From 043be0b11be290f4e68b24f7c29e36af15cdb1cd Mon Sep 17 00:00:00 2001 From: Braulio Bhavamitra Date: Wed, 6 Apr 2016 21:25:54 -0300 Subject: [PATCH] Separate api tests --- .gitlab-ci.yml | 4 ++++ .travis.yml | 1 + lib/tasks/test.rake | 9 ++++++++- script/ci | 1 + test/api/activities_test.rb | 22 ++++++++++++++++++++++ test/api/api_test.rb | 29 +++++++++++++++++++++++++++++ test/api/articles_test.rb | 667 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/boxes_test.rb | 42 ++++++++++++++++++++++++++++++++++++++++++ test/api/categories_test.rb | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/comments_test.rb | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/communities_test.rb | 160 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/enterprises_test.rb | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/environment_test.rb | 38 ++++++++++++++++++++++++++++++++++++++ test/api/helpers_test.rb | 245 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/people_test.rb | 258 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/profiles_test.rb | 32 ++++++++++++++++++++++++++++++++ test/api/search_test.rb | 150 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/session_test.rb | 221 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/task_test.rb | 173 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/test_helper.rb | 36 ++++++++++++++++++++++++++++++++++++ test/api/users_test.rb | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/unit/api/activities_test.rb | 22 ---------------------- test/unit/api/api_test.rb | 29 ----------------------------- test/unit/api/articles_test.rb | 667 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- test/unit/api/boxes_test.rb | 42 ------------------------------------------ test/unit/api/categories_test.rb | 97 ------------------------------------------------------------------------------------------------- test/unit/api/comments_test.rb | 81 --------------------------------------------------------------------------------- test/unit/api/communities_test.rb | 160 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- test/unit/api/enterprises_test.rb | 110 -------------------------------------------------------------------------------------------------------------- test/unit/api/environment_test.rb | 38 -------------------------------------- test/unit/api/helpers_test.rb | 245 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- test/unit/api/people_test.rb | 258 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ test/unit/api/profiles_test.rb | 32 -------------------------------- test/unit/api/search_test.rb | 150 ------------------------------------------------------------------------------------------------------------------------------------------------------ test/unit/api/session_test.rb | 221 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- test/unit/api/task_test.rb | 173 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- test/unit/api/test_helper.rb | 36 ------------------------------------ test/unit/api/users_test.rb | 105 --------------------------------------------------------------------------------------------------------- 38 files changed, 2480 insertions(+), 2467 deletions(-) create mode 100644 test/api/activities_test.rb create mode 100644 test/api/api_test.rb create mode 100644 test/api/articles_test.rb create mode 100644 test/api/boxes_test.rb create mode 100644 test/api/categories_test.rb create mode 100644 test/api/comments_test.rb create mode 100644 test/api/communities_test.rb create mode 100644 test/api/enterprises_test.rb create mode 100644 test/api/environment_test.rb create mode 100644 test/api/helpers_test.rb create mode 100644 test/api/people_test.rb create mode 100644 test/api/profiles_test.rb create mode 100644 test/api/search_test.rb create mode 100644 test/api/session_test.rb create mode 100644 test/api/task_test.rb create mode 100644 test/api/test_helper.rb create mode 100644 test/api/users_test.rb delete mode 100644 test/unit/api/activities_test.rb delete mode 100644 test/unit/api/api_test.rb delete mode 100644 test/unit/api/articles_test.rb delete mode 100644 test/unit/api/boxes_test.rb delete mode 100644 test/unit/api/categories_test.rb delete mode 100644 test/unit/api/comments_test.rb delete mode 100644 test/unit/api/communities_test.rb delete mode 100644 test/unit/api/enterprises_test.rb delete mode 100644 test/unit/api/environment_test.rb delete mode 100644 test/unit/api/helpers_test.rb delete mode 100644 test/unit/api/people_test.rb delete mode 100644 test/unit/api/profiles_test.rb delete mode 100644 test/unit/api/search_test.rb delete mode 100644 test/unit/api/session_test.rb delete mode 100644 test/unit/api/task_test.rb delete mode 100644 test/unit/api/test_helper.rb delete mode 100644 test/unit/api/users_test.rb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7b0ee9b..c1e349e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,6 +14,10 @@ stages: # script: bundle exec rake ci:smoke # stage: smoke-tests +api: + script: bundle exec rake test:api + stage: all-tests + units: script: bundle exec rake test:units stage: all-tests diff --git a/.travis.yml b/.travis.yml index 0e078b2..8d69bf3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -44,6 +44,7 @@ before_script: - bundle exec rake db:migrate &>/dev/null env: + - TASK=test:api - TASK=test:units - TASK=test:functionals - TASK=test:integration diff --git a/lib/tasks/test.rake b/lib/tasks/test.rake index 8b13789..e92ef74 100644 --- a/lib/tasks/test.rake +++ b/lib/tasks/test.rake @@ -1 +1,8 @@ - +namespace :test do + desc "Run the API tests in test/api" + Rake::TestTask.new api: "db:test:prepare" do |t| + t.libs << 'test' + t.pattern = 'test/api/**/*_test.rb' + t.warning = false + end +end diff --git a/script/ci b/script/ci index decda88..cc86454 100755 --- a/script/ci +++ b/script/ci @@ -1,6 +1,7 @@ #!/usr/bin/env ruby tasks = %w[ + test:api test:units test:functionals test:integration diff --git a/test/api/activities_test.rb b/test/api/activities_test.rb new file mode 100644 index 0000000..b06e14b --- /dev/null +++ b/test/api/activities_test.rb @@ -0,0 +1,22 @@ +require_relative 'test_helper' + +class ActivitiesTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'get activity from profile' do + person = fast_create(Person) + organization = fast_create(Organization) + assert_difference 'organization.activities_count' do + ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization + organization.reload + end + get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert 1, json["activities"].count + assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"] + end + +end diff --git a/test/api/api_test.rb b/test/api/api_test.rb new file mode 100644 index 0000000..f731383 --- /dev/null +++ b/test/api/api_test.rb @@ -0,0 +1,29 @@ +require_relative 'test_helper' + +class MyPlugin < Noosfero::Plugin;end +class MyPlugin::API;end + +class APITest < ActiveSupport::TestCase + + should 'endpoint should not be available if its plugin is unavailable' do + endpoint = mock() + environment = Environment.default + environment.stubs(:plugin_enabled?).returns(false) + endpoint.stubs(:options).returns({:for => MyPlugin::API}) + + assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment) + end + + should 'endpoint should be available if its plugin is available' do + class MyPlugin < Noosfero::Plugin;end + class MyPlugin::API;end + + endpoint = mock() + environment = Environment.default + environment.stubs(:plugin_enabled?).returns(true) + endpoint.stubs(:options).returns({:for => MyPlugin::API}) + + assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment) + end + +end diff --git a/test/api/articles_test.rb b/test/api/articles_test.rb new file mode 100644 index 0000000..dbe6c3d --- /dev/null +++ b/test/api/articles_test.rb @@ -0,0 +1,667 @@ +require_relative 'test_helper' + +class ArticlesTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'list articles' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["articles"].map { |a| a["id"] }, article.id + end + + should 'get profile homepage' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + person.home_page=article + person.save! + + get "/api/v1/profiles/#{person.id}/home_page?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["id"] + end + + should 'not list forbidden article when listing articles' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['articles'].map {|a| a['id']}, article.id + end + + should 'return article by id' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["id"] + end + + should 'not return article if user has no permission to view it' do + person = fast_create(Person, :environment_id => environment.id) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'follow a article identified by id' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + post "/api/v1/articles/#{article.id}/follow?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_not_equal 401, last_response.status + assert_equal true, json['success'] + end + + should 'return the followers count of an article' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + article.person_followers << @person + + get "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal 200, last_response.status + assert_equal 1, json['article']['followers_count'] + end + + should 'return the followers of a article identified by id' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + + article_follower = ArticleFollower.new + article_follower.article = article + article_follower.person = @person + article_follower.save! + + get "/api/v1/articles/#{article.id}/followers?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal 200, last_response.status + assert_equal 1, json['total_followers'] + end + + should 'list articles followed by me' do + article1 = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + fast_create(Article, :profile_id => user.person.id, :name => "Some other thing") + article1.person_followers << @person + get "/api/v1/articles/followed_by_me?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [article1.id], json['articles'].map { |a| a['id'] } + end + + + should 'list article children' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } + end + + should 'list public article children for not logged in access' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children" + json = JSON.parse(last_response.body) + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } + end + + should 'not list children of forbidden article' do + person = fast_create(Person, :environment_id => environment.id) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") + child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not return child of forbidden article' do + person = fast_create(Person, :environment_id => environment.id) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not return private child' do + person = fast_create(Person, :environment_id => environment.id) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not list private child' do + person = fast_create(Person, :environment_id => environment.id) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) + get "/api/v1/articles/#{article.id}/children?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['articles'].map {|a| a['id']}, child.id + end + + should 'perform a vote in a article identified by id' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + @params[:value] = 1 + + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_not_equal 401, last_response.status + assert_equal true, json['vote'] + end + + expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count) + + expose_attributes.each do |attr| + should "expose article #{attr} attribute by default" do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json["articles"].last.has_key?(attr) + end + end + + should 'not perform a vote twice in same article' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + @params[:value] = 1 + ## Perform a vote twice in API should compute only one vote + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + + total = article.votes_total + + assert_equal 1, total + end + + should 'not perform a vote in favor and against a proposal' do + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") + @params[:value] = 1 + ## Perform a vote in favor a proposal + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 201, last_response.status + ## Perform a vote against a proposal + @params[:value] = -1 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" + json = JSON.parse(last_response.body) + ## The api should not allow to save this vote + assert_equal 400, last_response.status + end + + should "update body of article created by me" do + new_value = "Another body" + params[:article] = {:body => new_value} + article = fast_create(Article, :profile_id => person.id) + post "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal new_value, json["article"]["body"] + end + + should "update title of article created by me" do + new_value = "Another name" + params[:article] = {:name => new_value} + article = fast_create(Article, :profile_id => person.id) + post "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal new_value, json["article"]["title"] + end + + should 'not update article of another user' do + another_person = fast_create(Person, :environment_id => environment.id) + article = fast_create(Article, :profile_id => another_person.id) + params[:article] = {:title => 'Some title'} + post "/api/v1/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not update article without permission in community' do + community = fast_create(Community, :environment_id => environment.id) + article = fast_create(Article, :profile_id => community.id) + params[:article] = {:name => 'New title'} + post "/api/v1/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + + should 'update article of community if user has permission' do + community = fast_create(Community, :environment_id => environment.id) + give_permission(person, 'post_content', community) + article = fast_create(Article, :profile_id => community.id) + new_value = "Another body" + params[:article] = {:body => new_value} + post "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal new_value, json["article"]["body"] + end + + should 'list articles with pagination' do + Article.destroy_all + article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing", :created_at => 2.days.ago) + article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :created_at => 1.day.ago) + + params[:page] = 1 + params[:per_page] = 1 + get "/api/v1/articles/?#{params.to_query}" + json_page_one = JSON.parse(last_response.body) + + params[:page] = 2 + params[:per_page] = 1 + get "/api/v1/articles/?#{params.to_query}" + json_page_two = JSON.parse(last_response.body) + + assert_includes json_page_one["articles"].map { |a| a["id"] }, article_two.id + assert_not_includes json_page_one["articles"].map { |a| a["id"] }, article_one.id + + assert_includes json_page_two["articles"].map { |a| a["id"] }, article_one.id + assert_not_includes json_page_two["articles"].map { |a| a["id"] }, article_two.id + end + + should 'list articles with timestamp' do + article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing") + article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + + article_one.updated_at = Time.now + 3.hours + article_one.save! + + params[:timestamp] = Time.now + 1.hours + get "/api/v1/articles/?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_includes json["articles"].map { |a| a["id"] }, article_one.id + assert_not_includes json["articles"].map { |a| a["id"] }, article_two.id + end + + ############################# + # Profile Articles # + ############################# + + profile_kinds = %w(community person enterprise) + profile_kinds.each do |kind| + should "return article by #{kind}" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + article = fast_create(Article, :profile_id => profile.id, :name => "Some thing") + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["id"] + end + + should "not return article by #{kind} if user has no permission to view it" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should "not list forbidden article when listing articles by #{kind}" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['articles'].map {|a| a['id']}, article.id + end + + should "return article by #{kind} and path" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + parent_article = Folder.create!(:profile => profile, :name => "Parent Folder") + article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article) + + params[:path] = parent_article.slug+'/'+article.slug + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["id"] + end + + should "not return article by #{kind} and path if user has no permission to view it" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + parent_article = Folder.create!(:profile => profile, :name => "Parent Folder") + article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article, :published => false) + + assert !article.published? + + params[:path] = parent_article.slug+'/'+article.slug + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + assert_equal 403, last_response.status + end + end + + ############################# + # Group Profile Articles # + ############################# + + group_kinds = %w(community enterprise) + group_kinds.each do |kind| + should "#{kind}: create article" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + give_permission(user.person, 'post_content', profile) + params[:article] = {:name => "Title"} + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal "Title", json["article"]["title"] + end + + should "#{kind}: do not create article if user has no permission to post content" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + give_permission(user.person, 'invite_members', profile) + params[:article] = {:name => "Title"} + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + assert_equal 403, last_response.status + end + + should "#{kind} create article with parent" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) + article = fast_create(Article) + + params[:article] = {:name => "Title", :parent_id => article.id} + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["parent"]["id"] + end + + should "#{kind} create article with content type passed as parameter" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) + + Article.delete_all + params[:article] = {:name => "Title"} + params[:content_type] = 'TextArticle' + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_kind_of TextArticle, Article.last + end + + should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) + + params[:article] = {:name => "Title"} + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_kind_of TinyMceArticle, Article.last + end + + should "#{kind}: not create article with invalid article content type" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + profile.add_member(user.person) + + params[:article] = {:name => "Title"} + params[:content_type] = 'Person' + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal 403, last_response.status + end + + should "#{kind} create article defining the correct profile" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) + + params[:article] = {:name => "Title"} + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal profile.id, json['article']['profile']['id'] + end + + should "#{kind}: create article defining the created_by" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) + + params[:article] = {:name => "Title"} + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal user.person, Article.last.created_by + end + + should "#{kind}: create article defining the last_changed_by" do + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) + + params[:article] = {:name => "Title"} + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal user.person, Article.last.last_changed_by + end + end + + ############################# + # Person Articles # + ############################# + + should 'create article in a person' do + params[:article] = {:name => "Title"} + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal "Title", json["article"]["title"] + end + + should 'person do not create article if user has no permission to post content' do + person = fast_create(Person, :environment_id => environment.id) + params[:article] = {:name => "Title"} + post "/api/v1/people/#{person.id}/articles?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'person create article with parent' do + article = fast_create(Article) + + params[:article] = {:name => "Title", :parent_id => article.id} + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["parent"]["id"] + end + + should 'person create article with content type passed as parameter' do + Article.delete_all + params[:article] = {:name => "Title"} + params[:content_type] = 'TextArticle' + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_kind_of TextArticle, Article.last + end + + should 'person create article of TinyMceArticle type if no content type is passed as parameter' do + params[:article] = {:name => "Title"} + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_kind_of TinyMceArticle, Article.last + end + + should 'person not create article with invalid article content type' do + params[:article] = {:name => "Title"} + params[:content_type] = 'Person' + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal 403, last_response.status + end + + should 'person create article defining the correct profile' do + params[:article] = {:name => "Title"} + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal user.person, Article.last.profile + end + + should 'person create article defining the created_by' do + params[:article] = {:name => "Title"} + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal user.person, Article.last.created_by + end + + should 'person create article defining the last_changed_by' do + params[:article] = {:name => "Title"} + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal user.person, Article.last.last_changed_by + end + + should 'list article children with partial fields' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + params[:fields] = [:title] + get "/api/v1/articles/#{article.id}/children?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal ['title'], json['articles'].first.keys + end + + should 'suggest article children' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + params[:target_id] = user.person.id + params[:article] = {:name => "Article name", :body => "Article body"} + assert_difference "SuggestArticle.count" do + post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}" + end + json = JSON.parse(last_response.body) + assert_equal 'SuggestArticle', json['task']['type'] + end + + should 'suggest event children' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + params[:target_id] = user.person.id + params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"} + assert_difference "SuggestArticle.count" do + post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}" + end + json = JSON.parse(last_response.body) + assert_equal 'SuggestArticle', json['task']['type'] + end + + should 'update hit attribute of article children' do + a1 = fast_create(Article, :profile_id => user.person.id) + a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id) + a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id) + get "/api/v1/articles/#{a1.id}/children?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [1, 1], json['articles'].map { |a| a['hits']} + assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits] + end + + should 'update hit attribute of article specific children' do + a1 = fast_create(Article, :profile_id => user.person.id) + a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id) + get "/api/v1/articles/#{a1.id}/children/#{a2.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 1, json['article']['hits'] + end + + should 'list all events of a community in a given category' do + co = Community.create(identifier: 'my-community', name: 'name-my-community') + c1 = Category.create(environment: Environment.default, name: 'my-category') + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') + e1 = fast_create(Event, :profile_id => co.id) + e2 = fast_create(Event, :profile_id => co.id) + e1.categories << c1 + e2.categories << c2 + e1.save! + e2.save! + params['content_type']='Event' + get "api/v1/communities/#{co.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal json['articles'].count, 2 + end + + should 'list a event of a community in a given category' do + co = Community.create(identifier: 'my-community', name: 'name-my-community') + c1 = Category.create(environment: Environment.default, name: 'my-category') + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') + e1 = fast_create(Event, :profile_id => co.id) + e2 = fast_create(Event, :profile_id => co.id) + e1.categories << c1 + e2.categories << c2 + e1.save! + e2.save! + params['category_ids[]']=c1.id + params['content_type']='Event' + get "api/v1/communities/#{co.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + #should show only one article, since the other not in the same category + assert_equal 1, json['articles'].count + assert_equal e1.id, json['articles'][0]['id'] + end + + should 'not list uncategorized event of a community if a category is given' do + co = Community.create(identifier: 'my-community', name: 'name-my-community') + c1 = Category.create(environment: Environment.default, name: 'my-category') + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') + e1 = fast_create(Event, :profile_id => co.id) + e2 = fast_create(Event, :profile_id => co.id) + e3 = fast_create(Event, :profile_id => co.id) + e1.categories << c1 + e2.categories << c2 + params['category_ids[]']=c1.id + params['content_type']='Event' + get "api/v1/communities/#{co.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 1, json['articles'].count + assert_equal e1.id, json['articles'][0]['id'] + end + + should 'list events of a community in a given 2 categories' do + co = Community.create(identifier: 'my-community', name: 'name-my-community') + c1 = Category.create(environment: Environment.default, name: 'my-category') + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') + e1 = fast_create(Event, :profile_id => co.id) + e2 = fast_create(Event, :profile_id => co.id) + e1.categories << c1 + e2.categories << c2 + e1.save! + e2.save! + params['content_type']='Event' + params['categories_ids'] = [c1.id, c2.id] + get "api/v1/communities/#{co.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal json['articles'].count, 2 + end + + should 'Show 2 events since it uses an IN operator for category instead of an OR' do + co = Community.create(identifier: 'my-community', name: 'name-my-community') + c1 = Category.create(environment: Environment.default, name: 'my-category') + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') + c3 = Category.create(environment: Environment.default, name: 'extra-category') + e1 = fast_create(Event, :profile_id => co.id) + e2 = fast_create(Event, :profile_id => co.id) + e1.categories << c1 + e2.categories << c2 + e1.save! + e2.save! + params['content_type']='Event' + params['categories_ids'] = [c1.id, c2.id, c3.id] + get "api/v1/communities/#{co.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal json['articles'].count, 2 + end + + ARTICLE_ATTRIBUTES = %w(votes_count comments_count) + + ARTICLE_ATTRIBUTES.map do |attribute| + + define_method "test_should_expose_#{attribute}_attribute_in_article_enpoints" do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_nil json['article'][attribute] + end + end +end diff --git a/test/api/boxes_test.rb b/test/api/boxes_test.rb new file mode 100644 index 0000000..1ba8b6b --- /dev/null +++ b/test/api/boxes_test.rb @@ -0,0 +1,42 @@ +require_relative 'test_helper' + +class BoxesTest < ActiveSupport::TestCase + + def setup + @controller = AccountController.new + @request = ActionController::TestRequest.new + login_api +# @request = ActionController::TestRequest.new + end + + kinds= %w[Profile Community Person Enterprise Environment] + kinds.each do |kind| + should "get_boxes_from_#{kind.downcase.pluralize}" do + context_obj = fast_create(kind.constantize) + box = fast_create(Box, :owner_id => context_obj.id, :owner_type => (kind == 'Environment') ? 'Environment' : 'Profile') + get "/api/v1/#{kind.downcase.pluralize}/#{context_obj.id}/boxes?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal box.id, json["boxes"].first["id"] + end + end + + should 'get boxes from default environment' do + Environment.delete_all + environment = fast_create(Environment, :is_default => true) + box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment') + get "/api/v1/environments/default/boxes?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal box.id, json["boxes"].first["id"] + end + + should 'get boxes from context environment' do + env = fast_create(Environment, :is_default => true) + env2 = fast_create(Environment).domains << Domain.new(:name => 'test.host') + box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment') + get "/api/v1/environments/context/boxes?#{params.to_query}" + + json = JSON.parse(last_response.body) + assert_equal box.id, json["boxes"].first["id"] + end + +end diff --git a/test/api/categories_test.rb b/test/api/categories_test.rb new file mode 100644 index 0000000..f4db3d1 --- /dev/null +++ b/test/api/categories_test.rb @@ -0,0 +1,97 @@ +require_relative 'test_helper' + +class CategoriesTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'list categories' do + category = fast_create(Category, :environment_id => environment.id) + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["categories"].map { |c| c["name"] }, category.name + end + + should 'get category by id' do + category = fast_create(Category, :environment_id => environment.id) + get "/api/v1/categories/#{category.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal category.name, json["category"]["name"] + end + + should 'list parent and children when get category by id' do + parent = fast_create(Category, :environment_id => environment.id) + child_1 = fast_create(Category, :environment_id => environment.id) + child_2 = fast_create(Category, :environment_id => environment.id) + + category = fast_create(Category, :environment_id => environment.id) + category.parent = parent + category.children << child_1 + category.children << child_2 + category.save + + get "/api/v1/categories/#{category.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) + assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } + end + + should 'include parent in categories list if params is true' do + parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category + child_1 = fast_create(Category, :environment_id => environment.id) + child_2 = fast_create(Category, :environment_id => environment.id) + + parent_2 = fast_create(Category, :environment_id => environment.id) + parent_2.parent = parent_1 + parent_2.children << child_1 + parent_2.children << child_2 + parent_2.save + + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq + + params[:include_parent] = true + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id], + json["categories"].map { |c| c['parent'] && c['parent']['id'] } + end + + should 'include children in categories list if params is true' do + category = fast_create(Category, :environment_id => environment.id) + child_1 = fast_create(Category, :environment_id => environment.id) + child_2 = fast_create(Category, :environment_id => environment.id) + child_3 = fast_create(Category, :environment_id => environment.id) + + category.children << child_1 + category.children << child_2 + category.save + + child_1.children << child_3 + child_1.save + + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq + + params[:include_children] = true + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort], + json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort } + end + + expose_attributes = %w(id name full_name image display_color) + + expose_attributes.each do |attr| + should "expose category #{attr} attribute by default" do + category = fast_create(Category, :environment_id => environment.id) + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json["categories"].last.has_key?(attr) + end + end + +end diff --git a/test/api/comments_test.rb b/test/api/comments_test.rb new file mode 100644 index 0000000..d68c4b6 --- /dev/null +++ b/test/api/comments_test.rb @@ -0,0 +1,81 @@ +require_relative 'test_helper' + +class CommentsTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'not list comments if user has no permission to view the source article' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not return comment if user has no permission to view the source article' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + comment = article.comments.create!(:body => "another comment", :author => user.person) + assert !article.published? + + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not comment an article if user has no permission to view it' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + assert !article.published? + + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'return comments of an article' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + article.comments.create!(:body => "some comment", :author => user.person) + article.comments.create!(:body => "another comment", :author => user.person) + + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 200, last_response.status + assert_equal 2, json["comments"].length + end + + should 'return comment of an article' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + comment = article.comments.create!(:body => "another comment", :author => user.person) + + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 200, last_response.status + assert_equal comment.id, json['comment']['id'] + end + + should 'comment an article' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + body = 'My comment' + params.merge!({:body => body}) + + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 201, last_response.status + assert_equal body, json['comment']['body'] + end + + should 'comment creation define the source' do + amount = Comment.count + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + body = 'My comment' + params.merge!({:body => body}) + + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + assert_equal amount + 1, Comment.count + comment = Comment.last + assert_not_nil comment.source + end + +end diff --git a/test/api/communities_test.rb b/test/api/communities_test.rb new file mode 100644 index 0000000..df59c18 --- /dev/null +++ b/test/api/communities_test.rb @@ -0,0 +1,160 @@ +require_relative 'test_helper' + +class CommunitiesTest < ActiveSupport::TestCase + + def setup + Community.delete_all + login_api + end + + should 'list only communities' do + community = fast_create(Community, :environment_id => environment.id) + enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id + assert_includes json['communities'].map {|c| c['id']}, community.id + end + + should 'list all communities' do + community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) + community2 = fast_create(Community, :environment_id => environment.id) + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} + end + + should 'not list invisible communities' do + community1 = fast_create(Community, :environment_id => environment.id) + fast_create(Community, :environment_id => environment.id, :visible => false) + + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [community1.id], json['communities'].map {|c| c['id']} + end + + should 'not list private communities without permission' do + community1 = fast_create(Community, :environment_id => environment.id) + fast_create(Community, :environment_id => environment.id, :public_profile => false) + + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [community1.id], json['communities'].map {|c| c['id']} + end + + should 'list private community for members' do + c1 = fast_create(Community, :environment_id => environment.id) + c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) + c2.add_member(person) + + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']} + end + + should 'create a community' do + params[:community] = {:name => 'some'} + post "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 'some', json['community']['name'] + end + + should 'return 400 status for invalid community creation' do + post "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 400, last_response.status + end + + should 'get community' do + community = fast_create(Community, :environment_id => environment.id) + + get "/api/v1/communities/#{community.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal community.id, json['community']['id'] + end + + should 'not get invisible community' do + community = fast_create(Community, :environment_id => environment.id, :visible => false) + + get "/api/v1/communities/#{community.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json['community'].blank? + end + + should 'not get private communities without permission' do + community = fast_create(Community, :environment_id => environment.id) + fast_create(Community, :environment_id => environment.id, :public_profile => false) + + get "/api/v1/communities/#{community.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal community.id, json['community']['id'] + end + + should 'get private community for members' do + community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) + community.add_member(person) + + + get "/api/v1/communities/#{community.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal community.id, json['community']['id'] + end + + should 'list person communities' do + community = fast_create(Community, :environment_id => environment.id) + fast_create(Community, :environment_id => environment.id) + community.add_member(person) + + get "/api/v1/people/#{person.id}/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [community.id], json['communities'].map {|c| c['id']} + end + + should 'not list person communities invisible' do + c1 = fast_create(Community, :environment_id => environment.id) + c2 = fast_create(Community, :environment_id => environment.id, :visible => false) + c1.add_member(person) + c2.add_member(person) + + get "/api/v1/people/#{person.id}/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [c1.id], json['communities'].map {|c| c['id']} + end + + should 'list communities with pagination' do + community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) + community2 = fast_create(Community, :created_at => 2.days.ago) + + params[:page] = 2 + params[:per_page] = 1 + get "/api/v1/communities?#{params.to_query}" + json_page_two = JSON.parse(last_response.body) + + params[:page] = 1 + params[:per_page] = 1 + get "/api/v1/communities?#{params.to_query}" + json_page_one = JSON.parse(last_response.body) + + + assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id + assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id + + assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id + assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id + end + + should 'list communities with timestamp' do + community1 = fast_create(Community, :public_profile => true) + community2 = fast_create(Community) + + community1.updated_at = Time.now + 3.hours + community1.save! + + params[:timestamp] = Time.now + 1.hours + get "/api/v1/communities/?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_includes json["communities"].map { |a| a["id"] }, community1.id + assert_not_includes json["communities"].map { |a| a["id"] }, community2.id + end +end diff --git a/test/api/enterprises_test.rb b/test/api/enterprises_test.rb new file mode 100644 index 0000000..1ec04ee --- /dev/null +++ b/test/api/enterprises_test.rb @@ -0,0 +1,110 @@ +require_relative 'test_helper' + +class EnterprisesTest < ActiveSupport::TestCase + + def setup + Enterprise.delete_all + login_api + end + + should 'list only enterprises' do + community = fast_create(Community, :environment_id => environment.id) # should not list this community + enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) + get "/api/v1/enterprises?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id + assert_not_includes json['enterprises'].map {|c| c['id']}, community.id + end + + should 'list all enterprises' do + enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) + enterprise2 = fast_create(Enterprise, :environment_id => environment.id) + get "/api/v1/enterprises?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} + end + + should 'not list invisible enterprises' do + enterprise1 = fast_create(Enterprise, :environment_id => environment.id) + fast_create(Enterprise, :visible => false) + + get "/api/v1/enterprises?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} + end + + should 'not list private enterprises without permission' do + enterprise1 = fast_create(Enterprise, :environment_id => environment.id) + fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) + + get "/api/v1/enterprises?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} + end + + should 'list private enterprise for members' do + c1 = fast_create(Enterprise, :environment_id => environment.id) + c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) + c2.add_member(person) + + get "/api/v1/enterprises?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']} + end + + should 'get enterprise' do + enterprise = fast_create(Enterprise, :environment_id => environment.id) + + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal enterprise.id, json['enterprise']['id'] + end + + should 'not get invisible enterprise' do + enterprise = fast_create(Enterprise, :visible => false) + + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json['enterprise'].blank? + end + + should 'not get private enterprises without permission' do + enterprise = fast_create(Enterprise, :environment_id => environment.id) + fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) + + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal enterprise.id, json['enterprise']['id'] + end + + should 'get private enterprise for members' do + enterprise = fast_create(Enterprise, :public_profile => false) + enterprise.add_member(person) + + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal enterprise.id, json['enterprise']['id'] + end + + should 'list person enterprises' do + enterprise = fast_create(Enterprise, :environment_id => environment.id) + fast_create(Enterprise, :environment_id => environment.id) + enterprise.add_member(person) + + get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [enterprise.id], json['enterprises'].map {|c| c['id']} + end + + should 'not list person enterprises invisible' do + c1 = fast_create(Enterprise, :environment_id => environment.id) + c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false) + c1.add_member(person) + c2.add_member(person) + + get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']} + end + +end diff --git a/test/api/environment_test.rb b/test/api/environment_test.rb new file mode 100644 index 0000000..315e9bf --- /dev/null +++ b/test/api/environment_test.rb @@ -0,0 +1,38 @@ +require_relative 'test_helper' + +class EnvironmentTest < ActiveSupport::TestCase + + def setup + @person = create_user('testing').person + end + attr_reader :person + + should 'return the default environment' do + environment = Environment.default + get "/api/v1/environment/default" + json = JSON.parse(last_response.body) + assert_equal environment.id, json['id'] + end + + should 'return created environment' do + environment = fast_create(Environment) + default_env = Environment.default + assert_not_equal environment.id, default_env.id + get "/api/v1/environment/#{environment.id}" + json = JSON.parse(last_response.body) + assert_equal environment.id, json['id'] + end + + should 'return context environment' do + context_env = fast_create(Environment) + context_env.name = "example org" + context_env.save + context_env.domains<< Domain.new(:name => 'example.org') + default_env = Environment.default + assert_not_equal context_env.id, default_env.id + get "/api/v1/environment/context" + json = JSON.parse(last_response.body) + assert_equal context_env.id, json['id'] + end + +end diff --git a/test/api/helpers_test.rb b/test/api/helpers_test.rb new file mode 100644 index 0000000..5c0e4d0 --- /dev/null +++ b/test/api/helpers_test.rb @@ -0,0 +1,245 @@ +require_relative 'test_helper' +require 'noosfero/api/helpers' + +class APIHelpersTest < ActiveSupport::TestCase + + include Noosfero::API::APIHelpers + + def setup + @headers = {} + end + + attr_accessor :headers + + should 'get the current user with valid token' do + user = create_user('someuser') + user.generate_private_token! + self.params = {:private_token => user.private_token} + assert_equal user, current_user + end + + should 'get the current user with valid token in header' do + user = create_user('someuser') + user.generate_private_token! + headers['Private-Token'] = user.private_token + assert_equal user, current_user + end + + should 'get the current user even with expired token' do + user = create_user('someuser') + user.generate_private_token! + user.private_token_generated_at = DateTime.now.prev_year + user.save + self.params = {:private_token => user.private_token} + assert_equal user, current_user + end + + should 'get the person of current user' do + user = create_user('someuser') + user.generate_private_token! + self.params = {:private_token => user.private_token} + assert_equal user.person, current_person + end + +# #FIXME see how to make this test. Get the current_user variable +# should 'set current_user to nil after logout' do +# user = create_user('someuser') +# user.stubs(:private_token_expired?).returns(false) +# User.stubs(:find_by_private_token).returns(user) +# assert_not_nil current_user +# assert false +# logout +# end + + should 'limit be defined as the params limit value' do + local_limit = 30 + self.params= {:limit => local_limit} + assert_equal local_limit, limit + end + + should 'return default limit if the limit parameter is minor than zero' do + self.params= {:limit => -1} + assert_equal 20, limit + end + + should 'the default limit be 20' do + assert_equal 20, limit + end + + should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do + assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0] + end + + should 'the beginning of the period be from date passsed as parameter' do + from = DateTime.now + assert_equal from, period(from, nil).min + end + + should 'the end of the period be now if no until date is passsed as parameter' do + assert_in_delta DateTime.now, period(nil, nil).max + end + + should 'the end of the period be until date passsed as parameter' do + until_date = DateTime.now + assert_equal until_date, period(nil, until_date).max + end + + should 'parse_content_type return nil if its blank' do + assert_nil parse_content_type("") + end + + should 'parse_content_type be an array' do + assert_kind_of Array, parse_content_type("text_article") + end + + should 'parse_content_type return all content types as an array' do + assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle") + end + + should 'find_article return article by id in list passed for user with permission' do + user = create_user('someuser') + a = fast_create(Article, :profile_id => user.person.id) + fast_create(Article, :profile_id => user.person.id) + fast_create(Article, :profile_id => user.person.id) + + user.generate_private_token! + User.expects(:find_by_private_token).returns(user) + assert_equal a, find_article(user.person.articles, a.id) + end + + should 'find_article return forbidden when a user try to access an article without permission' do + user = create_user('someuser') + p = fast_create(Profile) + a = fast_create(Article, :published => false, :profile_id => p.id) + fast_create(Article, :profile_id => p.id) + + user.generate_private_token! + User.expects(:find_by_private_token).returns(user) + assert_equal 403, find_article(p.articles, a.id).last + end + + should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do + assert_nil make_conditions_with_parameter[:created_at] + end + + should 'make_conditions_with_parameter return created_at parameter if from period is defined' do + assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at] + end + + should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do + assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at] + end + + should 'make_conditions_with_parameter return created_at parameter if until period is defined' do + assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at] + end + + should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do + assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at] + end + + should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do + assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min + end + + should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do + date = '2010-10-10' + assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min + end + + should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do + date = '2010-10-10' + assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max + end + + should 'make_conditions_with_parameter return the until date passed as parameter' do + date = '2010-10-10' + assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min + end + + should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do + assert_nil make_conditions_with_parameter[:type] + end + + #test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association + should 'make_order_with_parameters return order if attribute is found at object association' do + environment = Environment.new + params = {:order => "name ASC"} + assert_equal "name ASC", make_order_with_parameters(environment, "articles", params) + end + + # test added to check for eventual sql injection vunerabillity + #test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists + should 'make_order_with_parameters return default order if attributes not exists' do + environment = Environment.new + params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity + assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params) + end + + should 'make_order_with_parameters return default order if sql injection detected' do + environment = Environment.new + params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity + assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params) + end + + should 'make_order_with_parameters return RANDOM() if random is passed' do + environment = Environment.new + params = {:order => "random"} # quote used to check sql injection vunerabillity + assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params) + end + + should 'make_order_with_parameters return RANDOM() if random function is passed' do + environment = Environment.new + params = {:order => "random()"} # quote used to check sql injection vunerabillity + assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params) + end + + should 'render not_found if endpoint is unavailable' do + Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true) + self.expects(:not_found!) + + filter_disabled_plugins_endpoints + end + + should 'not touch in options when no fields parameter is passed' do + model = mock + expects(:present).with(model, {}) + present_partial(model, {}) + end + + should 'fallback to array when fields parameter is not a json when calling present partial' do + model = mock + params[:fields] = ['name'] + expects(:present).with(model, {:only => ['name']}) + present_partial(model, {}) + end + + should 'fallback to comma separated string when fields parameter is not an array when calling present partial' do + model = mock + params[:fields] = 'name,description' + expects(:present).with(model, {:only => ['name', 'description']}) + present_partial(model, {}) + end + + should 'accept json as fields parameter when calling present partial' do + model = mock + params[:fields] = {only: [:name, {user: [:login]}]}.to_json + expects(:present).with(model, {:only => ['name', {'user' => ['login']}]}) + present_partial(model, {}) + end + + protected + + def error!(info, status) + [info, status] + end + + def params + @params ||= {} + end + + def params= value + @params = value + end + +end diff --git a/test/api/people_test.rb b/test/api/people_test.rb new file mode 100644 index 0000000..a9f3951 --- /dev/null +++ b/test/api/people_test.rb @@ -0,0 +1,258 @@ +require_relative 'test_helper' + +class PeopleTest < ActiveSupport::TestCase + + def setup + Person.delete_all + login_api + end + + should 'list all people' do + person1 = fast_create(Person, :public_profile => true) + person2 = fast_create(Person) + get "/api/v1/people?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']} + end + + should 'list all members of a community' do + person1 = fast_create(Person) + person2 = fast_create(Person) + community = fast_create(Community) + community.add_member(person1) + community.add_member(person2) + + get "/api/v1/profiles/#{community.id}/members?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 2, json["people"].count + assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]} + end + + should 'not list invisible people' do + invisible_person = fast_create(Person, :visible => false) + + get "/api/v1/people?#{params.to_query}" + assert_not_includes json_response_ids(:people), invisible_person.id + end + + should 'not list private people without permission' do + private_person = fast_create(Person, :public_profile => false) + + get "/api/v1/people?#{params.to_query}" + assert_not_includes json_response_ids(:people), private_person.id + end + + should 'list private person for friends' do + p1 = fast_create(Person) + p2 = fast_create(Person, :public_profile => false) + person.add_friend(p2) + p2.add_friend(person) + + get "/api/v1/people?#{params.to_query}" + assert_includes json_response_ids(:people), p2.id + end + + should 'get person' do + some_person = fast_create(Person) + + get "/api/v1/people/#{some_person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal some_person.id, json['person']['id'] + end + + should 'people endpoint filter by fields parameter' do + get "/api/v1/people?#{params.to_query}&fields=name" + json = JSON.parse(last_response.body) + expected = {'people' => [{'name' => person.name}]} + assert_equal expected, json + end + + should 'people endpoint filter by fields parameter with hierarchy' do + fields = URI.encode({only: [:name, {user: [:login]}]}.to_json) + get "/api/v1/people?#{params.to_query}&fields=#{fields}" + json = JSON.parse(last_response.body) + expected = {'people' => [{'name' => person.name, 'user' => {'login' => 'testapi'}}]} + assert_equal expected, json + end + + should 'get logged person' do + get "/api/v1/people/me?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal person.id, json['person']['id'] + end + + should 'me endpoint filter by fields parameter' do + get "/api/v1/people/me?#{params.to_query}&fields=name" + json = JSON.parse(last_response.body) + expected = {'person' => {'name' => person.name}} + assert_equal expected, json + end + + should 'not get invisible person' do + person = fast_create(Person, :visible => false) + + get "/api/v1/people/#{person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json['person'].blank? + end + + should 'not get private people without permission' do + private_person = fast_create(Person, :public_profile => false) + + get "/api/v1/people/#{private_person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json['person'].blank? + end + + should 'get private person for friends' do + private_person = fast_create(Person, :public_profile => false) + person.add_friend(private_person) + private_person.add_friend(person) + + get "/api/v1/people/#{private_person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal private_person.id, json['person']['id'] + end + + should 'list person friends' do + friend = fast_create(Person) + person.add_friend(friend) + friend.add_friend(person) + + get "/api/v1/people/#{friend.id}/friends?#{params.to_query}" + assert_includes json_response_ids(:people), person.id + end + + should 'not list person invisible friends' do + friend = fast_create(Person) + invisible_friend = fast_create(Person, :visible => false) + person.add_friend(friend) + person.add_friend(invisible_friend) + friend.add_friend(person) + invisible_friend.add_friend(person) + + get "/api/v1/people/#{person.id}/friends?#{params.to_query}" + friends = json_response_ids(:people) + assert_includes friends, friend.id + assert_not_includes friends, invisible_friend.id + end + + should 'create a person' do + login = 'some' + params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} + post "/api/v1/people?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal login, json['person']['identifier'] + end + + should 'return 400 status for invalid person creation' do + params[:person] = {:login => 'some'} + post "/api/v1/people?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 400, last_response.status + end + + should 'display permissions' do + community = fast_create(Community) + community.add_member(fast_create(Person)) + community.add_member(person) + permissions = Profile::Roles.member(person.environment.id).permissions + get "/api/v1/people/#{person.id}/permissions?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal json[community.identifier], permissions + end + + should 'display permissions if self' do + get "/api/v1/people/#{person.id}/permissions?#{params.to_query}" + assert_equal 200, last_response.status + end + + should 'display permissions if admin' do + environment = person.environment + environment.add_admin(person) + some_person = fast_create(Person) + + get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" + assert_equal 200, last_response.status + end + + should 'not display permissions if not admin or self' do + some_person = create_user('some-person').person + + get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not update another person' do + person = fast_create(Person, :environment_id => environment.id) + post "/api/v1/people/#{person.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'update yourself' do + another_name = 'Another Name' + params[:person] = {} + params[:person][:name] = another_name + assert_not_equal another_name, person.name + post "/api/v1/people/#{person.id}?#{params.to_query}" + person.reload + assert_equal another_name, person.name + end + + should 'display public custom fields' do + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) + some_person = create_user('some-person').person + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } + some_person.save! + + get "/api/v1/people/#{some_person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json['person']['additional_data'].has_key?('Custom Blog') + assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] + end + + should 'not display non-public custom fields' do + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) + some_person = create_user('some-person').person + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } + some_person.save! + + get "/api/v1/people/#{some_person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal json['person']['additional_data'], {} + end + + should 'display non-public custom fields to friend' do + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) + some_person = create_user('some-person').person + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } + some_person.save! + + f = Friendship.new + f.friend = some_person + f.person = person + f.save! + + get "/api/v1/people/#{some_person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json['person']['additional_data'].has_key?("Custom Blog") + assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] + end + + PERSON_ATTRIBUTES = %w(vote_count comments_count articles_count) + + PERSON_ATTRIBUTES.map do |attribute| + define_method "test_should_not_expose_#{attribute}_attribute_in_person_enpoint_if_field_parameter_does_not_contain_the_attribute" do + get "/api/v1/people/me?#{params.to_query}&fields=name" + json = JSON.parse(last_response.body) + assert_nil json['person'][attribute] + end + + define_method "test_should_expose_#{attribute}_attribute_in_person_enpoints_if_field_parameter_is_passed" do + get "/api/v1/people/me?#{params.to_query}&fields=#{attribute}" + json = JSON.parse(last_response.body) + assert_not_nil json['person'][attribute] + end + end +end diff --git a/test/api/profiles_test.rb b/test/api/profiles_test.rb new file mode 100644 index 0000000..c58bc14 --- /dev/null +++ b/test/api/profiles_test.rb @@ -0,0 +1,32 @@ +require_relative 'test_helper' + +class ProfilesTest < ActiveSupport::TestCase + + def setup + Profile.delete_all + login_api + end + + should 'list all profiles' do + person1 = fast_create(Person) + person2 = fast_create(Person) + community = fast_create(Community) + get "/api/v1/profiles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']} + end + + should 'get person from profile id' do + some_person = fast_create(Person) + get "/api/v1/profiles/#{some_person.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal some_person.id, json['id'] + end + + should 'get community from profile id' do + community = fast_create(Community) + get "/api/v1/profiles/#{community.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal community.id, json['id'] + end +end diff --git a/test/api/search_test.rb b/test/api/search_test.rb new file mode 100644 index 0000000..1f90a47 --- /dev/null +++ b/test/api/search_test.rb @@ -0,0 +1,150 @@ +require_relative 'test_helper' + +class SearchTest < ActiveSupport::TestCase + + def setup + @person = create_user('testing').person + end + attr_reader :person + + should 'not list unpublished articles' do + Article.delete_all + article = fast_create(Article, :profile_id => person.id, :published => false) + assert !article.published? + get "/api/v1/search/article" + json = JSON.parse(last_response.body) + assert_empty json['articles'] + end + + should 'list articles' do + fast_create(Article, :profile_id => person.id) + get "/api/v1/search/article" + json = JSON.parse(last_response.body) + assert_not_empty json['articles'] + end + + should 'list only articles that has children' do + article = fast_create(Article, :profile_id => person.id) + parent = create(Article, :profile_id => person.id, :name => 'parent article') + child = create(Article, :profile_id => person.id, :parent_id => parent.id, :name => 'child article') + + get "/api/v1/search/article?has_children=true" + json = JSON.parse(last_response.body) + assert_equal parent.id, json['articles'].first['id'] + end + + should 'invalid search string articles' do + fast_create(Article, :profile_id => person.id, :name => 'some article') + get "/api/v1/search/article?query=test" + json = JSON.parse(last_response.body) + assert_empty json['articles'] + end + + should 'not list articles of wrong type' do + Article.delete_all + fast_create(Article, :profile_id => person.id) + get "/api/v1/search/article?type=TinyMceArticle" + json = JSON.parse(last_response.body) + assert_empty json['articles'] + end + + should 'list articles of one type' do + fast_create(Article, :profile_id => person.id) + article = fast_create(TinyMceArticle, :profile_id => person.id) + + get "/api/v1/search/article?type=TinyMceArticle" + json = JSON.parse(last_response.body) + assert_equal article.id, json['articles'].first['id'] + end + + should 'list articles of one type and query string' do + fast_create(Article, :profile_id => person.id, :name => 'some article') + fast_create(Article, :profile_id => person.id, :name => 'Some thing') + article = fast_create(TinyMceArticle, :profile_id => person.id, :name => 'Some thing') + get "/api/v1/search/article?type=TinyMceArticle&query=thing" + json = JSON.parse(last_response.body) + assert_equal 1, json['articles'].count + assert_equal article.id, json['articles'].first['id'] + end + + should 'not return more entries than page limit' do + 1.upto(5).each do |n| + fast_create(Article, :profile_id => person.id, :name => "Article #{n}") + end + + get "/api/v1/search/article?query=Article&per_page=3" + json = JSON.parse(last_response.body) + + assert_equal 3, json['articles'].count + end + + should 'return entries second page' do + 1.upto(5).each do |n| + fast_create(Article, :profile_id => person.id, :name => "Article #{n}") + end + + get "/api/v1/search/article?query=Article&per_page=3&page=2" + json = JSON.parse(last_response.body) + + assert_equal 2, json['articles'].count + end + + should 'search articles in profile' do + person2 = fast_create(Person) + fast_create(Article, :profile_id => person.id) + fast_create(Article, :profile_id => person.id) + article = fast_create(Article, :profile_id => person2.id) + + get "/api/v1/search/article?query=Article&profile_id=#{person2.id}" + json = JSON.parse(last_response.body) + assert_equal article.id, json['articles'].first['id'] + end + + should 'search and return values specified in fields parameter' do + fast_create(Article, :profile_id => person.id) + get "/api/v1/search/article?fields=title" + json = JSON.parse(last_response.body) + assert_not_empty json['articles'] + assert_equal ['title'], json['articles'].first.keys + end + + should 'search with parent' do + parent = fast_create(Folder, :profile_id => person.id) + fast_create(Article, :profile_id => person.id) + article = fast_create(Article, :profile_id => person.id, :parent_id => parent.id) + get "/api/v1/search/article?parent_id=#{parent.id}" + json = JSON.parse(last_response.body) + assert_equal 1, json['articles'].count + assert_equal article.id, json['articles'].first["id"] + end + + should 'search filter by category' do + Article.delete_all + fast_create(Article, :profile_id => person.id) + article = fast_create(Article, :profile_id => person.id) + category = fast_create(Category) + article.categories<< category + get "/api/v1/search/article?category_ids=#{category.id}" + json = JSON.parse(last_response.body) + assert_equal 1, json['articles'].count + assert_equal article.id, json['articles'].first["id"] + end + + should 'search filter by more than one category' do + Article.delete_all + fast_create(Article, :profile_id => person.id) + article1 = fast_create(Article, :profile_id => person.id) + article2 = fast_create(Article, :profile_id => person.id) + category1 = fast_create(Category) + category2 = fast_create(Category) + article1.categories<< category1 + article2.categories<< category2 + get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}" + json = JSON.parse(last_response.body) + ids = [article1.id, article2.id] + assert_equal 2, json['articles'].count + assert_includes ids, json['articles'].first["id"] + assert_includes ids, json['articles'].last["id"] + end + +end diff --git a/test/api/session_test.rb b/test/api/session_test.rb new file mode 100644 index 0000000..bae3d4a --- /dev/null +++ b/test/api/session_test.rb @@ -0,0 +1,221 @@ +require_relative 'test_helper' + +class SessionTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'generate private token when login' do + params = {:login => "testapi", :password => "testapi"} + post "/api/v1/login?#{params.to_query}" + json = JSON.parse(last_response.body) + assert !json['user']["private_token"].blank? + end + + should 'return 401 when login fails' do + user.destroy + params = {:login => "testapi", :password => "testapi"} + post "/api/v1/login?#{params.to_query}" + assert_equal 401, last_response.status + end + + should 'register a user' do + Environment.default.enable('skip_new_user_email_confirmation') + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + assert_equal 201, last_response.status + json = JSON.parse(last_response.body) + assert User['newuserapi'].activated? + assert json['user']['activated'] + assert json['user']['private_token'].present? + end + + should 'register a user with name' do + Environment.default.enable('skip_new_user_email_confirmation') + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :name => "Little John" } + post "/api/v1/register?#{params.to_query}" + assert_equal 201, last_response.status + json = JSON.parse(last_response.body) + assert json['user']['activated'] + assert json['user']['private_token'].present? + end + + should 'register an inactive user' do + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + assert_equal 201, last_response.status + json = JSON.parse(last_response.body) + assert !json['activated'] + assert json['private_token'].blank? + end + + should 'not register a user with invalid login' do + params = {:login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + assert_equal 400, last_response.status + json = JSON.parse(last_response.body) + msg = json['message'].split(':') + key = msg[0][2, 5] + val = msg[1][2, 38] + assert_equal "login", key + assert_equal "is too short (minimum is 2 characters)", val + end + + should 'not register a user with invalid login pt' do + I18n.locale = "pt-BR" + params = {:lang => "pt-BR", :login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + assert_equal 400, last_response.status + json = JSON.parse(last_response.body) + msg = json['message'].split(':') + key = msg[0][2, 5] + val = msg[1][2, 35] + assert_equal "login", key + assert val.include? "muito curto" + end + + should 'not register a user without email' do + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil } + post "/api/v1/register?#{params.to_query}" + assert_equal 400, last_response.status + end + + should 'not register a duplicated user' do + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + post "/api/v1/register?#{params.to_query}" + assert_equal 400, last_response.status + json = JSON.parse(last_response.body) + end + + # TODO: Add another test cases to check register situations + should 'activate a user' do + params = { + :login => "newuserapi", + :password => "newuserapi", + :password_confirmation => "newuserapi", + :email => "newuserapi@email.com" + } + user = User.new(params) + user.save! + + params = { activation_code: user.activation_code} + patch "/api/v1/activate?#{params.to_query}" + assert_equal 200, last_response.status + end + + should 'do not activate a user if admin must approve him' do + params = { + :login => "newuserapi", + :password => "newuserapi", + :password_confirmation => "newuserapi", + :email => "newuserapi@email.com", + :environment => Environment.default + } + user = User.new(params) + user.environment.enable('admin_must_approve_new_users') + user.save! + + params = { activation_code: user.activation_code} + patch "/api/v1/activate?#{params.to_query}" + assert_equal 202, last_response.status + assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"] + end + + should 'do not activate a user if the token is invalid' do + params = { + :login => "newuserapi", + :password => "newuserapi", + :password_confirmation => "newuserapi", + :email => "newuserapi@email.com", + :environment => Environment.default + } + user = User.new(params) + user.save! + + params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'} + patch "/api/v1/activate?#{params.to_query}" + assert_equal 412, last_response.status + end + + should 'create task to change password by user login' do + user = create_user + params = {:value => user.login} + assert_difference 'ChangePassword.count' do + post "/api/v1/forgot_password?#{params.to_query}" + end + end + + should 'not create task to change password when user is not found' do + params = {:value => 'wronglogin'} + assert_no_difference 'ChangePassword.count' do + post "/api/v1/forgot_password?#{params.to_query}" + end + assert_equal 404, last_response.status + end + + should 'change user password and close task' do + task = ChangePassword.create!(:requestor => @person) + params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'}) + patch "/api/v1/new_password?#{params.to_query}" + assert_equal Task::Status::FINISHED, task.reload.status + assert user.reload.authenticated?('secret') + json = JSON.parse(last_response.body) + assert_equal user.id, json['user']['id'] + end + + should 'do not change user password when password confirmation is wrong' do + user = create_user + user.activate + task = ChangePassword.create!(:requestor => user.person) + params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} + patch "/api/v1/new_password?#{params.to_query}" + assert_equal Task::Status::ACTIVE, task.reload.status + assert !user.reload.authenticated?('secret') + assert_equal 400, last_response.status + end + + should 'render not found when provide a wrong code on password change' do + params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'} + patch "/api/v1/new_password?#{params.to_query}" + assert_equal 404, last_response.status + end + + should 'not return private token when the registered user is inactive' do + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + assert_equal 201, last_response.status + json = JSON.parse(last_response.body) + assert !User['newuserapi'].activated? + assert !json['user']['activated'] + assert !json['user']['private_token'].present? + end + + should 'resend activation code for an inactive user' do + user = create_user + params = {:value => user.login} + Delayed::Job.destroy_all + assert_difference 'ActionMailer::Base.deliveries.size' do + post "/api/v1/resend_activation_code?#{params.to_query}" + process_delayed_job_queue + end + json = JSON.parse(last_response.body) + refute json['users'].first['private_token'] + assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s + end + + should 'not resend activation code for an active user' do + user = create_user + params = {:value => user.login} + user.activate + Delayed::Job.destroy_all + assert_no_difference 'ActionMailer::Base.deliveries.size' do + post "/api/v1/resend_activation_code?#{params.to_query}" + process_delayed_job_queue + end + json = JSON.parse(last_response.body) + assert json['users'].first['private_token'] + end + +end diff --git a/test/api/task_test.rb b/test/api/task_test.rb new file mode 100644 index 0000000..01bf515 --- /dev/null +++ b/test/api/task_test.rb @@ -0,0 +1,173 @@ +require_relative 'test_helper' + +class TasksTest < ActiveSupport::TestCase + + def setup + login_api + @person = user.person + @community = fast_create(Community) + @environment = Environment.default + end + + attr_accessor :person, :community, :environment + + should 'list tasks of environment' do + environment.add_admin(person) + task = create(Task, :requestor => person, :target => environment) + get "/api/v1/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["tasks"].map { |a| a["id"] }, task.id + end + + should 'return environment task by id' do + environment.add_admin(person) + task = create(Task, :requestor => person, :target => environment) + get "/api/v1/tasks/#{task.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal task.id, json["task"]["id"] + end + + should 'not return environmet task if user has no permission to view it' do + person = fast_create(Person) + task = create(Task, :requestor => person, :target => environment) + + get "/api/v1/tasks/#{task.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + ############################# + # Community Tasks # + ############################# + + should 'return task by community' do + community = fast_create(Community) + community.add_admin(person) + + task = create(Task, :requestor => person, :target => community) + assert person.is_member_of?(community) + + get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal task.id, json["task"]["id"] + end + + should 'not return task by community if user has no permission to view it' do + community = fast_create(Community) + task = create(Task, :requestor => person, :target => community) + assert !person.is_member_of?(community) + + get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'create task in a community' do + community = fast_create(Community) + give_permission(person, 'perform_task', community) + post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_nil json["task"]["id"] + end + + should 'create task defining the requestor as current profile logged in' do + community = fast_create(Community) + community.add_member(person) + + post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal person, Task.last.requestor + end + + should 'create task defining the target as the community' do + community = fast_create(Community) + community.add_member(person) + + post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal community, Task.last.target + end + + ############################# + # Person Tasks # + ############################# + + should 'return task by person' do + task = create(Task, :requestor => person, :target => person) + get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal task.id, json["task"]["id"] + end + + should 'not return task by person if user has no permission to view it' do + some_person = fast_create(Person) + task = create(Task, :requestor => person, :target => some_person) + + get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'create task for person' do + post "/api/v1/people/#{person.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_nil json["task"]["id"] + end + + should 'create task for another person' do + some_person = fast_create(Person) + post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal some_person, Task.last.target + end + + should 'create task defining the target as a person' do + post "/api/v1/people/#{person.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal person, Task.last.target + end + + ############################# + # Enterprise Tasks # + ############################# + + should 'return task by enterprise' do + enterprise = fast_create(Enterprise) + enterprise.add_admin(person) + + task = create(Task, :requestor => person, :target => enterprise) + assert person.is_member_of?(enterprise) + + get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal task.id, json["task"]["id"] + end + + should 'not return task by enterprise if user has no permission to view it' do + enterprise = fast_create(Enterprise) + task = create(Task, :requestor => person, :target => enterprise) + assert !person.is_member_of?(enterprise) + + get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'create task in a enterprise' do + enterprise = fast_create(Enterprise) + give_permission(person, 'perform_task', enterprise) + post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_nil json["task"]["id"] + end + + should 'create task defining the target as the enterprise' do + enterprise = fast_create(Enterprise) + enterprise.add_member(person) + + post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal enterprise, Task.last.target + end +end diff --git a/test/api/test_helper.rb b/test/api/test_helper.rb new file mode 100644 index 0000000..fb6cbb8 --- /dev/null +++ b/test/api/test_helper.rb @@ -0,0 +1,36 @@ +require 'test_helper' + +class ActiveSupport::TestCase + + include Rack::Test::Methods + + def app + Noosfero::API::API + end + + def login_api + @environment = Environment.default + @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment) + @user.activate + @person = @user.person + + post "/api/v1/login?login=testapi&password=testapi" + json = JSON.parse(last_response.body) + @private_token = json["private_token"] + unless @private_token + @user.generate_private_token! + @private_token = @user.private_token + end + + @params = {:private_token => @private_token} + end + attr_accessor :private_token, :user, :person, :params, :environment + + private + + def json_response_ids(kind) + json = JSON.parse(last_response.body) + json[kind.to_s].map {|c| c['id']} + end + +end diff --git a/test/api/users_test.rb b/test/api/users_test.rb new file mode 100644 index 0000000..434bc5d --- /dev/null +++ b/test/api/users_test.rb @@ -0,0 +1,105 @@ +# encoding: UTF-8 +require_relative 'test_helper' + +class UsersTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'list users' do + get "/api/v1/users/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["users"].map { |a| a["login"] }, user.login + end + + should 'get user' do + get "/api/v1/users/#{user.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal user.id, json['user']['id'] + end + + should 'list user permissions' do + community = fast_create(Community) + community.add_admin(person) + get "/api/v1/users/#{user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["user"]["permissions"], community.identifier + end + + should 'get logged user' do + get "/api/v1/users/me?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal user.id, json['user']['id'] + end + + should 'not show permissions to logged user' do + target_person = create_user('some-user').person + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + refute json["user"].has_key?("permissions") + end + + should 'show permissions to self' do + get "/api/v1/users/#{user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json["user"].has_key?("permissions") + end + + should 'not show permissions to friend' do + target_person = create_user('some-user').person + + f = Friendship.new + f.friend = target_person + f.person = person + f.save! + + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + refute json["user"].has_key?("permissions") + end + + should 'not show private attribute to logged user' do + target_person = create_user('some-user').person + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + refute json["user"].has_key?("email") + end + + should 'show private attr to friend' do + target_person = create_user('some-user').person + f = Friendship.new + f.friend = target_person + f.person = person + f.save! + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json["user"].has_key?("email") + assert_equal target_person.email, json["user"]["email"] + end + + should 'show public attribute to logged user' do + target_person = create_user('some-user').person + target_person.fields_privacy={:email=> 'public'} + target_person.save! + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json["user"].has_key?("email") + assert_equal json["user"]["email"],target_person.email + end + + should 'show public and private field to admin' do + Environment.default.add_admin(person) + + target_person = create_user('some-user').person + target_person.fields_privacy={:email=> 'public'} + target_person.save! + + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json["user"].has_key?("email") + assert json["user"].has_key?("permissions") + assert json["user"].has_key?("activated") + end + +end diff --git a/test/unit/api/activities_test.rb b/test/unit/api/activities_test.rb deleted file mode 100644 index b06e14b..0000000 --- a/test/unit/api/activities_test.rb +++ /dev/null @@ -1,22 +0,0 @@ -require_relative 'test_helper' - -class ActivitiesTest < ActiveSupport::TestCase - - def setup - login_api - end - - should 'get activity from profile' do - person = fast_create(Person) - organization = fast_create(Organization) - assert_difference 'organization.activities_count' do - ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization - organization.reload - end - get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert 1, json["activities"].count - assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"] - end - -end diff --git a/test/unit/api/api_test.rb b/test/unit/api/api_test.rb deleted file mode 100644 index f731383..0000000 --- a/test/unit/api/api_test.rb +++ /dev/null @@ -1,29 +0,0 @@ -require_relative 'test_helper' - -class MyPlugin < Noosfero::Plugin;end -class MyPlugin::API;end - -class APITest < ActiveSupport::TestCase - - should 'endpoint should not be available if its plugin is unavailable' do - endpoint = mock() - environment = Environment.default - environment.stubs(:plugin_enabled?).returns(false) - endpoint.stubs(:options).returns({:for => MyPlugin::API}) - - assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment) - end - - should 'endpoint should be available if its plugin is available' do - class MyPlugin < Noosfero::Plugin;end - class MyPlugin::API;end - - endpoint = mock() - environment = Environment.default - environment.stubs(:plugin_enabled?).returns(true) - endpoint.stubs(:options).returns({:for => MyPlugin::API}) - - assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment) - end - -end diff --git a/test/unit/api/articles_test.rb b/test/unit/api/articles_test.rb deleted file mode 100644 index dbe6c3d..0000000 --- a/test/unit/api/articles_test.rb +++ /dev/null @@ -1,667 +0,0 @@ -require_relative 'test_helper' - -class ArticlesTest < ActiveSupport::TestCase - - def setup - login_api - end - - should 'list articles' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["articles"].map { |a| a["id"] }, article.id - end - - should 'get profile homepage' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - person.home_page=article - person.save! - - get "/api/v1/profiles/#{person.id}/home_page?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["id"] - end - - should 'not list forbidden article when listing articles' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_includes json['articles'].map {|a| a['id']}, article.id - end - - should 'return article by id' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["id"] - end - - should 'not return article if user has no permission to view it' do - person = fast_create(Person, :environment_id => environment.id) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/articles/#{article.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'follow a article identified by id' do - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") - post "/api/v1/articles/#{article.id}/follow?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_not_equal 401, last_response.status - assert_equal true, json['success'] - end - - should 'return the followers count of an article' do - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") - article.person_followers << @person - - get "/api/v1/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal 200, last_response.status - assert_equal 1, json['article']['followers_count'] - end - - should 'return the followers of a article identified by id' do - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") - - article_follower = ArticleFollower.new - article_follower.article = article - article_follower.person = @person - article_follower.save! - - get "/api/v1/articles/#{article.id}/followers?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal 200, last_response.status - assert_equal 1, json['total_followers'] - end - - should 'list articles followed by me' do - article1 = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - fast_create(Article, :profile_id => user.person.id, :name => "Some other thing") - article1.person_followers << @person - get "/api/v1/articles/followed_by_me?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [article1.id], json['articles'].map { |a| a['id'] } - end - - - should 'list article children' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") - child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}/children?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } - end - - should 'list public article children for not logged in access' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") - child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}/children" - json = JSON.parse(last_response.body) - assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } - end - - should 'not list children of forbidden article' do - person = fast_create(Person, :environment_id => environment.id) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") - child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}/children?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not return child of forbidden article' do - person = fast_create(Person, :environment_id => environment.id) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not return private child' do - person = fast_create(Person, :environment_id => environment.id) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing") - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not list private child' do - person = fast_create(Person, :environment_id => environment.id) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing") - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) - get "/api/v1/articles/#{article.id}/children?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_includes json['articles'].map {|a| a['id']}, child.id - end - - should 'perform a vote in a article identified by id' do - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") - @params[:value] = 1 - - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_not_equal 401, last_response.status - assert_equal true, json['vote'] - end - - expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count) - - expose_attributes.each do |attr| - should "expose article #{attr} attribute by default" do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json["articles"].last.has_key?(attr) - end - end - - should 'not perform a vote twice in same article' do - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") - @params[:value] = 1 - ## Perform a vote twice in API should compute only one vote - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" - - total = article.votes_total - - assert_equal 1, total - end - - should 'not perform a vote in favor and against a proposal' do - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing") - @params[:value] = 1 - ## Perform a vote in favor a proposal - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 201, last_response.status - ## Perform a vote against a proposal - @params[:value] = -1 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" - json = JSON.parse(last_response.body) - ## The api should not allow to save this vote - assert_equal 400, last_response.status - end - - should "update body of article created by me" do - new_value = "Another body" - params[:article] = {:body => new_value} - article = fast_create(Article, :profile_id => person.id) - post "/api/v1/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal new_value, json["article"]["body"] - end - - should "update title of article created by me" do - new_value = "Another name" - params[:article] = {:name => new_value} - article = fast_create(Article, :profile_id => person.id) - post "/api/v1/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal new_value, json["article"]["title"] - end - - should 'not update article of another user' do - another_person = fast_create(Person, :environment_id => environment.id) - article = fast_create(Article, :profile_id => another_person.id) - params[:article] = {:title => 'Some title'} - post "/api/v1/articles/#{article.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not update article without permission in community' do - community = fast_create(Community, :environment_id => environment.id) - article = fast_create(Article, :profile_id => community.id) - params[:article] = {:name => 'New title'} - post "/api/v1/articles/#{article.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - - should 'update article of community if user has permission' do - community = fast_create(Community, :environment_id => environment.id) - give_permission(person, 'post_content', community) - article = fast_create(Article, :profile_id => community.id) - new_value = "Another body" - params[:article] = {:body => new_value} - post "/api/v1/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal new_value, json["article"]["body"] - end - - should 'list articles with pagination' do - Article.destroy_all - article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing", :created_at => 2.days.ago) - article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :created_at => 1.day.ago) - - params[:page] = 1 - params[:per_page] = 1 - get "/api/v1/articles/?#{params.to_query}" - json_page_one = JSON.parse(last_response.body) - - params[:page] = 2 - params[:per_page] = 1 - get "/api/v1/articles/?#{params.to_query}" - json_page_two = JSON.parse(last_response.body) - - assert_includes json_page_one["articles"].map { |a| a["id"] }, article_two.id - assert_not_includes json_page_one["articles"].map { |a| a["id"] }, article_one.id - - assert_includes json_page_two["articles"].map { |a| a["id"] }, article_one.id - assert_not_includes json_page_two["articles"].map { |a| a["id"] }, article_two.id - end - - should 'list articles with timestamp' do - article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing") - article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - - article_one.updated_at = Time.now + 3.hours - article_one.save! - - params[:timestamp] = Time.now + 1.hours - get "/api/v1/articles/?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_includes json["articles"].map { |a| a["id"] }, article_one.id - assert_not_includes json["articles"].map { |a| a["id"] }, article_two.id - end - - ############################# - # Profile Articles # - ############################# - - profile_kinds = %w(community person enterprise) - profile_kinds.each do |kind| - should "return article by #{kind}" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - article = fast_create(Article, :profile_id => profile.id, :name => "Some thing") - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["id"] - end - - should "not return article by #{kind} if user has no permission to view it" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should "not list forbidden article when listing articles by #{kind}" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_includes json['articles'].map {|a| a['id']}, article.id - end - - should "return article by #{kind} and path" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - parent_article = Folder.create!(:profile => profile, :name => "Parent Folder") - article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article) - - params[:path] = parent_article.slug+'/'+article.slug - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["id"] - end - - should "not return article by #{kind} and path if user has no permission to view it" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - parent_article = Folder.create!(:profile => profile, :name => "Parent Folder") - article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article, :published => false) - - assert !article.published? - - params[:path] = parent_article.slug+'/'+article.slug - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - assert_equal 403, last_response.status - end - end - - ############################# - # Group Profile Articles # - ############################# - - group_kinds = %w(community enterprise) - group_kinds.each do |kind| - should "#{kind}: create article" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - give_permission(user.person, 'post_content', profile) - params[:article] = {:name => "Title"} - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal "Title", json["article"]["title"] - end - - should "#{kind}: do not create article if user has no permission to post content" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - give_permission(user.person, 'invite_members', profile) - params[:article] = {:name => "Title"} - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - assert_equal 403, last_response.status - end - - should "#{kind} create article with parent" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) - article = fast_create(Article) - - params[:article] = {:name => "Title", :parent_id => article.id} - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["parent"]["id"] - end - - should "#{kind} create article with content type passed as parameter" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) - - Article.delete_all - params[:article] = {:name => "Title"} - params[:content_type] = 'TextArticle' - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_kind_of TextArticle, Article.last - end - - should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) - - params[:article] = {:name => "Title"} - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_kind_of TinyMceArticle, Article.last - end - - should "#{kind}: not create article with invalid article content type" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - profile.add_member(user.person) - - params[:article] = {:name => "Title"} - params[:content_type] = 'Person' - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal 403, last_response.status - end - - should "#{kind} create article defining the correct profile" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) - - params[:article] = {:name => "Title"} - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal profile.id, json['article']['profile']['id'] - end - - should "#{kind}: create article defining the created_by" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) - - params[:article] = {:name => "Title"} - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal user.person, Article.last.created_by - end - - should "#{kind}: create article defining the last_changed_by" do - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true) - - params[:article] = {:name => "Title"} - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal user.person, Article.last.last_changed_by - end - end - - ############################# - # Person Articles # - ############################# - - should 'create article in a person' do - params[:article] = {:name => "Title"} - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal "Title", json["article"]["title"] - end - - should 'person do not create article if user has no permission to post content' do - person = fast_create(Person, :environment_id => environment.id) - params[:article] = {:name => "Title"} - post "/api/v1/people/#{person.id}/articles?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'person create article with parent' do - article = fast_create(Article) - - params[:article] = {:name => "Title", :parent_id => article.id} - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["parent"]["id"] - end - - should 'person create article with content type passed as parameter' do - Article.delete_all - params[:article] = {:name => "Title"} - params[:content_type] = 'TextArticle' - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_kind_of TextArticle, Article.last - end - - should 'person create article of TinyMceArticle type if no content type is passed as parameter' do - params[:article] = {:name => "Title"} - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_kind_of TinyMceArticle, Article.last - end - - should 'person not create article with invalid article content type' do - params[:article] = {:name => "Title"} - params[:content_type] = 'Person' - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal 403, last_response.status - end - - should 'person create article defining the correct profile' do - params[:article] = {:name => "Title"} - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal user.person, Article.last.profile - end - - should 'person create article defining the created_by' do - params[:article] = {:name => "Title"} - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal user.person, Article.last.created_by - end - - should 'person create article defining the last_changed_by' do - params[:article] = {:name => "Title"} - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal user.person, Article.last.last_changed_by - end - - should 'list article children with partial fields' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") - params[:fields] = [:title] - get "/api/v1/articles/#{article.id}/children?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal ['title'], json['articles'].first.keys - end - - should 'suggest article children' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - params[:target_id] = user.person.id - params[:article] = {:name => "Article name", :body => "Article body"} - assert_difference "SuggestArticle.count" do - post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}" - end - json = JSON.parse(last_response.body) - assert_equal 'SuggestArticle', json['task']['type'] - end - - should 'suggest event children' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - params[:target_id] = user.person.id - params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"} - assert_difference "SuggestArticle.count" do - post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}" - end - json = JSON.parse(last_response.body) - assert_equal 'SuggestArticle', json['task']['type'] - end - - should 'update hit attribute of article children' do - a1 = fast_create(Article, :profile_id => user.person.id) - a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id) - a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id) - get "/api/v1/articles/#{a1.id}/children?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [1, 1], json['articles'].map { |a| a['hits']} - assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits] - end - - should 'update hit attribute of article specific children' do - a1 = fast_create(Article, :profile_id => user.person.id) - a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id) - get "/api/v1/articles/#{a1.id}/children/#{a2.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 1, json['article']['hits'] - end - - should 'list all events of a community in a given category' do - co = Community.create(identifier: 'my-community', name: 'name-my-community') - c1 = Category.create(environment: Environment.default, name: 'my-category') - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') - e1 = fast_create(Event, :profile_id => co.id) - e2 = fast_create(Event, :profile_id => co.id) - e1.categories << c1 - e2.categories << c2 - e1.save! - e2.save! - params['content_type']='Event' - get "api/v1/communities/#{co.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal json['articles'].count, 2 - end - - should 'list a event of a community in a given category' do - co = Community.create(identifier: 'my-community', name: 'name-my-community') - c1 = Category.create(environment: Environment.default, name: 'my-category') - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') - e1 = fast_create(Event, :profile_id => co.id) - e2 = fast_create(Event, :profile_id => co.id) - e1.categories << c1 - e2.categories << c2 - e1.save! - e2.save! - params['category_ids[]']=c1.id - params['content_type']='Event' - get "api/v1/communities/#{co.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - #should show only one article, since the other not in the same category - assert_equal 1, json['articles'].count - assert_equal e1.id, json['articles'][0]['id'] - end - - should 'not list uncategorized event of a community if a category is given' do - co = Community.create(identifier: 'my-community', name: 'name-my-community') - c1 = Category.create(environment: Environment.default, name: 'my-category') - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') - e1 = fast_create(Event, :profile_id => co.id) - e2 = fast_create(Event, :profile_id => co.id) - e3 = fast_create(Event, :profile_id => co.id) - e1.categories << c1 - e2.categories << c2 - params['category_ids[]']=c1.id - params['content_type']='Event' - get "api/v1/communities/#{co.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 1, json['articles'].count - assert_equal e1.id, json['articles'][0]['id'] - end - - should 'list events of a community in a given 2 categories' do - co = Community.create(identifier: 'my-community', name: 'name-my-community') - c1 = Category.create(environment: Environment.default, name: 'my-category') - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') - e1 = fast_create(Event, :profile_id => co.id) - e2 = fast_create(Event, :profile_id => co.id) - e1.categories << c1 - e2.categories << c2 - e1.save! - e2.save! - params['content_type']='Event' - params['categories_ids'] = [c1.id, c2.id] - get "api/v1/communities/#{co.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal json['articles'].count, 2 - end - - should 'Show 2 events since it uses an IN operator for category instead of an OR' do - co = Community.create(identifier: 'my-community', name: 'name-my-community') - c1 = Category.create(environment: Environment.default, name: 'my-category') - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category') - c3 = Category.create(environment: Environment.default, name: 'extra-category') - e1 = fast_create(Event, :profile_id => co.id) - e2 = fast_create(Event, :profile_id => co.id) - e1.categories << c1 - e2.categories << c2 - e1.save! - e2.save! - params['content_type']='Event' - params['categories_ids'] = [c1.id, c2.id, c3.id] - get "api/v1/communities/#{co.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal json['articles'].count, 2 - end - - ARTICLE_ATTRIBUTES = %w(votes_count comments_count) - - ARTICLE_ATTRIBUTES.map do |attribute| - - define_method "test_should_expose_#{attribute}_attribute_in_article_enpoints" do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_nil json['article'][attribute] - end - end -end diff --git a/test/unit/api/boxes_test.rb b/test/unit/api/boxes_test.rb deleted file mode 100644 index 1ba8b6b..0000000 --- a/test/unit/api/boxes_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require_relative 'test_helper' - -class BoxesTest < ActiveSupport::TestCase - - def setup - @controller = AccountController.new - @request = ActionController::TestRequest.new - login_api -# @request = ActionController::TestRequest.new - end - - kinds= %w[Profile Community Person Enterprise Environment] - kinds.each do |kind| - should "get_boxes_from_#{kind.downcase.pluralize}" do - context_obj = fast_create(kind.constantize) - box = fast_create(Box, :owner_id => context_obj.id, :owner_type => (kind == 'Environment') ? 'Environment' : 'Profile') - get "/api/v1/#{kind.downcase.pluralize}/#{context_obj.id}/boxes?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal box.id, json["boxes"].first["id"] - end - end - - should 'get boxes from default environment' do - Environment.delete_all - environment = fast_create(Environment, :is_default => true) - box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment') - get "/api/v1/environments/default/boxes?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal box.id, json["boxes"].first["id"] - end - - should 'get boxes from context environment' do - env = fast_create(Environment, :is_default => true) - env2 = fast_create(Environment).domains << Domain.new(:name => 'test.host') - box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment') - get "/api/v1/environments/context/boxes?#{params.to_query}" - - json = JSON.parse(last_response.body) - assert_equal box.id, json["boxes"].first["id"] - end - -end diff --git a/test/unit/api/categories_test.rb b/test/unit/api/categories_test.rb deleted file mode 100644 index f4db3d1..0000000 --- a/test/unit/api/categories_test.rb +++ /dev/null @@ -1,97 +0,0 @@ -require_relative 'test_helper' - -class CategoriesTest < ActiveSupport::TestCase - - def setup - login_api - end - - should 'list categories' do - category = fast_create(Category, :environment_id => environment.id) - get "/api/v1/categories/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["categories"].map { |c| c["name"] }, category.name - end - - should 'get category by id' do - category = fast_create(Category, :environment_id => environment.id) - get "/api/v1/categories/#{category.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal category.name, json["category"]["name"] - end - - should 'list parent and children when get category by id' do - parent = fast_create(Category, :environment_id => environment.id) - child_1 = fast_create(Category, :environment_id => environment.id) - child_2 = fast_create(Category, :environment_id => environment.id) - - category = fast_create(Category, :environment_id => environment.id) - category.parent = parent - category.children << child_1 - category.children << child_2 - category.save - - get "/api/v1/categories/#{category.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) - assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } - end - - should 'include parent in categories list if params is true' do - parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category - child_1 = fast_create(Category, :environment_id => environment.id) - child_2 = fast_create(Category, :environment_id => environment.id) - - parent_2 = fast_create(Category, :environment_id => environment.id) - parent_2.parent = parent_1 - parent_2.children << child_1 - parent_2.children << child_2 - parent_2.save - - get "/api/v1/categories/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq - - params[:include_parent] = true - get "/api/v1/categories/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id], - json["categories"].map { |c| c['parent'] && c['parent']['id'] } - end - - should 'include children in categories list if params is true' do - category = fast_create(Category, :environment_id => environment.id) - child_1 = fast_create(Category, :environment_id => environment.id) - child_2 = fast_create(Category, :environment_id => environment.id) - child_3 = fast_create(Category, :environment_id => environment.id) - - category.children << child_1 - category.children << child_2 - category.save - - child_1.children << child_3 - child_1.save - - get "/api/v1/categories/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq - - params[:include_children] = true - get "/api/v1/categories/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort], - json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort } - end - - expose_attributes = %w(id name full_name image display_color) - - expose_attributes.each do |attr| - should "expose category #{attr} attribute by default" do - category = fast_create(Category, :environment_id => environment.id) - get "/api/v1/categories/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json["categories"].last.has_key?(attr) - end - end - -end diff --git a/test/unit/api/comments_test.rb b/test/unit/api/comments_test.rb deleted file mode 100644 index d68c4b6..0000000 --- a/test/unit/api/comments_test.rb +++ /dev/null @@ -1,81 +0,0 @@ -require_relative 'test_helper' - -class CommentsTest < ActiveSupport::TestCase - - def setup - login_api - end - - should 'not list comments if user has no permission to view the source article' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not return comment if user has no permission to view the source article' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - comment = article.comments.create!(:body => "another comment", :author => user.person) - assert !article.published? - - get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not comment an article if user has no permission to view it' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - assert !article.published? - - post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'return comments of an article' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - article.comments.create!(:body => "some comment", :author => user.person) - article.comments.create!(:body => "another comment", :author => user.person) - - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 200, last_response.status - assert_equal 2, json["comments"].length - end - - should 'return comment of an article' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - comment = article.comments.create!(:body => "another comment", :author => user.person) - - get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 200, last_response.status - assert_equal comment.id, json['comment']['id'] - end - - should 'comment an article' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - body = 'My comment' - params.merge!({:body => body}) - - post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 201, last_response.status - assert_equal body, json['comment']['body'] - end - - should 'comment creation define the source' do - amount = Comment.count - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - body = 'My comment' - params.merge!({:body => body}) - - post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" - assert_equal amount + 1, Comment.count - comment = Comment.last - assert_not_nil comment.source - end - -end diff --git a/test/unit/api/communities_test.rb b/test/unit/api/communities_test.rb deleted file mode 100644 index df59c18..0000000 --- a/test/unit/api/communities_test.rb +++ /dev/null @@ -1,160 +0,0 @@ -require_relative 'test_helper' - -class CommunitiesTest < ActiveSupport::TestCase - - def setup - Community.delete_all - login_api - end - - should 'list only communities' do - community = fast_create(Community, :environment_id => environment.id) - enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise - get "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id - assert_includes json['communities'].map {|c| c['id']}, community.id - end - - should 'list all communities' do - community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) - community2 = fast_create(Community, :environment_id => environment.id) - get "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} - end - - should 'not list invisible communities' do - community1 = fast_create(Community, :environment_id => environment.id) - fast_create(Community, :environment_id => environment.id, :visible => false) - - get "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [community1.id], json['communities'].map {|c| c['id']} - end - - should 'not list private communities without permission' do - community1 = fast_create(Community, :environment_id => environment.id) - fast_create(Community, :environment_id => environment.id, :public_profile => false) - - get "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [community1.id], json['communities'].map {|c| c['id']} - end - - should 'list private community for members' do - c1 = fast_create(Community, :environment_id => environment.id) - c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) - c2.add_member(person) - - get "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']} - end - - should 'create a community' do - params[:community] = {:name => 'some'} - post "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 'some', json['community']['name'] - end - - should 'return 400 status for invalid community creation' do - post "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 400, last_response.status - end - - should 'get community' do - community = fast_create(Community, :environment_id => environment.id) - - get "/api/v1/communities/#{community.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal community.id, json['community']['id'] - end - - should 'not get invisible community' do - community = fast_create(Community, :environment_id => environment.id, :visible => false) - - get "/api/v1/communities/#{community.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json['community'].blank? - end - - should 'not get private communities without permission' do - community = fast_create(Community, :environment_id => environment.id) - fast_create(Community, :environment_id => environment.id, :public_profile => false) - - get "/api/v1/communities/#{community.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal community.id, json['community']['id'] - end - - should 'get private community for members' do - community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) - community.add_member(person) - - - get "/api/v1/communities/#{community.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal community.id, json['community']['id'] - end - - should 'list person communities' do - community = fast_create(Community, :environment_id => environment.id) - fast_create(Community, :environment_id => environment.id) - community.add_member(person) - - get "/api/v1/people/#{person.id}/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [community.id], json['communities'].map {|c| c['id']} - end - - should 'not list person communities invisible' do - c1 = fast_create(Community, :environment_id => environment.id) - c2 = fast_create(Community, :environment_id => environment.id, :visible => false) - c1.add_member(person) - c2.add_member(person) - - get "/api/v1/people/#{person.id}/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [c1.id], json['communities'].map {|c| c['id']} - end - - should 'list communities with pagination' do - community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) - community2 = fast_create(Community, :created_at => 2.days.ago) - - params[:page] = 2 - params[:per_page] = 1 - get "/api/v1/communities?#{params.to_query}" - json_page_two = JSON.parse(last_response.body) - - params[:page] = 1 - params[:per_page] = 1 - get "/api/v1/communities?#{params.to_query}" - json_page_one = JSON.parse(last_response.body) - - - assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id - assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id - - assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id - assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id - end - - should 'list communities with timestamp' do - community1 = fast_create(Community, :public_profile => true) - community2 = fast_create(Community) - - community1.updated_at = Time.now + 3.hours - community1.save! - - params[:timestamp] = Time.now + 1.hours - get "/api/v1/communities/?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_includes json["communities"].map { |a| a["id"] }, community1.id - assert_not_includes json["communities"].map { |a| a["id"] }, community2.id - end -end diff --git a/test/unit/api/enterprises_test.rb b/test/unit/api/enterprises_test.rb deleted file mode 100644 index 1ec04ee..0000000 --- a/test/unit/api/enterprises_test.rb +++ /dev/null @@ -1,110 +0,0 @@ -require_relative 'test_helper' - -class EnterprisesTest < ActiveSupport::TestCase - - def setup - Enterprise.delete_all - login_api - end - - should 'list only enterprises' do - community = fast_create(Community, :environment_id => environment.id) # should not list this community - enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) - get "/api/v1/enterprises?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id - assert_not_includes json['enterprises'].map {|c| c['id']}, community.id - end - - should 'list all enterprises' do - enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) - enterprise2 = fast_create(Enterprise, :environment_id => environment.id) - get "/api/v1/enterprises?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} - end - - should 'not list invisible enterprises' do - enterprise1 = fast_create(Enterprise, :environment_id => environment.id) - fast_create(Enterprise, :visible => false) - - get "/api/v1/enterprises?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} - end - - should 'not list private enterprises without permission' do - enterprise1 = fast_create(Enterprise, :environment_id => environment.id) - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) - - get "/api/v1/enterprises?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} - end - - should 'list private enterprise for members' do - c1 = fast_create(Enterprise, :environment_id => environment.id) - c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) - c2.add_member(person) - - get "/api/v1/enterprises?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']} - end - - should 'get enterprise' do - enterprise = fast_create(Enterprise, :environment_id => environment.id) - - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal enterprise.id, json['enterprise']['id'] - end - - should 'not get invisible enterprise' do - enterprise = fast_create(Enterprise, :visible => false) - - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json['enterprise'].blank? - end - - should 'not get private enterprises without permission' do - enterprise = fast_create(Enterprise, :environment_id => environment.id) - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) - - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal enterprise.id, json['enterprise']['id'] - end - - should 'get private enterprise for members' do - enterprise = fast_create(Enterprise, :public_profile => false) - enterprise.add_member(person) - - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal enterprise.id, json['enterprise']['id'] - end - - should 'list person enterprises' do - enterprise = fast_create(Enterprise, :environment_id => environment.id) - fast_create(Enterprise, :environment_id => environment.id) - enterprise.add_member(person) - - get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [enterprise.id], json['enterprises'].map {|c| c['id']} - end - - should 'not list person enterprises invisible' do - c1 = fast_create(Enterprise, :environment_id => environment.id) - c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false) - c1.add_member(person) - c2.add_member(person) - - get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']} - end - -end diff --git a/test/unit/api/environment_test.rb b/test/unit/api/environment_test.rb deleted file mode 100644 index 315e9bf..0000000 --- a/test/unit/api/environment_test.rb +++ /dev/null @@ -1,38 +0,0 @@ -require_relative 'test_helper' - -class EnvironmentTest < ActiveSupport::TestCase - - def setup - @person = create_user('testing').person - end - attr_reader :person - - should 'return the default environment' do - environment = Environment.default - get "/api/v1/environment/default" - json = JSON.parse(last_response.body) - assert_equal environment.id, json['id'] - end - - should 'return created environment' do - environment = fast_create(Environment) - default_env = Environment.default - assert_not_equal environment.id, default_env.id - get "/api/v1/environment/#{environment.id}" - json = JSON.parse(last_response.body) - assert_equal environment.id, json['id'] - end - - should 'return context environment' do - context_env = fast_create(Environment) - context_env.name = "example org" - context_env.save - context_env.domains<< Domain.new(:name => 'example.org') - default_env = Environment.default - assert_not_equal context_env.id, default_env.id - get "/api/v1/environment/context" - json = JSON.parse(last_response.body) - assert_equal context_env.id, json['id'] - end - -end diff --git a/test/unit/api/helpers_test.rb b/test/unit/api/helpers_test.rb deleted file mode 100644 index 5c0e4d0..0000000 --- a/test/unit/api/helpers_test.rb +++ /dev/null @@ -1,245 +0,0 @@ -require_relative 'test_helper' -require 'noosfero/api/helpers' - -class APIHelpersTest < ActiveSupport::TestCase - - include Noosfero::API::APIHelpers - - def setup - @headers = {} - end - - attr_accessor :headers - - should 'get the current user with valid token' do - user = create_user('someuser') - user.generate_private_token! - self.params = {:private_token => user.private_token} - assert_equal user, current_user - end - - should 'get the current user with valid token in header' do - user = create_user('someuser') - user.generate_private_token! - headers['Private-Token'] = user.private_token - assert_equal user, current_user - end - - should 'get the current user even with expired token' do - user = create_user('someuser') - user.generate_private_token! - user.private_token_generated_at = DateTime.now.prev_year - user.save - self.params = {:private_token => user.private_token} - assert_equal user, current_user - end - - should 'get the person of current user' do - user = create_user('someuser') - user.generate_private_token! - self.params = {:private_token => user.private_token} - assert_equal user.person, current_person - end - -# #FIXME see how to make this test. Get the current_user variable -# should 'set current_user to nil after logout' do -# user = create_user('someuser') -# user.stubs(:private_token_expired?).returns(false) -# User.stubs(:find_by_private_token).returns(user) -# assert_not_nil current_user -# assert false -# logout -# end - - should 'limit be defined as the params limit value' do - local_limit = 30 - self.params= {:limit => local_limit} - assert_equal local_limit, limit - end - - should 'return default limit if the limit parameter is minor than zero' do - self.params= {:limit => -1} - assert_equal 20, limit - end - - should 'the default limit be 20' do - assert_equal 20, limit - end - - should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do - assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0] - end - - should 'the beginning of the period be from date passsed as parameter' do - from = DateTime.now - assert_equal from, period(from, nil).min - end - - should 'the end of the period be now if no until date is passsed as parameter' do - assert_in_delta DateTime.now, period(nil, nil).max - end - - should 'the end of the period be until date passsed as parameter' do - until_date = DateTime.now - assert_equal until_date, period(nil, until_date).max - end - - should 'parse_content_type return nil if its blank' do - assert_nil parse_content_type("") - end - - should 'parse_content_type be an array' do - assert_kind_of Array, parse_content_type("text_article") - end - - should 'parse_content_type return all content types as an array' do - assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle") - end - - should 'find_article return article by id in list passed for user with permission' do - user = create_user('someuser') - a = fast_create(Article, :profile_id => user.person.id) - fast_create(Article, :profile_id => user.person.id) - fast_create(Article, :profile_id => user.person.id) - - user.generate_private_token! - User.expects(:find_by_private_token).returns(user) - assert_equal a, find_article(user.person.articles, a.id) - end - - should 'find_article return forbidden when a user try to access an article without permission' do - user = create_user('someuser') - p = fast_create(Profile) - a = fast_create(Article, :published => false, :profile_id => p.id) - fast_create(Article, :profile_id => p.id) - - user.generate_private_token! - User.expects(:find_by_private_token).returns(user) - assert_equal 403, find_article(p.articles, a.id).last - end - - should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do - assert_nil make_conditions_with_parameter[:created_at] - end - - should 'make_conditions_with_parameter return created_at parameter if from period is defined' do - assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at] - end - - should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do - assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at] - end - - should 'make_conditions_with_parameter return created_at parameter if until period is defined' do - assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at] - end - - should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do - assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at] - end - - should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do - assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min - end - - should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do - date = '2010-10-10' - assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min - end - - should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do - date = '2010-10-10' - assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max - end - - should 'make_conditions_with_parameter return the until date passed as parameter' do - date = '2010-10-10' - assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min - end - - should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do - assert_nil make_conditions_with_parameter[:type] - end - - #test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association - should 'make_order_with_parameters return order if attribute is found at object association' do - environment = Environment.new - params = {:order => "name ASC"} - assert_equal "name ASC", make_order_with_parameters(environment, "articles", params) - end - - # test added to check for eventual sql injection vunerabillity - #test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists - should 'make_order_with_parameters return default order if attributes not exists' do - environment = Environment.new - params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity - assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params) - end - - should 'make_order_with_parameters return default order if sql injection detected' do - environment = Environment.new - params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity - assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params) - end - - should 'make_order_with_parameters return RANDOM() if random is passed' do - environment = Environment.new - params = {:order => "random"} # quote used to check sql injection vunerabillity - assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params) - end - - should 'make_order_with_parameters return RANDOM() if random function is passed' do - environment = Environment.new - params = {:order => "random()"} # quote used to check sql injection vunerabillity - assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params) - end - - should 'render not_found if endpoint is unavailable' do - Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true) - self.expects(:not_found!) - - filter_disabled_plugins_endpoints - end - - should 'not touch in options when no fields parameter is passed' do - model = mock - expects(:present).with(model, {}) - present_partial(model, {}) - end - - should 'fallback to array when fields parameter is not a json when calling present partial' do - model = mock - params[:fields] = ['name'] - expects(:present).with(model, {:only => ['name']}) - present_partial(model, {}) - end - - should 'fallback to comma separated string when fields parameter is not an array when calling present partial' do - model = mock - params[:fields] = 'name,description' - expects(:present).with(model, {:only => ['name', 'description']}) - present_partial(model, {}) - end - - should 'accept json as fields parameter when calling present partial' do - model = mock - params[:fields] = {only: [:name, {user: [:login]}]}.to_json - expects(:present).with(model, {:only => ['name', {'user' => ['login']}]}) - present_partial(model, {}) - end - - protected - - def error!(info, status) - [info, status] - end - - def params - @params ||= {} - end - - def params= value - @params = value - end - -end diff --git a/test/unit/api/people_test.rb b/test/unit/api/people_test.rb deleted file mode 100644 index a9f3951..0000000 --- a/test/unit/api/people_test.rb +++ /dev/null @@ -1,258 +0,0 @@ -require_relative 'test_helper' - -class PeopleTest < ActiveSupport::TestCase - - def setup - Person.delete_all - login_api - end - - should 'list all people' do - person1 = fast_create(Person, :public_profile => true) - person2 = fast_create(Person) - get "/api/v1/people?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']} - end - - should 'list all members of a community' do - person1 = fast_create(Person) - person2 = fast_create(Person) - community = fast_create(Community) - community.add_member(person1) - community.add_member(person2) - - get "/api/v1/profiles/#{community.id}/members?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 2, json["people"].count - assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]} - end - - should 'not list invisible people' do - invisible_person = fast_create(Person, :visible => false) - - get "/api/v1/people?#{params.to_query}" - assert_not_includes json_response_ids(:people), invisible_person.id - end - - should 'not list private people without permission' do - private_person = fast_create(Person, :public_profile => false) - - get "/api/v1/people?#{params.to_query}" - assert_not_includes json_response_ids(:people), private_person.id - end - - should 'list private person for friends' do - p1 = fast_create(Person) - p2 = fast_create(Person, :public_profile => false) - person.add_friend(p2) - p2.add_friend(person) - - get "/api/v1/people?#{params.to_query}" - assert_includes json_response_ids(:people), p2.id - end - - should 'get person' do - some_person = fast_create(Person) - - get "/api/v1/people/#{some_person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal some_person.id, json['person']['id'] - end - - should 'people endpoint filter by fields parameter' do - get "/api/v1/people?#{params.to_query}&fields=name" - json = JSON.parse(last_response.body) - expected = {'people' => [{'name' => person.name}]} - assert_equal expected, json - end - - should 'people endpoint filter by fields parameter with hierarchy' do - fields = URI.encode({only: [:name, {user: [:login]}]}.to_json) - get "/api/v1/people?#{params.to_query}&fields=#{fields}" - json = JSON.parse(last_response.body) - expected = {'people' => [{'name' => person.name, 'user' => {'login' => 'testapi'}}]} - assert_equal expected, json - end - - should 'get logged person' do - get "/api/v1/people/me?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal person.id, json['person']['id'] - end - - should 'me endpoint filter by fields parameter' do - get "/api/v1/people/me?#{params.to_query}&fields=name" - json = JSON.parse(last_response.body) - expected = {'person' => {'name' => person.name}} - assert_equal expected, json - end - - should 'not get invisible person' do - person = fast_create(Person, :visible => false) - - get "/api/v1/people/#{person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json['person'].blank? - end - - should 'not get private people without permission' do - private_person = fast_create(Person, :public_profile => false) - - get "/api/v1/people/#{private_person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json['person'].blank? - end - - should 'get private person for friends' do - private_person = fast_create(Person, :public_profile => false) - person.add_friend(private_person) - private_person.add_friend(person) - - get "/api/v1/people/#{private_person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal private_person.id, json['person']['id'] - end - - should 'list person friends' do - friend = fast_create(Person) - person.add_friend(friend) - friend.add_friend(person) - - get "/api/v1/people/#{friend.id}/friends?#{params.to_query}" - assert_includes json_response_ids(:people), person.id - end - - should 'not list person invisible friends' do - friend = fast_create(Person) - invisible_friend = fast_create(Person, :visible => false) - person.add_friend(friend) - person.add_friend(invisible_friend) - friend.add_friend(person) - invisible_friend.add_friend(person) - - get "/api/v1/people/#{person.id}/friends?#{params.to_query}" - friends = json_response_ids(:people) - assert_includes friends, friend.id - assert_not_includes friends, invisible_friend.id - end - - should 'create a person' do - login = 'some' - params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} - post "/api/v1/people?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal login, json['person']['identifier'] - end - - should 'return 400 status for invalid person creation' do - params[:person] = {:login => 'some'} - post "/api/v1/people?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 400, last_response.status - end - - should 'display permissions' do - community = fast_create(Community) - community.add_member(fast_create(Person)) - community.add_member(person) - permissions = Profile::Roles.member(person.environment.id).permissions - get "/api/v1/people/#{person.id}/permissions?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal json[community.identifier], permissions - end - - should 'display permissions if self' do - get "/api/v1/people/#{person.id}/permissions?#{params.to_query}" - assert_equal 200, last_response.status - end - - should 'display permissions if admin' do - environment = person.environment - environment.add_admin(person) - some_person = fast_create(Person) - - get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" - assert_equal 200, last_response.status - end - - should 'not display permissions if not admin or self' do - some_person = create_user('some-person').person - - get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not update another person' do - person = fast_create(Person, :environment_id => environment.id) - post "/api/v1/people/#{person.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'update yourself' do - another_name = 'Another Name' - params[:person] = {} - params[:person][:name] = another_name - assert_not_equal another_name, person.name - post "/api/v1/people/#{person.id}?#{params.to_query}" - person.reload - assert_equal another_name, person.name - end - - should 'display public custom fields' do - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) - some_person = create_user('some-person').person - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } - some_person.save! - - get "/api/v1/people/#{some_person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json['person']['additional_data'].has_key?('Custom Blog') - assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] - end - - should 'not display non-public custom fields' do - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) - some_person = create_user('some-person').person - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } - some_person.save! - - get "/api/v1/people/#{some_person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal json['person']['additional_data'], {} - end - - should 'display non-public custom fields to friend' do - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) - some_person = create_user('some-person').person - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } - some_person.save! - - f = Friendship.new - f.friend = some_person - f.person = person - f.save! - - get "/api/v1/people/#{some_person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json['person']['additional_data'].has_key?("Custom Blog") - assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] - end - - PERSON_ATTRIBUTES = %w(vote_count comments_count articles_count) - - PERSON_ATTRIBUTES.map do |attribute| - define_method "test_should_not_expose_#{attribute}_attribute_in_person_enpoint_if_field_parameter_does_not_contain_the_attribute" do - get "/api/v1/people/me?#{params.to_query}&fields=name" - json = JSON.parse(last_response.body) - assert_nil json['person'][attribute] - end - - define_method "test_should_expose_#{attribute}_attribute_in_person_enpoints_if_field_parameter_is_passed" do - get "/api/v1/people/me?#{params.to_query}&fields=#{attribute}" - json = JSON.parse(last_response.body) - assert_not_nil json['person'][attribute] - end - end -end diff --git a/test/unit/api/profiles_test.rb b/test/unit/api/profiles_test.rb deleted file mode 100644 index c58bc14..0000000 --- a/test/unit/api/profiles_test.rb +++ /dev/null @@ -1,32 +0,0 @@ -require_relative 'test_helper' - -class ProfilesTest < ActiveSupport::TestCase - - def setup - Profile.delete_all - login_api - end - - should 'list all profiles' do - person1 = fast_create(Person) - person2 = fast_create(Person) - community = fast_create(Community) - get "/api/v1/profiles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']} - end - - should 'get person from profile id' do - some_person = fast_create(Person) - get "/api/v1/profiles/#{some_person.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal some_person.id, json['id'] - end - - should 'get community from profile id' do - community = fast_create(Community) - get "/api/v1/profiles/#{community.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal community.id, json['id'] - end -end diff --git a/test/unit/api/search_test.rb b/test/unit/api/search_test.rb deleted file mode 100644 index 1f90a47..0000000 --- a/test/unit/api/search_test.rb +++ /dev/null @@ -1,150 +0,0 @@ -require_relative 'test_helper' - -class SearchTest < ActiveSupport::TestCase - - def setup - @person = create_user('testing').person - end - attr_reader :person - - should 'not list unpublished articles' do - Article.delete_all - article = fast_create(Article, :profile_id => person.id, :published => false) - assert !article.published? - get "/api/v1/search/article" - json = JSON.parse(last_response.body) - assert_empty json['articles'] - end - - should 'list articles' do - fast_create(Article, :profile_id => person.id) - get "/api/v1/search/article" - json = JSON.parse(last_response.body) - assert_not_empty json['articles'] - end - - should 'list only articles that has children' do - article = fast_create(Article, :profile_id => person.id) - parent = create(Article, :profile_id => person.id, :name => 'parent article') - child = create(Article, :profile_id => person.id, :parent_id => parent.id, :name => 'child article') - - get "/api/v1/search/article?has_children=true" - json = JSON.parse(last_response.body) - assert_equal parent.id, json['articles'].first['id'] - end - - should 'invalid search string articles' do - fast_create(Article, :profile_id => person.id, :name => 'some article') - get "/api/v1/search/article?query=test" - json = JSON.parse(last_response.body) - assert_empty json['articles'] - end - - should 'not list articles of wrong type' do - Article.delete_all - fast_create(Article, :profile_id => person.id) - get "/api/v1/search/article?type=TinyMceArticle" - json = JSON.parse(last_response.body) - assert_empty json['articles'] - end - - should 'list articles of one type' do - fast_create(Article, :profile_id => person.id) - article = fast_create(TinyMceArticle, :profile_id => person.id) - - get "/api/v1/search/article?type=TinyMceArticle" - json = JSON.parse(last_response.body) - assert_equal article.id, json['articles'].first['id'] - end - - should 'list articles of one type and query string' do - fast_create(Article, :profile_id => person.id, :name => 'some article') - fast_create(Article, :profile_id => person.id, :name => 'Some thing') - article = fast_create(TinyMceArticle, :profile_id => person.id, :name => 'Some thing') - get "/api/v1/search/article?type=TinyMceArticle&query=thing" - json = JSON.parse(last_response.body) - assert_equal 1, json['articles'].count - assert_equal article.id, json['articles'].first['id'] - end - - should 'not return more entries than page limit' do - 1.upto(5).each do |n| - fast_create(Article, :profile_id => person.id, :name => "Article #{n}") - end - - get "/api/v1/search/article?query=Article&per_page=3" - json = JSON.parse(last_response.body) - - assert_equal 3, json['articles'].count - end - - should 'return entries second page' do - 1.upto(5).each do |n| - fast_create(Article, :profile_id => person.id, :name => "Article #{n}") - end - - get "/api/v1/search/article?query=Article&per_page=3&page=2" - json = JSON.parse(last_response.body) - - assert_equal 2, json['articles'].count - end - - should 'search articles in profile' do - person2 = fast_create(Person) - fast_create(Article, :profile_id => person.id) - fast_create(Article, :profile_id => person.id) - article = fast_create(Article, :profile_id => person2.id) - - get "/api/v1/search/article?query=Article&profile_id=#{person2.id}" - json = JSON.parse(last_response.body) - assert_equal article.id, json['articles'].first['id'] - end - - should 'search and return values specified in fields parameter' do - fast_create(Article, :profile_id => person.id) - get "/api/v1/search/article?fields=title" - json = JSON.parse(last_response.body) - assert_not_empty json['articles'] - assert_equal ['title'], json['articles'].first.keys - end - - should 'search with parent' do - parent = fast_create(Folder, :profile_id => person.id) - fast_create(Article, :profile_id => person.id) - article = fast_create(Article, :profile_id => person.id, :parent_id => parent.id) - get "/api/v1/search/article?parent_id=#{parent.id}" - json = JSON.parse(last_response.body) - assert_equal 1, json['articles'].count - assert_equal article.id, json['articles'].first["id"] - end - - should 'search filter by category' do - Article.delete_all - fast_create(Article, :profile_id => person.id) - article = fast_create(Article, :profile_id => person.id) - category = fast_create(Category) - article.categories<< category - get "/api/v1/search/article?category_ids=#{category.id}" - json = JSON.parse(last_response.body) - assert_equal 1, json['articles'].count - assert_equal article.id, json['articles'].first["id"] - end - - should 'search filter by more than one category' do - Article.delete_all - fast_create(Article, :profile_id => person.id) - article1 = fast_create(Article, :profile_id => person.id) - article2 = fast_create(Article, :profile_id => person.id) - category1 = fast_create(Category) - category2 = fast_create(Category) - article1.categories<< category1 - article2.categories<< category2 - get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}" - json = JSON.parse(last_response.body) - ids = [article1.id, article2.id] - assert_equal 2, json['articles'].count - assert_includes ids, json['articles'].first["id"] - assert_includes ids, json['articles'].last["id"] - end - -end diff --git a/test/unit/api/session_test.rb b/test/unit/api/session_test.rb deleted file mode 100644 index bae3d4a..0000000 --- a/test/unit/api/session_test.rb +++ /dev/null @@ -1,221 +0,0 @@ -require_relative 'test_helper' - -class SessionTest < ActiveSupport::TestCase - - def setup - login_api - end - - should 'generate private token when login' do - params = {:login => "testapi", :password => "testapi"} - post "/api/v1/login?#{params.to_query}" - json = JSON.parse(last_response.body) - assert !json['user']["private_token"].blank? - end - - should 'return 401 when login fails' do - user.destroy - params = {:login => "testapi", :password => "testapi"} - post "/api/v1/login?#{params.to_query}" - assert_equal 401, last_response.status - end - - should 'register a user' do - Environment.default.enable('skip_new_user_email_confirmation') - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - assert_equal 201, last_response.status - json = JSON.parse(last_response.body) - assert User['newuserapi'].activated? - assert json['user']['activated'] - assert json['user']['private_token'].present? - end - - should 'register a user with name' do - Environment.default.enable('skip_new_user_email_confirmation') - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :name => "Little John" } - post "/api/v1/register?#{params.to_query}" - assert_equal 201, last_response.status - json = JSON.parse(last_response.body) - assert json['user']['activated'] - assert json['user']['private_token'].present? - end - - should 'register an inactive user' do - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - assert_equal 201, last_response.status - json = JSON.parse(last_response.body) - assert !json['activated'] - assert json['private_token'].blank? - end - - should 'not register a user with invalid login' do - params = {:login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - assert_equal 400, last_response.status - json = JSON.parse(last_response.body) - msg = json['message'].split(':') - key = msg[0][2, 5] - val = msg[1][2, 38] - assert_equal "login", key - assert_equal "is too short (minimum is 2 characters)", val - end - - should 'not register a user with invalid login pt' do - I18n.locale = "pt-BR" - params = {:lang => "pt-BR", :login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - assert_equal 400, last_response.status - json = JSON.parse(last_response.body) - msg = json['message'].split(':') - key = msg[0][2, 5] - val = msg[1][2, 35] - assert_equal "login", key - assert val.include? "muito curto" - end - - should 'not register a user without email' do - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil } - post "/api/v1/register?#{params.to_query}" - assert_equal 400, last_response.status - end - - should 'not register a duplicated user' do - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - post "/api/v1/register?#{params.to_query}" - assert_equal 400, last_response.status - json = JSON.parse(last_response.body) - end - - # TODO: Add another test cases to check register situations - should 'activate a user' do - params = { - :login => "newuserapi", - :password => "newuserapi", - :password_confirmation => "newuserapi", - :email => "newuserapi@email.com" - } - user = User.new(params) - user.save! - - params = { activation_code: user.activation_code} - patch "/api/v1/activate?#{params.to_query}" - assert_equal 200, last_response.status - end - - should 'do not activate a user if admin must approve him' do - params = { - :login => "newuserapi", - :password => "newuserapi", - :password_confirmation => "newuserapi", - :email => "newuserapi@email.com", - :environment => Environment.default - } - user = User.new(params) - user.environment.enable('admin_must_approve_new_users') - user.save! - - params = { activation_code: user.activation_code} - patch "/api/v1/activate?#{params.to_query}" - assert_equal 202, last_response.status - assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"] - end - - should 'do not activate a user if the token is invalid' do - params = { - :login => "newuserapi", - :password => "newuserapi", - :password_confirmation => "newuserapi", - :email => "newuserapi@email.com", - :environment => Environment.default - } - user = User.new(params) - user.save! - - params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'} - patch "/api/v1/activate?#{params.to_query}" - assert_equal 412, last_response.status - end - - should 'create task to change password by user login' do - user = create_user - params = {:value => user.login} - assert_difference 'ChangePassword.count' do - post "/api/v1/forgot_password?#{params.to_query}" - end - end - - should 'not create task to change password when user is not found' do - params = {:value => 'wronglogin'} - assert_no_difference 'ChangePassword.count' do - post "/api/v1/forgot_password?#{params.to_query}" - end - assert_equal 404, last_response.status - end - - should 'change user password and close task' do - task = ChangePassword.create!(:requestor => @person) - params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'}) - patch "/api/v1/new_password?#{params.to_query}" - assert_equal Task::Status::FINISHED, task.reload.status - assert user.reload.authenticated?('secret') - json = JSON.parse(last_response.body) - assert_equal user.id, json['user']['id'] - end - - should 'do not change user password when password confirmation is wrong' do - user = create_user - user.activate - task = ChangePassword.create!(:requestor => user.person) - params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} - patch "/api/v1/new_password?#{params.to_query}" - assert_equal Task::Status::ACTIVE, task.reload.status - assert !user.reload.authenticated?('secret') - assert_equal 400, last_response.status - end - - should 'render not found when provide a wrong code on password change' do - params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'} - patch "/api/v1/new_password?#{params.to_query}" - assert_equal 404, last_response.status - end - - should 'not return private token when the registered user is inactive' do - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - assert_equal 201, last_response.status - json = JSON.parse(last_response.body) - assert !User['newuserapi'].activated? - assert !json['user']['activated'] - assert !json['user']['private_token'].present? - end - - should 'resend activation code for an inactive user' do - user = create_user - params = {:value => user.login} - Delayed::Job.destroy_all - assert_difference 'ActionMailer::Base.deliveries.size' do - post "/api/v1/resend_activation_code?#{params.to_query}" - process_delayed_job_queue - end - json = JSON.parse(last_response.body) - refute json['users'].first['private_token'] - assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s - end - - should 'not resend activation code for an active user' do - user = create_user - params = {:value => user.login} - user.activate - Delayed::Job.destroy_all - assert_no_difference 'ActionMailer::Base.deliveries.size' do - post "/api/v1/resend_activation_code?#{params.to_query}" - process_delayed_job_queue - end - json = JSON.parse(last_response.body) - assert json['users'].first['private_token'] - end - -end diff --git a/test/unit/api/task_test.rb b/test/unit/api/task_test.rb deleted file mode 100644 index 01bf515..0000000 --- a/test/unit/api/task_test.rb +++ /dev/null @@ -1,173 +0,0 @@ -require_relative 'test_helper' - -class TasksTest < ActiveSupport::TestCase - - def setup - login_api - @person = user.person - @community = fast_create(Community) - @environment = Environment.default - end - - attr_accessor :person, :community, :environment - - should 'list tasks of environment' do - environment.add_admin(person) - task = create(Task, :requestor => person, :target => environment) - get "/api/v1/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["tasks"].map { |a| a["id"] }, task.id - end - - should 'return environment task by id' do - environment.add_admin(person) - task = create(Task, :requestor => person, :target => environment) - get "/api/v1/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal task.id, json["task"]["id"] - end - - should 'not return environmet task if user has no permission to view it' do - person = fast_create(Person) - task = create(Task, :requestor => person, :target => environment) - - get "/api/v1/tasks/#{task.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - ############################# - # Community Tasks # - ############################# - - should 'return task by community' do - community = fast_create(Community) - community.add_admin(person) - - task = create(Task, :requestor => person, :target => community) - assert person.is_member_of?(community) - - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal task.id, json["task"]["id"] - end - - should 'not return task by community if user has no permission to view it' do - community = fast_create(Community) - task = create(Task, :requestor => person, :target => community) - assert !person.is_member_of?(community) - - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'create task in a community' do - community = fast_create(Community) - give_permission(person, 'perform_task', community) - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_nil json["task"]["id"] - end - - should 'create task defining the requestor as current profile logged in' do - community = fast_create(Community) - community.add_member(person) - - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal person, Task.last.requestor - end - - should 'create task defining the target as the community' do - community = fast_create(Community) - community.add_member(person) - - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal community, Task.last.target - end - - ############################# - # Person Tasks # - ############################# - - should 'return task by person' do - task = create(Task, :requestor => person, :target => person) - get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal task.id, json["task"]["id"] - end - - should 'not return task by person if user has no permission to view it' do - some_person = fast_create(Person) - task = create(Task, :requestor => person, :target => some_person) - - get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'create task for person' do - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_nil json["task"]["id"] - end - - should 'create task for another person' do - some_person = fast_create(Person) - post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal some_person, Task.last.target - end - - should 'create task defining the target as a person' do - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal person, Task.last.target - end - - ############################# - # Enterprise Tasks # - ############################# - - should 'return task by enterprise' do - enterprise = fast_create(Enterprise) - enterprise.add_admin(person) - - task = create(Task, :requestor => person, :target => enterprise) - assert person.is_member_of?(enterprise) - - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal task.id, json["task"]["id"] - end - - should 'not return task by enterprise if user has no permission to view it' do - enterprise = fast_create(Enterprise) - task = create(Task, :requestor => person, :target => enterprise) - assert !person.is_member_of?(enterprise) - - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'create task in a enterprise' do - enterprise = fast_create(Enterprise) - give_permission(person, 'perform_task', enterprise) - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_nil json["task"]["id"] - end - - should 'create task defining the target as the enterprise' do - enterprise = fast_create(Enterprise) - enterprise.add_member(person) - - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - - assert_equal enterprise, Task.last.target - end -end diff --git a/test/unit/api/test_helper.rb b/test/unit/api/test_helper.rb deleted file mode 100644 index d23237f..0000000 --- a/test/unit/api/test_helper.rb +++ /dev/null @@ -1,36 +0,0 @@ -require_relative '../../test_helper' - -class ActiveSupport::TestCase - - include Rack::Test::Methods - - def app - Noosfero::API::API - end - - def login_api - @environment = Environment.default - @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment) - @user.activate - @person = @user.person - - post "/api/v1/login?login=testapi&password=testapi" - json = JSON.parse(last_response.body) - @private_token = json["private_token"] - unless @private_token - @user.generate_private_token! - @private_token = @user.private_token - end - - @params = {:private_token => @private_token} - end - attr_accessor :private_token, :user, :person, :params, :environment - - private - - def json_response_ids(kind) - json = JSON.parse(last_response.body) - json[kind.to_s].map {|c| c['id']} - end - -end diff --git a/test/unit/api/users_test.rb b/test/unit/api/users_test.rb deleted file mode 100644 index 434bc5d..0000000 --- a/test/unit/api/users_test.rb +++ /dev/null @@ -1,105 +0,0 @@ -# encoding: UTF-8 -require_relative 'test_helper' - -class UsersTest < ActiveSupport::TestCase - - def setup - login_api - end - - should 'list users' do - get "/api/v1/users/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["users"].map { |a| a["login"] }, user.login - end - - should 'get user' do - get "/api/v1/users/#{user.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal user.id, json['user']['id'] - end - - should 'list user permissions' do - community = fast_create(Community) - community.add_admin(person) - get "/api/v1/users/#{user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["user"]["permissions"], community.identifier - end - - should 'get logged user' do - get "/api/v1/users/me?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal user.id, json['user']['id'] - end - - should 'not show permissions to logged user' do - target_person = create_user('some-user').person - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - refute json["user"].has_key?("permissions") - end - - should 'show permissions to self' do - get "/api/v1/users/#{user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json["user"].has_key?("permissions") - end - - should 'not show permissions to friend' do - target_person = create_user('some-user').person - - f = Friendship.new - f.friend = target_person - f.person = person - f.save! - - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - refute json["user"].has_key?("permissions") - end - - should 'not show private attribute to logged user' do - target_person = create_user('some-user').person - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - refute json["user"].has_key?("email") - end - - should 'show private attr to friend' do - target_person = create_user('some-user').person - f = Friendship.new - f.friend = target_person - f.person = person - f.save! - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json["user"].has_key?("email") - assert_equal target_person.email, json["user"]["email"] - end - - should 'show public attribute to logged user' do - target_person = create_user('some-user').person - target_person.fields_privacy={:email=> 'public'} - target_person.save! - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json["user"].has_key?("email") - assert_equal json["user"]["email"],target_person.email - end - - should 'show public and private field to admin' do - Environment.default.add_admin(person) - - target_person = create_user('some-user').person - target_person.fields_privacy={:email=> 'public'} - target_person.save! - - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert json["user"].has_key?("email") - assert json["user"].has_key?("permissions") - assert json["user"].has_key?("activated") - end - -end -- libgit2 0.21.2