, until_date).max
+  end
+
+  should 'parse_content_type return nil if its blank' do
+    assert_nil parse_content_type("")
+  end
+
+  should 'parse_content_type be an array' do
+    assert_kind_of Array, parse_content_type("text_article")
+  end
+
+  should 'parse_content_type return all content types as an array' do
+    assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle")
+  end
+
+  should 'find_article return article by id in list passed for user with permission' do
+    user = create_user('someuser')
+    a = fast_create(Article, :profile_id => user.person.id)
+    fast_create(Article, :profile_id => user.person.id)
+    fast_create(Article, :profile_id => user.person.id)
+
+    user.generate_private_token!
+    User.expects(:find_by_private_token).returns(user)
+    assert_equal a, find_article(user.person.articles, a.id)
+  end
+
+  should 'find_article return forbidden when a user try to access an article without permission' do
+    user = create_user('someuser')
+    p = fast_create(Profile)
+    a = fast_create(Article, :published => false, :profile_id => p.id)
+    fast_create(Article, :profile_id => p.id)
+
+    user.generate_private_token!
+    User.expects(:find_by_private_token).returns(user)
+    assert_equal 403, find_article(p.articles, a.id).last
+  end
+
+  should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do
+    assert_nil make_conditions_with_parameter[:created_at]
+  end
+
+  should 'make_conditions_with_parameter return created_at parameter if from period is defined' do
+    assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at]
+  end
+
+  should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do
+    assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at]
+  end
+
+  should 'make_conditions_with_parameter return created_at parameter if until period is defined' do
+    assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at]
+  end
+
+  should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do
+    assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at]
+  end
+
+  should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do
+    assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min
+  end
+
+  should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do
+    date = '2010-10-10'
+    assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min
+  end
+
+  should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do
+    date = '2010-10-10'
+    assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max
+  end
+
+  should 'make_conditions_with_parameter return the until date passed as parameter' do
+    date = '2010-10-10'
+    assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min
+  end
+
+  should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do
+    assert_nil make_conditions_with_parameter[:type]
+  end
+
+  #test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association
+  should 'make_order_with_parameters return order if attribute is found at object association' do
+    environment = Environment.new
+    params = {:order => "name ASC"}
+    assert_equal "name ASC", make_order_with_parameters(environment, "articles", params)
+  end
+
+  # test added to check for eventual sql injection vunerabillity
+  #test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists
+  should 'make_order_with_parameters return default order if attributes not exists' do
+    environment = Environment.new
+    params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity
+    assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
+  end
+
+  should 'make_order_with_parameters return default order if sql injection detected' do
+    environment = Environment.new
+    params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity
+    assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
+  end
+
+  should 'make_order_with_parameters return RANDOM() if random is passed' do
+    environment = Environment.new
+    params = {:order => "random"} # quote used to check sql injection vunerabillity
+    assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
+  end
+
+  should 'make_order_with_parameters return RANDOM() if random function is passed' do
+    environment = Environment.new
+    params = {:order => "random()"} # quote used to check sql injection vunerabillity
+    assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
+  end
+
+  should 'render not_found if endpoint is unavailable' do
+    Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
+    self.expects(:not_found!)
+
+    filter_disabled_plugins_endpoints
+  end
+
+  should 'not touch in options when no fields parameter is passed' do
+    model = mock
+    expects(:present).with(model, {})
+    present_partial(model, {})
+  end
+
+  should 'fallback to array when fields parameter is not a json when calling present partial' do
+    model = mock
+    params[:fields] = ['name']
+    expects(:present).with(model, {:only => ['name']})
+    present_partial(model, {})
+  end
+
+  should 'fallback to comma separated string when fields parameter is not an array when calling present partial' do
+    model = mock
+    params[:fields] = 'name,description'
+    expects(:present).with(model, {:only => ['name', 'description']})
+    present_partial(model, {})
+  end
+
+  should 'accept json as fields parameter when calling present partial' do
+    model = mock
+    params[:fields] = {only: [:name, {user: [:login]}]}.to_json
+    expects(:present).with(model, {:only => ['name', {'user' => ['login']}]})
+    present_partial(model, {})
+  end
+
+  protected
+
+  def error!(info, status)
+    [info, status]
+  end
+
+  def params
+    @params ||= {}
+  end
+
+  def params= value
+    @params = value
+  end
+
+end
@@ -0,0 +1,258 @@
+require_relative 'test_helper'
+
+class PeopleTest < ActiveSupport::TestCase
+
+  def setup
+    Person.delete_all
+    login_api
+  end
+
+  should 'list all people' do
+    person1 = fast_create(Person, :public_profile => true)
+    person2 = fast_create(Person)
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'list all members of a community' do
+    person1 = fast_create(Person)
+    person2 = fast_create(Person)
+    community = fast_create(Community)
+    community.add_member(person1)
+    community.add_member(person2)
+
+    get "/api/v1/profiles/#{community.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 2, json["people"].count
+    assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]}
+  end
+
+  should 'not list invisible people' do
+    invisible_person = fast_create(Person, :visible => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    assert_not_includes json_response_ids(:people), invisible_person.id
+  end
+
+  should 'not list private people without permission' do
+    private_person = fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    assert_not_includes json_response_ids(:people), private_person.id
+  end
+
+  should 'list private person for friends' do
+    p1 = fast_create(Person)
+    p2 = fast_create(Person, :public_profile => false)
+    person.add_friend(p2)
+    p2.add_friend(person)
+
+    get "/api/v1/people?#{params.to_query}"
+    assert_includes json_response_ids(:people), p2.id
+  end
+
+  should 'get person' do
+    some_person = fast_create(Person)
+
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal some_person.id, json['person']['id']
+  end
+
+  should 'people endpoint filter by fields parameter' do
+    get "/api/v1/people?#{params.to_query}&fields=name"
+    json = JSON.parse(last_response.body)
+    expected = {'people' => [{'name' => person.name}]}
+    assert_equal expected, json
+  end
+
+  should 'people endpoint filter by fields parameter with hierarchy' do
+    fields = URI.encode({only: [:name, {user: [:login]}]}.to_json)
+    get "/api/v1/people?#{params.to_query}&fields=#{fields}"
+    json = JSON.parse(last_response.body)
+    expected = {'people' => [{'name' => person.name, 'user' => {'login' => 'testapi'}}]}
+    assert_equal expected, json
+  end
+
+  should 'get logged person' do
+    get "/api/v1/people/me?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.id, json['person']['id']
+  end
+
+  should 'me endpoint filter by fields parameter' do
+    get "/api/v1/people/me?#{params.to_query}&fields=name"
+    json = JSON.parse(last_response.body)
+    expected = {'person' => {'name' => person.name}}
+    assert_equal expected, json
+  end
+
+  should 'not get invisible person' do
+    person = fast_create(Person, :visible => false)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person'].blank?
+  end
+
+  should 'not get private people without permission' do
+    private_person = fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people/#{private_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person'].blank?
+  end
+
+  should 'get private person for friends' do
+    private_person = fast_create(Person, :public_profile => false)
+    person.add_friend(private_person)
+    private_person.add_friend(person)
+
+    get "/api/v1/people/#{private_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal private_person.id, json['person']['id']
+  end
+
+  should 'list person friends' do
+    friend = fast_create(Person)
+    person.add_friend(friend)
+    friend.add_friend(person)
+
+    get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
+    assert_includes json_response_ids(:people), person.id
+  end
+
+  should 'not list person invisible friends' do
+    friend = fast_create(Person)
+    invisible_friend = fast_create(Person, :visible => false)
+    person.add_friend(friend)
+    person.add_friend(invisible_friend)
+    friend.add_friend(person)
+    invisible_friend.add_friend(person)
+
+    get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
+    friends = json_response_ids(:people)
+    assert_includes friends, friend.id
+    assert_not_includes friends, invisible_friend.id
+  end
+
+  should 'create a person' do
+    login = 'some'
+    params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}
+    post "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal login, json['person']['identifier']
+  end
+
+  should 'return 400 status for invalid person creation' do
+    params[:person] = {:login => 'some'}
+    post "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 400, last_response.status
+  end
+
+  should 'display permissions' do
+    community = fast_create(Community)
+    community.add_member(fast_create(Person))
+    community.add_member(person)
+    permissions = Profile::Roles.member(person.environment.id).permissions
+    get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal json[community.identifier], permissions
+  end
+
+  should 'display permissions if self' do
+    get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
+    assert_equal 200, last_response.status
+  end
+
+  should 'display permissions if admin' do
+    environment = person.environment
+    environment.add_admin(person)
+    some_person = fast_create(Person)
+
+    get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
+    assert_equal 200, last_response.status
+  end
+
+  should 'not display permissions if not admin or self' do
+    some_person = create_user('some-person').person
+
+    get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'not update another person' do
+    person = fast_create(Person, :environment_id => environment.id)
+    post "/api/v1/people/#{person.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'update yourself' do
+    another_name = 'Another Name'
+    params[:person] = {}
+    params[:person][:name] = another_name
+    assert_not_equal another_name, person.name
+    post "/api/v1/people/#{person.id}?#{params.to_query}"
+    person.reload
+    assert_equal another_name, person.name
+  end
+
+  should 'display public custom fields' do
+    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
+    some_person = create_user('some-person').person
+    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} }
+    some_person.save!
+
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person']['additional_data'].has_key?('Custom Blog')
+    assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
+  end
+
+  should 'not display non-public custom fields' do
+    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
+    some_person = create_user('some-person').person
+    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
+    some_person.save!
+
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['person']['additional_data'], {}
+  end
+
+  should 'display non-public custom fields to friend' do
+    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
+    some_person = create_user('some-person').person
+    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
+    some_person.save!
+
+    f = Friendship.new
+    f.friend = some_person
+    f.person = person
+    f.save!
+
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person']['additional_data'].has_key?("Custom Blog")
+    assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
+  end
+
+  PERSON_ATTRIBUTES = %w(vote_count comments_count articles_count)
+
+  PERSON_ATTRIBUTES.map do |attribute|
+    define_method "test_should_not_expose_#{attribute}_attribute_in_person_enpoint_if_field_parameter_does_not_contain_the_attribute" do
+      get "/api/v1/people/me?#{params.to_query}&fields=name"
+      json = JSON.parse(last_response.body)
+      assert_nil json['person'][attribute]
+    end
+
+    define_method "test_should_expose_#{attribute}_attribute_in_person_enpoints_if_field_parameter_is_passed" do
+      get "/api/v1/people/me?#{params.to_query}&fields=#{attribute}"
+      json = JSON.parse(last_response.body)
+      assert_not_nil json['person'][attribute]
+    end
+  end
+end
@@ -0,0 +1,32 @@
+require_relative 'test_helper'
+
+class ProfilesTest < ActiveSupport::TestCase
+
+  def setup
+    Profile.delete_all
+    login_api
+  end
+
+  should 'list all profiles' do
+    person1 = fast_create(Person)
+    person2 = fast_create(Person)
+    community = fast_create(Community)
+    get "/api/v1/profiles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']}
+  end
+
+  should 'get person from profile id' do
+    some_person = fast_create(Person)
+    get "/api/v1/profiles/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal some_person.id, json['id']
+  end
+
+  should 'get community from profile id' do
+    community = fast_create(Community)
+    get "/api/v1/profiles/#{community.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal community.id, json['id']
+  end
+end
@@ -0,0 +1,150 @@
+require_relative 'test_helper'
+
+class SearchTest < ActiveSupport::TestCase
+
+  def setup
+    @person = create_user('testing').person
+  end
+  attr_reader :person
+
+  should 'not list unpublished articles' do
+    Article.delete_all
+    article = fast_create(Article, :profile_id => person.id, :published => false)
+    assert !article.published?
+    get "/api/v1/search/article"
+    json = JSON.parse(last_response.body)
+    assert_empty json['articles']
+  end
+
+  should 'list articles' do
+    fast_create(Article, :profile_id => person.id)
+    get "/api/v1/search/article"
+    json = JSON.parse(last_response.body)
+    assert_not_empty json['articles']
+  end
+
+  should 'list only articles that has children' do
+    article = fast_create(Article, :profile_id => person.id)
+    parent = create(Article, :profile_id => person.id, :name => 'parent article')
+    child = create(Article, :profile_id => person.id, :parent_id => parent.id, :name => 'child article')
+
+    get "/api/v1/search/article?has_children=true"
+    json = JSON.parse(last_response.body)
+    assert_equal parent.id, json['articles'].first['id']
+  end
+
+  should 'invalid search string articles' do
+    fast_create(Article, :profile_id => person.id, :name => 'some article')
+    get "/api/v1/search/article?query=test"
+    json = JSON.parse(last_response.body)
+    assert_empty json['articles']
+  end
+
+  should 'not list articles of wrong type' do
+    Article.delete_all
+    fast_create(Article, :profile_id => person.id)
+    get "/api/v1/search/article?type=TinyMceArticle"
+    json = JSON.parse(last_response.body)
+    assert_empty json['articles']
+  end
+
+  should 'list articles of one type' do
+    fast_create(Article, :profile_id => person.id)
+    article = fast_create(TinyMceArticle, :profile_id => person.id)
+
+    get "/api/v1/search/article?type=TinyMceArticle"
+    json = JSON.parse(last_response.body)
+    assert_equal article.id, json['articles'].first['id']
+  end
+
+  should 'list articles of one type and query string' do
+    fast_create(Article, :profile_id => person.id, :name => 'some article')
+    fast_create(Article, :profile_id => person.id, :name => 'Some thing')
+    article = fast_create(TinyMceArticle, :profile_id => person.id, :name => 'Some thing')
+    get "/api/v1/search/article?type=TinyMceArticle&query=thing"
+    json = JSON.parse(last_response.body)
+    assert_equal 1, json['articles'].count
+    assert_equal article.id, json['articles'].first['id']
+  end
+
+  should 'not return more entries than page limit' do
+    1.upto(5).each do |n|
+      fast_create(Article, :profile_id => person.id, :name => "Article #{n}")
+    end
+
+    get "/api/v1/search/article?query=Article&per_page=3"
+    json = JSON.parse(last_response.body)
+
+    assert_equal 3, json['articles'].count
+  end
+
+  should 'return entries second page' do
+    1.upto(5).each do |n|
+      fast_create(Article, :profile_id => person.id, :name => "Article #{n}")
+    end
+
+    get "/api/v1/search/article?query=Article&per_page=3&page=2"
+    json = JSON.parse(last_response.body)
+
+    assert_equal 2, json['articles'].count
+  end
+
+  should 'search articles in profile' do
+    person2 = fast_create(Person)
+    fast_create(Article, :profile_id => person.id)
+    fast_create(Article, :profile_id => person.id)
+    article = fast_create(Article, :profile_id => person2.id)
+
+    get "/api/v1/search/article?query=Article&profile_id=#{person2.id}"
+    json = JSON.parse(last_response.body)
+    assert_equal article.id, json['articles'].first['id']
+  end
+
+  should 'search and return values specified in fields parameter' do
+    fast_create(Article, :profile_id => person.id)
+    get "/api/v1/search/article?fields=title"
+    json = JSON.parse(last_response.body)
+    assert_not_empty json['articles']
+    assert_equal ['title'], json['articles'].first.keys
+  end
+
+  should 'search with parent' do
+    parent = fast_create(Folder, :profile_id => person.id)
+    fast_create(Article, :profile_id => person.id)
+    article = fast_create(Article, :profile_id => person.id, :parent_id => parent.id)
+    get "/api/v1/search/article?parent_id=#{parent.id}"
+    json = JSON.parse(last_response.body)
+    assert_equal 1, json['articles'].count
+    assert_equal article.id, json['articles'].first["id"]
+  end
+
+  should 'search filter by category' do
+    Article.delete_all
+    fast_create(Article, :profile_id => person.id)
+    article = fast_create(Article, :profile_id => person.id)
+    category = fast_create(Category)
+    article.categories<< category
+    get "/api/v1/search/article?category_ids=#{category.id}"
+    json = JSON.parse(last_response.body)
+    assert_equal 1, json['articles'].count
+    assert_equal article.id, json['articles'].first["id"]
+  end
+
+  should 'search filter by more than one category' do
+    Article.delete_all
+    fast_create(Article, :profile_id => person.id)
+    article1 = fast_create(Article, :profile_id => person.id)
+    article2 = fast_create(Article, :profile_id => person.id)
+    category1 = fast_create(Category)
+    category2 = fast_create(Category)
+    article1.categories<< category1
+    article2.categories<< category2
+    get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}"
+    json = JSON.parse(last_response.body)
+    ids = [article1.id, article2.id]
+    assert_equal 2, json['articles'].count
+    assert_includes ids, json['articles'].first["id"]
+    assert_includes ids, json['articles'].last["id"]
+  end
+
+end
@@ -0,0 +1,221 @@
+require_relative 'test_helper'
+
+class SessionTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'generate private token when login' do
+    params = {:login => "testapi", :password => "testapi"}
+    post "/api/v1/login?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert !json['user']["private_token"].blank?
+  end
+
+  should 'return 401 when login fails' do
+    user.destroy
+    params = {:login => "testapi", :password => "testapi"}
+    post "/api/v1/login?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'register a user' do
+    Environment.default.enable('skip_new_user_email_confirmation')
+    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 201, last_response.status
+    json = JSON.parse(last_response.body)
+    assert User['newuserapi'].activated?
+    assert json['user']['activated']
+    assert json['user']['private_token'].present?
+  end
+
+  should 'register a user with name' do
+    Environment.default.enable('skip_new_user_email_confirmation')
+    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :name => "Little John" }
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 201, last_response.status
+    json = JSON.parse(last_response.body)
+    assert json['user']['activated']
+    assert json['user']['private_token'].present?
+  end
+
+  should 'register an inactive user' do
+    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 201, last_response.status
+    json = JSON.parse(last_response.body)
+    assert !json['activated']
+    assert json['private_token'].blank?
+  end
+
+  should 'not register a user with invalid login' do
+    params = {:login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 400, last_response.status
+    json = JSON.parse(last_response.body)
+    msg = json['message'].split(':')
+    key = msg[0][2, 5]
+    val = msg[1][2, 38]
+    assert_equal "login", key
+    assert_equal "is too short (minimum is 2 characters)", val
+  end
+
+  should 'not register a user with invalid login pt' do
+    I18n.locale = "pt-BR"
+    params = {:lang => "pt-BR", :login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 400, last_response.status
+    json = JSON.parse(last_response.body)
+    msg = json['message'].split(':')
+    key = msg[0][2, 5]
+    val = msg[1][2, 35]
+    assert_equal "login", key
+    assert val.include? "muito curto"
+  end
+
+  should 'not register a user without email' do
+    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil }
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 400, last_response.status
+  end
+
+  should 'not register a duplicated user' do
+    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
+    post "/api/v1/register?#{params.to_query}"
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 400, last_response.status
+    json = JSON.parse(last_response.body)
+  end
+
+  # TODO: Add another test cases to check register situations
+  should 'activate a user' do
+    params = {
+      :login => "newuserapi",
+      :password => "newuserapi",
+      :password_confirmation => "newuserapi",
+      :email => "newuserapi@email.com"
+    }
+    user = User.new(params)
+    user.save!
+
+    params = { activation_code: user.activation_code}
+    patch "/api/v1/activate?#{params.to_query}"
+    assert_equal 200, last_response.status
+  end
+
+  should 'do not activate a user if admin must approve him' do
+    params = {
+      :login => "newuserapi",
+      :password => "newuserapi",
+      :password_confirmation => "newuserapi",
+      :email => "newuserapi@email.com",
+      :environment => Environment.default
+    }
+    user = User.new(params)
+    user.environment.enable('admin_must_approve_new_users')
+    user.save!
+
+    params = { activation_code: user.activation_code}
+    patch "/api/v1/activate?#{params.to_query}"
+    assert_equal 202, last_response.status
+    assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"]
+  end
+
+  should 'do not activate a user if the token is invalid' do
+    params = {
+      :login => "newuserapi",
+      :password => "newuserapi",
+      :password_confirmation => "newuserapi",
+      :email => "newuserapi@email.com",
+      :environment => Environment.default
+    }
+    user = User.new(params)
+    user.save!
+
+    params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'}
+    patch "/api/v1/activate?#{params.to_query}"
+    assert_equal 412, last_response.status
+  end
+
+  should 'create task to change password by user login' do
+    user = create_user
+    params = {:value => user.login}
+    assert_difference 'ChangePassword.count' do
+      post "/api/v1/forgot_password?#{params.to_query}"
+    end
+  end
+
+  should 'not create task to change password when user is not found' do
+    params = {:value => 'wronglogin'}
+    assert_no_difference 'ChangePassword.count' do
+      post "/api/v1/forgot_password?#{params.to_query}"
+    end
+    assert_equal 404, last_response.status
+  end
+
+  should 'change user password and close task' do
+    task = ChangePassword.create!(:requestor => @person)
+    params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'})
+    patch "/api/v1/new_password?#{params.to_query}"
+    assert_equal Task::Status::FINISHED, task.reload.status
+    assert user.reload.authenticated?('secret')
+    json = JSON.parse(last_response.body)
+    assert_equal user.id, json['user']['id']
+  end
+
+  should 'do not change user password when password confirmation is wrong' do
+    user = create_user
+    user.activate
+    task = ChangePassword.create!(:requestor => user.person)
+    params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}
+    patch "/api/v1/new_password?#{params.to_query}"
+    assert_equal Task::Status::ACTIVE, task.reload.status
+    assert !user.reload.authenticated?('secret')
+    assert_equal 400, last_response.status
+  end
+
+  should 'render not found when provide a wrong code on password change' do
+    params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
+    patch "/api/v1/new_password?#{params.to_query}"
+    assert_equal 404, last_response.status
+  end
+
+  should 'not return private token when the registered user is inactive' do
+    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
+    post "/api/v1/register?#{params.to_query}"
+    assert_equal 201, last_response.status
+    json = JSON.parse(last_response.body)
+    assert !User['newuserapi'].activated?
+    assert !json['user']['activated']
+    assert !json['user']['private_token'].present?
+  end
+
+  should 'resend activation code for an inactive user' do
+    user = create_user
+    params = {:value => user.login}
+    Delayed::Job.destroy_all
+    assert_difference 'ActionMailer::Base.deliveries.size' do
+      post "/api/v1/resend_activation_code?#{params.to_query}"
+      process_delayed_job_queue
+    end
+    json = JSON.parse(last_response.body)
+    refute json['users'].first['private_token']
+    assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s
+  end
+
+   should 'not resend activation code for an active user' do
+     user = create_user
+     params = {:value => user.login}
+     user.activate
+     Delayed::Job.destroy_all
+     assert_no_difference 'ActionMailer::Base.deliveries.size' do
+       post "/api/v1/resend_activation_code?#{params.to_query}"
+       process_delayed_job_queue
+     end
+     json = JSON.parse(last_response.body)
+     assert json['users'].first['private_token']
+   end
+
+end
@@ -0,0 +1,173 @@
+require_relative 'test_helper'
+
+class TasksTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+    @person = user.person
+    @community = fast_create(Community)
+    @environment = Environment.default
+  end
+
+  attr_accessor :person, :community, :environment
+
+  should 'list tasks of environment' do
+    environment.add_admin(person)
+    task = create(Task, :requestor => person, :target => environment)
+    get "/api/v1/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["tasks"].map { |a| a["id"] }, task.id
+  end
+
+  should 'return environment task by id' do
+    environment.add_admin(person)
+    task = create(Task, :requestor => person, :target => environment)
+    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return environmet task if user has no permission to view it' do
+    person = fast_create(Person)
+    task = create(Task, :requestor => person, :target => environment)
+
+    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+ #############################
+ #     Community Tasks    #
+ #############################
+
+  should 'return task by community' do
+    community = fast_create(Community)
+    community.add_admin(person)
+
+    task = create(Task, :requestor => person, :target => community)
+    assert person.is_member_of?(community)
+
+    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by community if user has no permission to view it' do
+    community = fast_create(Community)
+    task = create(Task, :requestor => person, :target => community)
+    assert !person.is_member_of?(community)
+
+    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task in a community' do
+    community = fast_create(Community)
+    give_permission(person, 'perform_task', community)
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task defining the requestor as current profile logged in' do
+    community = fast_create(Community)
+    community.add_member(person)
+
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal person, Task.last.requestor
+  end
+
+  should 'create task defining the target as the community' do
+    community = fast_create(Community)
+    community.add_member(person)
+
+    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal community, Task.last.target
+  end
+
+ #############################
+ #        Person Tasks       #
+ #############################
+
+  should 'return task by person' do
+    task = create(Task, :requestor => person, :target => person)
+    get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by person if user has no permission to view it' do
+    some_person = fast_create(Person)
+    task = create(Task, :requestor => person, :target => some_person)
+
+    get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task for person' do
+    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task for another person' do
+    some_person = fast_create(Person)
+    post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal some_person, Task.last.target
+  end
+
+  should 'create task defining the target as a person' do
+    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal person, Task.last.target
+  end
+
+ #############################
+ #      Enterprise Tasks     #
+ #############################
+
+  should 'return task by enterprise' do
+    enterprise = fast_create(Enterprise)
+    enterprise.add_admin(person)
+
+    task = create(Task, :requestor => person, :target => enterprise)
+    assert person.is_member_of?(enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal task.id, json["task"]["id"]
+  end
+
+  should 'not return task by enterprise if user has no permission to view it' do
+    enterprise = fast_create(Enterprise)
+    task = create(Task, :requestor => person, :target => enterprise)
+    assert !person.is_member_of?(enterprise)
+
+    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'create task in a enterprise' do
+    enterprise = fast_create(Enterprise)
+    give_permission(person, 'perform_task', enterprise)
+    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_not_nil json["task"]["id"]
+  end
+
+  should 'create task defining the target as the enterprise' do
+    enterprise = fast_create(Enterprise)
+    enterprise.add_member(person)
+
+    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal enterprise, Task.last.target
+  end
+end
@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class ActiveSupport::TestCase
+
+  include Rack::Test::Methods
+
+  def app
+    Noosfero::API::API
+  end
+
+  def login_api
+    @environment = Environment.default
+    @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment)
+    @user.activate
+    @person = @user.person
+
+    post "/api/v1/login?login=testapi&password=testapi"
+    json = JSON.parse(last_response.body)
+    @private_token = json["private_token"]
+    unless @private_token
+      @user.generate_private_token!
+      @private_token = @user.private_token
+    end
+
+    @params = {:private_token => @private_token}
+  end
+  attr_accessor :private_token, :user, :person, :params, :environment
+
+  private
+
+  def json_response_ids(kind)
+    json = JSON.parse(last_response.body)
+    json[kind.to_s].map {|c| c['id']}
+  end
+
+end
@@ -0,0 +1,105 @@
+# encoding: UTF-8
+require_relative 'test_helper'
+
+class UsersTest < ActiveSupport::TestCase
+
+  def setup
+    login_api
+  end
+
+  should 'list users' do
+    get "/api/v1/users/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["users"].map { |a| a["login"] }, user.login
+  end
+
+  should 'get user' do
+    get "/api/v1/users/#{user.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal user.id, json['user']['id']
+  end
+
+  should 'list user permissions' do
+    community = fast_create(Community)
+    community.add_admin(person)
+    get "/api/v1/users/#{user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["user"]["permissions"], community.identifier
+  end
+
+  should 'get logged user' do
+    get "/api/v1/users/me?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal user.id, json['user']['id']
+  end
+
+  should 'not show permissions to logged user' do
+    target_person = create_user('some-user').person
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("permissions")
+  end
+
+  should 'show permissions to self' do
+    get "/api/v1/users/#{user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("permissions")
+  end
+
+  should 'not show permissions to friend' do
+    target_person = create_user('some-user').person
+
+    f = Friendship.new
+    f.friend = target_person
+    f.person = person
+    f.save!
+
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("permissions")
+  end
+
+  should 'not show private attribute to logged user' do
+    target_person = create_user('some-user').person
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("email")
+  end
+
+  should 'show private attr to friend' do
+    target_person = create_user('some-user').person
+    f = Friendship.new
+    f.friend = target_person
+    f.person = person
+    f.save!
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert_equal target_person.email, json["user"]["email"]
+  end
+
+  should 'show public attribute to logged user' do
+    target_person = create_user('some-user').person
+    target_person.fields_privacy={:email=> 'public'}
+    target_person.save!
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert_equal json["user"]["email"],target_person.email
+  end
+
+  should 'show public and private field to admin' do
+    Environment.default.add_admin(person)
+
+    target_person = create_user('some-user').person
+    target_person.fields_privacy={:email=> 'public'}
+    target_person.save!
+
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert json["user"].has_key?("permissions")
+    assert json["user"].has_key?("activated")
+  end
+
+end
@@ -1,22 +0,0 @@
-require_relative 'test_helper'
-
-class ActivitiesTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-  end
-
-  should 'get activity from profile' do
-    person = fast_create(Person)
-    organization = fast_create(Organization)
-    assert_difference 'organization.activities_count' do
-      ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization
-      organization.reload
-    end
-    get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert 1, json["activities"].count
-    assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"]
-  end
-
-end
@@ -1,29 +0,0 @@
-require_relative 'test_helper'
-
-class MyPlugin < Noosfero::Plugin;end
-class MyPlugin::API;end
-
-class APITest < ActiveSupport::TestCase
-
-  should 'endpoint should not be available if its plugin is unavailable' do
-    endpoint = mock()
-    environment = Environment.default
-    environment.stubs(:plugin_enabled?).returns(false)
-    endpoint.stubs(:options).returns({:for => MyPlugin::API})
-
-    assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
-  end
-
-  should 'endpoint should be available if its plugin is available' do
-    class MyPlugin < Noosfero::Plugin;end
-    class MyPlugin::API;end
-
-    endpoint = mock()
-    environment = Environment.default
-    environment.stubs(:plugin_enabled?).returns(true)
-    endpoint.stubs(:options).returns({:for => MyPlugin::API})
-
-    assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
-  end
-
-end
@@ -1,667 +0,0 @@
-require_relative 'test_helper'
-
-class ArticlesTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-  end
-
-  should 'list articles' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    get "/api/v1/articles/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_includes json["articles"].map { |a| a["id"] }, article.id
-  end
-
-  should 'get profile homepage' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    person.home_page=article
-    person.save!
-
-    get "/api/v1/profiles/#{person.id}/home_page?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal article.id, json["article"]["id"]
-  end
-
-  should 'not list forbidden article when listing articles' do
-    person = fast_create(Person)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-    assert !article.published?
-
-    get "/api/v1/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_includes json['articles'].map {|a| a['id']}, article.id
-  end
-
-  should 'return article by id' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    get "/api/v1/articles/#{article.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal article.id, json["article"]["id"]
-  end
-
-  should 'not return article if user has no permission to view it' do
-    person = fast_create(Person, :environment_id => environment.id)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-    assert !article.published?
-
-    get "/api/v1/articles/#{article.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'follow a article identified by id' do
-    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
-    post "/api/v1/articles/#{article.id}/follow?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_not_equal 401, last_response.status
-    assert_equal true, json['success']
-  end
-
-  should 'return the followers count of an article' do
-    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
-    article.person_followers << @person
-
-    get "/api/v1/articles/#{article.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal 200, last_response.status
-    assert_equal 1, json['article']['followers_count']
-  end
-
-  should 'return the followers of a article identified by id' do
-    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
-
-    article_follower = ArticleFollower.new
-    article_follower.article = article
-    article_follower.person = @person
-    article_follower.save!
-
-    get "/api/v1/articles/#{article.id}/followers?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal 200, last_response.status
-    assert_equal 1, json['total_followers']
-  end
-
-  should 'list articles followed by me' do
-    article1 = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    fast_create(Article, :profile_id => user.person.id, :name => "Some other thing")
-    article1.person_followers << @person
-    get "/api/v1/articles/followed_by_me?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [article1.id], json['articles'].map { |a| a['id'] }
-  end
-
-
-  should 'list article children' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
-    child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
-    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
-  end
-
-  should 'list public article children for not logged in access' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
-    child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
-    get "/api/v1/articles/#{article.id}/children"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
-  end
-
-  should 'not list children of forbidden article' do
-    person = fast_create(Person, :environment_id => environment.id)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-    child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
-    child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
-    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'not return child of forbidden article' do
-    person = fast_create(Person, :environment_id => environment.id)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-    child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
-    get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'not return private child' do
-    person = fast_create(Person, :environment_id => environment.id)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
-    child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
-    get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'not list private child' do
-    person = fast_create(Person, :environment_id => environment.id)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
-    child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
-    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_includes json['articles'].map {|a| a['id']}, child.id
-  end
-
-  should 'perform a vote in a article identified by id' do
-    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
-    @params[:value] = 1
-
-    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_not_equal 401, last_response.status
-    assert_equal true, json['vote']
-  end
-
-  expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count)
-
-  expose_attributes.each do |attr|
-    should "expose article #{attr} attribute by default" do
-      article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-      get "/api/v1/articles/?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-     assert json["articles"].last.has_key?(attr)
-    end
-  end
-
-  should 'not perform a vote twice in same article' do
-    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
-    @params[:value] = 1
-    ## Perform a vote twice in API should compute only one vote
-    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
-    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
-
-    total = article.votes_total
-
-    assert_equal 1, total
-  end
-
-  should 'not perform a vote in favor and against a proposal' do
-    article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
-    @params[:value] = 1
-    ## Perform a vote in favor a proposal
-    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 201, last_response.status
-    ## Perform a vote against a proposal
-    @params[:value] = -1
-    post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    ## The api should not allow to save this vote
-    assert_equal 400, last_response.status
-  end
-
-  should "update body of article created by me" do
-    new_value = "Another body"
-    params[:article] = {:body => new_value}
-    article = fast_create(Article, :profile_id => person.id)
-    post "/api/v1/articles/#{article.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal new_value, json["article"]["body"]
-  end
-
-  should "update title of article created by me" do
-    new_value = "Another name"
-    params[:article] = {:name => new_value}
-    article = fast_create(Article, :profile_id => person.id)
-    post "/api/v1/articles/#{article.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal new_value, json["article"]["title"]
-  end
-
-  should 'not update article of another user' do
-    another_person = fast_create(Person, :environment_id => environment.id)
-    article = fast_create(Article, :profile_id => another_person.id)
-    params[:article] = {:title => 'Some title'}
-    post "/api/v1/articles/#{article.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'not update article without permission in community' do
-    community = fast_create(Community, :environment_id => environment.id)
-    article = fast_create(Article, :profile_id => community.id)
-    params[:article] = {:name => 'New title'}
-    post "/api/v1/articles/#{article.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-
-  should 'update article of community if user has permission' do
-    community = fast_create(Community, :environment_id => environment.id)
-    give_permission(person, 'post_content', community)
-    article = fast_create(Article, :profile_id => community.id)
-    new_value = "Another body"
-    params[:article] = {:body => new_value}
-    post "/api/v1/articles/#{article.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal new_value, json["article"]["body"]
-  end
-
-  should 'list articles with pagination' do
-    Article.destroy_all
-    article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing", :created_at => 2.days.ago)
-    article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :created_at => 1.day.ago)
-
-    params[:page] = 1
-    params[:per_page] = 1
-    get "/api/v1/articles/?#{params.to_query}"
-    json_page_one = JSON.parse(last_response.body)
-
-    params[:page] = 2
-    params[:per_page] = 1
-    get "/api/v1/articles/?#{params.to_query}"
-    json_page_two = JSON.parse(last_response.body)
-
-    assert_includes json_page_one["articles"].map { |a| a["id"] }, article_two.id
-    assert_not_includes json_page_one["articles"].map { |a| a["id"] }, article_one.id
-
-    assert_includes json_page_two["articles"].map { |a| a["id"] }, article_one.id
-    assert_not_includes json_page_two["articles"].map { |a| a["id"] }, article_two.id
-  end
-
-  should 'list articles with timestamp' do
-    article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing")
-    article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-
-    article_one.updated_at = Time.now + 3.hours
-    article_one.save!
-
-    params[:timestamp] = Time.now + 1.hours
-    get "/api/v1/articles/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_includes json["articles"].map { |a| a["id"] }, article_one.id
-    assert_not_includes json["articles"].map { |a| a["id"] }, article_two.id
-  end
-
-  #############################
-  #     Profile Articles      #
-  #############################
-
-  profile_kinds = %w(community person enterprise)
-  profile_kinds.each do |kind|
-    should "return article by #{kind}" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      article = fast_create(Article, :profile_id => profile.id, :name => "Some thing")
-      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-      assert_equal article.id, json["article"]["id"]
-    end
-
-    should "not return article by #{kind} if user has no permission to view it" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
-      assert !article.published?
-
-      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
-      assert_equal 403, last_response.status
-    end
-
-    should "not list forbidden article when listing articles by #{kind}" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
-      assert !article.published?
-
-      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-      assert_not_includes json['articles'].map {|a| a['id']}, article.id
-    end
-
-    should "return article by #{kind} and path" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
-      article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article)
-
-      params[:path] = parent_article.slug+'/'+article.slug
-      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-      assert_equal article.id, json["article"]["id"]
-    end
-
-    should "not return article by #{kind} and path if user has no permission to view it" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
-      article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article, :published => false)
-
-      assert !article.published?
-
-      params[:path] = parent_article.slug+'/'+article.slug
-      get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      assert_equal 403, last_response.status
-    end
-  end
-
-  #############################
-  #  Group Profile Articles   #
-  #############################
-
-  group_kinds = %w(community enterprise)
-  group_kinds.each do |kind|
-    should "#{kind}: create article" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      give_permission(user.person, 'post_content', profile)
-      params[:article] = {:name => "Title"}
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-      assert_equal "Title", json["article"]["title"]
-    end
-
-    should "#{kind}: do not create article if user has no permission to post content" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      give_permission(user.person, 'invite_members', profile)
-      params[:article] = {:name => "Title"}
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      assert_equal 403, last_response.status
-    end
-
-    should "#{kind} create article with parent" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
-      article = fast_create(Article)
-
-      params[:article] = {:name => "Title", :parent_id => article.id}
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-      assert_equal article.id, json["article"]["parent"]["id"]
-    end
-
-    should "#{kind} create article with content type passed as parameter" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
-
-      Article.delete_all
-      params[:article] = {:name => "Title"}
-      params[:content_type] = 'TextArticle'
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-
-      assert_kind_of TextArticle, Article.last
-    end
-
-    should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
-
-      params[:article] = {:name => "Title"}
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-
-      assert_kind_of TinyMceArticle, Article.last
-    end
-
-    should "#{kind}: not create article with invalid article content type" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      profile.add_member(user.person)
-
-      params[:article] = {:name => "Title"}
-      params[:content_type] = 'Person'
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-
-      assert_equal 403, last_response.status
-    end
-
-    should "#{kind} create article defining the correct profile" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
-
-      params[:article] = {:name => "Title"}
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-
-      assert_equal profile.id, json['article']['profile']['id']
-    end
-
-    should "#{kind}: create article defining the created_by" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
-
-      params[:article] = {:name => "Title"}
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-
-      assert_equal user.person, Article.last.created_by
-    end
-
-    should "#{kind}: create article defining the last_changed_by" do
-      profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
-      Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
-
-      params[:article] = {:name => "Title"}
-      post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-
-      assert_equal user.person, Article.last.last_changed_by
-    end
-  end
-
-  #############################
-  #       Person Articles     #
-  #############################
-
-  should 'create article in a person' do
-    params[:article] = {:name => "Title"}
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal "Title", json["article"]["title"]
-  end
-
-  should 'person do not create article if user has no permission to post content' do
-    person = fast_create(Person, :environment_id => environment.id)
-    params[:article] = {:name => "Title"}
-    post "/api/v1/people/#{person.id}/articles?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'person create article with parent' do
-    article = fast_create(Article)
-
-    params[:article] = {:name => "Title", :parent_id => article.id}
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal article.id, json["article"]["parent"]["id"]
-  end
-
-  should 'person create article with content type passed as parameter' do
-    Article.delete_all
-    params[:article] = {:name => "Title"}
-    params[:content_type] = 'TextArticle'
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_kind_of TextArticle, Article.last
-  end
-
-  should 'person create article of TinyMceArticle type if no content type is passed as parameter' do
-    params[:article] = {:name => "Title"}
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_kind_of TinyMceArticle, Article.last
-  end
-
-  should 'person not create article with invalid article content type' do
-    params[:article] = {:name => "Title"}
-    params[:content_type] = 'Person'
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal 403, last_response.status
-  end
-
-  should 'person create article defining the correct profile' do
-    params[:article] = {:name => "Title"}
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal user.person, Article.last.profile
-  end
-
-  should 'person create article defining the created_by' do
-    params[:article] = {:name => "Title"}
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal user.person, Article.last.created_by
-  end
-
-  should 'person create article defining the last_changed_by' do
-    params[:article] = {:name => "Title"}
-    post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal user.person, Article.last.last_changed_by
-  end
-
-  should 'list article children with partial fields' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
-    params[:fields] = [:title]
-    get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal ['title'], json['articles'].first.keys
-  end
-
-  should 'suggest article children' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    params[:target_id] = user.person.id
-    params[:article] = {:name => "Article name", :body => "Article body"}
-    assert_difference "SuggestArticle.count" do
-      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
-    end
-    json = JSON.parse(last_response.body)
-    assert_equal 'SuggestArticle', json['task']['type']
-  end
-
-  should 'suggest event children' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    params[:target_id] = user.person.id
-    params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"}
-    assert_difference "SuggestArticle.count" do
-      post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
-    end
-    json = JSON.parse(last_response.body)
-    assert_equal 'SuggestArticle', json['task']['type']
-  end
-
-  should 'update hit attribute of article children' do
-    a1 = fast_create(Article, :profile_id => user.person.id)
-    a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
-    a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
-    get "/api/v1/articles/#{a1.id}/children?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [1, 1], json['articles'].map { |a| a['hits']}
-    assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits]
-  end
-
-  should 'update hit attribute of article specific children' do
-    a1 = fast_create(Article, :profile_id => user.person.id)
-    a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
-    get "/api/v1/articles/#{a1.id}/children/#{a2.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 1, json['article']['hits']
-  end
-
-  should 'list all events of a community in a given category' do
-    co = Community.create(identifier: 'my-community', name: 'name-my-community')
-    c1 = Category.create(environment: Environment.default, name: 'my-category')
-    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
-    e1 = fast_create(Event, :profile_id => co.id)
-    e2 = fast_create(Event, :profile_id => co.id)
-    e1.categories << c1
-    e2.categories << c2
-    e1.save!
-    e2.save!
-    params['content_type']='Event'
-    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal json['articles'].count, 2
-  end
-
-  should 'list a event of a community in a given category' do
-    co = Community.create(identifier: 'my-community', name: 'name-my-community')
-    c1 = Category.create(environment: Environment.default, name: 'my-category')
-    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
-    e1 = fast_create(Event, :profile_id => co.id)
-    e2 = fast_create(Event, :profile_id => co.id)
-    e1.categories << c1
-    e2.categories << c2
-    e1.save!
-    e2.save!
-    params['category_ids[]']=c1.id
-    params['content_type']='Event'
-    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    #should show only one article, since the other not in the same category
-    assert_equal 1, json['articles'].count
-    assert_equal e1.id, json['articles'][0]['id']
-  end
-
-  should 'not list uncategorized event of a community if a category is given' do
-    co = Community.create(identifier: 'my-community', name: 'name-my-community')
-    c1 = Category.create(environment: Environment.default, name: 'my-category')
-    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
-    e1 = fast_create(Event, :profile_id => co.id)
-    e2 = fast_create(Event, :profile_id => co.id)
-    e3 = fast_create(Event, :profile_id => co.id)
-    e1.categories << c1
-    e2.categories << c2
-    params['category_ids[]']=c1.id
-    params['content_type']='Event'
-    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 1, json['articles'].count
-    assert_equal e1.id, json['articles'][0]['id']
-  end
-
-  should 'list events of a community in a given 2 categories' do
-    co = Community.create(identifier: 'my-community', name: 'name-my-community')
-    c1 = Category.create(environment: Environment.default, name: 'my-category')
-    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
-    e1 = fast_create(Event, :profile_id => co.id)
-    e2 = fast_create(Event, :profile_id => co.id)
-    e1.categories << c1
-    e2.categories << c2
-    e1.save!
-    e2.save!
-    params['content_type']='Event'
-    params['categories_ids'] = [c1.id, c2.id]
-    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal json['articles'].count, 2
-  end
-
-  should 'Show 2 events since it uses an IN operator for category instead of an OR' do
-    co = Community.create(identifier: 'my-community', name: 'name-my-community')
-    c1 = Category.create(environment: Environment.default, name: 'my-category')
-    c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
-    c3 = Category.create(environment: Environment.default, name: 'extra-category')
-    e1 = fast_create(Event, :profile_id => co.id)
-    e2 = fast_create(Event, :profile_id => co.id)
-    e1.categories << c1
-    e2.categories << c2
-    e1.save!
-    e2.save!
-    params['content_type']='Event'
-    params['categories_ids'] = [c1.id, c2.id, c3.id]
-    get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal json['articles'].count, 2
-  end
-
-  ARTICLE_ATTRIBUTES = %w(votes_count comments_count)
-
-  ARTICLE_ATTRIBUTES.map do |attribute|
-
-    define_method "test_should_expose_#{attribute}_attribute_in_article_enpoints" do
-      article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-      get "/api/v1/articles/#{article.id}?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-      assert_not_nil json['article'][attribute]
-    end
-  end
-end
@@ -1,42 +0,0 @@
-require_relative 'test_helper'
-
-class BoxesTest < ActiveSupport::TestCase
-
-  def setup
-    @controller = AccountController.new
-    @request = ActionController::TestRequest.new
-    login_api
-#    @request = ActionController::TestRequest.new
-  end
-
-  kinds= %w[Profile Community Person Enterprise Environment]
-  kinds.each do |kind|
-    should "get_boxes_from_#{kind.downcase.pluralize}" do
-      context_obj = fast_create(kind.constantize)
-      box = fast_create(Box, :owner_id => context_obj.id, :owner_type => (kind == 'Environment') ? 'Environment' : 'Profile')
-      get "/api/v1/#{kind.downcase.pluralize}/#{context_obj.id}/boxes?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-      assert_equal box.id, json["boxes"].first["id"]
-    end
-  end
-
-  should 'get boxes from default environment' do
-    Environment.delete_all
-    environment = fast_create(Environment, :is_default => true)
-    box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
-    get "/api/v1/environments/default/boxes?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal box.id, json["boxes"].first["id"]
-  end
-
-  should 'get boxes from context environment' do
-    env = fast_create(Environment, :is_default => true)
-    env2 = fast_create(Environment).domains << Domain.new(:name => 'test.host')
-    box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
-    get "/api/v1/environments/context/boxes?#{params.to_query}"
-
-    json = JSON.parse(last_response.body)
-    assert_equal box.id, json["boxes"].first["id"]
-  end
-
-end
@@ -1,97 +0,0 @@
-require_relative 'test_helper'
-
-class CategoriesTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-  end
-
-  should 'list categories' do
-    category = fast_create(Category, :environment_id => environment.id)
-    get "/api/v1/categories/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_includes json["categories"].map { |c| c["name"] }, category.name
-  end
-
-  should 'get category by id' do
-    category = fast_create(Category, :environment_id => environment.id)
-    get "/api/v1/categories/#{category.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal category.name, json["category"]["name"]
-  end
-
-  should 'list parent and children when get category by id' do
-    parent = fast_create(Category, :environment_id => environment.id)
-    child_1 = fast_create(Category, :environment_id => environment.id)
-    child_2 = fast_create(Category, :environment_id => environment.id)
-
-    category = fast_create(Category, :environment_id => environment.id)
-    category.parent = parent
-    category.children << child_1
-    category.children << child_2
-    category.save
-
-    get "/api/v1/categories/#{category.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent'])
-    assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] }
-  end
-
-  should 'include parent in categories list if params is true' do
-    parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
-    child_1 = fast_create(Category, :environment_id => environment.id)
-    child_2 = fast_create(Category, :environment_id => environment.id)
-
-    parent_2 = fast_create(Category, :environment_id => environment.id)
-    parent_2.parent = parent_1
-    parent_2.children << child_1
-    parent_2.children << child_2
-    parent_2.save
-
-    get "/api/v1/categories/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq
-
-    params[:include_parent] = true
-    get "/api/v1/categories/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id],
-      json["categories"].map { |c| c['parent'] && c['parent']['id'] }
-  end
-
-  should 'include children in categories list if params is true' do
-    category = fast_create(Category, :environment_id => environment.id)
-    child_1 = fast_create(Category, :environment_id => environment.id)
-    child_2 = fast_create(Category, :environment_id => environment.id)
-    child_3 = fast_create(Category, :environment_id => environment.id)
-
-    category.children << child_1
-    category.children << child_2
-    category.save
-
-    child_1.children << child_3
-    child_1.save
-
-    get "/api/v1/categories/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq
-
-    params[:include_children] = true
-    get "/api/v1/categories/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort],
-      json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort  }
-  end
-
-  expose_attributes = %w(id name full_name image display_color)
-
-  expose_attributes.each do |attr|
-    should "expose category #{attr} attribute by default" do
-      category = fast_create(Category, :environment_id => environment.id)
-      get "/api/v1/categories/?#{params.to_query}"
-      json = JSON.parse(last_response.body)
-     assert json["categories"].last.has_key?(attr)
-    end
-  end
-
-end
@@ -1,81 +0,0 @@
-require_relative 'test_helper'
-
-class CommentsTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-  end
-
-  should 'not list comments if user has no permission to view the source article' do
-    person = fast_create(Person)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-    assert !article.published?
-
-    get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'not return comment if user has no permission to view the source article' do
-    person = fast_create(Person)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-    comment = article.comments.create!(:body => "another comment", :author => user.person)
-    assert !article.published?
-
-    get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'not comment an article if user has no permission to view it' do
-    person = fast_create(Person)
-    article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
-    assert !article.published?
-
-    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'return comments of an article' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    article.comments.create!(:body => "some comment", :author => user.person)
-    article.comments.create!(:body => "another comment", :author => user.person)
-
-    get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 200, last_response.status
-    assert_equal 2, json["comments"].length
-  end
-
-  should 'return comment of an article' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    comment = article.comments.create!(:body => "another comment", :author => user.person)
-
-    get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 200, last_response.status
-    assert_equal comment.id, json['comment']['id']
-  end
-
-  should 'comment an article' do
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    body = 'My comment'
-    params.merge!({:body => body})
-
-    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 201, last_response.status
-    assert_equal body, json['comment']['body']
-  end
-
-  should 'comment creation define the source' do
-    amount = Comment.count
-    article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
-    body = 'My comment'
-    params.merge!({:body => body})
-
-    post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
-    assert_equal amount + 1, Comment.count
-    comment = Comment.last
-    assert_not_nil comment.source
-  end
-
-end
@@ -1,160 +0,0 @@
-require_relative 'test_helper'
-
-class CommunitiesTest < ActiveSupport::TestCase
-
-  def setup
-    Community.delete_all
-    login_api
-  end
-
-  should 'list only communities' do
-    community = fast_create(Community, :environment_id => environment.id)
-    enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
-    get "/api/v1/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id
-    assert_includes json['communities'].map {|c| c['id']}, community.id
-  end
-
-  should 'list all communities' do
-    community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
-    community2 = fast_create(Community, :environment_id => environment.id)
-    get "/api/v1/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}
-  end
-
-  should 'not list invisible communities' do
-    community1 = fast_create(Community, :environment_id => environment.id)
-    fast_create(Community, :environment_id => environment.id, :visible => false)
-
-    get "/api/v1/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [community1.id], json['communities'].map {|c| c['id']}
-  end
-
-  should 'not list private communities without permission' do
-    community1 = fast_create(Community, :environment_id => environment.id)
-    fast_create(Community, :environment_id => environment.id, :public_profile => false)
-
-    get "/api/v1/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [community1.id], json['communities'].map {|c| c['id']}
-  end
-
-  should 'list private community for members' do
-    c1 = fast_create(Community, :environment_id => environment.id)
-    c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
-    c2.add_member(person)
-
-    get "/api/v1/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']}
-  end
-
-  should 'create a community' do
-    params[:community] = {:name => 'some'}
-    post "/api/v1/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 'some', json['community']['name']
-  end
-
-  should 'return 400 status for invalid community creation' do
-    post "/api/v1/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 400, last_response.status
-  end
-
-  should 'get community' do
-    community = fast_create(Community, :environment_id => environment.id)
-
-    get "/api/v1/communities/#{community.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal community.id, json['community']['id']
-  end
-
-  should 'not get invisible community' do
-    community = fast_create(Community, :environment_id => environment.id, :visible => false)
-
-    get "/api/v1/communities/#{community.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json['community'].blank?
-  end
-
-  should 'not get private communities without permission' do
-    community = fast_create(Community, :environment_id => environment.id)
-    fast_create(Community, :environment_id => environment.id, :public_profile => false)
-
-    get "/api/v1/communities/#{community.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal community.id, json['community']['id']
-  end
-
-  should 'get private community for members' do
-    community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)
-    community.add_member(person)
-
-
-    get "/api/v1/communities/#{community.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal community.id, json['community']['id']
-  end
-
-  should 'list person communities' do
-    community = fast_create(Community, :environment_id => environment.id)
-    fast_create(Community, :environment_id => environment.id)
-    community.add_member(person)
-
-    get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [community.id], json['communities'].map {|c| c['id']}
-  end
-
-  should 'not list person communities invisible' do
-    c1 = fast_create(Community, :environment_id => environment.id)
-    c2 = fast_create(Community, :environment_id => environment.id, :visible => false)
-    c1.add_member(person)
-    c2.add_member(person)
-
-    get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [c1.id], json['communities'].map {|c| c['id']}
-  end
-
-  should 'list communities with pagination' do
-    community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago)
-    community2 = fast_create(Community, :created_at => 2.days.ago)
-
-    params[:page] = 2
-    params[:per_page] = 1
-    get "/api/v1/communities?#{params.to_query}"
-    json_page_two = JSON.parse(last_response.body)
-
-    params[:page] = 1
-    params[:per_page] = 1
-    get "/api/v1/communities?#{params.to_query}"
-    json_page_one = JSON.parse(last_response.body)
-
-
-    assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id
-    assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id
-
-    assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id
-    assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id
-  end
-
-  should 'list communities with timestamp' do
-    community1 = fast_create(Community, :public_profile => true)
-    community2 = fast_create(Community)
-
-    community1.updated_at = Time.now + 3.hours
-    community1.save!
-
-    params[:timestamp] = Time.now + 1.hours
-    get "/api/v1/communities/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_includes json["communities"].map { |a| a["id"] }, community1.id
-    assert_not_includes json["communities"].map { |a| a["id"] }, community2.id
-  end
-end
@@ -1,110 +0,0 @@
-require_relative 'test_helper'
-
-class EnterprisesTest < ActiveSupport::TestCase
-
-  def setup
-    Enterprise.delete_all
-    login_api
-  end
-
-  should 'list only enterprises' do
-    community = fast_create(Community, :environment_id => environment.id) # should not list this community
-    enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
-    get "/api/v1/enterprises?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id
-    assert_not_includes json['enterprises'].map {|c| c['id']}, community.id
-  end
-
-  should 'list all enterprises' do
-    enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
-    enterprise2 = fast_create(Enterprise, :environment_id => environment.id)
-    get "/api/v1/enterprises?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}
-  end
-
-  should 'not list invisible enterprises' do
-    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
-    fast_create(Enterprise, :visible => false)
-
-    get "/api/v1/enterprises?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
-  end
-
-  should 'not list private enterprises without permission' do
-    enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
-    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
-
-    get "/api/v1/enterprises?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
-  end
-
-  should 'list private enterprise for members' do
-    c1 = fast_create(Enterprise, :environment_id => environment.id)
-    c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
-    c2.add_member(person)
-
-    get "/api/v1/enterprises?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']}
-  end
-
-  should 'get enterprise' do
-    enterprise = fast_create(Enterprise, :environment_id => environment.id)
-
-    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal enterprise.id, json['enterprise']['id']
-  end
-
-  should 'not get invisible enterprise' do
-    enterprise = fast_create(Enterprise, :visible => false)
-
-    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json['enterprise'].blank?
-  end
-
-  should 'not get private enterprises without permission' do
-    enterprise = fast_create(Enterprise, :environment_id => environment.id)
-    fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
-
-    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal enterprise.id, json['enterprise']['id']
-  end
-
-  should 'get private enterprise for members' do
-    enterprise = fast_create(Enterprise, :public_profile => false)
-    enterprise.add_member(person)
-
-    get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal enterprise.id, json['enterprise']['id']
-  end
-
-  should 'list person enterprises' do
-    enterprise = fast_create(Enterprise, :environment_id => environment.id)
-    fast_create(Enterprise, :environment_id => environment.id)
-    enterprise.add_member(person)
-
-    get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [enterprise.id], json['enterprises'].map {|c| c['id']}
-  end
-
-  should 'not list person enterprises invisible' do
-    c1 = fast_create(Enterprise, :environment_id => environment.id)
-    c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false)
-    c1.add_member(person)
-    c2.add_member(person)
-
-    get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']}
-  end
-
-end
@@ -1,38 +0,0 @@
-require_relative 'test_helper'
-
-class EnvironmentTest < ActiveSupport::TestCase
-
-  def setup
-    @person = create_user('testing').person
-  end
-  attr_reader :person
-
-  should 'return the default environment' do
-    environment = Environment.default
-    get "/api/v1/environment/default"
-    json = JSON.parse(last_response.body)
-    assert_equal environment.id, json['id']
-  end
-
-  should 'return created environment' do
-    environment = fast_create(Environment)
-    default_env = Environment.default
-    assert_not_equal environment.id, default_env.id
-    get "/api/v1/environment/#{environment.id}"
-    json = JSON.parse(last_response.body)
-    assert_equal environment.id, json['id']
-  end
-
-  should 'return context environment' do
-    context_env = fast_create(Environment)
-    context_env.name = "example org"
-    context_env.save
-    context_env.domains<< Domain.new(:name => 'example.org')
-    default_env = Environment.default
-    assert_not_equal context_env.id, default_env.id
-    get "/api/v1/environment/context"
-    json = JSON.parse(last_response.body)
-    assert_equal context_env.id, json['id']
-  end  
-
-end
@@ -1,245 +0,0 @@
-require_relative 'test_helper'
-require 'noosfero/api/helpers'
-
-class APIHelpersTest < ActiveSupport::TestCase
-
-  include Noosfero::API::APIHelpers
-
-  def setup
-    @headers = {}
-  end
-
-  attr_accessor :headers
-
-  should 'get the current user with valid token' do
-    user = create_user('someuser')
-    user.generate_private_token!
-    self.params = {:private_token => user.private_token}
-    assert_equal user, current_user
-  end
-
-  should 'get the current user with valid token in header' do
-    user = create_user('someuser')
-    user.generate_private_token!
-    headers['Private-Token'] = user.private_token
-    assert_equal user, current_user
-  end
-
-  should 'get the current user even with expired token' do
-    user = create_user('someuser')
-    user.generate_private_token!
-    user.private_token_generated_at = DateTime.now.prev_year
-    user.save
-    self.params = {:private_token => user.private_token}
-    assert_equal user, current_user
-  end
-
-  should 'get the person of current user' do
-    user = create_user('someuser')
-    user.generate_private_token!
-    self.params = {:private_token => user.private_token}
-    assert_equal user.person, current_person
-  end
-
-#  #FIXME see how to make this test. Get the current_user variable
-#  should 'set current_user to nil after logout' do
-#    user = create_user('someuser')
-#    user.stubs(:private_token_expired?).returns(false)
-#    User.stubs(:find_by_private_token).returns(user)
-#    assert_not_nil current_user
-#    assert false
-#    logout
-#  end
-
-  should 'limit be defined as the params limit value' do
-    local_limit = 30
-    self.params= {:limit => local_limit}
-    assert_equal local_limit, limit
-  end
-
-  should 'return default limit if the limit parameter is minor than zero' do
-    self.params= {:limit => -1}
-    assert_equal 20, limit
-  end
-
-  should 'the default limit be 20' do
-    assert_equal 20, limit
-  end
-
-  should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do
-    assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0]
-  end
-
-  should 'the beginning of the period be from date passsed as parameter' do
-    from = DateTime.now
-    assert_equal from, period(from, nil).min
-  end
-
-  should 'the end of the period be now if no until date is passsed as parameter' do
-    assert_in_delta DateTime.now, period(nil, nil).max
-  end
-
-  should 'the end of the period be until date passsed as parameter' do
-    until_date = DateTime.now
-    assert_equal until_date, period(nil, until_date).max
-  end
-
-  should 'parse_content_type return nil if its blank' do
-    assert_nil parse_content_type("")
-  end
-
-  should 'parse_content_type be an array' do
-    assert_kind_of Array, parse_content_type("text_article")
-  end
-
-  should 'parse_content_type return all content types as an array' do
-    assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle")
-  end
-
-  should 'find_article return article by id in list passed for user with permission' do
-    user = create_user('someuser')
-    a = fast_create(Article, :profile_id => user.person.id)
-    fast_create(Article, :profile_id => user.person.id)
-    fast_create(Article, :profile_id => user.person.id)
-
-    user.generate_private_token!
-    User.expects(:find_by_private_token).returns(user)
-    assert_equal a, find_article(user.person.articles, a.id)
-  end
-
-  should 'find_article return forbidden when a user try to access an article without permission' do
-    user = create_user('someuser')
-    p = fast_create(Profile)
-    a = fast_create(Article, :published => false, :profile_id => p.id)
-    fast_create(Article, :profile_id => p.id)
-
-    user.generate_private_token!
-    User.expects(:find_by_private_token).returns(user)
-    assert_equal 403, find_article(p.articles, a.id).last
-  end
-
-  should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do
-    assert_nil make_conditions_with_parameter[:created_at]
-  end
-
-  should 'make_conditions_with_parameter return created_at parameter if from period is defined' do
-    assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at]
-  end
-
-  should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do
-    assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at]
-  end
-
-  should 'make_conditions_with_parameter return created_at parameter if until period is defined' do
-    assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at]
-  end
-
-  should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do
-    assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at]
-  end
-
-  should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do
-    assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min
-  end
-
-  should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do
-    date = '2010-10-10'
-    assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min
-  end
-
-  should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do
-    date = '2010-10-10'
-    assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max
-  end
-
-  should 'make_conditions_with_parameter return the until date passed as parameter' do
-    date = '2010-10-10'
-    assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min
-  end
-
-  should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do
-    assert_nil make_conditions_with_parameter[:type]
-  end
-
-  #test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association
-  should 'make_order_with_parameters return order if attribute is found at object association' do
-    environment = Environment.new
-    params = {:order => "name ASC"}
-    assert_equal "name ASC", make_order_with_parameters(environment, "articles", params)
-  end
-
-  # test added to check for eventual sql injection vunerabillity
-  #test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists
-  should 'make_order_with_parameters return default order if attributes not exists' do
-    environment = Environment.new
-    params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity
-    assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
-  end
-
-  should 'make_order_with_parameters return default order if sql injection detected' do
-    environment = Environment.new
-    params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity
-    assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
-  end
-
-  should 'make_order_with_parameters return RANDOM() if random is passed' do
-    environment = Environment.new
-    params = {:order => "random"} # quote used to check sql injection vunerabillity
-    assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
-  end
-
-  should 'make_order_with_parameters return RANDOM() if random function is passed' do
-    environment = Environment.new
-    params = {:order => "random()"} # quote used to check sql injection vunerabillity
-    assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
-  end
-
-  should 'render not_found if endpoint is unavailable' do
-    Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
-    self.expects(:not_found!)
-
-    filter_disabled_plugins_endpoints
-  end
-
-  should 'not touch in options when no fields parameter is passed' do
-    model = mock
-    expects(:present).with(model, {})
-    present_partial(model, {})
-  end
-
-  should 'fallback to array when fields parameter is not a json when calling present partial' do
-    model = mock
-    params[:fields] = ['name']
-    expects(:present).with(model, {:only => ['name']})
-    present_partial(model, {})
-  end
-
-  should 'fallback to comma separated string when fields parameter is not an array when calling present partial' do
-    model = mock
-    params[:fields] = 'name,description'
-    expects(:present).with(model, {:only => ['name', 'description']})
-    present_partial(model, {})
-  end
-
-  should 'accept json as fields parameter when calling present partial' do
-    model = mock
-    params[:fields] = {only: [:name, {user: [:login]}]}.to_json
-    expects(:present).with(model, {:only => ['name', {'user' => ['login']}]})
-    present_partial(model, {})
-  end
-
-  protected
-
-  def error!(info, status)
-    [info, status]
-  end
-
-  def params
-    @params ||= {}
-  end
-
-  def params= value
-    @params = value
-  end
-
-end
@@ -1,258 +0,0 @@
-require_relative 'test_helper'
-
-class PeopleTest < ActiveSupport::TestCase
-
-  def setup
-    Person.delete_all
-    login_api
-  end
-
-  should 'list all people' do
-    person1 = fast_create(Person, :public_profile => true)
-    person2 = fast_create(Person)
-    get "/api/v1/people?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}
-  end
-
-  should 'list all members of a community' do
-    person1 = fast_create(Person)
-    person2 = fast_create(Person)
-    community = fast_create(Community)
-    community.add_member(person1)
-    community.add_member(person2)
-
-    get "/api/v1/profiles/#{community.id}/members?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 2, json["people"].count
-    assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]}
-  end
-
-  should 'not list invisible people' do
-    invisible_person = fast_create(Person, :visible => false)
-
-    get "/api/v1/people?#{params.to_query}"
-    assert_not_includes json_response_ids(:people), invisible_person.id
-  end
-
-  should 'not list private people without permission' do
-    private_person = fast_create(Person, :public_profile => false)
-
-    get "/api/v1/people?#{params.to_query}"
-    assert_not_includes json_response_ids(:people), private_person.id
-  end
-
-  should 'list private person for friends' do
-    p1 = fast_create(Person)
-    p2 = fast_create(Person, :public_profile => false)
-    person.add_friend(p2)
-    p2.add_friend(person)
-
-    get "/api/v1/people?#{params.to_query}"
-    assert_includes json_response_ids(:people), p2.id
-  end
-
-  should 'get person' do
-    some_person = fast_create(Person)
-
-    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal some_person.id, json['person']['id']
-  end
-
-  should 'people endpoint filter by fields parameter' do
-    get "/api/v1/people?#{params.to_query}&fields=name"
-    json = JSON.parse(last_response.body)
-    expected = {'people' => [{'name' => person.name}]}
-    assert_equal expected, json
-  end
-
-  should 'people endpoint filter by fields parameter with hierarchy' do
-    fields = URI.encode({only: [:name, {user: [:login]}]}.to_json)
-    get "/api/v1/people?#{params.to_query}&fields=#{fields}"
-    json = JSON.parse(last_response.body)
-    expected = {'people' => [{'name' => person.name, 'user' => {'login' => 'testapi'}}]}
-    assert_equal expected, json
-  end
-
-  should 'get logged person' do
-    get "/api/v1/people/me?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal person.id, json['person']['id']
-  end
-
-  should 'me endpoint filter by fields parameter' do
-    get "/api/v1/people/me?#{params.to_query}&fields=name"
-    json = JSON.parse(last_response.body)
-    expected = {'person' => {'name' => person.name}}
-    assert_equal expected, json
-  end
-
-  should 'not get invisible person' do
-    person = fast_create(Person, :visible => false)
-
-    get "/api/v1/people/#{person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json['person'].blank?
-  end
-
-  should 'not get private people without permission' do
-    private_person = fast_create(Person, :public_profile => false)
-
-    get "/api/v1/people/#{private_person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json['person'].blank?
-  end
-
-  should 'get private person for friends' do
-    private_person = fast_create(Person, :public_profile => false)
-    person.add_friend(private_person)
-    private_person.add_friend(person)
-
-    get "/api/v1/people/#{private_person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal private_person.id, json['person']['id']
-  end
-
-  should 'list person friends' do
-    friend = fast_create(Person)
-    person.add_friend(friend)
-    friend.add_friend(person)
-
-    get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
-    assert_includes json_response_ids(:people), person.id
-  end
-
-  should 'not list person invisible friends' do
-    friend = fast_create(Person)
-    invisible_friend = fast_create(Person, :visible => false)
-    person.add_friend(friend)
-    person.add_friend(invisible_friend)
-    friend.add_friend(person)
-    invisible_friend.add_friend(person)
-
-    get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
-    friends = json_response_ids(:people)
-    assert_includes friends, friend.id
-    assert_not_includes friends, invisible_friend.id
-  end
-
-  should 'create a person' do
-    login = 'some'
-    params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}
-    post "/api/v1/people?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal login, json['person']['identifier']
-  end
-
-  should 'return 400 status for invalid person creation' do
-    params[:person] = {:login => 'some'}
-    post "/api/v1/people?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 400, last_response.status
-  end
-
-  should 'display permissions' do
-    community = fast_create(Community)
-    community.add_member(fast_create(Person))
-    community.add_member(person)
-    permissions = Profile::Roles.member(person.environment.id).permissions
-    get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal json[community.identifier], permissions
-  end
-
-  should 'display permissions if self' do
-    get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
-    assert_equal 200, last_response.status
-  end
-
-  should 'display permissions if admin' do
-    environment = person.environment
-    environment.add_admin(person)
-    some_person = fast_create(Person)
-
-    get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
-    assert_equal 200, last_response.status
-  end
-
-  should 'not display permissions if not admin or self' do
-    some_person = create_user('some-person').person
-
-    get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'not update another person' do
-    person = fast_create(Person, :environment_id => environment.id)
-    post "/api/v1/people/#{person.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'update yourself' do
-    another_name = 'Another Name'
-    params[:person] = {}
-    params[:person][:name] = another_name
-    assert_not_equal another_name, person.name
-    post "/api/v1/people/#{person.id}?#{params.to_query}"
-    person.reload
-    assert_equal another_name, person.name
-  end
-
-  should 'display public custom fields' do
-    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
-    some_person = create_user('some-person').person
-    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} }
-    some_person.save!
-
-    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json['person']['additional_data'].has_key?('Custom Blog')
-    assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
-  end
-
-  should 'not display non-public custom fields' do
-    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
-    some_person = create_user('some-person').person
-    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
-    some_person.save!
-
-    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal json['person']['additional_data'], {}
-  end
-
-  should 'display non-public custom fields to friend' do
-    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
-    some_person = create_user('some-person').person
-    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
-    some_person.save!
-
-    f = Friendship.new
-    f.friend = some_person
-    f.person = person
-    f.save!
-
-    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json['person']['additional_data'].has_key?("Custom Blog")
-    assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
-  end
-
-  PERSON_ATTRIBUTES = %w(vote_count comments_count articles_count)
-
-  PERSON_ATTRIBUTES.map do |attribute|
-    define_method "test_should_not_expose_#{attribute}_attribute_in_person_enpoint_if_field_parameter_does_not_contain_the_attribute" do
-      get "/api/v1/people/me?#{params.to_query}&fields=name"
-      json = JSON.parse(last_response.body)
-      assert_nil json['person'][attribute]
-    end
-
-    define_method "test_should_expose_#{attribute}_attribute_in_person_enpoints_if_field_parameter_is_passed" do
-      get "/api/v1/people/me?#{params.to_query}&fields=#{attribute}"
-      json = JSON.parse(last_response.body)
-      assert_not_nil json['person'][attribute]
-    end
-  end
-end
@@ -1,32 +0,0 @@
-require_relative 'test_helper'
-
-class ProfilesTest < ActiveSupport::TestCase
-
-  def setup
-    Profile.delete_all
-    login_api
-  end
-
-  should 'list all profiles' do
-    person1 = fast_create(Person)
-    person2 = fast_create(Person)
-    community = fast_create(Community)
-    get "/api/v1/profiles?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']}
-  end
-
-  should 'get person from profile id' do
-    some_person = fast_create(Person)
-    get "/api/v1/profiles/#{some_person.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal some_person.id, json['id']
-  end
-
-  should 'get community from profile id' do
-    community = fast_create(Community)
-    get "/api/v1/profiles/#{community.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal community.id, json['id']
-  end
-end
@@ -1,150 +0,0 @@
-require_relative 'test_helper'
-
-class SearchTest < ActiveSupport::TestCase
-
-  def setup
-    @person = create_user('testing').person
-  end
-  attr_reader :person
-
-  should 'not list unpublished articles' do
-    Article.delete_all
-    article = fast_create(Article, :profile_id => person.id, :published => false)
-    assert !article.published?
-    get "/api/v1/search/article"
-    json = JSON.parse(last_response.body)
-    assert_empty json['articles']
-  end
-
-  should 'list articles' do
-    fast_create(Article, :profile_id => person.id)
-    get "/api/v1/search/article"
-    json = JSON.parse(last_response.body)
-    assert_not_empty json['articles']
-  end
-
-  should 'list only articles that has children' do
-    article = fast_create(Article, :profile_id => person.id)
-    parent = create(Article, :profile_id => person.id, :name => 'parent article')
-    child = create(Article, :profile_id => person.id, :parent_id => parent.id, :name => 'child article')
-
-    get "/api/v1/search/article?has_children=true"
-    json = JSON.parse(last_response.body)
-    assert_equal parent.id, json['articles'].first['id']
-  end
-
-  should 'invalid search string articles' do
-    fast_create(Article, :profile_id => person.id, :name => 'some article')
-    get "/api/v1/search/article?query=test"
-    json = JSON.parse(last_response.body)
-    assert_empty json['articles']
-  end
-
-  should 'not list articles of wrong type' do
-    Article.delete_all
-    fast_create(Article, :profile_id => person.id)
-    get "/api/v1/search/article?type=TinyMceArticle"
-    json = JSON.parse(last_response.body)
-    assert_empty json['articles']
-  end
-
-  should 'list articles of one type' do
-    fast_create(Article, :profile_id => person.id)
-    article = fast_create(TinyMceArticle, :profile_id => person.id)
-
-    get "/api/v1/search/article?type=TinyMceArticle"
-    json = JSON.parse(last_response.body)
-    assert_equal article.id, json['articles'].first['id']
-  end
-
-  should 'list articles of one type and query string' do
-    fast_create(Article, :profile_id => person.id, :name => 'some article')
-    fast_create(Article, :profile_id => person.id, :name => 'Some thing')
-    article = fast_create(TinyMceArticle, :profile_id => person.id, :name => 'Some thing')
-    get "/api/v1/search/article?type=TinyMceArticle&query=thing"
-    json = JSON.parse(last_response.body)
-    assert_equal 1, json['articles'].count
-    assert_equal article.id, json['articles'].first['id']
-  end
-
-  should 'not return more entries than page limit' do
-    1.upto(5).each do |n|
-      fast_create(Article, :profile_id => person.id, :name => "Article #{n}")
-    end
-
-    get "/api/v1/search/article?query=Article&per_page=3"
-    json = JSON.parse(last_response.body)
-
-    assert_equal 3, json['articles'].count
-  end
-
-  should 'return entries second page' do
-    1.upto(5).each do |n|
-      fast_create(Article, :profile_id => person.id, :name => "Article #{n}")
-    end
-
-    get "/api/v1/search/article?query=Article&per_page=3&page=2"
-    json = JSON.parse(last_response.body)
-
-    assert_equal 2, json['articles'].count
-  end
-
-  should 'search articles in profile' do
-    person2 = fast_create(Person)
-    fast_create(Article, :profile_id => person.id)
-    fast_create(Article, :profile_id => person.id)
-    article = fast_create(Article, :profile_id => person2.id)
-
-    get "/api/v1/search/article?query=Article&profile_id=#{person2.id}"
-    json = JSON.parse(last_response.body)
-    assert_equal article.id, json['articles'].first['id']
-  end
-
-  should 'search and return values specified in fields parameter' do
-    fast_create(Article, :profile_id => person.id)
-    get "/api/v1/search/article?fields=title"
-    json = JSON.parse(last_response.body)
-    assert_not_empty json['articles']
-    assert_equal ['title'], json['articles'].first.keys
-  end
-
-  should 'search with parent' do
-    parent = fast_create(Folder, :profile_id => person.id)
-    fast_create(Article, :profile_id => person.id)
-    article = fast_create(Article, :profile_id => person.id, :parent_id => parent.id)
-    get "/api/v1/search/article?parent_id=#{parent.id}"
-    json = JSON.parse(last_response.body)
-    assert_equal 1, json['articles'].count
-    assert_equal article.id, json['articles'].first["id"]
-  end
-
-  should 'search filter by category' do
-    Article.delete_all
-    fast_create(Article, :profile_id => person.id)
-    article = fast_create(Article, :profile_id => person.id)
-    category = fast_create(Category)
-    article.categories<< category
-    get "/api/v1/search/article?category_ids=#{category.id}"
-    json = JSON.parse(last_response.body)
-    assert_equal 1, json['articles'].count
-    assert_equal article.id, json['articles'].first["id"]
-  end
-
-  should 'search filter by more than one category' do
-    Article.delete_all
-    fast_create(Article, :profile_id => person.id)
-    article1 = fast_create(Article, :profile_id => person.id)
-    article2 = fast_create(Article, :profile_id => person.id)
-    category1 = fast_create(Category)
-    category2 = fast_create(Category)
-    article1.categories<< category1
-    article2.categories<< category2
-    get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}"
-    json = JSON.parse(last_response.body)
-    ids = [article1.id, article2.id]
-    assert_equal 2, json['articles'].count
-    assert_includes ids, json['articles'].first["id"]
-    assert_includes ids, json['articles'].last["id"]
-  end
-
-end
@@ -1,221 +0,0 @@
-require_relative 'test_helper'
-
-class SessionTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-  end
-
-  should 'generate private token when login' do
-    params = {:login => "testapi", :password => "testapi"}
-    post "/api/v1/login?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert !json['user']["private_token"].blank?
-  end
-
-  should 'return 401 when login fails' do
-    user.destroy
-    params = {:login => "testapi", :password => "testapi"}
-    post "/api/v1/login?#{params.to_query}"
-    assert_equal 401, last_response.status
-  end
-
-  should 'register a user' do
-    Environment.default.enable('skip_new_user_email_confirmation')
-    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 201, last_response.status
-    json = JSON.parse(last_response.body)
-    assert User['newuserapi'].activated?
-    assert json['user']['activated']
-    assert json['user']['private_token'].present?
-  end
-
-  should 'register a user with name' do
-    Environment.default.enable('skip_new_user_email_confirmation')
-    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :name => "Little John" }
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 201, last_response.status
-    json = JSON.parse(last_response.body)
-    assert json['user']['activated']
-    assert json['user']['private_token'].present?
-  end
-
-  should 'register an inactive user' do
-    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 201, last_response.status
-    json = JSON.parse(last_response.body)
-    assert !json['activated']
-    assert json['private_token'].blank?
-  end
-
-  should 'not register a user with invalid login' do
-    params = {:login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 400, last_response.status
-    json = JSON.parse(last_response.body)
-    msg = json['message'].split(':')
-    key = msg[0][2, 5]
-    val = msg[1][2, 38]
-    assert_equal "login", key
-    assert_equal "is too short (minimum is 2 characters)", val
-  end
-
-  should 'not register a user with invalid login pt' do
-    I18n.locale = "pt-BR"
-    params = {:lang => "pt-BR", :login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 400, last_response.status
-    json = JSON.parse(last_response.body)
-    msg = json['message'].split(':')
-    key = msg[0][2, 5]
-    val = msg[1][2, 35]
-    assert_equal "login", key
-    assert val.include? "muito curto"
-  end
-
-  should 'not register a user without email' do
-    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil }
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 400, last_response.status
-  end
-
-  should 'not register a duplicated user' do
-    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
-    post "/api/v1/register?#{params.to_query}"
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 400, last_response.status
-    json = JSON.parse(last_response.body)
-  end
-
-  # TODO: Add another test cases to check register situations
-  should 'activate a user' do
-    params = {
-      :login => "newuserapi",
-      :password => "newuserapi",
-      :password_confirmation => "newuserapi",
-      :email => "newuserapi@email.com"
-    }
-    user = User.new(params)
-    user.save!
-
-    params = { activation_code: user.activation_code}
-    patch "/api/v1/activate?#{params.to_query}"
-    assert_equal 200, last_response.status
-  end
-
-  should 'do not activate a user if admin must approve him' do
-    params = {
-      :login => "newuserapi",
-      :password => "newuserapi",
-      :password_confirmation => "newuserapi",
-      :email => "newuserapi@email.com",
-      :environment => Environment.default
-    }
-    user = User.new(params)
-    user.environment.enable('admin_must_approve_new_users')
-    user.save!
-
-    params = { activation_code: user.activation_code}
-    patch "/api/v1/activate?#{params.to_query}"
-    assert_equal 202, last_response.status
-    assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"]
-  end
-
-  should 'do not activate a user if the token is invalid' do
-    params = {
-      :login => "newuserapi",
-      :password => "newuserapi",
-      :password_confirmation => "newuserapi",
-      :email => "newuserapi@email.com",
-      :environment => Environment.default
-    }
-    user = User.new(params)
-    user.save!
-
-    params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'}
-    patch "/api/v1/activate?#{params.to_query}"
-    assert_equal 412, last_response.status
-  end
-
-  should 'create task to change password by user login' do
-    user = create_user
-    params = {:value => user.login}
-    assert_difference 'ChangePassword.count' do
-      post "/api/v1/forgot_password?#{params.to_query}"
-    end
-  end
-
-  should 'not create task to change password when user is not found' do
-    params = {:value => 'wronglogin'}
-    assert_no_difference 'ChangePassword.count' do
-      post "/api/v1/forgot_password?#{params.to_query}"
-    end
-    assert_equal 404, last_response.status
-  end
-
-  should 'change user password and close task' do
-    task = ChangePassword.create!(:requestor => @person)
-    params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'})
-    patch "/api/v1/new_password?#{params.to_query}"
-    assert_equal Task::Status::FINISHED, task.reload.status
-    assert user.reload.authenticated?('secret')
-    json = JSON.parse(last_response.body)
-    assert_equal user.id, json['user']['id']
-  end
-
-  should 'do not change user password when password confirmation is wrong' do
-    user = create_user
-    user.activate
-    task = ChangePassword.create!(:requestor => user.person)
-    params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}
-    patch "/api/v1/new_password?#{params.to_query}"
-    assert_equal Task::Status::ACTIVE, task.reload.status
-    assert !user.reload.authenticated?('secret')
-    assert_equal 400, last_response.status
-  end
-
-  should 'render not found when provide a wrong code on password change' do
-    params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
-    patch "/api/v1/new_password?#{params.to_query}"
-    assert_equal 404, last_response.status
-  end
-
-  should 'not return private token when the registered user is inactive' do
-    params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
-    post "/api/v1/register?#{params.to_query}"
-    assert_equal 201, last_response.status
-    json = JSON.parse(last_response.body)
-    assert !User['newuserapi'].activated?
-    assert !json['user']['activated']
-    assert !json['user']['private_token'].present?
-  end
-
-  should 'resend activation code for an inactive user' do
-    user = create_user
-    params = {:value => user.login}
-    Delayed::Job.destroy_all
-    assert_difference 'ActionMailer::Base.deliveries.size' do
-      post "/api/v1/resend_activation_code?#{params.to_query}"
-      process_delayed_job_queue
-    end
-    json = JSON.parse(last_response.body)
-    refute json['users'].first['private_token']
-    assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s
-  end
-
-   should 'not resend activation code for an active user' do
-     user = create_user
-     params = {:value => user.login}
-     user.activate
-     Delayed::Job.destroy_all
-     assert_no_difference 'ActionMailer::Base.deliveries.size' do
-       post "/api/v1/resend_activation_code?#{params.to_query}"
-       process_delayed_job_queue
-     end
-     json = JSON.parse(last_response.body)
-     assert json['users'].first['private_token']
-   end
-
-end
@@ -1,173 +0,0 @@
-require_relative 'test_helper'
-
-class TasksTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-    @person = user.person
-    @community = fast_create(Community)
-    @environment = Environment.default
-  end
-
-  attr_accessor :person, :community, :environment
-
-  should 'list tasks of environment' do
-    environment.add_admin(person)
-    task = create(Task, :requestor => person, :target => environment)
-    get "/api/v1/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_includes json["tasks"].map { |a| a["id"] }, task.id
-  end
-
-  should 'return environment task by id' do
-    environment.add_admin(person)
-    task = create(Task, :requestor => person, :target => environment)
-    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal task.id, json["task"]["id"]
-  end
-
-  should 'not return environmet task if user has no permission to view it' do
-    person = fast_create(Person)
-    task = create(Task, :requestor => person, :target => environment)
-
-    get "/api/v1/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
- #############################
- #     Community Tasks    #
- #############################
-
-  should 'return task by community' do
-    community = fast_create(Community)
-    community.add_admin(person)
-
-    task = create(Task, :requestor => person, :target => community)
-    assert person.is_member_of?(community)
-
-    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal task.id, json["task"]["id"]
-  end
-
-  should 'not return task by community if user has no permission to view it' do
-    community = fast_create(Community)
-    task = create(Task, :requestor => person, :target => community)
-    assert !person.is_member_of?(community)
-
-    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'create task in a community' do
-    community = fast_create(Community)
-    give_permission(person, 'perform_task', community)
-    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_nil json["task"]["id"]
-  end
-
-  should 'create task defining the requestor as current profile logged in' do
-    community = fast_create(Community)
-    community.add_member(person)
-
-    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal person, Task.last.requestor
-  end
-
-  should 'create task defining the target as the community' do
-    community = fast_create(Community)
-    community.add_member(person)
-
-    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal community, Task.last.target
-  end
-
- #############################
- #        Person Tasks       #
- #############################
-
-  should 'return task by person' do
-    task = create(Task, :requestor => person, :target => person)
-    get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal task.id, json["task"]["id"]
-  end
-
-  should 'not return task by person if user has no permission to view it' do
-    some_person = fast_create(Person)
-    task = create(Task, :requestor => person, :target => some_person)
-
-    get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'create task for person' do
-    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_nil json["task"]["id"]
-  end
-
-  should 'create task for another person' do
-    some_person = fast_create(Person)
-    post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal some_person, Task.last.target
-  end
-
-  should 'create task defining the target as a person' do
-    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal person, Task.last.target
-  end
-
- #############################
- #      Enterprise Tasks     #
- #############################
-
-  should 'return task by enterprise' do
-    enterprise = fast_create(Enterprise)
-    enterprise.add_admin(person)
-
-    task = create(Task, :requestor => person, :target => enterprise)
-    assert person.is_member_of?(enterprise)
-
-    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal task.id, json["task"]["id"]
-  end
-
-  should 'not return task by enterprise if user has no permission to view it' do
-    enterprise = fast_create(Enterprise)
-    task = create(Task, :requestor => person, :target => enterprise)
-    assert !person.is_member_of?(enterprise)
-
-    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
-
-  should 'create task in a enterprise' do
-    enterprise = fast_create(Enterprise)
-    give_permission(person, 'perform_task', enterprise)
-    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_nil json["task"]["id"]
-  end
-
-  should 'create task defining the target as the enterprise' do
-    enterprise = fast_create(Enterprise)
-    enterprise.add_member(person)
-
-    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-
-    assert_equal enterprise, Task.last.target
-  end
-end
@@ -1,36 +0,0 @@
-require_relative '../../test_helper'
-
-class ActiveSupport::TestCase
-
-  include Rack::Test::Methods
-
-  def app
-    Noosfero::API::API
-  end
-
-  def login_api
-    @environment = Environment.default
-    @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment)
-    @user.activate
-    @person = @user.person
-
-    post "/api/v1/login?login=testapi&password=testapi"
-    json = JSON.parse(last_response.body)
-    @private_token = json["private_token"]
-    unless @private_token
-      @user.generate_private_token!
-      @private_token = @user.private_token
-    end
-
-    @params = {:private_token => @private_token}
-  end
-  attr_accessor :private_token, :user, :person, :params, :environment
-
-  private
-
-  def json_response_ids(kind)
-    json = JSON.parse(last_response.body)
-    json[kind.to_s].map {|c| c['id']}
-  end
-
-end
@@ -1,105 +0,0 @@
-# encoding: UTF-8
-require_relative 'test_helper'
-
-class UsersTest < ActiveSupport::TestCase
-
-  def setup
-    login_api
-  end
-
-  should 'list users' do
-    get "/api/v1/users/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_includes json["users"].map { |a| a["login"] }, user.login
-  end
-
-  should 'get user' do
-    get "/api/v1/users/#{user.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal user.id, json['user']['id']
-  end
-
-  should 'list user permissions' do
-    community = fast_create(Community)
-    community.add_admin(person)
-    get "/api/v1/users/#{user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_includes json["user"]["permissions"], community.identifier
-  end
-
-  should 'get logged user' do
-    get "/api/v1/users/me?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal user.id, json['user']['id']
-  end
-
-  should 'not show permissions to logged user' do
-    target_person = create_user('some-user').person
-    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    refute json["user"].has_key?("permissions")
-  end
-
-  should 'show permissions to self' do
-    get "/api/v1/users/#{user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json["user"].has_key?("permissions")
-  end
-
-  should 'not show permissions to friend' do
-    target_person = create_user('some-user').person
-
-    f = Friendship.new
-    f.friend = target_person
-    f.person = person
-    f.save!
-
-    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    refute json["user"].has_key?("permissions")
-  end
-
-  should 'not show private attribute to logged user' do
-    target_person = create_user('some-user').person
-    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    refute json["user"].has_key?("email")
-  end
-
-  should 'show private attr to friend' do
-    target_person = create_user('some-user').person
-    f = Friendship.new
-    f.friend = target_person
-    f.person = person
-    f.save!
-    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json["user"].has_key?("email")
-    assert_equal target_person.email, json["user"]["email"]
-  end
-
-  should 'show public attribute to logged user' do
-    target_person = create_user('some-user').person
-    target_person.fields_privacy={:email=> 'public'}
-    target_person.save!
-    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json["user"].has_key?("email")
-    assert_equal json["user"]["email"],target_person.email
-  end
-
-  should 'show public and private field to admin' do
-    Environment.default.add_admin(person)
-
-    target_person = create_user('some-user').person
-    target_person.fields_privacy={:email=> 'public'}
-    target_person.save!
-
-    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert json["user"].has_key?("email")
-    assert json["user"].has_key?("permissions")
-    assert json["user"].has_key?("activated")
-  end
-
-end
...	...	@@ -14,6 +14,10 @@ stages:
14	14	# script: bundle exec rake ci:smoke
15	15	# stage: smoke-tests
16	16
	17	+api:
	18	+ script: bundle exec rake test:api
	19	+ stage: all-tests
	20	+
17	21	units:
18	22	script: bundle exec rake test:units
19	23	stage: all-tests
...	...
...	...	@@ -44,6 +44,7 @@ before_script:
44	44	- bundle exec rake db:migrate &>/dev/null
45	45
46	46	env:
	47	+ - TASK=test:api
47	48	- TASK=test:units
48	49	- TASK=test:functionals
49	50	- TASK=test:integration
...	...
1		-
	1	+namespace :test do
	2	+ desc "Run the API tests in test/api"
	3	+ Rake::TestTask.new api: "db:test:prepare" do \|t\|
	4	+ t.libs << 'test'
	5	+ t.pattern = 'test/api/*/_test.rb'
	6	+ t.warning = false
	7	+ end
	8	+end
...	...
1	1	#!/usr/bin/env ruby
2	2
3	3	tasks = %w[
	4	+ test:api
4	5	test:units
5	6	test:functionals
6	7	test:integration
...	...
...	...	@@ -0,0 +1,22 @@
	1	+require_relative 'test_helper'
	2	+
	3	+class ActivitiesTest < ActiveSupport::TestCase
	4	+
	5	+ def setup
	6	+ login_api
	7	+ end
	8	+
	9	+ should 'get activity from profile' do
	10	+ person = fast_create(Person)
	11	+ organization = fast_create(Organization)
	12	+ assert_difference 'organization.activities_count' do
	13	+ ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization
	14	+ organization.reload
	15	+ end
	16	+ get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}"
	17	+ json = JSON.parse(last_response.body)
	18	+ assert 1, json["activities"].count
	19	+ assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"]
	20	+ end
	21	+
	22	+end
...	...
...	...	@@ -0,0 +1,29 @@
	1	+require_relative 'test_helper'
	2	+
	3	+class MyPlugin < Noosfero::Plugin;end
	4	+class MyPlugin::API;end
	5	+
	6	+class APITest < ActiveSupport::TestCase
	7	+
	8	+ should 'endpoint should not be available if its plugin is unavailable' do
	9	+ endpoint = mock()
	10	+ environment = Environment.default
	11	+ environment.stubs(:plugin_enabled?).returns(false)
	12	+ endpoint.stubs(:options).returns({:for => MyPlugin::API})
	13	+
	14	+ assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
	15	+ end
	16	+
	17	+ should 'endpoint should be available if its plugin is available' do
	18	+ class MyPlugin < Noosfero::Plugin;end
	19	+ class MyPlugin::API;end
	20	+
	21	+ endpoint = mock()
	22	+ environment = Environment.default
	23	+ environment.stubs(:plugin_enabled?).returns(true)
	24	+ endpoint.stubs(:options).returns({:for => MyPlugin::API})
	25	+
	26	+ assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
	27	+ end
	28	+
	29	+end
...	...
...	...	@@ -0,0 +1,42 @@
	1	+require_relative 'test_helper'
	2	+
	3	+class BoxesTest < ActiveSupport::TestCase
	4	+
	5	+ def setup
	6	+ @controller = AccountController.new
	7	+ @request = ActionController::TestRequest.new
	8	+ login_api
	9	+# @request = ActionController::TestRequest.new
	10	+ end
	11	+
	12	+ kinds= %w[Profile Community Person Enterprise Environment]
	13	+ kinds.each do \|kind\|
	14	+ should "get_boxes_from_#{kind.downcase.pluralize}" do
	15	+ context_obj = fast_create(kind.constantize)
	16	+ box = fast_create(Box, :owner_id => context_obj.id, :owner_type => (kind == 'Environment') ? 'Environment' : 'Profile')
	17	+ get "/api/v1/#{kind.downcase.pluralize}/#{context_obj.id}/boxes?#{params.to_query}"
	18	+ json = JSON.parse(last_response.body)
	19	+ assert_equal box.id, json["boxes"].first["id"]
	20	+ end
	21	+ end
	22	+
	23	+ should 'get boxes from default environment' do
	24	+ Environment.delete_all
	25	+ environment = fast_create(Environment, :is_default => true)
	26	+ box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
	27	+ get "/api/v1/environments/default/boxes?#{params.to_query}"
	28	+ json = JSON.parse(last_response.body)
	29	+ assert_equal box.id, json["boxes"].first["id"]
	30	+ end
	31	+
	32	+ should 'get boxes from context environment' do
	33	+ env = fast_create(Environment, :is_default => true)
	34	+ env2 = fast_create(Environment).domains << Domain.new(:name => 'test.host')
	35	+ box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
	36	+ get "/api/v1/environments/context/boxes?#{params.to_query}"
	37	+
	38	+ json = JSON.parse(last_response.body)
	39	+ assert_equal box.id, json["boxes"].first["id"]
	40	+ end
	41	+
	42	+end
...	...
...	...	@@ -0,0 +1,97 @@
	1	+require_relative 'test_helper'
	2	+
	3	+class CategoriesTest < ActiveSupport::TestCase
	4	+
	5	+ def setup
	6	+ login_api
	7	+ end
	8	+
	9	+ should 'list categories' do
	10	+ category = fast_create(Category, :environment_id => environment.id)
	11	+ get "/api/v1/categories/?#{params.to_query}"
	12	+ json = JSON.parse(last_response.body)
	13	+ assert_includes json["categories"].map { \|c\| c["name"] }, category.name
	14	+ end
	15	+
	16	+ should 'get category by id' do
	17	+ category = fast_create(Category, :environment_id => environment.id)
	18	+ get "/api/v1/categories/#{category.id}/?#{params.to_query}"
	19	+ json = JSON.parse(last_response.body)
	20	+ assert_equal category.name, json["category"]["name"]
	21	+ end
	22	+
	23	+ should 'list parent and children when get category by id' do
	24	+ parent = fast_create(Category, :environment_id => environment.id)
	25	+ child_1 = fast_create(Category, :environment_id => environment.id)
	26	+ child_2 = fast_create(Category, :environment_id => environment.id)
	27	+
	28	+ category = fast_create(Category, :environment_id => environment.id)
	29	+ category.parent = parent
	30	+ category.children << child_1
	31	+ category.children << child_2
	32	+ category.save
	33	+
	34	+ get "/api/v1/categories/#{category.id}/?#{params.to_query}"
	35	+ json = JSON.parse(last_response.body)
	36	+ assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent'])
	37	+ assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { \|c\| c['id'] }
	38	+ end
	39	+
	40	+ should 'include parent in categories list if params is true' do
	41	+ parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
	42	+ child_1 = fast_create(Category, :environment_id => environment.id)
	43	+ child_2 = fast_create(Category, :environment_id => environment.id)
	44	+
	45	+ parent_2 = fast_create(Category, :environment_id => environment.id)
	46	+ parent_2.parent = parent_1
	47	+ parent_2.children << child_1
	48	+ parent_2.children << child_2
	49	+ parent_2.save
	50	+
	51	+ get "/api/v1/categories/?#{params.to_query}"
	52	+ json = JSON.parse(last_response.body)
	53	+ assert_equal [nil], json['categories'].map { \|c\| c['parent'] }.uniq
	54	+
	55	+ params[:include_parent] = true
	56	+ get "/api/v1/categories/?#{params.to_query}"
	57	+ json = JSON.parse(last_response.body)
	58	+ assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id],
	59	+ json["categories"].map { \|c\| c['parent'] && c['parent']['id'] }
	60	+ end
	61	+
	62	+ should 'include children in categories list if params is true' do
	63	+ category = fast_create(Category, :environment_id => environment.id)
	64	+ child_1 = fast_create(Category, :environment_id => environment.id)
	65	+ child_2 = fast_create(Category, :environment_id => environment.id)
	66	+ child_3 = fast_create(Category, :environment_id => environment.id)
	67	+
	68	+ category.children << child_1
	69	+ category.children << child_2
	70	+ category.save
	71	+
	72	+ child_1.children << child_3
	73	+ child_1.save
	74	+
	75	+ get "/api/v1/categories/?#{params.to_query}"
	76	+ json = JSON.parse(last_response.body)
	77	+ assert_equal [nil], json['categories'].map { \|c\| c['children'] }.uniq
	78	+
	79	+ params[:include_children] = true
	80	+ get "/api/v1/categories/?#{params.to_query}"
	81	+ json = JSON.parse(last_response.body)
	82	+ assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort],
	83	+ json["categories"].map{ \|c\| c['children'].map{ \|child\| child['id'] }.sort }
	84	+ end
	85	+
	86	+ expose_attributes = %w(id name full_name image display_color)
	87	+
	88	+ expose_attributes.each do \|attr\|
	89	+ should "expose category #{attr} attribute by default" do
	90	+ category = fast_create(Category, :environment_id => environment.id)
	91	+ get "/api/v1/categories/?#{params.to_query}"
	92	+ json = JSON.parse(last_response.body)
	93	+ assert json["categories"].last.has_key?(attr)
	94	+ end
	95	+ end
	96	+
	97	+end
...	...
...	...	@@ -0,0 +1,81 @@
	1	+require_relative 'test_helper'
	2	+
	3	+class CommentsTest < ActiveSupport::TestCase
	4	+
	5	+ def setup
	6	+ login_api
	7	+ end
	8	+
	9	+ should 'not list comments if user has no permission to view the source article' do
	10	+ person = fast_create(Person)
	11	+ article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
	12	+ assert !article.published?
	13	+
	14	+ get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
	15	+ assert_equal 403, last_response.status
	16	+ end
	17	+
	18	+ should 'not return comment if user has no permission to view the source article' do
	19	+ person = fast_create(Person)
	20	+ article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
	21	+ comment = article.comments.create!(:body => "another comment", :author => user.person)
	22	+ assert !article.published?
	23	+
	24	+ get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
	25	+ assert_equal 403, last_response.status
	26	+ end
	27	+
	28	+ should 'not comment an article if user has no permission to view it' do
	29	+ person = fast_create(Person)
	30	+ article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
	31	+ assert !article.published?
	32	+
	33	+ post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
	34	+ assert_equal 403, last_response.status
	35	+ end
	36	+
	37	+ should 'return comments of an article' do
	38	+ article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
	39	+ article.comments.create!(:body => "some comment", :author => user.person)
	40	+ article.comments.create!(:body => "another comment", :author => user.person)
	41	+
	42	+ get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
	43	+ json = JSON.parse(last_response.body)
	44	+ assert_equal 200, last_response.status
	45	+ assert_equal 2, json["comments"].length
	46	+ end
	47	+
	48	+ should 'return comment of an article' do
	49	+ article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
	50	+ comment = article.comments.create!(:body => "another comment", :author => user.person)
	51	+
	52	+ get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
	53	+ json = JSON.parse(last_response.body)
	54	+ assert_equal 200, last_response.status
	55	+ assert_equal comment.id, json['comment']['id']
	56	+ end
	57	+
	58	+ should 'comment an article' do
	59	+ article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
	60	+ body = 'My comment'
	61	+ params.merge!({:body => body})
	62	+
	63	+ post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
	64	+ json = JSON.parse(last_response.body)
	65	+ assert_equal 201, last_response.status
	66	+ assert_equal body, json['comment']['body']
	67	+ end
	68	+
	69	+ should 'comment creation define the source' do
	70	+ amount = Comment.count
	71	+ article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
	72	+ body = 'My comment'
	73	+ params.merge!({:body => body})
	74	+
	75	+ post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
	76	+ assert_equal amount + 1, Comment.count
	77	+ comment = Comment.last
	78	+ assert_not_nil comment.source
	79	+ end
	80	+
	81	+end
...	...
...	...	@@ -0,0 +1,160 @@
	1	+require_relative 'test_helper'
	2	+
	3	+class CommunitiesTest < ActiveSupport::TestCase
	4	+
	5	+ def setup
	6	+ Community.delete_all
	7	+ login_api
	8	+ end
	9	+
	10	+ should 'list only communities' do
	11	+ community = fast_create(Community, :environment_id => environment.id)
	12	+ enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
	13	+ get "/api/v1/communities?#{params.to_query}"
	14	+ json = JSON.parse(last_response.body)
	15	+ assert_not_includes json['communities'].map {\|c\| c['id']}, enterprise.id
	16	+ assert_includes json['communities'].map {\|c\| c['id']}, community.id
	17	+ end
	18	+
	19	+ should 'list all communities' do
	20	+ community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
	21	+ community2 = fast_create(Community, :environment_id => environment.id)
	22	+ get "/api/v1/communities?#{params.to_query}"
	23	+ json = JSON.parse(last_response.body)
	24	+ assert_equivalent [community1.id, community2.id], json['communities'].map {\|c\| c['id']}
	25	+ end
	26	+
	27	+ should 'not list invisible communities' do
	28	+ community1 = fast_create(Community, :environment_id => environment.id)
	29	+ fast_create(Community, :environment_id => environment.id, :visible => false)
	30	+
	31	+ get "/api/v1/communities?#{params.to_query}"
	32	+ json = JSON.parse(last_response.body)
	33	+ assert_equal [community1.id], json['communities'].map {\|c\| c['id']}
	34	+ end
	35	+
	36	+ should 'not list private communities without permission' do
	37	+ community1 = fast_create(Community, :environment_id => environment.id)
	38	+ fast_create(Community, :environment_id => environment.id, :public_profile => false)
	39	+
	40	+ get "/api/v1/communities?#{params.to_query}"
	41	+ json = JSON.parse(last_response.body)
	42	+ assert_equal [community1.id], json['communities'].map {\|c\| c['id']}
	43	+ end
	44	+
	45	+ should 'list private community for members' do
	46	+ c1 = fast_create(Community, :environment_id => environment.id)
	47	+ c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
	48	+ c2.add_member(person)
	49	+
	50	+ get "/api/v1/communities?#{params.to_query}"
	51	+ json = JSON.parse(last_response.body)
	52	+ assert_equivalent [c1.id, c2.id], json['communities'].map {\|c\| c['id']}
	53	+ end
	54	+
	55	+ should 'create a community' do
	56	+ params[:community] = {:name => 'some'}
	57	+ post "/api/v1/communities?#{params.to_query}"
	58	+ json = JSON.parse(last_response.body)
	59	+ assert_equal 'some', json['community']['name']
	60	+ end
	61	+
	62	+ should 'return 400 status for invalid community creation' do
	63	+ post "/api/v1/communities?#{params.to_query}"
	64	+ json = JSON.parse(last_response.body)
	65	+ assert_equal 400, last_response.status
	66	+ end
	67	+
	68	+ should 'get community' do
	69	+ community = fast_create(Community, :environment_id => environment.id)
	70	+
	71	+ get "/api/v1/communities/#{community.id}?#{params.to_query}"
	72	+ json = JSON.parse(last_response.body)
	73	+ assert_equal community.id, json['community']['id']
	74	+ end
	75	+
	76	+ should 'not get invisible community' do
	77	+ community = fast_create(Community, :environment_id => environment.id, :visible => false)
	78	+
	79	+ get "/api/v1/communities/#{community.id}?#{params.to_query}"
	80	+ json = JSON.parse(last_response.body)
	81	+ assert json['community'].blank?
	82	+ end
	83	+
	84	+ should 'not get private communities without permission' do
	85	+ community = fast_create(Community, :environment_id => environment.id)
	86	+ fast_create(Community, :environment_id => environment.id, :public_profile => false)
	87	+
	88	+ get "/api/v1/communities/#{community.id}?#{params.to_query}"
	89	+ json = JSON.parse(last_response.body)
	90	+ assert_equal community.id, json['community']['id']
	91	+ end
	92	+
	93	+ should 'get private community for members' do
	94	+ community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)
	95	+ community.add_member(person)
	96	+
	97	+
	98	+ get "/api/v1/communities/#{community.id}?#{params.to_query}"
	99	+ json = JSON.parse(last_response.body)
	100	+ assert_equal community.id, json['community']['id']
	101	+ end
	102	+
	103	+ should 'list person communities' do
	104	+ community = fast_create(Community, :environment_id => environment.id)
	105	+ fast_create(Community, :environment_id => environment.id)
	106	+ community.add_member(person)
	107	+
	108	+ get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
	109	+ json = JSON.parse(last_response.body)
	110	+ assert_equivalent [community.id], json['communities'].map {\|c\| c['id']}
	111	+ end
	112	+
	113	+ should 'not list person communities invisible' do
	114	+ c1 = fast_create(Community, :environment_id => environment.id)
	115	+ c2 = fast_create(Community, :environment_id => environment.id, :visible => false)
	116	+ c1.add_member(person)
	117	+ c2.add_member(person)
	118	+
	119	+ get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
	120	+ json = JSON.parse(last_response.body)
	121	+ assert_equivalent [c1.id], json['communities'].map {\|c\| c['id']}
	122	+ end
	123	+
	124	+ should 'list communities with pagination' do
	125	+ community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago)
	126	+ community2 = fast_create(Community, :created_at => 2.days.ago)
	127	+
	128	+ params[:page] = 2
	129	+ params[:per_page] = 1
	130	+ get "/api/v1/communities?#{params.to_query}"
	131	+ json_page_two = JSON.parse(last_response.body)
	132	+
	133	+ params[:page] = 1
	134	+ params[:per_page] = 1
	135	+ get "/api/v1/communities?#{params.to_query}"
	136	+ json_page_one = JSON.parse(last_response.body)
	137	+
	138	+
	139	+ assert_includes json_page_one["communities"].map { \|a\| a["id"] }, community1.id
	140	+ assert_not_includes json_page_one["communities"].map { \|a\| a["id"] }, community2.id
	141	+
	142	+ assert_includes json_page_two["communities"].map { \|a\| a["id"] }, community2.id
	143	+ assert_not_includes json_page_two["communities"].map { \|a\| a["id"] }, community1.id
	144	+ end
	145	+
	146	+ should 'list communities with timestamp' do
	147	+ community1 = fast_create(Community, :public_profile => true)
	148	+ community2 = fast_create(Community)
	149	+
	150	+ community1.updated_at = Time.now + 3.hours
	151	+ community1.save!
	152	+
	153	+ params[:timestamp] = Time.now + 1.hours
	154	+ get "/api/v1/communities/?#{params.to_query}"
	155	+ json = JSON.parse(last_response.body)
	156	+
	157	+ assert_includes json["communities"].map { \|a\| a["id"] }, community1.id
	158	+ assert_not_includes json["communities"].map { \|a\| a["id"] }, community2.id
	159	+ end
	160	+end
...	...