Download as
Browse Code »

Commit 043be0b11be290f4e68b24f7c29e36af15cdb1cd

Authored by Braulio Bhavamitra
1 parent 0694e6bf
Exists in staging and in 32 other branches all_pending_tasks_api, api-articles-period, api_roles, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_notification_email, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention, webfinger_server

Separate api tests

Showing 38 changed files with 2480 additions and 2467 deletions   Show diff stats
.gitlab-ci.yml
  Diff comments   View file @043be0b
@@ -14,6 +14,10 @@ stages: @@ -14,6 +14,10 @@ stages:
14 # script: bundle exec rake ci:smoke 14 # script: bundle exec rake ci:smoke
15 # stage: smoke-tests 15 # stage: smoke-tests
16 16
  17 +api:
  18 + script: bundle exec rake test:api
  19 + stage: all-tests
  20 +
17 units: 21 units:
18 script: bundle exec rake test:units 22 script: bundle exec rake test:units
19 stage: all-tests 23 stage: all-tests
@@ -44,6 +44,7 @@ before_script: @@ -44,6 +44,7 @@ before_script:
44 - bundle exec rake db:migrate &>/dev/null 44 - bundle exec rake db:migrate &>/dev/null
45 45
46 env: 46 env:
  47 + - TASK=test:api
47 - TASK=test:units 48 - TASK=test:units
48 - TASK=test:functionals 49 - TASK=test:functionals
49 - TASK=test:integration 50 - TASK=test:integration
lib/tasks/test.rake
  Diff comments   View file @043be0b
1 - 1 +namespace :test do
  2 + desc "Run the API tests in test/api"
  3 + Rake::TestTask.new api: "db:test:prepare" do |t|
  4 + t.libs << 'test'
  5 + t.pattern = 'test/api/**/*_test.rb'
  6 + t.warning = false
  7 + end
  8 +end
1 #!/usr/bin/env ruby 1 #!/usr/bin/env ruby
2 2
3 tasks = %w[ 3 tasks = %w[
  4 + test:api
4 test:units 5 test:units
5 test:functionals 6 test:functionals
6 test:integration 7 test:integration
test/api/activities_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class ActivitiesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'get activity from profile' do
  10 + person = fast_create(Person)
  11 + organization = fast_create(Organization)
  12 + assert_difference 'organization.activities_count' do
  13 + ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization
  14 + organization.reload
  15 + end
  16 + get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}"
  17 + json = JSON.parse(last_response.body)
  18 + assert 1, json["activities"].count
  19 + assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"]
  20 + end
  21 +
  22 +end
test/api/api_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,29 @@ @@ -0,0 +1,29 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class MyPlugin < Noosfero::Plugin;end
  4 +class MyPlugin::API;end
  5 +
  6 +class APITest < ActiveSupport::TestCase
  7 +
  8 + should 'endpoint should not be available if its plugin is unavailable' do
  9 + endpoint = mock()
  10 + environment = Environment.default
  11 + environment.stubs(:plugin_enabled?).returns(false)
  12 + endpoint.stubs(:options).returns({:for => MyPlugin::API})
  13 +
  14 + assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
  15 + end
  16 +
  17 + should 'endpoint should be available if its plugin is available' do
  18 + class MyPlugin < Noosfero::Plugin;end
  19 + class MyPlugin::API;end
  20 +
  21 + endpoint = mock()
  22 + environment = Environment.default
  23 + environment.stubs(:plugin_enabled?).returns(true)
  24 + endpoint.stubs(:options).returns({:for => MyPlugin::API})
  25 +
  26 + assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)
  27 + end
  28 +
  29 +end
test/api/articles_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,667 @@ @@ -0,0 +1,667 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class ArticlesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list articles' do
  10 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  11 + get "/api/v1/articles/?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert_includes json["articles"].map { |a| a["id"] }, article.id
  14 + end
  15 +
  16 + should 'get profile homepage' do
  17 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  18 + person.home_page=article
  19 + person.save!
  20 +
  21 + get "/api/v1/profiles/#{person.id}/home_page?#{params.to_query}"
  22 + json = JSON.parse(last_response.body)
  23 + assert_equal article.id, json["article"]["id"]
  24 + end
  25 +
  26 + should 'not list forbidden article when listing articles' do
  27 + person = fast_create(Person)
  28 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  29 + assert !article.published?
  30 +
  31 + get "/api/v1/articles?#{params.to_query}"
  32 + json = JSON.parse(last_response.body)
  33 + assert_not_includes json['articles'].map {|a| a['id']}, article.id
  34 + end
  35 +
  36 + should 'return article by id' do
  37 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  38 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  39 + json = JSON.parse(last_response.body)
  40 + assert_equal article.id, json["article"]["id"]
  41 + end
  42 +
  43 + should 'not return article if user has no permission to view it' do
  44 + person = fast_create(Person, :environment_id => environment.id)
  45 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  46 + assert !article.published?
  47 +
  48 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  49 + assert_equal 403, last_response.status
  50 + end
  51 +
  52 + should 'follow a article identified by id' do
  53 + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
  54 + post "/api/v1/articles/#{article.id}/follow?#{params.to_query}"
  55 + json = JSON.parse(last_response.body)
  56 +
  57 + assert_not_equal 401, last_response.status
  58 + assert_equal true, json['success']
  59 + end
  60 +
  61 + should 'return the followers count of an article' do
  62 + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
  63 + article.person_followers << @person
  64 +
  65 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  66 + json = JSON.parse(last_response.body)
  67 +
  68 + assert_equal 200, last_response.status
  69 + assert_equal 1, json['article']['followers_count']
  70 + end
  71 +
  72 + should 'return the followers of a article identified by id' do
  73 + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
  74 +
  75 + article_follower = ArticleFollower.new
  76 + article_follower.article = article
  77 + article_follower.person = @person
  78 + article_follower.save!
  79 +
  80 + get "/api/v1/articles/#{article.id}/followers?#{params.to_query}"
  81 + json = JSON.parse(last_response.body)
  82 +
  83 + assert_equal 200, last_response.status
  84 + assert_equal 1, json['total_followers']
  85 + end
  86 +
  87 + should 'list articles followed by me' do
  88 + article1 = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  89 + fast_create(Article, :profile_id => user.person.id, :name => "Some other thing")
  90 + article1.person_followers << @person
  91 + get "/api/v1/articles/followed_by_me?#{params.to_query}"
  92 + json = JSON.parse(last_response.body)
  93 + assert_equal [article1.id], json['articles'].map { |a| a['id'] }
  94 + end
  95 +
  96 +
  97 + should 'list article children' do
  98 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  99 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  100 + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  101 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  102 + json = JSON.parse(last_response.body)
  103 + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
  104 + end
  105 +
  106 + should 'list public article children for not logged in access' do
  107 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  108 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  109 + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  110 + get "/api/v1/articles/#{article.id}/children"
  111 + json = JSON.parse(last_response.body)
  112 + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
  113 + end
  114 +
  115 + should 'not list children of forbidden article' do
  116 + person = fast_create(Person, :environment_id => environment.id)
  117 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  118 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  119 + child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  120 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  121 + assert_equal 403, last_response.status
  122 + end
  123 +
  124 + should 'not return child of forbidden article' do
  125 + person = fast_create(Person, :environment_id => environment.id)
  126 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  127 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  128 + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
  129 + assert_equal 403, last_response.status
  130 + end
  131 +
  132 + should 'not return private child' do
  133 + person = fast_create(Person, :environment_id => environment.id)
  134 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  135 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
  136 + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
  137 + assert_equal 403, last_response.status
  138 + end
  139 +
  140 + should 'not list private child' do
  141 + person = fast_create(Person, :environment_id => environment.id)
  142 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  143 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
  144 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  145 + json = JSON.parse(last_response.body)
  146 + assert_not_includes json['articles'].map {|a| a['id']}, child.id
  147 + end
  148 +
  149 + should 'perform a vote in a article identified by id' do
  150 + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
  151 + @params[:value] = 1
  152 +
  153 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  154 + json = JSON.parse(last_response.body)
  155 +
  156 + assert_not_equal 401, last_response.status
  157 + assert_equal true, json['vote']
  158 + end
  159 +
  160 + expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count)
  161 +
  162 + expose_attributes.each do |attr|
  163 + should "expose article #{attr} attribute by default" do
  164 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  165 + get "/api/v1/articles/?#{params.to_query}"
  166 + json = JSON.parse(last_response.body)
  167 + assert json["articles"].last.has_key?(attr)
  168 + end
  169 + end
  170 +
  171 + should 'not perform a vote twice in same article' do
  172 + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
  173 + @params[:value] = 1
  174 + ## Perform a vote twice in API should compute only one vote
  175 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  176 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  177 +
  178 + total = article.votes_total
  179 +
  180 + assert_equal 1, total
  181 + end
  182 +
  183 + should 'not perform a vote in favor and against a proposal' do
  184 + article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")
  185 + @params[:value] = 1
  186 + ## Perform a vote in favor a proposal
  187 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  188 + json = JSON.parse(last_response.body)
  189 + assert_equal 201, last_response.status
  190 + ## Perform a vote against a proposal
  191 + @params[:value] = -1
  192 + post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"
  193 + json = JSON.parse(last_response.body)
  194 + ## The api should not allow to save this vote
  195 + assert_equal 400, last_response.status
  196 + end
  197 +
  198 + should "update body of article created by me" do
  199 + new_value = "Another body"
  200 + params[:article] = {:body => new_value}
  201 + article = fast_create(Article, :profile_id => person.id)
  202 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  203 + json = JSON.parse(last_response.body)
  204 + assert_equal new_value, json["article"]["body"]
  205 + end
  206 +
  207 + should "update title of article created by me" do
  208 + new_value = "Another name"
  209 + params[:article] = {:name => new_value}
  210 + article = fast_create(Article, :profile_id => person.id)
  211 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  212 + json = JSON.parse(last_response.body)
  213 + assert_equal new_value, json["article"]["title"]
  214 + end
  215 +
  216 + should 'not update article of another user' do
  217 + another_person = fast_create(Person, :environment_id => environment.id)
  218 + article = fast_create(Article, :profile_id => another_person.id)
  219 + params[:article] = {:title => 'Some title'}
  220 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  221 + assert_equal 403, last_response.status
  222 + end
  223 +
  224 + should 'not update article without permission in community' do
  225 + community = fast_create(Community, :environment_id => environment.id)
  226 + article = fast_create(Article, :profile_id => community.id)
  227 + params[:article] = {:name => 'New title'}
  228 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  229 + assert_equal 403, last_response.status
  230 + end
  231 +
  232 +
  233 + should 'update article of community if user has permission' do
  234 + community = fast_create(Community, :environment_id => environment.id)
  235 + give_permission(person, 'post_content', community)
  236 + article = fast_create(Article, :profile_id => community.id)
  237 + new_value = "Another body"
  238 + params[:article] = {:body => new_value}
  239 + post "/api/v1/articles/#{article.id}?#{params.to_query}"
  240 + json = JSON.parse(last_response.body)
  241 + assert_equal new_value, json["article"]["body"]
  242 + end
  243 +
  244 + should 'list articles with pagination' do
  245 + Article.destroy_all
  246 + article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing", :created_at => 2.days.ago)
  247 + article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :created_at => 1.day.ago)
  248 +
  249 + params[:page] = 1
  250 + params[:per_page] = 1
  251 + get "/api/v1/articles/?#{params.to_query}"
  252 + json_page_one = JSON.parse(last_response.body)
  253 +
  254 + params[:page] = 2
  255 + params[:per_page] = 1
  256 + get "/api/v1/articles/?#{params.to_query}"
  257 + json_page_two = JSON.parse(last_response.body)
  258 +
  259 + assert_includes json_page_one["articles"].map { |a| a["id"] }, article_two.id
  260 + assert_not_includes json_page_one["articles"].map { |a| a["id"] }, article_one.id
  261 +
  262 + assert_includes json_page_two["articles"].map { |a| a["id"] }, article_one.id
  263 + assert_not_includes json_page_two["articles"].map { |a| a["id"] }, article_two.id
  264 + end
  265 +
  266 + should 'list articles with timestamp' do
  267 + article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing")
  268 + article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  269 +
  270 + article_one.updated_at = Time.now + 3.hours
  271 + article_one.save!
  272 +
  273 + params[:timestamp] = Time.now + 1.hours
  274 + get "/api/v1/articles/?#{params.to_query}"
  275 + json = JSON.parse(last_response.body)
  276 +
  277 + assert_includes json["articles"].map { |a| a["id"] }, article_one.id
  278 + assert_not_includes json["articles"].map { |a| a["id"] }, article_two.id
  279 + end
  280 +
  281 + #############################
  282 + # Profile Articles #
  283 + #############################
  284 +
  285 + profile_kinds = %w(community person enterprise)
  286 + profile_kinds.each do |kind|
  287 + should "return article by #{kind}" do
  288 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  289 + article = fast_create(Article, :profile_id => profile.id, :name => "Some thing")
  290 + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
  291 + json = JSON.parse(last_response.body)
  292 + assert_equal article.id, json["article"]["id"]
  293 + end
  294 +
  295 + should "not return article by #{kind} if user has no permission to view it" do
  296 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  297 + article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
  298 + assert !article.published?
  299 +
  300 + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"
  301 + assert_equal 403, last_response.status
  302 + end
  303 +
  304 + should "not list forbidden article when listing articles by #{kind}" do
  305 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  306 + article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)
  307 + assert !article.published?
  308 +
  309 + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  310 + json = JSON.parse(last_response.body)
  311 + assert_not_includes json['articles'].map {|a| a['id']}, article.id
  312 + end
  313 +
  314 + should "return article by #{kind} and path" do
  315 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  316 + parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
  317 + article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article)
  318 +
  319 + params[:path] = parent_article.slug+'/'+article.slug
  320 + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  321 + json = JSON.parse(last_response.body)
  322 + assert_equal article.id, json["article"]["id"]
  323 + end
  324 +
  325 + should "not return article by #{kind} and path if user has no permission to view it" do
  326 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  327 + parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
  328 + article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article, :published => false)
  329 +
  330 + assert !article.published?
  331 +
  332 + params[:path] = parent_article.slug+'/'+article.slug
  333 + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  334 + assert_equal 403, last_response.status
  335 + end
  336 + end
  337 +
  338 + #############################
  339 + # Group Profile Articles #
  340 + #############################
  341 +
  342 + group_kinds = %w(community enterprise)
  343 + group_kinds.each do |kind|
  344 + should "#{kind}: create article" do
  345 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  346 + give_permission(user.person, 'post_content', profile)
  347 + params[:article] = {:name => "Title"}
  348 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  349 + json = JSON.parse(last_response.body)
  350 + assert_equal "Title", json["article"]["title"]
  351 + end
  352 +
  353 + should "#{kind}: do not create article if user has no permission to post content" do
  354 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  355 + give_permission(user.person, 'invite_members', profile)
  356 + params[:article] = {:name => "Title"}
  357 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  358 + assert_equal 403, last_response.status
  359 + end
  360 +
  361 + should "#{kind} create article with parent" do
  362 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  363 + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  364 + article = fast_create(Article)
  365 +
  366 + params[:article] = {:name => "Title", :parent_id => article.id}
  367 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  368 + json = JSON.parse(last_response.body)
  369 + assert_equal article.id, json["article"]["parent"]["id"]
  370 + end
  371 +
  372 + should "#{kind} create article with content type passed as parameter" do
  373 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  374 + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  375 +
  376 + Article.delete_all
  377 + params[:article] = {:name => "Title"}
  378 + params[:content_type] = 'TextArticle'
  379 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  380 + json = JSON.parse(last_response.body)
  381 +
  382 + assert_kind_of TextArticle, Article.last
  383 + end
  384 +
  385 + should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do
  386 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  387 + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  388 +
  389 + params[:article] = {:name => "Title"}
  390 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  391 + json = JSON.parse(last_response.body)
  392 +
  393 + assert_kind_of TinyMceArticle, Article.last
  394 + end
  395 +
  396 + should "#{kind}: not create article with invalid article content type" do
  397 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  398 + profile.add_member(user.person)
  399 +
  400 + params[:article] = {:name => "Title"}
  401 + params[:content_type] = 'Person'
  402 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  403 + json = JSON.parse(last_response.body)
  404 +
  405 + assert_equal 403, last_response.status
  406 + end
  407 +
  408 + should "#{kind} create article defining the correct profile" do
  409 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  410 + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  411 +
  412 + params[:article] = {:name => "Title"}
  413 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  414 + json = JSON.parse(last_response.body)
  415 +
  416 + assert_equal profile.id, json['article']['profile']['id']
  417 + end
  418 +
  419 + should "#{kind}: create article defining the created_by" do
  420 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  421 + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  422 +
  423 + params[:article] = {:name => "Title"}
  424 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  425 + json = JSON.parse(last_response.body)
  426 +
  427 + assert_equal user.person, Article.last.created_by
  428 + end
  429 +
  430 + should "#{kind}: create article defining the last_changed_by" do
  431 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  432 + Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)
  433 +
  434 + params[:article] = {:name => "Title"}
  435 + post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
  436 + json = JSON.parse(last_response.body)
  437 +
  438 + assert_equal user.person, Article.last.last_changed_by
  439 + end
  440 + end
  441 +
  442 + #############################
  443 + # Person Articles #
  444 + #############################
  445 +
  446 + should 'create article in a person' do
  447 + params[:article] = {:name => "Title"}
  448 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  449 + json = JSON.parse(last_response.body)
  450 + assert_equal "Title", json["article"]["title"]
  451 + end
  452 +
  453 + should 'person do not create article if user has no permission to post content' do
  454 + person = fast_create(Person, :environment_id => environment.id)
  455 + params[:article] = {:name => "Title"}
  456 + post "/api/v1/people/#{person.id}/articles?#{params.to_query}"
  457 + assert_equal 403, last_response.status
  458 + end
  459 +
  460 + should 'person create article with parent' do
  461 + article = fast_create(Article)
  462 +
  463 + params[:article] = {:name => "Title", :parent_id => article.id}
  464 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  465 + json = JSON.parse(last_response.body)
  466 + assert_equal article.id, json["article"]["parent"]["id"]
  467 + end
  468 +
  469 + should 'person create article with content type passed as parameter' do
  470 + Article.delete_all
  471 + params[:article] = {:name => "Title"}
  472 + params[:content_type] = 'TextArticle'
  473 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  474 + json = JSON.parse(last_response.body)
  475 +
  476 + assert_kind_of TextArticle, Article.last
  477 + end
  478 +
  479 + should 'person create article of TinyMceArticle type if no content type is passed as parameter' do
  480 + params[:article] = {:name => "Title"}
  481 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  482 + json = JSON.parse(last_response.body)
  483 +
  484 + assert_kind_of TinyMceArticle, Article.last
  485 + end
  486 +
  487 + should 'person not create article with invalid article content type' do
  488 + params[:article] = {:name => "Title"}
  489 + params[:content_type] = 'Person'
  490 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  491 + json = JSON.parse(last_response.body)
  492 +
  493 + assert_equal 403, last_response.status
  494 + end
  495 +
  496 + should 'person create article defining the correct profile' do
  497 + params[:article] = {:name => "Title"}
  498 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  499 + json = JSON.parse(last_response.body)
  500 +
  501 + assert_equal user.person, Article.last.profile
  502 + end
  503 +
  504 + should 'person create article defining the created_by' do
  505 + params[:article] = {:name => "Title"}
  506 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  507 + json = JSON.parse(last_response.body)
  508 +
  509 + assert_equal user.person, Article.last.created_by
  510 + end
  511 +
  512 + should 'person create article defining the last_changed_by' do
  513 + params[:article] = {:name => "Title"}
  514 + post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"
  515 + json = JSON.parse(last_response.body)
  516 +
  517 + assert_equal user.person, Article.last.last_changed_by
  518 + end
  519 +
  520 + should 'list article children with partial fields' do
  521 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  522 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  523 + params[:fields] = [:title]
  524 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  525 + json = JSON.parse(last_response.body)
  526 + assert_equal ['title'], json['articles'].first.keys
  527 + end
  528 +
  529 + should 'suggest article children' do
  530 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  531 + params[:target_id] = user.person.id
  532 + params[:article] = {:name => "Article name", :body => "Article body"}
  533 + assert_difference "SuggestArticle.count" do
  534 + post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
  535 + end
  536 + json = JSON.parse(last_response.body)
  537 + assert_equal 'SuggestArticle', json['task']['type']
  538 + end
  539 +
  540 + should 'suggest event children' do
  541 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  542 + params[:target_id] = user.person.id
  543 + params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"}
  544 + assert_difference "SuggestArticle.count" do
  545 + post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"
  546 + end
  547 + json = JSON.parse(last_response.body)
  548 + assert_equal 'SuggestArticle', json['task']['type']
  549 + end
  550 +
  551 + should 'update hit attribute of article children' do
  552 + a1 = fast_create(Article, :profile_id => user.person.id)
  553 + a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
  554 + a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
  555 + get "/api/v1/articles/#{a1.id}/children?#{params.to_query}"
  556 + json = JSON.parse(last_response.body)
  557 + assert_equal [1, 1], json['articles'].map { |a| a['hits']}
  558 + assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits]
  559 + end
  560 +
  561 + should 'update hit attribute of article specific children' do
  562 + a1 = fast_create(Article, :profile_id => user.person.id)
  563 + a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)
  564 + get "/api/v1/articles/#{a1.id}/children/#{a2.id}?#{params.to_query}"
  565 + json = JSON.parse(last_response.body)
  566 + assert_equal 1, json['article']['hits']
  567 + end
  568 +
  569 + should 'list all events of a community in a given category' do
  570 + co = Community.create(identifier: 'my-community', name: 'name-my-community')
  571 + c1 = Category.create(environment: Environment.default, name: 'my-category')
  572 + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
  573 + e1 = fast_create(Event, :profile_id => co.id)
  574 + e2 = fast_create(Event, :profile_id => co.id)
  575 + e1.categories << c1
  576 + e2.categories << c2
  577 + e1.save!
  578 + e2.save!
  579 + params['content_type']='Event'
  580 + get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
  581 + json = JSON.parse(last_response.body)
  582 + assert_equal json['articles'].count, 2
  583 + end
  584 +
  585 + should 'list a event of a community in a given category' do
  586 + co = Community.create(identifier: 'my-community', name: 'name-my-community')
  587 + c1 = Category.create(environment: Environment.default, name: 'my-category')
  588 + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
  589 + e1 = fast_create(Event, :profile_id => co.id)
  590 + e2 = fast_create(Event, :profile_id => co.id)
  591 + e1.categories << c1
  592 + e2.categories << c2
  593 + e1.save!
  594 + e2.save!
  595 + params['category_ids[]']=c1.id
  596 + params['content_type']='Event'
  597 + get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
  598 + json = JSON.parse(last_response.body)
  599 + #should show only one article, since the other not in the same category
  600 + assert_equal 1, json['articles'].count
  601 + assert_equal e1.id, json['articles'][0]['id']
  602 + end
  603 +
  604 + should 'not list uncategorized event of a community if a category is given' do
  605 + co = Community.create(identifier: 'my-community', name: 'name-my-community')
  606 + c1 = Category.create(environment: Environment.default, name: 'my-category')
  607 + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
  608 + e1 = fast_create(Event, :profile_id => co.id)
  609 + e2 = fast_create(Event, :profile_id => co.id)
  610 + e3 = fast_create(Event, :profile_id => co.id)
  611 + e1.categories << c1
  612 + e2.categories << c2
  613 + params['category_ids[]']=c1.id
  614 + params['content_type']='Event'
  615 + get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
  616 + json = JSON.parse(last_response.body)
  617 + assert_equal 1, json['articles'].count
  618 + assert_equal e1.id, json['articles'][0]['id']
  619 + end
  620 +
  621 + should 'list events of a community in a given 2 categories' do
  622 + co = Community.create(identifier: 'my-community', name: 'name-my-community')
  623 + c1 = Category.create(environment: Environment.default, name: 'my-category')
  624 + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
  625 + e1 = fast_create(Event, :profile_id => co.id)
  626 + e2 = fast_create(Event, :profile_id => co.id)
  627 + e1.categories << c1
  628 + e2.categories << c2
  629 + e1.save!
  630 + e2.save!
  631 + params['content_type']='Event'
  632 + params['categories_ids'] = [c1.id, c2.id]
  633 + get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
  634 + json = JSON.parse(last_response.body)
  635 + assert_equal json['articles'].count, 2
  636 + end
  637 +
  638 + should 'Show 2 events since it uses an IN operator for category instead of an OR' do
  639 + co = Community.create(identifier: 'my-community', name: 'name-my-community')
  640 + c1 = Category.create(environment: Environment.default, name: 'my-category')
  641 + c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')
  642 + c3 = Category.create(environment: Environment.default, name: 'extra-category')
  643 + e1 = fast_create(Event, :profile_id => co.id)
  644 + e2 = fast_create(Event, :profile_id => co.id)
  645 + e1.categories << c1
  646 + e2.categories << c2
  647 + e1.save!
  648 + e2.save!
  649 + params['content_type']='Event'
  650 + params['categories_ids'] = [c1.id, c2.id, c3.id]
  651 + get "api/v1/communities/#{co.id}/articles?#{params.to_query}"
  652 + json = JSON.parse(last_response.body)
  653 + assert_equal json['articles'].count, 2
  654 + end
  655 +
  656 + ARTICLE_ATTRIBUTES = %w(votes_count comments_count)
  657 +
  658 + ARTICLE_ATTRIBUTES.map do |attribute|
  659 +
  660 + define_method "test_should_expose_#{attribute}_attribute_in_article_enpoints" do
  661 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  662 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  663 + json = JSON.parse(last_response.body)
  664 + assert_not_nil json['article'][attribute]
  665 + end
  666 + end
  667 +end
test/api/boxes_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,42 @@ @@ -0,0 +1,42 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class BoxesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + @controller = AccountController.new
  7 + @request = ActionController::TestRequest.new
  8 + login_api
  9 +# @request = ActionController::TestRequest.new
  10 + end
  11 +
  12 + kinds= %w[Profile Community Person Enterprise Environment]
  13 + kinds.each do |kind|
  14 + should "get_boxes_from_#{kind.downcase.pluralize}" do
  15 + context_obj = fast_create(kind.constantize)
  16 + box = fast_create(Box, :owner_id => context_obj.id, :owner_type => (kind == 'Environment') ? 'Environment' : 'Profile')
  17 + get "/api/v1/#{kind.downcase.pluralize}/#{context_obj.id}/boxes?#{params.to_query}"
  18 + json = JSON.parse(last_response.body)
  19 + assert_equal box.id, json["boxes"].first["id"]
  20 + end
  21 + end
  22 +
  23 + should 'get boxes from default environment' do
  24 + Environment.delete_all
  25 + environment = fast_create(Environment, :is_default => true)
  26 + box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
  27 + get "/api/v1/environments/default/boxes?#{params.to_query}"
  28 + json = JSON.parse(last_response.body)
  29 + assert_equal box.id, json["boxes"].first["id"]
  30 + end
  31 +
  32 + should 'get boxes from context environment' do
  33 + env = fast_create(Environment, :is_default => true)
  34 + env2 = fast_create(Environment).domains << Domain.new(:name => 'test.host')
  35 + box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')
  36 + get "/api/v1/environments/context/boxes?#{params.to_query}"
  37 +
  38 + json = JSON.parse(last_response.body)
  39 + assert_equal box.id, json["boxes"].first["id"]
  40 + end
  41 +
  42 +end
test/api/categories_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,97 @@ @@ -0,0 +1,97 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class CategoriesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list categories' do
  10 + category = fast_create(Category, :environment_id => environment.id)
  11 + get "/api/v1/categories/?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert_includes json["categories"].map { |c| c["name"] }, category.name
  14 + end
  15 +
  16 + should 'get category by id' do
  17 + category = fast_create(Category, :environment_id => environment.id)
  18 + get "/api/v1/categories/#{category.id}/?#{params.to_query}"
  19 + json = JSON.parse(last_response.body)
  20 + assert_equal category.name, json["category"]["name"]
  21 + end
  22 +
  23 + should 'list parent and children when get category by id' do
  24 + parent = fast_create(Category, :environment_id => environment.id)
  25 + child_1 = fast_create(Category, :environment_id => environment.id)
  26 + child_2 = fast_create(Category, :environment_id => environment.id)
  27 +
  28 + category = fast_create(Category, :environment_id => environment.id)
  29 + category.parent = parent
  30 + category.children << child_1
  31 + category.children << child_2
  32 + category.save
  33 +
  34 + get "/api/v1/categories/#{category.id}/?#{params.to_query}"
  35 + json = JSON.parse(last_response.body)
  36 + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent'])
  37 + assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] }
  38 + end
  39 +
  40 + should 'include parent in categories list if params is true' do
  41 + parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
  42 + child_1 = fast_create(Category, :environment_id => environment.id)
  43 + child_2 = fast_create(Category, :environment_id => environment.id)
  44 +
  45 + parent_2 = fast_create(Category, :environment_id => environment.id)
  46 + parent_2.parent = parent_1
  47 + parent_2.children << child_1
  48 + parent_2.children << child_2
  49 + parent_2.save
  50 +
  51 + get "/api/v1/categories/?#{params.to_query}"
  52 + json = JSON.parse(last_response.body)
  53 + assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq
  54 +
  55 + params[:include_parent] = true
  56 + get "/api/v1/categories/?#{params.to_query}"
  57 + json = JSON.parse(last_response.body)
  58 + assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id],
  59 + json["categories"].map { |c| c['parent'] && c['parent']['id'] }
  60 + end
  61 +
  62 + should 'include children in categories list if params is true' do
  63 + category = fast_create(Category, :environment_id => environment.id)
  64 + child_1 = fast_create(Category, :environment_id => environment.id)
  65 + child_2 = fast_create(Category, :environment_id => environment.id)
  66 + child_3 = fast_create(Category, :environment_id => environment.id)
  67 +
  68 + category.children << child_1
  69 + category.children << child_2
  70 + category.save
  71 +
  72 + child_1.children << child_3
  73 + child_1.save
  74 +
  75 + get "/api/v1/categories/?#{params.to_query}"
  76 + json = JSON.parse(last_response.body)
  77 + assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq
  78 +
  79 + params[:include_children] = true
  80 + get "/api/v1/categories/?#{params.to_query}"
  81 + json = JSON.parse(last_response.body)
  82 + assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort],
  83 + json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort }
  84 + end
  85 +
  86 + expose_attributes = %w(id name full_name image display_color)
  87 +
  88 + expose_attributes.each do |attr|
  89 + should "expose category #{attr} attribute by default" do
  90 + category = fast_create(Category, :environment_id => environment.id)
  91 + get "/api/v1/categories/?#{params.to_query}"
  92 + json = JSON.parse(last_response.body)
  93 + assert json["categories"].last.has_key?(attr)
  94 + end
  95 + end
  96 +
  97 +end
test/api/comments_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,81 @@ @@ -0,0 +1,81 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class CommentsTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'not list comments if user has no permission to view the source article' do
  10 + person = fast_create(Person)
  11 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  12 + assert !article.published?
  13 +
  14 + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  15 + assert_equal 403, last_response.status
  16 + end
  17 +
  18 + should 'not return comment if user has no permission to view the source article' do
  19 + person = fast_create(Person)
  20 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  21 + comment = article.comments.create!(:body => "another comment", :author => user.person)
  22 + assert !article.published?
  23 +
  24 + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
  25 + assert_equal 403, last_response.status
  26 + end
  27 +
  28 + should 'not comment an article if user has no permission to view it' do
  29 + person = fast_create(Person)
  30 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  31 + assert !article.published?
  32 +
  33 + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  34 + assert_equal 403, last_response.status
  35 + end
  36 +
  37 + should 'return comments of an article' do
  38 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  39 + article.comments.create!(:body => "some comment", :author => user.person)
  40 + article.comments.create!(:body => "another comment", :author => user.person)
  41 +
  42 + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  43 + json = JSON.parse(last_response.body)
  44 + assert_equal 200, last_response.status
  45 + assert_equal 2, json["comments"].length
  46 + end
  47 +
  48 + should 'return comment of an article' do
  49 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  50 + comment = article.comments.create!(:body => "another comment", :author => user.person)
  51 +
  52 + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
  53 + json = JSON.parse(last_response.body)
  54 + assert_equal 200, last_response.status
  55 + assert_equal comment.id, json['comment']['id']
  56 + end
  57 +
  58 + should 'comment an article' do
  59 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  60 + body = 'My comment'
  61 + params.merge!({:body => body})
  62 +
  63 + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  64 + json = JSON.parse(last_response.body)
  65 + assert_equal 201, last_response.status
  66 + assert_equal body, json['comment']['body']
  67 + end
  68 +
  69 + should 'comment creation define the source' do
  70 + amount = Comment.count
  71 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  72 + body = 'My comment'
  73 + params.merge!({:body => body})
  74 +
  75 + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  76 + assert_equal amount + 1, Comment.count
  77 + comment = Comment.last
  78 + assert_not_nil comment.source
  79 + end
  80 +
  81 +end
test/api/communities_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,160 @@ @@ -0,0 +1,160 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class CommunitiesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + Community.delete_all
  7 + login_api
  8 + end
  9 +
  10 + should 'list only communities' do
  11 + community = fast_create(Community, :environment_id => environment.id)
  12 + enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
  13 + get "/api/v1/communities?#{params.to_query}"
  14 + json = JSON.parse(last_response.body)
  15 + assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id
  16 + assert_includes json['communities'].map {|c| c['id']}, community.id
  17 + end
  18 +
  19 + should 'list all communities' do
  20 + community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
  21 + community2 = fast_create(Community, :environment_id => environment.id)
  22 + get "/api/v1/communities?#{params.to_query}"
  23 + json = JSON.parse(last_response.body)
  24 + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}
  25 + end
  26 +
  27 + should 'not list invisible communities' do
  28 + community1 = fast_create(Community, :environment_id => environment.id)
  29 + fast_create(Community, :environment_id => environment.id, :visible => false)
  30 +
  31 + get "/api/v1/communities?#{params.to_query}"
  32 + json = JSON.parse(last_response.body)
  33 + assert_equal [community1.id], json['communities'].map {|c| c['id']}
  34 + end
  35 +
  36 + should 'not list private communities without permission' do
  37 + community1 = fast_create(Community, :environment_id => environment.id)
  38 + fast_create(Community, :environment_id => environment.id, :public_profile => false)
  39 +
  40 + get "/api/v1/communities?#{params.to_query}"
  41 + json = JSON.parse(last_response.body)
  42 + assert_equal [community1.id], json['communities'].map {|c| c['id']}
  43 + end
  44 +
  45 + should 'list private community for members' do
  46 + c1 = fast_create(Community, :environment_id => environment.id)
  47 + c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
  48 + c2.add_member(person)
  49 +
  50 + get "/api/v1/communities?#{params.to_query}"
  51 + json = JSON.parse(last_response.body)
  52 + assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']}
  53 + end
  54 +
  55 + should 'create a community' do
  56 + params[:community] = {:name => 'some'}
  57 + post "/api/v1/communities?#{params.to_query}"
  58 + json = JSON.parse(last_response.body)
  59 + assert_equal 'some', json['community']['name']
  60 + end
  61 +
  62 + should 'return 400 status for invalid community creation' do
  63 + post "/api/v1/communities?#{params.to_query}"
  64 + json = JSON.parse(last_response.body)
  65 + assert_equal 400, last_response.status
  66 + end
  67 +
  68 + should 'get community' do
  69 + community = fast_create(Community, :environment_id => environment.id)
  70 +
  71 + get "/api/v1/communities/#{community.id}?#{params.to_query}"
  72 + json = JSON.parse(last_response.body)
  73 + assert_equal community.id, json['community']['id']
  74 + end
  75 +
  76 + should 'not get invisible community' do
  77 + community = fast_create(Community, :environment_id => environment.id, :visible => false)
  78 +
  79 + get "/api/v1/communities/#{community.id}?#{params.to_query}"
  80 + json = JSON.parse(last_response.body)
  81 + assert json['community'].blank?
  82 + end
  83 +
  84 + should 'not get private communities without permission' do
  85 + community = fast_create(Community, :environment_id => environment.id)
  86 + fast_create(Community, :environment_id => environment.id, :public_profile => false)
  87 +
  88 + get "/api/v1/communities/#{community.id}?#{params.to_query}"
  89 + json = JSON.parse(last_response.body)
  90 + assert_equal community.id, json['community']['id']
  91 + end
  92 +
  93 + should 'get private community for members' do
  94 + community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)
  95 + community.add_member(person)
  96 +
  97 +
  98 + get "/api/v1/communities/#{community.id}?#{params.to_query}"
  99 + json = JSON.parse(last_response.body)
  100 + assert_equal community.id, json['community']['id']
  101 + end
  102 +
  103 + should 'list person communities' do
  104 + community = fast_create(Community, :environment_id => environment.id)
  105 + fast_create(Community, :environment_id => environment.id)
  106 + community.add_member(person)
  107 +
  108 + get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
  109 + json = JSON.parse(last_response.body)
  110 + assert_equivalent [community.id], json['communities'].map {|c| c['id']}
  111 + end
  112 +
  113 + should 'not list person communities invisible' do
  114 + c1 = fast_create(Community, :environment_id => environment.id)
  115 + c2 = fast_create(Community, :environment_id => environment.id, :visible => false)
  116 + c1.add_member(person)
  117 + c2.add_member(person)
  118 +
  119 + get "/api/v1/people/#{person.id}/communities?#{params.to_query}"
  120 + json = JSON.parse(last_response.body)
  121 + assert_equivalent [c1.id], json['communities'].map {|c| c['id']}
  122 + end
  123 +
  124 + should 'list communities with pagination' do
  125 + community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago)
  126 + community2 = fast_create(Community, :created_at => 2.days.ago)
  127 +
  128 + params[:page] = 2
  129 + params[:per_page] = 1
  130 + get "/api/v1/communities?#{params.to_query}"
  131 + json_page_two = JSON.parse(last_response.body)
  132 +
  133 + params[:page] = 1
  134 + params[:per_page] = 1
  135 + get "/api/v1/communities?#{params.to_query}"
  136 + json_page_one = JSON.parse(last_response.body)
  137 +
  138 +
  139 + assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id
  140 + assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id
  141 +
  142 + assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id
  143 + assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id
  144 + end
  145 +
  146 + should 'list communities with timestamp' do
  147 + community1 = fast_create(Community, :public_profile => true)
  148 + community2 = fast_create(Community)
  149 +
  150 + community1.updated_at = Time.now + 3.hours
  151 + community1.save!
  152 +
  153 + params[:timestamp] = Time.now + 1.hours
  154 + get "/api/v1/communities/?#{params.to_query}"
  155 + json = JSON.parse(last_response.body)
  156 +
  157 + assert_includes json["communities"].map { |a| a["id"] }, community1.id
  158 + assert_not_includes json["communities"].map { |a| a["id"] }, community2.id
  159 + end
  160 +end
test/api/enterprises_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,110 @@ @@ -0,0 +1,110 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class EnterprisesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + Enterprise.delete_all
  7 + login_api
  8 + end
  9 +
  10 + should 'list only enterprises' do
  11 + community = fast_create(Community, :environment_id => environment.id) # should not list this community
  12 + enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
  13 + get "/api/v1/enterprises?#{params.to_query}"
  14 + json = JSON.parse(last_response.body)
  15 + assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id
  16 + assert_not_includes json['enterprises'].map {|c| c['id']}, community.id
  17 + end
  18 +
  19 + should 'list all enterprises' do
  20 + enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)
  21 + enterprise2 = fast_create(Enterprise, :environment_id => environment.id)
  22 + get "/api/v1/enterprises?#{params.to_query}"
  23 + json = JSON.parse(last_response.body)
  24 + assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}
  25 + end
  26 +
  27 + should 'not list invisible enterprises' do
  28 + enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
  29 + fast_create(Enterprise, :visible => false)
  30 +
  31 + get "/api/v1/enterprises?#{params.to_query}"
  32 + json = JSON.parse(last_response.body)
  33 + assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
  34 + end
  35 +
  36 + should 'not list private enterprises without permission' do
  37 + enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
  38 + fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
  39 +
  40 + get "/api/v1/enterprises?#{params.to_query}"
  41 + json = JSON.parse(last_response.body)
  42 + assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
  43 + end
  44 +
  45 + should 'list private enterprise for members' do
  46 + c1 = fast_create(Enterprise, :environment_id => environment.id)
  47 + c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
  48 + c2.add_member(person)
  49 +
  50 + get "/api/v1/enterprises?#{params.to_query}"
  51 + json = JSON.parse(last_response.body)
  52 + assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']}
  53 + end
  54 +
  55 + should 'get enterprise' do
  56 + enterprise = fast_create(Enterprise, :environment_id => environment.id)
  57 +
  58 + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
  59 + json = JSON.parse(last_response.body)
  60 + assert_equal enterprise.id, json['enterprise']['id']
  61 + end
  62 +
  63 + should 'not get invisible enterprise' do
  64 + enterprise = fast_create(Enterprise, :visible => false)
  65 +
  66 + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
  67 + json = JSON.parse(last_response.body)
  68 + assert json['enterprise'].blank?
  69 + end
  70 +
  71 + should 'not get private enterprises without permission' do
  72 + enterprise = fast_create(Enterprise, :environment_id => environment.id)
  73 + fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
  74 +
  75 + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
  76 + json = JSON.parse(last_response.body)
  77 + assert_equal enterprise.id, json['enterprise']['id']
  78 + end
  79 +
  80 + should 'get private enterprise for members' do
  81 + enterprise = fast_create(Enterprise, :public_profile => false)
  82 + enterprise.add_member(person)
  83 +
  84 + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"
  85 + json = JSON.parse(last_response.body)
  86 + assert_equal enterprise.id, json['enterprise']['id']
  87 + end
  88 +
  89 + should 'list person enterprises' do
  90 + enterprise = fast_create(Enterprise, :environment_id => environment.id)
  91 + fast_create(Enterprise, :environment_id => environment.id)
  92 + enterprise.add_member(person)
  93 +
  94 + get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
  95 + json = JSON.parse(last_response.body)
  96 + assert_equivalent [enterprise.id], json['enterprises'].map {|c| c['id']}
  97 + end
  98 +
  99 + should 'not list person enterprises invisible' do
  100 + c1 = fast_create(Enterprise, :environment_id => environment.id)
  101 + c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false)
  102 + c1.add_member(person)
  103 + c2.add_member(person)
  104 +
  105 + get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"
  106 + json = JSON.parse(last_response.body)
  107 + assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']}
  108 + end
  109 +
  110 +end
test/api/environment_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,38 @@ @@ -0,0 +1,38 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class EnvironmentTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + @person = create_user('testing').person
  7 + end
  8 + attr_reader :person
  9 +
  10 + should 'return the default environment' do
  11 + environment = Environment.default
  12 + get "/api/v1/environment/default"
  13 + json = JSON.parse(last_response.body)
  14 + assert_equal environment.id, json['id']
  15 + end
  16 +
  17 + should 'return created environment' do
  18 + environment = fast_create(Environment)
  19 + default_env = Environment.default
  20 + assert_not_equal environment.id, default_env.id
  21 + get "/api/v1/environment/#{environment.id}"
  22 + json = JSON.parse(last_response.body)
  23 + assert_equal environment.id, json['id']
  24 + end
  25 +
  26 + should 'return context environment' do
  27 + context_env = fast_create(Environment)
  28 + context_env.name = "example org"
  29 + context_env.save
  30 + context_env.domains<< Domain.new(:name => 'example.org')
  31 + default_env = Environment.default
  32 + assert_not_equal context_env.id, default_env.id
  33 + get "/api/v1/environment/context"
  34 + json = JSON.parse(last_response.body)
  35 + assert_equal context_env.id, json['id']
  36 + end
  37 +
  38 +end
test/api/helpers_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,245 @@ @@ -0,0 +1,245 @@
  1 +require_relative 'test_helper'
  2 +require 'noosfero/api/helpers'
  3 +
  4 +class APIHelpersTest < ActiveSupport::TestCase
  5 +
  6 + include Noosfero::API::APIHelpers
  7 +
  8 + def setup
  9 + @headers = {}
  10 + end
  11 +
  12 + attr_accessor :headers
  13 +
  14 + should 'get the current user with valid token' do
  15 + user = create_user('someuser')
  16 + user.generate_private_token!
  17 + self.params = {:private_token => user.private_token}
  18 + assert_equal user, current_user
  19 + end
  20 +
  21 + should 'get the current user with valid token in header' do
  22 + user = create_user('someuser')
  23 + user.generate_private_token!
  24 + headers['Private-Token'] = user.private_token
  25 + assert_equal user, current_user
  26 + end
  27 +
  28 + should 'get the current user even with expired token' do
  29 + user = create_user('someuser')
  30 + user.generate_private_token!
  31 + user.private_token_generated_at = DateTime.now.prev_year
  32 + user.save
  33 + self.params = {:private_token => user.private_token}
  34 + assert_equal user, current_user
  35 + end
  36 +
  37 + should 'get the person of current user' do
  38 + user = create_user('someuser')
  39 + user.generate_private_token!
  40 + self.params = {:private_token => user.private_token}
  41 + assert_equal user.person, current_person
  42 + end
  43 +
  44 +# #FIXME see how to make this test. Get the current_user variable
  45 +# should 'set current_user to nil after logout' do
  46 +# user = create_user('someuser')
  47 +# user.stubs(:private_token_expired?).returns(false)
  48 +# User.stubs(:find_by_private_token).returns(user)
  49 +# assert_not_nil current_user
  50 +# assert false
  51 +# logout
  52 +# end
  53 +
  54 + should 'limit be defined as the params limit value' do
  55 + local_limit = 30
  56 + self.params= {:limit => local_limit}
  57 + assert_equal local_limit, limit
  58 + end
  59 +
  60 + should 'return default limit if the limit parameter is minor than zero' do
  61 + self.params= {:limit => -1}
  62 + assert_equal 20, limit
  63 + end
  64 +
  65 + should 'the default limit be 20' do
  66 + assert_equal 20, limit
  67 + end
  68 +
  69 + should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do
  70 + assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0]
  71 + end
  72 +
  73 + should 'the beginning of the period be from date passsed as parameter' do
  74 + from = DateTime.now
  75 + assert_equal from, period(from, nil).min
  76 + end
  77 +
  78 + should 'the end of the period be now if no until date is passsed as parameter' do
  79 + assert_in_delta DateTime.now, period(nil, nil).max
  80 + end
  81 +
  82 + should 'the end of the period be until date passsed as parameter' do
  83 + until_date = DateTime.now
  84 + assert_equal until_date, period(nil, until_date).max
  85 + end
  86 +
  87 + should 'parse_content_type return nil if its blank' do
  88 + assert_nil parse_content_type("")
  89 + end
  90 +
  91 + should 'parse_content_type be an array' do
  92 + assert_kind_of Array, parse_content_type("text_article")
  93 + end
  94 +
  95 + should 'parse_content_type return all content types as an array' do
  96 + assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle")
  97 + end
  98 +
  99 + should 'find_article return article by id in list passed for user with permission' do
  100 + user = create_user('someuser')
  101 + a = fast_create(Article, :profile_id => user.person.id)
  102 + fast_create(Article, :profile_id => user.person.id)
  103 + fast_create(Article, :profile_id => user.person.id)
  104 +
  105 + user.generate_private_token!
  106 + User.expects(:find_by_private_token).returns(user)
  107 + assert_equal a, find_article(user.person.articles, a.id)
  108 + end
  109 +
  110 + should 'find_article return forbidden when a user try to access an article without permission' do
  111 + user = create_user('someuser')
  112 + p = fast_create(Profile)
  113 + a = fast_create(Article, :published => false, :profile_id => p.id)
  114 + fast_create(Article, :profile_id => p.id)
  115 +
  116 + user.generate_private_token!
  117 + User.expects(:find_by_private_token).returns(user)
  118 + assert_equal 403, find_article(p.articles, a.id).last
  119 + end
  120 +
  121 + should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do
  122 + assert_nil make_conditions_with_parameter[:created_at]
  123 + end
  124 +
  125 + should 'make_conditions_with_parameter return created_at parameter if from period is defined' do
  126 + assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at]
  127 + end
  128 +
  129 + should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do
  130 + assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at]
  131 + end
  132 +
  133 + should 'make_conditions_with_parameter return created_at parameter if until period is defined' do
  134 + assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at]
  135 + end
  136 +
  137 + should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do
  138 + assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at]
  139 + end
  140 +
  141 + should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do
  142 + assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min
  143 + end
  144 +
  145 + should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do
  146 + date = '2010-10-10'
  147 + assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min
  148 + end
  149 +
  150 + should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do
  151 + date = '2010-10-10'
  152 + assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max
  153 + end
  154 +
  155 + should 'make_conditions_with_parameter return the until date passed as parameter' do
  156 + date = '2010-10-10'
  157 + assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min
  158 + end
  159 +
  160 + should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do
  161 + assert_nil make_conditions_with_parameter[:type]
  162 + end
  163 +
  164 + #test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association
  165 + should 'make_order_with_parameters return order if attribute is found at object association' do
  166 + environment = Environment.new
  167 + params = {:order => "name ASC"}
  168 + assert_equal "name ASC", make_order_with_parameters(environment, "articles", params)
  169 + end
  170 +
  171 + # test added to check for eventual sql injection vunerabillity
  172 + #test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists
  173 + should 'make_order_with_parameters return default order if attributes not exists' do
  174 + environment = Environment.new
  175 + params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity
  176 + assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
  177 + end
  178 +
  179 + should 'make_order_with_parameters return default order if sql injection detected' do
  180 + environment = Environment.new
  181 + params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity
  182 + assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)
  183 + end
  184 +
  185 + should 'make_order_with_parameters return RANDOM() if random is passed' do
  186 + environment = Environment.new
  187 + params = {:order => "random"} # quote used to check sql injection vunerabillity
  188 + assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
  189 + end
  190 +
  191 + should 'make_order_with_parameters return RANDOM() if random function is passed' do
  192 + environment = Environment.new
  193 + params = {:order => "random()"} # quote used to check sql injection vunerabillity
  194 + assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)
  195 + end
  196 +
  197 + should 'render not_found if endpoint is unavailable' do
  198 + Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)
  199 + self.expects(:not_found!)
  200 +
  201 + filter_disabled_plugins_endpoints
  202 + end
  203 +
  204 + should 'not touch in options when no fields parameter is passed' do
  205 + model = mock
  206 + expects(:present).with(model, {})
  207 + present_partial(model, {})
  208 + end
  209 +
  210 + should 'fallback to array when fields parameter is not a json when calling present partial' do
  211 + model = mock
  212 + params[:fields] = ['name']
  213 + expects(:present).with(model, {:only => ['name']})
  214 + present_partial(model, {})
  215 + end
  216 +
  217 + should 'fallback to comma separated string when fields parameter is not an array when calling present partial' do
  218 + model = mock
  219 + params[:fields] = 'name,description'
  220 + expects(:present).with(model, {:only => ['name', 'description']})
  221 + present_partial(model, {})
  222 + end
  223 +
  224 + should 'accept json as fields parameter when calling present partial' do
  225 + model = mock
  226 + params[:fields] = {only: [:name, {user: [:login]}]}.to_json
  227 + expects(:present).with(model, {:only => ['name', {'user' => ['login']}]})
  228 + present_partial(model, {})
  229 + end
  230 +
  231 + protected
  232 +
  233 + def error!(info, status)
  234 + [info, status]
  235 + end
  236 +
  237 + def params
  238 + @params ||= {}
  239 + end
  240 +
  241 + def params= value
  242 + @params = value
  243 + end
  244 +
  245 +end
test/api/people_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,258 @@ @@ -0,0 +1,258 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class PeopleTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + Person.delete_all
  7 + login_api
  8 + end
  9 +
  10 + should 'list all people' do
  11 + person1 = fast_create(Person, :public_profile => true)
  12 + person2 = fast_create(Person)
  13 + get "/api/v1/people?#{params.to_query}"
  14 + json = JSON.parse(last_response.body)
  15 + assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}
  16 + end
  17 +
  18 + should 'list all members of a community' do
  19 + person1 = fast_create(Person)
  20 + person2 = fast_create(Person)
  21 + community = fast_create(Community)
  22 + community.add_member(person1)
  23 + community.add_member(person2)
  24 +
  25 + get "/api/v1/profiles/#{community.id}/members?#{params.to_query}"
  26 + json = JSON.parse(last_response.body)
  27 + assert_equal 2, json["people"].count
  28 + assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]}
  29 + end
  30 +
  31 + should 'not list invisible people' do
  32 + invisible_person = fast_create(Person, :visible => false)
  33 +
  34 + get "/api/v1/people?#{params.to_query}"
  35 + assert_not_includes json_response_ids(:people), invisible_person.id
  36 + end
  37 +
  38 + should 'not list private people without permission' do
  39 + private_person = fast_create(Person, :public_profile => false)
  40 +
  41 + get "/api/v1/people?#{params.to_query}"
  42 + assert_not_includes json_response_ids(:people), private_person.id
  43 + end
  44 +
  45 + should 'list private person for friends' do
  46 + p1 = fast_create(Person)
  47 + p2 = fast_create(Person, :public_profile => false)
  48 + person.add_friend(p2)
  49 + p2.add_friend(person)
  50 +
  51 + get "/api/v1/people?#{params.to_query}"
  52 + assert_includes json_response_ids(:people), p2.id
  53 + end
  54 +
  55 + should 'get person' do
  56 + some_person = fast_create(Person)
  57 +
  58 + get "/api/v1/people/#{some_person.id}?#{params.to_query}"
  59 + json = JSON.parse(last_response.body)
  60 + assert_equal some_person.id, json['person']['id']
  61 + end
  62 +
  63 + should 'people endpoint filter by fields parameter' do
  64 + get "/api/v1/people?#{params.to_query}&fields=name"
  65 + json = JSON.parse(last_response.body)
  66 + expected = {'people' => [{'name' => person.name}]}
  67 + assert_equal expected, json
  68 + end
  69 +
  70 + should 'people endpoint filter by fields parameter with hierarchy' do
  71 + fields = URI.encode({only: [:name, {user: [:login]}]}.to_json)
  72 + get "/api/v1/people?#{params.to_query}&fields=#{fields}"
  73 + json = JSON.parse(last_response.body)
  74 + expected = {'people' => [{'name' => person.name, 'user' => {'login' => 'testapi'}}]}
  75 + assert_equal expected, json
  76 + end
  77 +
  78 + should 'get logged person' do
  79 + get "/api/v1/people/me?#{params.to_query}"
  80 + json = JSON.parse(last_response.body)
  81 + assert_equal person.id, json['person']['id']
  82 + end
  83 +
  84 + should 'me endpoint filter by fields parameter' do
  85 + get "/api/v1/people/me?#{params.to_query}&fields=name"
  86 + json = JSON.parse(last_response.body)
  87 + expected = {'person' => {'name' => person.name}}
  88 + assert_equal expected, json
  89 + end
  90 +
  91 + should 'not get invisible person' do
  92 + person = fast_create(Person, :visible => false)
  93 +
  94 + get "/api/v1/people/#{person.id}?#{params.to_query}"
  95 + json = JSON.parse(last_response.body)
  96 + assert json['person'].blank?
  97 + end
  98 +
  99 + should 'not get private people without permission' do
  100 + private_person = fast_create(Person, :public_profile => false)
  101 +
  102 + get "/api/v1/people/#{private_person.id}?#{params.to_query}"
  103 + json = JSON.parse(last_response.body)
  104 + assert json['person'].blank?
  105 + end
  106 +
  107 + should 'get private person for friends' do
  108 + private_person = fast_create(Person, :public_profile => false)
  109 + person.add_friend(private_person)
  110 + private_person.add_friend(person)
  111 +
  112 + get "/api/v1/people/#{private_person.id}?#{params.to_query}"
  113 + json = JSON.parse(last_response.body)
  114 + assert_equal private_person.id, json['person']['id']
  115 + end
  116 +
  117 + should 'list person friends' do
  118 + friend = fast_create(Person)
  119 + person.add_friend(friend)
  120 + friend.add_friend(person)
  121 +
  122 + get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
  123 + assert_includes json_response_ids(:people), person.id
  124 + end
  125 +
  126 + should 'not list person invisible friends' do
  127 + friend = fast_create(Person)
  128 + invisible_friend = fast_create(Person, :visible => false)
  129 + person.add_friend(friend)
  130 + person.add_friend(invisible_friend)
  131 + friend.add_friend(person)
  132 + invisible_friend.add_friend(person)
  133 +
  134 + get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
  135 + friends = json_response_ids(:people)
  136 + assert_includes friends, friend.id
  137 + assert_not_includes friends, invisible_friend.id
  138 + end
  139 +
  140 + should 'create a person' do
  141 + login = 'some'
  142 + params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}
  143 + post "/api/v1/people?#{params.to_query}"
  144 + json = JSON.parse(last_response.body)
  145 + assert_equal login, json['person']['identifier']
  146 + end
  147 +
  148 + should 'return 400 status for invalid person creation' do
  149 + params[:person] = {:login => 'some'}
  150 + post "/api/v1/people?#{params.to_query}"
  151 + json = JSON.parse(last_response.body)
  152 + assert_equal 400, last_response.status
  153 + end
  154 +
  155 + should 'display permissions' do
  156 + community = fast_create(Community)
  157 + community.add_member(fast_create(Person))
  158 + community.add_member(person)
  159 + permissions = Profile::Roles.member(person.environment.id).permissions
  160 + get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
  161 + json = JSON.parse(last_response.body)
  162 +
  163 + assert_equal json[community.identifier], permissions
  164 + end
  165 +
  166 + should 'display permissions if self' do
  167 + get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
  168 + assert_equal 200, last_response.status
  169 + end
  170 +
  171 + should 'display permissions if admin' do
  172 + environment = person.environment
  173 + environment.add_admin(person)
  174 + some_person = fast_create(Person)
  175 +
  176 + get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
  177 + assert_equal 200, last_response.status
  178 + end
  179 +
  180 + should 'not display permissions if not admin or self' do
  181 + some_person = create_user('some-person').person
  182 +
  183 + get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
  184 + assert_equal 403, last_response.status
  185 + end
  186 +
  187 + should 'not update another person' do
  188 + person = fast_create(Person, :environment_id => environment.id)
  189 + post "/api/v1/people/#{person.id}?#{params.to_query}"
  190 + assert_equal 403, last_response.status
  191 + end
  192 +
  193 + should 'update yourself' do
  194 + another_name = 'Another Name'
  195 + params[:person] = {}
  196 + params[:person][:name] = another_name
  197 + assert_not_equal another_name, person.name
  198 + post "/api/v1/people/#{person.id}?#{params.to_query}"
  199 + person.reload
  200 + assert_equal another_name, person.name
  201 + end
  202 +
  203 + should 'display public custom fields' do
  204 + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
  205 + some_person = create_user('some-person').person
  206 + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} }
  207 + some_person.save!
  208 +
  209 + get "/api/v1/people/#{some_person.id}?#{params.to_query}"
  210 + json = JSON.parse(last_response.body)
  211 + assert json['person']['additional_data'].has_key?('Custom Blog')
  212 + assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
  213 + end
  214 +
  215 + should 'not display non-public custom fields' do
  216 + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
  217 + some_person = create_user('some-person').person
  218 + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
  219 + some_person.save!
  220 +
  221 + get "/api/v1/people/#{some_person.id}?#{params.to_query}"
  222 + json = JSON.parse(last_response.body)
  223 + assert_equal json['person']['additional_data'], {}
  224 + end
  225 +
  226 + should 'display non-public custom fields to friend' do
  227 + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
  228 + some_person = create_user('some-person').person
  229 + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
  230 + some_person.save!
  231 +
  232 + f = Friendship.new
  233 + f.friend = some_person
  234 + f.person = person
  235 + f.save!
  236 +
  237 + get "/api/v1/people/#{some_person.id}?#{params.to_query}"
  238 + json = JSON.parse(last_response.body)
  239 + assert json['person']['additional_data'].has_key?("Custom Blog")
  240 + assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
  241 + end
  242 +
  243 + PERSON_ATTRIBUTES = %w(vote_count comments_count articles_count)
  244 +
  245 + PERSON_ATTRIBUTES.map do |attribute|
  246 + define_method "test_should_not_expose_#{attribute}_attribute_in_person_enpoint_if_field_parameter_does_not_contain_the_attribute" do
  247 + get "/api/v1/people/me?#{params.to_query}&fields=name"
  248 + json = JSON.parse(last_response.body)
  249 + assert_nil json['person'][attribute]
  250 + end
  251 +
  252 + define_method "test_should_expose_#{attribute}_attribute_in_person_enpoints_if_field_parameter_is_passed" do
  253 + get "/api/v1/people/me?#{params.to_query}&fields=#{attribute}"
  254 + json = JSON.parse(last_response.body)
  255 + assert_not_nil json['person'][attribute]
  256 + end
  257 + end
  258 +end
test/api/profiles_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class ProfilesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + Profile.delete_all
  7 + login_api
  8 + end
  9 +
  10 + should 'list all profiles' do
  11 + person1 = fast_create(Person)
  12 + person2 = fast_create(Person)
  13 + community = fast_create(Community)
  14 + get "/api/v1/profiles?#{params.to_query}"
  15 + json = JSON.parse(last_response.body)
  16 + assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']}
  17 + end
  18 +
  19 + should 'get person from profile id' do
  20 + some_person = fast_create(Person)
  21 + get "/api/v1/profiles/#{some_person.id}?#{params.to_query}"
  22 + json = JSON.parse(last_response.body)
  23 + assert_equal some_person.id, json['id']
  24 + end
  25 +
  26 + should 'get community from profile id' do
  27 + community = fast_create(Community)
  28 + get "/api/v1/profiles/#{community.id}?#{params.to_query}"
  29 + json = JSON.parse(last_response.body)
  30 + assert_equal community.id, json['id']
  31 + end
  32 +end
test/api/search_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,150 @@ @@ -0,0 +1,150 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class SearchTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + @person = create_user('testing').person
  7 + end
  8 + attr_reader :person
  9 +
  10 + should 'not list unpublished articles' do
  11 + Article.delete_all
  12 + article = fast_create(Article, :profile_id => person.id, :published => false)
  13 + assert !article.published?
  14 + get "/api/v1/search/article"
  15 + json = JSON.parse(last_response.body)
  16 + assert_empty json['articles']
  17 + end
  18 +
  19 + should 'list articles' do
  20 + fast_create(Article, :profile_id => person.id)
  21 + get "/api/v1/search/article"
  22 + json = JSON.parse(last_response.body)
  23 + assert_not_empty json['articles']
  24 + end
  25 +
  26 + should 'list only articles that has children' do
  27 + article = fast_create(Article, :profile_id => person.id)
  28 + parent = create(Article, :profile_id => person.id, :name => 'parent article')
  29 + child = create(Article, :profile_id => person.id, :parent_id => parent.id, :name => 'child article')
  30 +
  31 + get "/api/v1/search/article?has_children=true"
  32 + json = JSON.parse(last_response.body)
  33 + assert_equal parent.id, json['articles'].first['id']
  34 + end
  35 +
  36 + should 'invalid search string articles' do
  37 + fast_create(Article, :profile_id => person.id, :name => 'some article')
  38 + get "/api/v1/search/article?query=test"
  39 + json = JSON.parse(last_response.body)
  40 + assert_empty json['articles']
  41 + end
  42 +
  43 + should 'not list articles of wrong type' do
  44 + Article.delete_all
  45 + fast_create(Article, :profile_id => person.id)
  46 + get "/api/v1/search/article?type=TinyMceArticle"
  47 + json = JSON.parse(last_response.body)
  48 + assert_empty json['articles']
  49 + end
  50 +
  51 + should 'list articles of one type' do
  52 + fast_create(Article, :profile_id => person.id)
  53 + article = fast_create(TinyMceArticle, :profile_id => person.id)
  54 +
  55 + get "/api/v1/search/article?type=TinyMceArticle"
  56 + json = JSON.parse(last_response.body)
  57 + assert_equal article.id, json['articles'].first['id']
  58 + end
  59 +
  60 + should 'list articles of one type and query string' do
  61 + fast_create(Article, :profile_id => person.id, :name => 'some article')
  62 + fast_create(Article, :profile_id => person.id, :name => 'Some thing')
  63 + article = fast_create(TinyMceArticle, :profile_id => person.id, :name => 'Some thing')
  64 + get "/api/v1/search/article?type=TinyMceArticle&query=thing"
  65 + json = JSON.parse(last_response.body)
  66 + assert_equal 1, json['articles'].count
  67 + assert_equal article.id, json['articles'].first['id']
  68 + end
  69 +
  70 + should 'not return more entries than page limit' do
  71 + 1.upto(5).each do |n|
  72 + fast_create(Article, :profile_id => person.id, :name => "Article #{n}")
  73 + end
  74 +
  75 + get "/api/v1/search/article?query=Article&per_page=3"
  76 + json = JSON.parse(last_response.body)
  77 +
  78 + assert_equal 3, json['articles'].count
  79 + end
  80 +
  81 + should 'return entries second page' do
  82 + 1.upto(5).each do |n|
  83 + fast_create(Article, :profile_id => person.id, :name => "Article #{n}")
  84 + end
  85 +
  86 + get "/api/v1/search/article?query=Article&per_page=3&page=2"
  87 + json = JSON.parse(last_response.body)
  88 +
  89 + assert_equal 2, json['articles'].count
  90 + end
  91 +
  92 + should 'search articles in profile' do
  93 + person2 = fast_create(Person)
  94 + fast_create(Article, :profile_id => person.id)
  95 + fast_create(Article, :profile_id => person.id)
  96 + article = fast_create(Article, :profile_id => person2.id)
  97 +
  98 + get "/api/v1/search/article?query=Article&profile_id=#{person2.id}"
  99 + json = JSON.parse(last_response.body)
  100 + assert_equal article.id, json['articles'].first['id']
  101 + end
  102 +
  103 + should 'search and return values specified in fields parameter' do
  104 + fast_create(Article, :profile_id => person.id)
  105 + get "/api/v1/search/article?fields=title"
  106 + json = JSON.parse(last_response.body)
  107 + assert_not_empty json['articles']
  108 + assert_equal ['title'], json['articles'].first.keys
  109 + end
  110 +
  111 + should 'search with parent' do
  112 + parent = fast_create(Folder, :profile_id => person.id)
  113 + fast_create(Article, :profile_id => person.id)
  114 + article = fast_create(Article, :profile_id => person.id, :parent_id => parent.id)
  115 + get "/api/v1/search/article?parent_id=#{parent.id}"
  116 + json = JSON.parse(last_response.body)
  117 + assert_equal 1, json['articles'].count
  118 + assert_equal article.id, json['articles'].first["id"]
  119 + end
  120 +
  121 + should 'search filter by category' do
  122 + Article.delete_all
  123 + fast_create(Article, :profile_id => person.id)
  124 + article = fast_create(Article, :profile_id => person.id)
  125 + category = fast_create(Category)
  126 + article.categories<< category
  127 + get "/api/v1/search/article?category_ids=#{category.id}"
  128 + json = JSON.parse(last_response.body)
  129 + assert_equal 1, json['articles'].count
  130 + assert_equal article.id, json['articles'].first["id"]
  131 + end
  132 +
  133 + should 'search filter by more than one category' do
  134 + Article.delete_all
  135 + fast_create(Article, :profile_id => person.id)
  136 + article1 = fast_create(Article, :profile_id => person.id)
  137 + article2 = fast_create(Article, :profile_id => person.id)
  138 + category1 = fast_create(Category)
  139 + category2 = fast_create(Category)
  140 + article1.categories<< category1
  141 + article2.categories<< category2
  142 + get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}"
  143 + json = JSON.parse(last_response.body)
  144 + ids = [article1.id, article2.id]
  145 + assert_equal 2, json['articles'].count
  146 + assert_includes ids, json['articles'].first["id"]
  147 + assert_includes ids, json['articles'].last["id"]
  148 + end
  149 +
  150 +end
test/api/session_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,221 @@ @@ -0,0 +1,221 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class SessionTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'generate private token when login' do
  10 + params = {:login => "testapi", :password => "testapi"}
  11 + post "/api/v1/login?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert !json['user']["private_token"].blank?
  14 + end
  15 +
  16 + should 'return 401 when login fails' do
  17 + user.destroy
  18 + params = {:login => "testapi", :password => "testapi"}
  19 + post "/api/v1/login?#{params.to_query}"
  20 + assert_equal 401, last_response.status
  21 + end
  22 +
  23 + should 'register a user' do
  24 + Environment.default.enable('skip_new_user_email_confirmation')
  25 + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
  26 + post "/api/v1/register?#{params.to_query}"
  27 + assert_equal 201, last_response.status
  28 + json = JSON.parse(last_response.body)
  29 + assert User['newuserapi'].activated?
  30 + assert json['user']['activated']
  31 + assert json['user']['private_token'].present?
  32 + end
  33 +
  34 + should 'register a user with name' do
  35 + Environment.default.enable('skip_new_user_email_confirmation')
  36 + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :name => "Little John" }
  37 + post "/api/v1/register?#{params.to_query}"
  38 + assert_equal 201, last_response.status
  39 + json = JSON.parse(last_response.body)
  40 + assert json['user']['activated']
  41 + assert json['user']['private_token'].present?
  42 + end
  43 +
  44 + should 'register an inactive user' do
  45 + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
  46 + post "/api/v1/register?#{params.to_query}"
  47 + assert_equal 201, last_response.status
  48 + json = JSON.parse(last_response.body)
  49 + assert !json['activated']
  50 + assert json['private_token'].blank?
  51 + end
  52 +
  53 + should 'not register a user with invalid login' do
  54 + params = {:login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
  55 + post "/api/v1/register?#{params.to_query}"
  56 + assert_equal 400, last_response.status
  57 + json = JSON.parse(last_response.body)
  58 + msg = json['message'].split(':')
  59 + key = msg[0][2, 5]
  60 + val = msg[1][2, 38]
  61 + assert_equal "login", key
  62 + assert_equal "is too short (minimum is 2 characters)", val
  63 + end
  64 +
  65 + should 'not register a user with invalid login pt' do
  66 + I18n.locale = "pt-BR"
  67 + params = {:lang => "pt-BR", :login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
  68 + post "/api/v1/register?#{params.to_query}"
  69 + assert_equal 400, last_response.status
  70 + json = JSON.parse(last_response.body)
  71 + msg = json['message'].split(':')
  72 + key = msg[0][2, 5]
  73 + val = msg[1][2, 35]
  74 + assert_equal "login", key
  75 + assert val.include? "muito curto"
  76 + end
  77 +
  78 + should 'not register a user without email' do
  79 + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil }
  80 + post "/api/v1/register?#{params.to_query}"
  81 + assert_equal 400, last_response.status
  82 + end
  83 +
  84 + should 'not register a duplicated user' do
  85 + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
  86 + post "/api/v1/register?#{params.to_query}"
  87 + post "/api/v1/register?#{params.to_query}"
  88 + assert_equal 400, last_response.status
  89 + json = JSON.parse(last_response.body)
  90 + end
  91 +
  92 + # TODO: Add another test cases to check register situations
  93 + should 'activate a user' do
  94 + params = {
  95 + :login => "newuserapi",
  96 + :password => "newuserapi",
  97 + :password_confirmation => "newuserapi",
  98 + :email => "newuserapi@email.com"
  99 + }
  100 + user = User.new(params)
  101 + user.save!
  102 +
  103 + params = { activation_code: user.activation_code}
  104 + patch "/api/v1/activate?#{params.to_query}"
  105 + assert_equal 200, last_response.status
  106 + end
  107 +
  108 + should 'do not activate a user if admin must approve him' do
  109 + params = {
  110 + :login => "newuserapi",
  111 + :password => "newuserapi",
  112 + :password_confirmation => "newuserapi",
  113 + :email => "newuserapi@email.com",
  114 + :environment => Environment.default
  115 + }
  116 + user = User.new(params)
  117 + user.environment.enable('admin_must_approve_new_users')
  118 + user.save!
  119 +
  120 + params = { activation_code: user.activation_code}
  121 + patch "/api/v1/activate?#{params.to_query}"
  122 + assert_equal 202, last_response.status
  123 + assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"]
  124 + end
  125 +
  126 + should 'do not activate a user if the token is invalid' do
  127 + params = {
  128 + :login => "newuserapi",
  129 + :password => "newuserapi",
  130 + :password_confirmation => "newuserapi",
  131 + :email => "newuserapi@email.com",
  132 + :environment => Environment.default
  133 + }
  134 + user = User.new(params)
  135 + user.save!
  136 +
  137 + params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'}
  138 + patch "/api/v1/activate?#{params.to_query}"
  139 + assert_equal 412, last_response.status
  140 + end
  141 +
  142 + should 'create task to change password by user login' do
  143 + user = create_user
  144 + params = {:value => user.login}
  145 + assert_difference 'ChangePassword.count' do
  146 + post "/api/v1/forgot_password?#{params.to_query}"
  147 + end
  148 + end
  149 +
  150 + should 'not create task to change password when user is not found' do
  151 + params = {:value => 'wronglogin'}
  152 + assert_no_difference 'ChangePassword.count' do
  153 + post "/api/v1/forgot_password?#{params.to_query}"
  154 + end
  155 + assert_equal 404, last_response.status
  156 + end
  157 +
  158 + should 'change user password and close task' do
  159 + task = ChangePassword.create!(:requestor => @person)
  160 + params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'})
  161 + patch "/api/v1/new_password?#{params.to_query}"
  162 + assert_equal Task::Status::FINISHED, task.reload.status
  163 + assert user.reload.authenticated?('secret')
  164 + json = JSON.parse(last_response.body)
  165 + assert_equal user.id, json['user']['id']
  166 + end
  167 +
  168 + should 'do not change user password when password confirmation is wrong' do
  169 + user = create_user
  170 + user.activate
  171 + task = ChangePassword.create!(:requestor => user.person)
  172 + params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}
  173 + patch "/api/v1/new_password?#{params.to_query}"
  174 + assert_equal Task::Status::ACTIVE, task.reload.status
  175 + assert !user.reload.authenticated?('secret')
  176 + assert_equal 400, last_response.status
  177 + end
  178 +
  179 + should 'render not found when provide a wrong code on password change' do
  180 + params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}
  181 + patch "/api/v1/new_password?#{params.to_query}"
  182 + assert_equal 404, last_response.status
  183 + end
  184 +
  185 + should 'not return private token when the registered user is inactive' do
  186 + params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }
  187 + post "/api/v1/register?#{params.to_query}"
  188 + assert_equal 201, last_response.status
  189 + json = JSON.parse(last_response.body)
  190 + assert !User['newuserapi'].activated?
  191 + assert !json['user']['activated']
  192 + assert !json['user']['private_token'].present?
  193 + end
  194 +
  195 + should 'resend activation code for an inactive user' do
  196 + user = create_user
  197 + params = {:value => user.login}
  198 + Delayed::Job.destroy_all
  199 + assert_difference 'ActionMailer::Base.deliveries.size' do
  200 + post "/api/v1/resend_activation_code?#{params.to_query}"
  201 + process_delayed_job_queue
  202 + end
  203 + json = JSON.parse(last_response.body)
  204 + refute json['users'].first['private_token']
  205 + assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s
  206 + end
  207 +
  208 + should 'not resend activation code for an active user' do
  209 + user = create_user
  210 + params = {:value => user.login}
  211 + user.activate
  212 + Delayed::Job.destroy_all
  213 + assert_no_difference 'ActionMailer::Base.deliveries.size' do
  214 + post "/api/v1/resend_activation_code?#{params.to_query}"
  215 + process_delayed_job_queue
  216 + end
  217 + json = JSON.parse(last_response.body)
  218 + assert json['users'].first['private_token']
  219 + end
  220 +
  221 +end
test/api/task_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,173 @@ @@ -0,0 +1,173 @@
  1 +require_relative 'test_helper'
  2 +
  3 +class TasksTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + @person = user.person
  8 + @community = fast_create(Community)
  9 + @environment = Environment.default
  10 + end
  11 +
  12 + attr_accessor :person, :community, :environment
  13 +
  14 + should 'list tasks of environment' do
  15 + environment.add_admin(person)
  16 + task = create(Task, :requestor => person, :target => environment)
  17 + get "/api/v1/tasks?#{params.to_query}"
  18 + json = JSON.parse(last_response.body)
  19 + assert_includes json["tasks"].map { |a| a["id"] }, task.id
  20 + end
  21 +
  22 + should 'return environment task by id' do
  23 + environment.add_admin(person)
  24 + task = create(Task, :requestor => person, :target => environment)
  25 + get "/api/v1/tasks/#{task.id}?#{params.to_query}"
  26 + json = JSON.parse(last_response.body)
  27 + assert_equal task.id, json["task"]["id"]
  28 + end
  29 +
  30 + should 'not return environmet task if user has no permission to view it' do
  31 + person = fast_create(Person)
  32 + task = create(Task, :requestor => person, :target => environment)
  33 +
  34 + get "/api/v1/tasks/#{task.id}?#{params.to_query}"
  35 + assert_equal 403, last_response.status
  36 + end
  37 +
  38 + #############################
  39 + # Community Tasks #
  40 + #############################
  41 +
  42 + should 'return task by community' do
  43 + community = fast_create(Community)
  44 + community.add_admin(person)
  45 +
  46 + task = create(Task, :requestor => person, :target => community)
  47 + assert person.is_member_of?(community)
  48 +
  49 + get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
  50 + json = JSON.parse(last_response.body)
  51 + assert_equal task.id, json["task"]["id"]
  52 + end
  53 +
  54 + should 'not return task by community if user has no permission to view it' do
  55 + community = fast_create(Community)
  56 + task = create(Task, :requestor => person, :target => community)
  57 + assert !person.is_member_of?(community)
  58 +
  59 + get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
  60 + assert_equal 403, last_response.status
  61 + end
  62 +
  63 + should 'create task in a community' do
  64 + community = fast_create(Community)
  65 + give_permission(person, 'perform_task', community)
  66 + post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
  67 + json = JSON.parse(last_response.body)
  68 + assert_not_nil json["task"]["id"]
  69 + end
  70 +
  71 + should 'create task defining the requestor as current profile logged in' do
  72 + community = fast_create(Community)
  73 + community.add_member(person)
  74 +
  75 + post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
  76 + json = JSON.parse(last_response.body)
  77 +
  78 + assert_equal person, Task.last.requestor
  79 + end
  80 +
  81 + should 'create task defining the target as the community' do
  82 + community = fast_create(Community)
  83 + community.add_member(person)
  84 +
  85 + post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
  86 + json = JSON.parse(last_response.body)
  87 +
  88 + assert_equal community, Task.last.target
  89 + end
  90 +
  91 + #############################
  92 + # Person Tasks #
  93 + #############################
  94 +
  95 + should 'return task by person' do
  96 + task = create(Task, :requestor => person, :target => person)
  97 + get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
  98 + json = JSON.parse(last_response.body)
  99 + assert_equal task.id, json["task"]["id"]
  100 + end
  101 +
  102 + should 'not return task by person if user has no permission to view it' do
  103 + some_person = fast_create(Person)
  104 + task = create(Task, :requestor => person, :target => some_person)
  105 +
  106 + get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"
  107 + assert_equal 403, last_response.status
  108 + end
  109 +
  110 + should 'create task for person' do
  111 + post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
  112 + json = JSON.parse(last_response.body)
  113 + assert_not_nil json["task"]["id"]
  114 + end
  115 +
  116 + should 'create task for another person' do
  117 + some_person = fast_create(Person)
  118 + post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"
  119 + json = JSON.parse(last_response.body)
  120 +
  121 + assert_equal some_person, Task.last.target
  122 + end
  123 +
  124 + should 'create task defining the target as a person' do
  125 + post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
  126 + json = JSON.parse(last_response.body)
  127 +
  128 + assert_equal person, Task.last.target
  129 + end
  130 +
  131 + #############################
  132 + # Enterprise Tasks #
  133 + #############################
  134 +
  135 + should 'return task by enterprise' do
  136 + enterprise = fast_create(Enterprise)
  137 + enterprise.add_admin(person)
  138 +
  139 + task = create(Task, :requestor => person, :target => enterprise)
  140 + assert person.is_member_of?(enterprise)
  141 +
  142 + get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
  143 + json = JSON.parse(last_response.body)
  144 + assert_equal task.id, json["task"]["id"]
  145 + end
  146 +
  147 + should 'not return task by enterprise if user has no permission to view it' do
  148 + enterprise = fast_create(Enterprise)
  149 + task = create(Task, :requestor => person, :target => enterprise)
  150 + assert !person.is_member_of?(enterprise)
  151 +
  152 + get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
  153 + assert_equal 403, last_response.status
  154 + end
  155 +
  156 + should 'create task in a enterprise' do
  157 + enterprise = fast_create(Enterprise)
  158 + give_permission(person, 'perform_task', enterprise)
  159 + post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
  160 + json = JSON.parse(last_response.body)
  161 + assert_not_nil json["task"]["id"]
  162 + end
  163 +
  164 + should 'create task defining the target as the enterprise' do
  165 + enterprise = fast_create(Enterprise)
  166 + enterprise.add_member(person)
  167 +
  168 + post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
  169 + json = JSON.parse(last_response.body)
  170 +
  171 + assert_equal enterprise, Task.last.target
  172 + end
  173 +end
test/api/test_helper.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
  1 +require 'test_helper'
  2 +
  3 +class ActiveSupport::TestCase
  4 +
  5 + include Rack::Test::Methods
  6 +
  7 + def app
  8 + Noosfero::API::API
  9 + end
  10 +
  11 + def login_api
  12 + @environment = Environment.default
  13 + @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment)
  14 + @user.activate
  15 + @person = @user.person
  16 +
  17 + post "/api/v1/login?login=testapi&password=testapi"
  18 + json = JSON.parse(last_response.body)
  19 + @private_token = json["private_token"]
  20 + unless @private_token
  21 + @user.generate_private_token!
  22 + @private_token = @user.private_token
  23 + end
  24 +
  25 + @params = {:private_token => @private_token}
  26 + end
  27 + attr_accessor :private_token, :user, :person, :params, :environment
  28 +
  29 + private
  30 +
  31 + def json_response_ids(kind)
  32 + json = JSON.parse(last_response.body)
  33 + json[kind.to_s].map {|c| c['id']}
  34 + end
  35 +
  36 +end
test/api/users_test.rb 0 → 100644
  Diff comments   View file @043be0b
@@ -0,0 +1,105 @@ @@ -0,0 +1,105 @@
  1 +# encoding: UTF-8
  2 +require_relative 'test_helper'
  3 +
  4 +class UsersTest < ActiveSupport::TestCase
  5 +
  6 + def setup
  7 + login_api
  8 + end
  9 +
  10 + should 'list users' do
  11 + get "/api/v1/users/?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert_includes json["users"].map { |a| a["login"] }, user.login
  14 + end
  15 +
  16 + should 'get user' do
  17 + get "/api/v1/users/#{user.id}?#{params.to_query}"
  18 + json = JSON.parse(last_response.body)
  19 + assert_equal user.id, json['user']['id']
  20 + end
  21 +
  22 + should 'list user permissions' do
  23 + community = fast_create(Community)
  24 + community.add_admin(person)
  25 + get "/api/v1/users/#{user.id}/?#{params.to_query}"
  26 + json = JSON.parse(last_response.body)
  27 + assert_includes json["user"]["permissions"], community.identifier
  28 + end
  29 +
  30 + should 'get logged user' do
  31 + get "/api/v1/users/me?#{params.to_query}"
  32 + json = JSON.parse(last_response.body)
  33 + assert_equal user.id, json['user']['id']
  34 + end
  35 +
  36 + should 'not show permissions to logged user' do
  37 + target_person = create_user('some-user').person
  38 + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
  39 + json = JSON.parse(last_response.body)
  40 + refute json["user"].has_key?("permissions")
  41 + end
  42 +
  43 + should 'show permissions to self' do
  44 + get "/api/v1/users/#{user.id}/?#{params.to_query}"
  45 + json = JSON.parse(last_response.body)
  46 + assert json["user"].has_key?("permissions")
  47 + end
  48 +
  49 + should 'not show permissions to friend' do
  50 + target_person = create_user('some-user').person
  51 +
  52 + f = Friendship.new
  53 + f.friend = target_person
  54 + f.person = person
  55 + f.save!
  56 +
  57 + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
  58 + json = JSON.parse(last_response.body)
  59 + refute json["user"].has_key?("permissions")
  60 + end
  61 +
  62 + should 'not show private attribute to logged user' do
  63 + target_person = create_user('some-user').person
  64 + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
  65 + json = JSON.parse(last_response.body)
  66 + refute json["user"].has_key?("email")
  67 + end
  68 +
  69 + should 'show private attr to friend' do
  70 + target_person = create_user('some-user').person
  71 + f = Friendship.new
  72 + f.friend = target_person
  73 + f.person = person
  74 + f.save!
  75 + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
  76 + json = JSON.parse(last_response.body)
  77 + assert json["user"].has_key?("email")
  78 + assert_equal target_person.email, json["user"]["email"]
  79 + end
  80 +
  81 + should 'show public attribute to logged user' do
  82 + target_person = create_user('some-user').person
  83 + target_person.fields_privacy={:email=> 'public'}
  84 + target_person.save!
  85 + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
  86 + json = JSON.parse(last_response.body)
  87 + assert json["user"].has_key?("email")
  88 + assert_equal json["user"]["email"],target_person.email
  89 + end
  90 +
  91 + should 'show public and private field to admin' do
  92 + Environment.default.add_admin(person)
  93 +
  94 + target_person = create_user('some-user').person
  95 + target_person.fields_privacy={:email=> 'public'}
  96 + target_person.save!
  97 +
  98 + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
  99 + json = JSON.parse(last_response.body)
  100 + assert json["user"].has_key?("email")
  101 + assert json["user"].has_key?("permissions")
  102 + assert json["user"].has_key?("activated")
  103 + end
  104 +
  105 +end
test/unit/api/activities_test.rb
View file @0694e6b
@@ -1,22 +0,0 @@ @@ -1,22 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class ActivitiesTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - login_api  
7 - end  
8 -  
9 - should 'get activity from profile' do  
10 - person = fast_create(Person)  
11 - organization = fast_create(Organization)  
12 - assert_difference 'organization.activities_count' do  
13 - ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization  
14 - organization.reload  
15 - end  
16 - get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}"  
17 - json = JSON.parse(last_response.body)  
18 - assert 1, json["activities"].count  
19 - assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"]  
20 - end  
21 -  
22 -end  
test/unit/api/api_test.rb
View file @0694e6b
@@ -1,29 +0,0 @@ @@ -1,29 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class MyPlugin < Noosfero::Plugin;end  
4 -class MyPlugin::API;end  
5 -  
6 -class APITest < ActiveSupport::TestCase  
7 -  
8 - should 'endpoint should not be available if its plugin is unavailable' do  
9 - endpoint = mock()  
10 - environment = Environment.default  
11 - environment.stubs(:plugin_enabled?).returns(false)  
12 - endpoint.stubs(:options).returns({:for => MyPlugin::API})  
13 -  
14 - assert Noosfero::API::API.endpoint_unavailable?(endpoint, environment)  
15 - end  
16 -  
17 - should 'endpoint should be available if its plugin is available' do  
18 - class MyPlugin < Noosfero::Plugin;end  
19 - class MyPlugin::API;end  
20 -  
21 - endpoint = mock()  
22 - environment = Environment.default  
23 - environment.stubs(:plugin_enabled?).returns(true)  
24 - endpoint.stubs(:options).returns({:for => MyPlugin::API})  
25 -  
26 - assert !Noosfero::API::API.endpoint_unavailable?(endpoint, environment)  
27 - end  
28 -  
29 -end  
test/unit/api/articles_test.rb
View file @0694e6b
@@ -1,667 +0,0 @@ @@ -1,667 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class ArticlesTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - login_api  
7 - end  
8 -  
9 - should 'list articles' do  
10 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
11 - get "/api/v1/articles/?#{params.to_query}"  
12 - json = JSON.parse(last_response.body)  
13 - assert_includes json["articles"].map { |a| a["id"] }, article.id  
14 - end  
15 -  
16 - should 'get profile homepage' do  
17 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
18 - person.home_page=article  
19 - person.save!  
20 -  
21 - get "/api/v1/profiles/#{person.id}/home_page?#{params.to_query}"  
22 - json = JSON.parse(last_response.body)  
23 - assert_equal article.id, json["article"]["id"]  
24 - end  
25 -  
26 - should 'not list forbidden article when listing articles' do  
27 - person = fast_create(Person)  
28 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
29 - assert !article.published?  
30 -  
31 - get "/api/v1/articles?#{params.to_query}"  
32 - json = JSON.parse(last_response.body)  
33 - assert_not_includes json['articles'].map {|a| a['id']}, article.id  
34 - end  
35 -  
36 - should 'return article by id' do  
37 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
38 - get "/api/v1/articles/#{article.id}?#{params.to_query}"  
39 - json = JSON.parse(last_response.body)  
40 - assert_equal article.id, json["article"]["id"]  
41 - end  
42 -  
43 - should 'not return article if user has no permission to view it' do  
44 - person = fast_create(Person, :environment_id => environment.id)  
45 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
46 - assert !article.published?  
47 -  
48 - get "/api/v1/articles/#{article.id}?#{params.to_query}"  
49 - assert_equal 403, last_response.status  
50 - end  
51 -  
52 - should 'follow a article identified by id' do  
53 - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")  
54 - post "/api/v1/articles/#{article.id}/follow?#{params.to_query}"  
55 - json = JSON.parse(last_response.body)  
56 -  
57 - assert_not_equal 401, last_response.status  
58 - assert_equal true, json['success']  
59 - end  
60 -  
61 - should 'return the followers count of an article' do  
62 - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")  
63 - article.person_followers << @person  
64 -  
65 - get "/api/v1/articles/#{article.id}?#{params.to_query}"  
66 - json = JSON.parse(last_response.body)  
67 -  
68 - assert_equal 200, last_response.status  
69 - assert_equal 1, json['article']['followers_count']  
70 - end  
71 -  
72 - should 'return the followers of a article identified by id' do  
73 - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")  
74 -  
75 - article_follower = ArticleFollower.new  
76 - article_follower.article = article  
77 - article_follower.person = @person  
78 - article_follower.save!  
79 -  
80 - get "/api/v1/articles/#{article.id}/followers?#{params.to_query}"  
81 - json = JSON.parse(last_response.body)  
82 -  
83 - assert_equal 200, last_response.status  
84 - assert_equal 1, json['total_followers']  
85 - end  
86 -  
87 - should 'list articles followed by me' do  
88 - article1 = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
89 - fast_create(Article, :profile_id => user.person.id, :name => "Some other thing")  
90 - article1.person_followers << @person  
91 - get "/api/v1/articles/followed_by_me?#{params.to_query}"  
92 - json = JSON.parse(last_response.body)  
93 - assert_equal [article1.id], json['articles'].map { |a| a['id'] }  
94 - end  
95 -  
96 -  
97 - should 'list article children' do  
98 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
99 - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")  
100 - child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")  
101 - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"  
102 - json = JSON.parse(last_response.body)  
103 - assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }  
104 - end  
105 -  
106 - should 'list public article children for not logged in access' do  
107 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
108 - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")  
109 - child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")  
110 - get "/api/v1/articles/#{article.id}/children"  
111 - json = JSON.parse(last_response.body)  
112 - assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }  
113 - end  
114 -  
115 - should 'not list children of forbidden article' do  
116 - person = fast_create(Person, :environment_id => environment.id)  
117 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
118 - child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")  
119 - child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")  
120 - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"  
121 - assert_equal 403, last_response.status  
122 - end  
123 -  
124 - should 'not return child of forbidden article' do  
125 - person = fast_create(Person, :environment_id => environment.id)  
126 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
127 - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")  
128 - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"  
129 - assert_equal 403, last_response.status  
130 - end  
131 -  
132 - should 'not return private child' do  
133 - person = fast_create(Person, :environment_id => environment.id)  
134 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing")  
135 - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)  
136 - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"  
137 - assert_equal 403, last_response.status  
138 - end  
139 -  
140 - should 'not list private child' do  
141 - person = fast_create(Person, :environment_id => environment.id)  
142 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing")  
143 - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)  
144 - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"  
145 - json = JSON.parse(last_response.body)  
146 - assert_not_includes json['articles'].map {|a| a['id']}, child.id  
147 - end  
148 -  
149 - should 'perform a vote in a article identified by id' do  
150 - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")  
151 - @params[:value] = 1  
152 -  
153 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"  
154 - json = JSON.parse(last_response.body)  
155 -  
156 - assert_not_equal 401, last_response.status  
157 - assert_equal true, json['vote']  
158 - end  
159 -  
160 - expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count)  
161 -  
162 - expose_attributes.each do |attr|  
163 - should "expose article #{attr} attribute by default" do  
164 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
165 - get "/api/v1/articles/?#{params.to_query}"  
166 - json = JSON.parse(last_response.body)  
167 - assert json["articles"].last.has_key?(attr)  
168 - end  
169 - end  
170 -  
171 - should 'not perform a vote twice in same article' do  
172 - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")  
173 - @params[:value] = 1  
174 - ## Perform a vote twice in API should compute only one vote  
175 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"  
176 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"  
177 -  
178 - total = article.votes_total  
179 -  
180 - assert_equal 1, total  
181 - end  
182 -  
183 - should 'not perform a vote in favor and against a proposal' do  
184 - article = fast_create(Article, :profile_id => @person.id, :name => "Some thing")  
185 - @params[:value] = 1  
186 - ## Perform a vote in favor a proposal  
187 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"  
188 - json = JSON.parse(last_response.body)  
189 - assert_equal 201, last_response.status  
190 - ## Perform a vote against a proposal  
191 - @params[:value] = -1  
192 - post "/api/v1/articles/#{article.id}/vote?#{params.to_query}"  
193 - json = JSON.parse(last_response.body)  
194 - ## The api should not allow to save this vote  
195 - assert_equal 400, last_response.status  
196 - end  
197 -  
198 - should "update body of article created by me" do  
199 - new_value = "Another body"  
200 - params[:article] = {:body => new_value}  
201 - article = fast_create(Article, :profile_id => person.id)  
202 - post "/api/v1/articles/#{article.id}?#{params.to_query}"  
203 - json = JSON.parse(last_response.body)  
204 - assert_equal new_value, json["article"]["body"]  
205 - end  
206 -  
207 - should "update title of article created by me" do  
208 - new_value = "Another name"  
209 - params[:article] = {:name => new_value}  
210 - article = fast_create(Article, :profile_id => person.id)  
211 - post "/api/v1/articles/#{article.id}?#{params.to_query}"  
212 - json = JSON.parse(last_response.body)  
213 - assert_equal new_value, json["article"]["title"]  
214 - end  
215 -  
216 - should 'not update article of another user' do  
217 - another_person = fast_create(Person, :environment_id => environment.id)  
218 - article = fast_create(Article, :profile_id => another_person.id)  
219 - params[:article] = {:title => 'Some title'}  
220 - post "/api/v1/articles/#{article.id}?#{params.to_query}"  
221 - assert_equal 403, last_response.status  
222 - end  
223 -  
224 - should 'not update article without permission in community' do  
225 - community = fast_create(Community, :environment_id => environment.id)  
226 - article = fast_create(Article, :profile_id => community.id)  
227 - params[:article] = {:name => 'New title'}  
228 - post "/api/v1/articles/#{article.id}?#{params.to_query}"  
229 - assert_equal 403, last_response.status  
230 - end  
231 -  
232 -  
233 - should 'update article of community if user has permission' do  
234 - community = fast_create(Community, :environment_id => environment.id)  
235 - give_permission(person, 'post_content', community)  
236 - article = fast_create(Article, :profile_id => community.id)  
237 - new_value = "Another body"  
238 - params[:article] = {:body => new_value}  
239 - post "/api/v1/articles/#{article.id}?#{params.to_query}"  
240 - json = JSON.parse(last_response.body)  
241 - assert_equal new_value, json["article"]["body"]  
242 - end  
243 -  
244 - should 'list articles with pagination' do  
245 - Article.destroy_all  
246 - article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing", :created_at => 2.days.ago)  
247 - article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :created_at => 1.day.ago)  
248 -  
249 - params[:page] = 1  
250 - params[:per_page] = 1  
251 - get "/api/v1/articles/?#{params.to_query}"  
252 - json_page_one = JSON.parse(last_response.body)  
253 -  
254 - params[:page] = 2  
255 - params[:per_page] = 1  
256 - get "/api/v1/articles/?#{params.to_query}"  
257 - json_page_two = JSON.parse(last_response.body)  
258 -  
259 - assert_includes json_page_one["articles"].map { |a| a["id"] }, article_two.id  
260 - assert_not_includes json_page_one["articles"].map { |a| a["id"] }, article_one.id  
261 -  
262 - assert_includes json_page_two["articles"].map { |a| a["id"] }, article_one.id  
263 - assert_not_includes json_page_two["articles"].map { |a| a["id"] }, article_two.id  
264 - end  
265 -  
266 - should 'list articles with timestamp' do  
267 - article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing")  
268 - article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
269 -  
270 - article_one.updated_at = Time.now + 3.hours  
271 - article_one.save!  
272 -  
273 - params[:timestamp] = Time.now + 1.hours  
274 - get "/api/v1/articles/?#{params.to_query}"  
275 - json = JSON.parse(last_response.body)  
276 -  
277 - assert_includes json["articles"].map { |a| a["id"] }, article_one.id  
278 - assert_not_includes json["articles"].map { |a| a["id"] }, article_two.id  
279 - end  
280 -  
281 - #############################  
282 - # Profile Articles #  
283 - #############################  
284 -  
285 - profile_kinds = %w(community person enterprise)  
286 - profile_kinds.each do |kind|  
287 - should "return article by #{kind}" do  
288 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
289 - article = fast_create(Article, :profile_id => profile.id, :name => "Some thing")  
290 - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"  
291 - json = JSON.parse(last_response.body)  
292 - assert_equal article.id, json["article"]["id"]  
293 - end  
294 -  
295 - should "not return article by #{kind} if user has no permission to view it" do  
296 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
297 - article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)  
298 - assert !article.published?  
299 -  
300 - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.id}?#{params.to_query}"  
301 - assert_equal 403, last_response.status  
302 - end  
303 -  
304 - should "not list forbidden article when listing articles by #{kind}" do  
305 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
306 - article = fast_create(Article, :profile_id => profile.id, :name => "Some thing", :published => false)  
307 - assert !article.published?  
308 -  
309 - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
310 - json = JSON.parse(last_response.body)  
311 - assert_not_includes json['articles'].map {|a| a['id']}, article.id  
312 - end  
313 -  
314 - should "return article by #{kind} and path" do  
315 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
316 - parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")  
317 - article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article)  
318 -  
319 - params[:path] = parent_article.slug+'/'+article.slug  
320 - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
321 - json = JSON.parse(last_response.body)  
322 - assert_equal article.id, json["article"]["id"]  
323 - end  
324 -  
325 - should "not return article by #{kind} and path if user has no permission to view it" do  
326 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
327 - parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")  
328 - article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article, :published => false)  
329 -  
330 - assert !article.published?  
331 -  
332 - params[:path] = parent_article.slug+'/'+article.slug  
333 - get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
334 - assert_equal 403, last_response.status  
335 - end  
336 - end  
337 -  
338 - #############################  
339 - # Group Profile Articles #  
340 - #############################  
341 -  
342 - group_kinds = %w(community enterprise)  
343 - group_kinds.each do |kind|  
344 - should "#{kind}: create article" do  
345 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
346 - give_permission(user.person, 'post_content', profile)  
347 - params[:article] = {:name => "Title"}  
348 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
349 - json = JSON.parse(last_response.body)  
350 - assert_equal "Title", json["article"]["title"]  
351 - end  
352 -  
353 - should "#{kind}: do not create article if user has no permission to post content" do  
354 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
355 - give_permission(user.person, 'invite_members', profile)  
356 - params[:article] = {:name => "Title"}  
357 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
358 - assert_equal 403, last_response.status  
359 - end  
360 -  
361 - should "#{kind} create article with parent" do  
362 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
363 - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)  
364 - article = fast_create(Article)  
365 -  
366 - params[:article] = {:name => "Title", :parent_id => article.id}  
367 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
368 - json = JSON.parse(last_response.body)  
369 - assert_equal article.id, json["article"]["parent"]["id"]  
370 - end  
371 -  
372 - should "#{kind} create article with content type passed as parameter" do  
373 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
374 - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)  
375 -  
376 - Article.delete_all  
377 - params[:article] = {:name => "Title"}  
378 - params[:content_type] = 'TextArticle'  
379 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
380 - json = JSON.parse(last_response.body)  
381 -  
382 - assert_kind_of TextArticle, Article.last  
383 - end  
384 -  
385 - should "#{kind}: create article of TinyMceArticle type if no content type is passed as parameter" do  
386 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
387 - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)  
388 -  
389 - params[:article] = {:name => "Title"}  
390 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
391 - json = JSON.parse(last_response.body)  
392 -  
393 - assert_kind_of TinyMceArticle, Article.last  
394 - end  
395 -  
396 - should "#{kind}: not create article with invalid article content type" do  
397 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
398 - profile.add_member(user.person)  
399 -  
400 - params[:article] = {:name => "Title"}  
401 - params[:content_type] = 'Person'  
402 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
403 - json = JSON.parse(last_response.body)  
404 -  
405 - assert_equal 403, last_response.status  
406 - end  
407 -  
408 - should "#{kind} create article defining the correct profile" do  
409 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
410 - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)  
411 -  
412 - params[:article] = {:name => "Title"}  
413 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
414 - json = JSON.parse(last_response.body)  
415 -  
416 - assert_equal profile.id, json['article']['profile']['id']  
417 - end  
418 -  
419 - should "#{kind}: create article defining the created_by" do  
420 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
421 - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)  
422 -  
423 - params[:article] = {:name => "Title"}  
424 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
425 - json = JSON.parse(last_response.body)  
426 -  
427 - assert_equal user.person, Article.last.created_by  
428 - end  
429 -  
430 - should "#{kind}: create article defining the last_changed_by" do  
431 - profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)  
432 - Person.any_instance.stubs(:can_post_content?).with(profile).returns(true)  
433 -  
434 - params[:article] = {:name => "Title"}  
435 - post "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"  
436 - json = JSON.parse(last_response.body)  
437 -  
438 - assert_equal user.person, Article.last.last_changed_by  
439 - end  
440 - end  
441 -  
442 - #############################  
443 - # Person Articles #  
444 - #############################  
445 -  
446 - should 'create article in a person' do  
447 - params[:article] = {:name => "Title"}  
448 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
449 - json = JSON.parse(last_response.body)  
450 - assert_equal "Title", json["article"]["title"]  
451 - end  
452 -  
453 - should 'person do not create article if user has no permission to post content' do  
454 - person = fast_create(Person, :environment_id => environment.id)  
455 - params[:article] = {:name => "Title"}  
456 - post "/api/v1/people/#{person.id}/articles?#{params.to_query}"  
457 - assert_equal 403, last_response.status  
458 - end  
459 -  
460 - should 'person create article with parent' do  
461 - article = fast_create(Article)  
462 -  
463 - params[:article] = {:name => "Title", :parent_id => article.id}  
464 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
465 - json = JSON.parse(last_response.body)  
466 - assert_equal article.id, json["article"]["parent"]["id"]  
467 - end  
468 -  
469 - should 'person create article with content type passed as parameter' do  
470 - Article.delete_all  
471 - params[:article] = {:name => "Title"}  
472 - params[:content_type] = 'TextArticle'  
473 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
474 - json = JSON.parse(last_response.body)  
475 -  
476 - assert_kind_of TextArticle, Article.last  
477 - end  
478 -  
479 - should 'person create article of TinyMceArticle type if no content type is passed as parameter' do  
480 - params[:article] = {:name => "Title"}  
481 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
482 - json = JSON.parse(last_response.body)  
483 -  
484 - assert_kind_of TinyMceArticle, Article.last  
485 - end  
486 -  
487 - should 'person not create article with invalid article content type' do  
488 - params[:article] = {:name => "Title"}  
489 - params[:content_type] = 'Person'  
490 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
491 - json = JSON.parse(last_response.body)  
492 -  
493 - assert_equal 403, last_response.status  
494 - end  
495 -  
496 - should 'person create article defining the correct profile' do  
497 - params[:article] = {:name => "Title"}  
498 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
499 - json = JSON.parse(last_response.body)  
500 -  
501 - assert_equal user.person, Article.last.profile  
502 - end  
503 -  
504 - should 'person create article defining the created_by' do  
505 - params[:article] = {:name => "Title"}  
506 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
507 - json = JSON.parse(last_response.body)  
508 -  
509 - assert_equal user.person, Article.last.created_by  
510 - end  
511 -  
512 - should 'person create article defining the last_changed_by' do  
513 - params[:article] = {:name => "Title"}  
514 - post "/api/v1/people/#{user.person.id}/articles?#{params.to_query}"  
515 - json = JSON.parse(last_response.body)  
516 -  
517 - assert_equal user.person, Article.last.last_changed_by  
518 - end  
519 -  
520 - should 'list article children with partial fields' do  
521 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
522 - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")  
523 - params[:fields] = [:title]  
524 - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"  
525 - json = JSON.parse(last_response.body)  
526 - assert_equal ['title'], json['articles'].first.keys  
527 - end  
528 -  
529 - should 'suggest article children' do  
530 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
531 - params[:target_id] = user.person.id  
532 - params[:article] = {:name => "Article name", :body => "Article body"}  
533 - assert_difference "SuggestArticle.count" do  
534 - post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"  
535 - end  
536 - json = JSON.parse(last_response.body)  
537 - assert_equal 'SuggestArticle', json['task']['type']  
538 - end  
539 -  
540 - should 'suggest event children' do  
541 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
542 - params[:target_id] = user.person.id  
543 - params[:article] = {:name => "Article name", :body => "Article body", :type => "Event"}  
544 - assert_difference "SuggestArticle.count" do  
545 - post "/api/v1/articles/#{article.id}/children/suggest?#{params.to_query}"  
546 - end  
547 - json = JSON.parse(last_response.body)  
548 - assert_equal 'SuggestArticle', json['task']['type']  
549 - end  
550 -  
551 - should 'update hit attribute of article children' do  
552 - a1 = fast_create(Article, :profile_id => user.person.id)  
553 - a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)  
554 - a3 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)  
555 - get "/api/v1/articles/#{a1.id}/children?#{params.to_query}"  
556 - json = JSON.parse(last_response.body)  
557 - assert_equal [1, 1], json['articles'].map { |a| a['hits']}  
558 - assert_equal [0, 1, 1], [a1.reload.hits, a2.reload.hits, a3.reload.hits]  
559 - end  
560 -  
561 - should 'update hit attribute of article specific children' do  
562 - a1 = fast_create(Article, :profile_id => user.person.id)  
563 - a2 = fast_create(Article, :parent_id => a1.id, :profile_id => user.person.id)  
564 - get "/api/v1/articles/#{a1.id}/children/#{a2.id}?#{params.to_query}"  
565 - json = JSON.parse(last_response.body)  
566 - assert_equal 1, json['article']['hits']  
567 - end  
568 -  
569 - should 'list all events of a community in a given category' do  
570 - co = Community.create(identifier: 'my-community', name: 'name-my-community')  
571 - c1 = Category.create(environment: Environment.default, name: 'my-category')  
572 - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')  
573 - e1 = fast_create(Event, :profile_id => co.id)  
574 - e2 = fast_create(Event, :profile_id => co.id)  
575 - e1.categories << c1  
576 - e2.categories << c2  
577 - e1.save!  
578 - e2.save!  
579 - params['content_type']='Event'  
580 - get "api/v1/communities/#{co.id}/articles?#{params.to_query}"  
581 - json = JSON.parse(last_response.body)  
582 - assert_equal json['articles'].count, 2  
583 - end  
584 -  
585 - should 'list a event of a community in a given category' do  
586 - co = Community.create(identifier: 'my-community', name: 'name-my-community')  
587 - c1 = Category.create(environment: Environment.default, name: 'my-category')  
588 - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')  
589 - e1 = fast_create(Event, :profile_id => co.id)  
590 - e2 = fast_create(Event, :profile_id => co.id)  
591 - e1.categories << c1  
592 - e2.categories << c2  
593 - e1.save!  
594 - e2.save!  
595 - params['category_ids[]']=c1.id  
596 - params['content_type']='Event'  
597 - get "api/v1/communities/#{co.id}/articles?#{params.to_query}"  
598 - json = JSON.parse(last_response.body)  
599 - #should show only one article, since the other not in the same category  
600 - assert_equal 1, json['articles'].count  
601 - assert_equal e1.id, json['articles'][0]['id']  
602 - end  
603 -  
604 - should 'not list uncategorized event of a community if a category is given' do  
605 - co = Community.create(identifier: 'my-community', name: 'name-my-community')  
606 - c1 = Category.create(environment: Environment.default, name: 'my-category')  
607 - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')  
608 - e1 = fast_create(Event, :profile_id => co.id)  
609 - e2 = fast_create(Event, :profile_id => co.id)  
610 - e3 = fast_create(Event, :profile_id => co.id)  
611 - e1.categories << c1  
612 - e2.categories << c2  
613 - params['category_ids[]']=c1.id  
614 - params['content_type']='Event'  
615 - get "api/v1/communities/#{co.id}/articles?#{params.to_query}"  
616 - json = JSON.parse(last_response.body)  
617 - assert_equal 1, json['articles'].count  
618 - assert_equal e1.id, json['articles'][0]['id']  
619 - end  
620 -  
621 - should 'list events of a community in a given 2 categories' do  
622 - co = Community.create(identifier: 'my-community', name: 'name-my-community')  
623 - c1 = Category.create(environment: Environment.default, name: 'my-category')  
624 - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')  
625 - e1 = fast_create(Event, :profile_id => co.id)  
626 - e2 = fast_create(Event, :profile_id => co.id)  
627 - e1.categories << c1  
628 - e2.categories << c2  
629 - e1.save!  
630 - e2.save!  
631 - params['content_type']='Event'  
632 - params['categories_ids'] = [c1.id, c2.id]  
633 - get "api/v1/communities/#{co.id}/articles?#{params.to_query}"  
634 - json = JSON.parse(last_response.body)  
635 - assert_equal json['articles'].count, 2  
636 - end  
637 -  
638 - should 'Show 2 events since it uses an IN operator for category instead of an OR' do  
639 - co = Community.create(identifier: 'my-community', name: 'name-my-community')  
640 - c1 = Category.create(environment: Environment.default, name: 'my-category')  
641 - c2 = Category.create(environment: Environment.default, name: 'dont-show-me-this-category')  
642 - c3 = Category.create(environment: Environment.default, name: 'extra-category')  
643 - e1 = fast_create(Event, :profile_id => co.id)  
644 - e2 = fast_create(Event, :profile_id => co.id)  
645 - e1.categories << c1  
646 - e2.categories << c2  
647 - e1.save!  
648 - e2.save!  
649 - params['content_type']='Event'  
650 - params['categories_ids'] = [c1.id, c2.id, c3.id]  
651 - get "api/v1/communities/#{co.id}/articles?#{params.to_query}"  
652 - json = JSON.parse(last_response.body)  
653 - assert_equal json['articles'].count, 2  
654 - end  
655 -  
656 - ARTICLE_ATTRIBUTES = %w(votes_count comments_count)  
657 -  
658 - ARTICLE_ATTRIBUTES.map do |attribute|  
659 -  
660 - define_method "test_should_expose_#{attribute}_attribute_in_article_enpoints" do  
661 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
662 - get "/api/v1/articles/#{article.id}?#{params.to_query}"  
663 - json = JSON.parse(last_response.body)  
664 - assert_not_nil json['article'][attribute]  
665 - end  
666 - end  
667 -end  
test/unit/api/boxes_test.rb
View file @0694e6b
@@ -1,42 +0,0 @@ @@ -1,42 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class BoxesTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - @controller = AccountController.new  
7 - @request = ActionController::TestRequest.new  
8 - login_api  
9 -# @request = ActionController::TestRequest.new  
10 - end  
11 -  
12 - kinds= %w[Profile Community Person Enterprise Environment]  
13 - kinds.each do |kind|  
14 - should "get_boxes_from_#{kind.downcase.pluralize}" do  
15 - context_obj = fast_create(kind.constantize)  
16 - box = fast_create(Box, :owner_id => context_obj.id, :owner_type => (kind == 'Environment') ? 'Environment' : 'Profile')  
17 - get "/api/v1/#{kind.downcase.pluralize}/#{context_obj.id}/boxes?#{params.to_query}"  
18 - json = JSON.parse(last_response.body)  
19 - assert_equal box.id, json["boxes"].first["id"]  
20 - end  
21 - end  
22 -  
23 - should 'get boxes from default environment' do  
24 - Environment.delete_all  
25 - environment = fast_create(Environment, :is_default => true)  
26 - box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')  
27 - get "/api/v1/environments/default/boxes?#{params.to_query}"  
28 - json = JSON.parse(last_response.body)  
29 - assert_equal box.id, json["boxes"].first["id"]  
30 - end  
31 -  
32 - should 'get boxes from context environment' do  
33 - env = fast_create(Environment, :is_default => true)  
34 - env2 = fast_create(Environment).domains << Domain.new(:name => 'test.host')  
35 - box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment')  
36 - get "/api/v1/environments/context/boxes?#{params.to_query}"  
37 -  
38 - json = JSON.parse(last_response.body)  
39 - assert_equal box.id, json["boxes"].first["id"]  
40 - end  
41 -  
42 -end  
test/unit/api/categories_test.rb
View file @0694e6b
@@ -1,97 +0,0 @@ @@ -1,97 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class CategoriesTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - login_api  
7 - end  
8 -  
9 - should 'list categories' do  
10 - category = fast_create(Category, :environment_id => environment.id)  
11 - get "/api/v1/categories/?#{params.to_query}"  
12 - json = JSON.parse(last_response.body)  
13 - assert_includes json["categories"].map { |c| c["name"] }, category.name  
14 - end  
15 -  
16 - should 'get category by id' do  
17 - category = fast_create(Category, :environment_id => environment.id)  
18 - get "/api/v1/categories/#{category.id}/?#{params.to_query}"  
19 - json = JSON.parse(last_response.body)  
20 - assert_equal category.name, json["category"]["name"]  
21 - end  
22 -  
23 - should 'list parent and children when get category by id' do  
24 - parent = fast_create(Category, :environment_id => environment.id)  
25 - child_1 = fast_create(Category, :environment_id => environment.id)  
26 - child_2 = fast_create(Category, :environment_id => environment.id)  
27 -  
28 - category = fast_create(Category, :environment_id => environment.id)  
29 - category.parent = parent  
30 - category.children << child_1  
31 - category.children << child_2  
32 - category.save  
33 -  
34 - get "/api/v1/categories/#{category.id}/?#{params.to_query}"  
35 - json = JSON.parse(last_response.body)  
36 - assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent'])  
37 - assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] }  
38 - end  
39 -  
40 - should 'include parent in categories list if params is true' do  
41 - parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category  
42 - child_1 = fast_create(Category, :environment_id => environment.id)  
43 - child_2 = fast_create(Category, :environment_id => environment.id)  
44 -  
45 - parent_2 = fast_create(Category, :environment_id => environment.id)  
46 - parent_2.parent = parent_1  
47 - parent_2.children << child_1  
48 - parent_2.children << child_2  
49 - parent_2.save  
50 -  
51 - get "/api/v1/categories/?#{params.to_query}"  
52 - json = JSON.parse(last_response.body)  
53 - assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq  
54 -  
55 - params[:include_parent] = true  
56 - get "/api/v1/categories/?#{params.to_query}"  
57 - json = JSON.parse(last_response.body)  
58 - assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id],  
59 - json["categories"].map { |c| c['parent'] && c['parent']['id'] }  
60 - end  
61 -  
62 - should 'include children in categories list if params is true' do  
63 - category = fast_create(Category, :environment_id => environment.id)  
64 - child_1 = fast_create(Category, :environment_id => environment.id)  
65 - child_2 = fast_create(Category, :environment_id => environment.id)  
66 - child_3 = fast_create(Category, :environment_id => environment.id)  
67 -  
68 - category.children << child_1  
69 - category.children << child_2  
70 - category.save  
71 -  
72 - child_1.children << child_3  
73 - child_1.save  
74 -  
75 - get "/api/v1/categories/?#{params.to_query}"  
76 - json = JSON.parse(last_response.body)  
77 - assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq  
78 -  
79 - params[:include_children] = true  
80 - get "/api/v1/categories/?#{params.to_query}"  
81 - json = JSON.parse(last_response.body)  
82 - assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort],  
83 - json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort }  
84 - end  
85 -  
86 - expose_attributes = %w(id name full_name image display_color)  
87 -  
88 - expose_attributes.each do |attr|  
89 - should "expose category #{attr} attribute by default" do  
90 - category = fast_create(Category, :environment_id => environment.id)  
91 - get "/api/v1/categories/?#{params.to_query}"  
92 - json = JSON.parse(last_response.body)  
93 - assert json["categories"].last.has_key?(attr)  
94 - end  
95 - end  
96 -  
97 -end  
test/unit/api/comments_test.rb
View file @0694e6b
@@ -1,81 +0,0 @@ @@ -1,81 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class CommentsTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - login_api  
7 - end  
8 -  
9 - should 'not list comments if user has no permission to view the source article' do  
10 - person = fast_create(Person)  
11 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
12 - assert !article.published?  
13 -  
14 - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"  
15 - assert_equal 403, last_response.status  
16 - end  
17 -  
18 - should 'not return comment if user has no permission to view the source article' do  
19 - person = fast_create(Person)  
20 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
21 - comment = article.comments.create!(:body => "another comment", :author => user.person)  
22 - assert !article.published?  
23 -  
24 - get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"  
25 - assert_equal 403, last_response.status  
26 - end  
27 -  
28 - should 'not comment an article if user has no permission to view it' do  
29 - person = fast_create(Person)  
30 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
31 - assert !article.published?  
32 -  
33 - post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"  
34 - assert_equal 403, last_response.status  
35 - end  
36 -  
37 - should 'return comments of an article' do  
38 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
39 - article.comments.create!(:body => "some comment", :author => user.person)  
40 - article.comments.create!(:body => "another comment", :author => user.person)  
41 -  
42 - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"  
43 - json = JSON.parse(last_response.body)  
44 - assert_equal 200, last_response.status  
45 - assert_equal 2, json["comments"].length  
46 - end  
47 -  
48 - should 'return comment of an article' do  
49 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
50 - comment = article.comments.create!(:body => "another comment", :author => user.person)  
51 -  
52 - get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"  
53 - json = JSON.parse(last_response.body)  
54 - assert_equal 200, last_response.status  
55 - assert_equal comment.id, json['comment']['id']  
56 - end  
57 -  
58 - should 'comment an article' do  
59 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
60 - body = 'My comment'  
61 - params.merge!({:body => body})  
62 -  
63 - post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"  
64 - json = JSON.parse(last_response.body)  
65 - assert_equal 201, last_response.status  
66 - assert_equal body, json['comment']['body']  
67 - end  
68 -  
69 - should 'comment creation define the source' do  
70 - amount = Comment.count  
71 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
72 - body = 'My comment'  
73 - params.merge!({:body => body})  
74 -  
75 - post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"  
76 - assert_equal amount + 1, Comment.count  
77 - comment = Comment.last  
78 - assert_not_nil comment.source  
79 - end  
80 -  
81 -end  
test/unit/api/communities_test.rb
View file @0694e6b
@@ -1,160 +0,0 @@ @@ -1,160 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class CommunitiesTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - Community.delete_all  
7 - login_api  
8 - end  
9 -  
10 - should 'list only communities' do  
11 - community = fast_create(Community, :environment_id => environment.id)  
12 - enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise  
13 - get "/api/v1/communities?#{params.to_query}"  
14 - json = JSON.parse(last_response.body)  
15 - assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id  
16 - assert_includes json['communities'].map {|c| c['id']}, community.id  
17 - end  
18 -  
19 - should 'list all communities' do  
20 - community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)  
21 - community2 = fast_create(Community, :environment_id => environment.id)  
22 - get "/api/v1/communities?#{params.to_query}"  
23 - json = JSON.parse(last_response.body)  
24 - assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}  
25 - end  
26 -  
27 - should 'not list invisible communities' do  
28 - community1 = fast_create(Community, :environment_id => environment.id)  
29 - fast_create(Community, :environment_id => environment.id, :visible => false)  
30 -  
31 - get "/api/v1/communities?#{params.to_query}"  
32 - json = JSON.parse(last_response.body)  
33 - assert_equal [community1.id], json['communities'].map {|c| c['id']}  
34 - end  
35 -  
36 - should 'not list private communities without permission' do  
37 - community1 = fast_create(Community, :environment_id => environment.id)  
38 - fast_create(Community, :environment_id => environment.id, :public_profile => false)  
39 -  
40 - get "/api/v1/communities?#{params.to_query}"  
41 - json = JSON.parse(last_response.body)  
42 - assert_equal [community1.id], json['communities'].map {|c| c['id']}  
43 - end  
44 -  
45 - should 'list private community for members' do  
46 - c1 = fast_create(Community, :environment_id => environment.id)  
47 - c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)  
48 - c2.add_member(person)  
49 -  
50 - get "/api/v1/communities?#{params.to_query}"  
51 - json = JSON.parse(last_response.body)  
52 - assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']}  
53 - end  
54 -  
55 - should 'create a community' do  
56 - params[:community] = {:name => 'some'}  
57 - post "/api/v1/communities?#{params.to_query}"  
58 - json = JSON.parse(last_response.body)  
59 - assert_equal 'some', json['community']['name']  
60 - end  
61 -  
62 - should 'return 400 status for invalid community creation' do  
63 - post "/api/v1/communities?#{params.to_query}"  
64 - json = JSON.parse(last_response.body)  
65 - assert_equal 400, last_response.status  
66 - end  
67 -  
68 - should 'get community' do  
69 - community = fast_create(Community, :environment_id => environment.id)  
70 -  
71 - get "/api/v1/communities/#{community.id}?#{params.to_query}"  
72 - json = JSON.parse(last_response.body)  
73 - assert_equal community.id, json['community']['id']  
74 - end  
75 -  
76 - should 'not get invisible community' do  
77 - community = fast_create(Community, :environment_id => environment.id, :visible => false)  
78 -  
79 - get "/api/v1/communities/#{community.id}?#{params.to_query}"  
80 - json = JSON.parse(last_response.body)  
81 - assert json['community'].blank?  
82 - end  
83 -  
84 - should 'not get private communities without permission' do  
85 - community = fast_create(Community, :environment_id => environment.id)  
86 - fast_create(Community, :environment_id => environment.id, :public_profile => false)  
87 -  
88 - get "/api/v1/communities/#{community.id}?#{params.to_query}"  
89 - json = JSON.parse(last_response.body)  
90 - assert_equal community.id, json['community']['id']  
91 - end  
92 -  
93 - should 'get private community for members' do  
94 - community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)  
95 - community.add_member(person)  
96 -  
97 -  
98 - get "/api/v1/communities/#{community.id}?#{params.to_query}"  
99 - json = JSON.parse(last_response.body)  
100 - assert_equal community.id, json['community']['id']  
101 - end  
102 -  
103 - should 'list person communities' do  
104 - community = fast_create(Community, :environment_id => environment.id)  
105 - fast_create(Community, :environment_id => environment.id)  
106 - community.add_member(person)  
107 -  
108 - get "/api/v1/people/#{person.id}/communities?#{params.to_query}"  
109 - json = JSON.parse(last_response.body)  
110 - assert_equivalent [community.id], json['communities'].map {|c| c['id']}  
111 - end  
112 -  
113 - should 'not list person communities invisible' do  
114 - c1 = fast_create(Community, :environment_id => environment.id)  
115 - c2 = fast_create(Community, :environment_id => environment.id, :visible => false)  
116 - c1.add_member(person)  
117 - c2.add_member(person)  
118 -  
119 - get "/api/v1/people/#{person.id}/communities?#{params.to_query}"  
120 - json = JSON.parse(last_response.body)  
121 - assert_equivalent [c1.id], json['communities'].map {|c| c['id']}  
122 - end  
123 -  
124 - should 'list communities with pagination' do  
125 - community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago)  
126 - community2 = fast_create(Community, :created_at => 2.days.ago)  
127 -  
128 - params[:page] = 2  
129 - params[:per_page] = 1  
130 - get "/api/v1/communities?#{params.to_query}"  
131 - json_page_two = JSON.parse(last_response.body)  
132 -  
133 - params[:page] = 1  
134 - params[:per_page] = 1  
135 - get "/api/v1/communities?#{params.to_query}"  
136 - json_page_one = JSON.parse(last_response.body)  
137 -  
138 -  
139 - assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id  
140 - assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id  
141 -  
142 - assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id  
143 - assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id  
144 - end  
145 -  
146 - should 'list communities with timestamp' do  
147 - community1 = fast_create(Community, :public_profile => true)  
148 - community2 = fast_create(Community)  
149 -  
150 - community1.updated_at = Time.now + 3.hours  
151 - community1.save!  
152 -  
153 - params[:timestamp] = Time.now + 1.hours  
154 - get "/api/v1/communities/?#{params.to_query}"  
155 - json = JSON.parse(last_response.body)  
156 -  
157 - assert_includes json["communities"].map { |a| a["id"] }, community1.id  
158 - assert_not_includes json["communities"].map { |a| a["id"] }, community2.id  
159 - end  
160 -end  
test/unit/api/enterprises_test.rb
View file @0694e6b
@@ -1,110 +0,0 @@ @@ -1,110 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class EnterprisesTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - Enterprise.delete_all  
7 - login_api  
8 - end  
9 -  
10 - should 'list only enterprises' do  
11 - community = fast_create(Community, :environment_id => environment.id) # should not list this community  
12 - enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)  
13 - get "/api/v1/enterprises?#{params.to_query}"  
14 - json = JSON.parse(last_response.body)  
15 - assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id  
16 - assert_not_includes json['enterprises'].map {|c| c['id']}, community.id  
17 - end  
18 -  
19 - should 'list all enterprises' do  
20 - enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true)  
21 - enterprise2 = fast_create(Enterprise, :environment_id => environment.id)  
22 - get "/api/v1/enterprises?#{params.to_query}"  
23 - json = JSON.parse(last_response.body)  
24 - assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}  
25 - end  
26 -  
27 - should 'not list invisible enterprises' do  
28 - enterprise1 = fast_create(Enterprise, :environment_id => environment.id)  
29 - fast_create(Enterprise, :visible => false)  
30 -  
31 - get "/api/v1/enterprises?#{params.to_query}"  
32 - json = JSON.parse(last_response.body)  
33 - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}  
34 - end  
35 -  
36 - should 'not list private enterprises without permission' do  
37 - enterprise1 = fast_create(Enterprise, :environment_id => environment.id)  
38 - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)  
39 -  
40 - get "/api/v1/enterprises?#{params.to_query}"  
41 - json = JSON.parse(last_response.body)  
42 - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}  
43 - end  
44 -  
45 - should 'list private enterprise for members' do  
46 - c1 = fast_create(Enterprise, :environment_id => environment.id)  
47 - c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)  
48 - c2.add_member(person)  
49 -  
50 - get "/api/v1/enterprises?#{params.to_query}"  
51 - json = JSON.parse(last_response.body)  
52 - assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']}  
53 - end  
54 -  
55 - should 'get enterprise' do  
56 - enterprise = fast_create(Enterprise, :environment_id => environment.id)  
57 -  
58 - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"  
59 - json = JSON.parse(last_response.body)  
60 - assert_equal enterprise.id, json['enterprise']['id']  
61 - end  
62 -  
63 - should 'not get invisible enterprise' do  
64 - enterprise = fast_create(Enterprise, :visible => false)  
65 -  
66 - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"  
67 - json = JSON.parse(last_response.body)  
68 - assert json['enterprise'].blank?  
69 - end  
70 -  
71 - should 'not get private enterprises without permission' do  
72 - enterprise = fast_create(Enterprise, :environment_id => environment.id)  
73 - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)  
74 -  
75 - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"  
76 - json = JSON.parse(last_response.body)  
77 - assert_equal enterprise.id, json['enterprise']['id']  
78 - end  
79 -  
80 - should 'get private enterprise for members' do  
81 - enterprise = fast_create(Enterprise, :public_profile => false)  
82 - enterprise.add_member(person)  
83 -  
84 - get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}"  
85 - json = JSON.parse(last_response.body)  
86 - assert_equal enterprise.id, json['enterprise']['id']  
87 - end  
88 -  
89 - should 'list person enterprises' do  
90 - enterprise = fast_create(Enterprise, :environment_id => environment.id)  
91 - fast_create(Enterprise, :environment_id => environment.id)  
92 - enterprise.add_member(person)  
93 -  
94 - get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"  
95 - json = JSON.parse(last_response.body)  
96 - assert_equivalent [enterprise.id], json['enterprises'].map {|c| c['id']}  
97 - end  
98 -  
99 - should 'not list person enterprises invisible' do  
100 - c1 = fast_create(Enterprise, :environment_id => environment.id)  
101 - c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false)  
102 - c1.add_member(person)  
103 - c2.add_member(person)  
104 -  
105 - get "/api/v1/people/#{person.id}/enterprises?#{params.to_query}"  
106 - json = JSON.parse(last_response.body)  
107 - assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']}  
108 - end  
109 -  
110 -end  
test/unit/api/environment_test.rb
View file @0694e6b
@@ -1,38 +0,0 @@ @@ -1,38 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class EnvironmentTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - @person = create_user('testing').person  
7 - end  
8 - attr_reader :person  
9 -  
10 - should 'return the default environment' do  
11 - environment = Environment.default  
12 - get "/api/v1/environment/default"  
13 - json = JSON.parse(last_response.body)  
14 - assert_equal environment.id, json['id']  
15 - end  
16 -  
17 - should 'return created environment' do  
18 - environment = fast_create(Environment)  
19 - default_env = Environment.default  
20 - assert_not_equal environment.id, default_env.id  
21 - get "/api/v1/environment/#{environment.id}"  
22 - json = JSON.parse(last_response.body)  
23 - assert_equal environment.id, json['id']  
24 - end  
25 -  
26 - should 'return context environment' do  
27 - context_env = fast_create(Environment)  
28 - context_env.name = "example org"  
29 - context_env.save  
30 - context_env.domains<< Domain.new(:name => 'example.org')  
31 - default_env = Environment.default  
32 - assert_not_equal context_env.id, default_env.id  
33 - get "/api/v1/environment/context"  
34 - json = JSON.parse(last_response.body)  
35 - assert_equal context_env.id, json['id']  
36 - end  
37 -  
38 -end  
test/unit/api/helpers_test.rb
View file @0694e6b
@@ -1,245 +0,0 @@ @@ -1,245 +0,0 @@
1 -require_relative 'test_helper'  
2 -require 'noosfero/api/helpers'  
3 -  
4 -class APIHelpersTest < ActiveSupport::TestCase  
5 -  
6 - include Noosfero::API::APIHelpers  
7 -  
8 - def setup  
9 - @headers = {}  
10 - end  
11 -  
12 - attr_accessor :headers  
13 -  
14 - should 'get the current user with valid token' do  
15 - user = create_user('someuser')  
16 - user.generate_private_token!  
17 - self.params = {:private_token => user.private_token}  
18 - assert_equal user, current_user  
19 - end  
20 -  
21 - should 'get the current user with valid token in header' do  
22 - user = create_user('someuser')  
23 - user.generate_private_token!  
24 - headers['Private-Token'] = user.private_token  
25 - assert_equal user, current_user  
26 - end  
27 -  
28 - should 'get the current user even with expired token' do  
29 - user = create_user('someuser')  
30 - user.generate_private_token!  
31 - user.private_token_generated_at = DateTime.now.prev_year  
32 - user.save  
33 - self.params = {:private_token => user.private_token}  
34 - assert_equal user, current_user  
35 - end  
36 -  
37 - should 'get the person of current user' do  
38 - user = create_user('someuser')  
39 - user.generate_private_token!  
40 - self.params = {:private_token => user.private_token}  
41 - assert_equal user.person, current_person  
42 - end  
43 -  
44 -# #FIXME see how to make this test. Get the current_user variable  
45 -# should 'set current_user to nil after logout' do  
46 -# user = create_user('someuser')  
47 -# user.stubs(:private_token_expired?).returns(false)  
48 -# User.stubs(:find_by_private_token).returns(user)  
49 -# assert_not_nil current_user  
50 -# assert false  
51 -# logout  
52 -# end  
53 -  
54 - should 'limit be defined as the params limit value' do  
55 - local_limit = 30  
56 - self.params= {:limit => local_limit}  
57 - assert_equal local_limit, limit  
58 - end  
59 -  
60 - should 'return default limit if the limit parameter is minor than zero' do  
61 - self.params= {:limit => -1}  
62 - assert_equal 20, limit  
63 - end  
64 -  
65 - should 'the default limit be 20' do  
66 - assert_equal 20, limit  
67 - end  
68 -  
69 - should 'the beginning of the period be the first existent date if no from date is passsed as parameter' do  
70 - assert_equal Time.at(0).to_datetime, period(nil, nil).to_a[0]  
71 - end  
72 -  
73 - should 'the beginning of the period be from date passsed as parameter' do  
74 - from = DateTime.now  
75 - assert_equal from, period(from, nil).min  
76 - end  
77 -  
78 - should 'the end of the period be now if no until date is passsed as parameter' do  
79 - assert_in_delta DateTime.now, period(nil, nil).max  
80 - end  
81 -  
82 - should 'the end of the period be until date passsed as parameter' do  
83 - until_date = DateTime.now  
84 - assert_equal until_date, period(nil, until_date).max  
85 - end  
86 -  
87 - should 'parse_content_type return nil if its blank' do  
88 - assert_nil parse_content_type("")  
89 - end  
90 -  
91 - should 'parse_content_type be an array' do  
92 - assert_kind_of Array, parse_content_type("text_article")  
93 - end  
94 -  
95 - should 'parse_content_type return all content types as an array' do  
96 - assert_equivalent ['TextArticle','TinyMceArticle'], parse_content_type("TextArticle,TinyMceArticle")  
97 - end  
98 -  
99 - should 'find_article return article by id in list passed for user with permission' do  
100 - user = create_user('someuser')  
101 - a = fast_create(Article, :profile_id => user.person.id)  
102 - fast_create(Article, :profile_id => user.person.id)  
103 - fast_create(Article, :profile_id => user.person.id)  
104 -  
105 - user.generate_private_token!  
106 - User.expects(:find_by_private_token).returns(user)  
107 - assert_equal a, find_article(user.person.articles, a.id)  
108 - end  
109 -  
110 - should 'find_article return forbidden when a user try to access an article without permission' do  
111 - user = create_user('someuser')  
112 - p = fast_create(Profile)  
113 - a = fast_create(Article, :published => false, :profile_id => p.id)  
114 - fast_create(Article, :profile_id => p.id)  
115 -  
116 - user.generate_private_token!  
117 - User.expects(:find_by_private_token).returns(user)  
118 - assert_equal 403, find_article(p.articles, a.id).last  
119 - end  
120 -  
121 - should 'make_conditions_with_parameter return no created at parameter if it was not defined from or until parameters' do  
122 - assert_nil make_conditions_with_parameter[:created_at]  
123 - end  
124 -  
125 - should 'make_conditions_with_parameter return created_at parameter if from period is defined' do  
126 - assert_not_nil make_conditions_with_parameter(:from => '2010-10-10')[:created_at]  
127 - end  
128 -  
129 - should 'make_conditions_with_parameter return created_at parameter if from period is defined as string' do  
130 - assert_not_nil make_conditions_with_parameter('from' => '2010-10-10')[:created_at]  
131 - end  
132 -  
133 - should 'make_conditions_with_parameter return created_at parameter if until period is defined' do  
134 - assert_not_nil make_conditions_with_parameter(:until => '2010-10-10')[:created_at]  
135 - end  
136 -  
137 - should 'make_conditions_with_parameter return created_at parameter if until period is defined as string' do  
138 - assert_not_nil make_conditions_with_parameter('until' => '2010-10-10')[:created_at]  
139 - end  
140 -  
141 - should 'make_conditions_with_parameter return created_at as the first existent date as parameter if only until is defined' do  
142 - assert_equal Time.at(0).to_datetime, make_conditions_with_parameter(:until => '2010-10-10')[:created_at].min  
143 - end  
144 -  
145 - should 'make_conditions_with_parameter: the minimal created_at date be the from date passed as parameter' do  
146 - date = '2010-10-10'  
147 - assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => date)[:created_at].min  
148 - end  
149 -  
150 - should 'make_conditions_with_parameter: the maximum created_at date be the until date passed as parameter' do  
151 - date = '2010-10-10'  
152 - assert_equal DateTime.parse(date), make_conditions_with_parameter(:until => date)[:created_at].max  
153 - end  
154 -  
155 - should 'make_conditions_with_parameter return the until date passed as parameter' do  
156 - date = '2010-10-10'  
157 - assert_equal DateTime.parse(date), make_conditions_with_parameter(:from => '2010-10-10')[:created_at].min  
158 - end  
159 -  
160 - should 'make_conditions_with_parameter return no type parameter if it was not defined any content type' do  
161 - assert_nil make_conditions_with_parameter[:type]  
162 - end  
163 -  
164 - #test_should_make_order_with_parameters_return_order_if attribute_is_found_at_object_association  
165 - should 'make_order_with_parameters return order if attribute is found at object association' do  
166 - environment = Environment.new  
167 - params = {:order => "name ASC"}  
168 - assert_equal "name ASC", make_order_with_parameters(environment, "articles", params)  
169 - end  
170 -  
171 - # test added to check for eventual sql injection vunerabillity  
172 - #test_should_make_order_with_parameters_return_default_order_if_attributes_not_exists  
173 - should 'make_order_with_parameters return default order if attributes not exists' do  
174 - environment = Environment.new  
175 - params = {:order => "CRAZY_FIELD ASC"} # quote used to check sql injection vunerabillity  
176 - assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)  
177 - end  
178 -  
179 - should 'make_order_with_parameters return default order if sql injection detected' do  
180 - environment = Environment.new  
181 - params = {:order => "name' ASC"} # quote used to check sql injection vunerabillity  
182 - assert_equal "created_at DESC", make_order_with_parameters(environment, "articles", params)  
183 - end  
184 -  
185 - should 'make_order_with_parameters return RANDOM() if random is passed' do  
186 - environment = Environment.new  
187 - params = {:order => "random"} # quote used to check sql injection vunerabillity  
188 - assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)  
189 - end  
190 -  
191 - should 'make_order_with_parameters return RANDOM() if random function is passed' do  
192 - environment = Environment.new  
193 - params = {:order => "random()"} # quote used to check sql injection vunerabillity  
194 - assert_equal "RANDOM()", make_order_with_parameters(environment, "articles", params)  
195 - end  
196 -  
197 - should 'render not_found if endpoint is unavailable' do  
198 - Noosfero::API::API.stubs(:endpoint_unavailable?).returns(true)  
199 - self.expects(:not_found!)  
200 -  
201 - filter_disabled_plugins_endpoints  
202 - end  
203 -  
204 - should 'not touch in options when no fields parameter is passed' do  
205 - model = mock  
206 - expects(:present).with(model, {})  
207 - present_partial(model, {})  
208 - end  
209 -  
210 - should 'fallback to array when fields parameter is not a json when calling present partial' do  
211 - model = mock  
212 - params[:fields] = ['name']  
213 - expects(:present).with(model, {:only => ['name']})  
214 - present_partial(model, {})  
215 - end  
216 -  
217 - should 'fallback to comma separated string when fields parameter is not an array when calling present partial' do  
218 - model = mock  
219 - params[:fields] = 'name,description'  
220 - expects(:present).with(model, {:only => ['name', 'description']})  
221 - present_partial(model, {})  
222 - end  
223 -  
224 - should 'accept json as fields parameter when calling present partial' do  
225 - model = mock  
226 - params[:fields] = {only: [:name, {user: [:login]}]}.to_json  
227 - expects(:present).with(model, {:only => ['name', {'user' => ['login']}]})  
228 - present_partial(model, {})  
229 - end  
230 -  
231 - protected  
232 -  
233 - def error!(info, status)  
234 - [info, status]  
235 - end  
236 -  
237 - def params  
238 - @params ||= {}  
239 - end  
240 -  
241 - def params= value  
242 - @params = value  
243 - end  
244 -  
245 -end  
test/unit/api/people_test.rb
View file @0694e6b
@@ -1,258 +0,0 @@ @@ -1,258 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class PeopleTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - Person.delete_all  
7 - login_api  
8 - end  
9 -  
10 - should 'list all people' do  
11 - person1 = fast_create(Person, :public_profile => true)  
12 - person2 = fast_create(Person)  
13 - get "/api/v1/people?#{params.to_query}"  
14 - json = JSON.parse(last_response.body)  
15 - assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}  
16 - end  
17 -  
18 - should 'list all members of a community' do  
19 - person1 = fast_create(Person)  
20 - person2 = fast_create(Person)  
21 - community = fast_create(Community)  
22 - community.add_member(person1)  
23 - community.add_member(person2)  
24 -  
25 - get "/api/v1/profiles/#{community.id}/members?#{params.to_query}"  
26 - json = JSON.parse(last_response.body)  
27 - assert_equal 2, json["people"].count  
28 - assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]}  
29 - end  
30 -  
31 - should 'not list invisible people' do  
32 - invisible_person = fast_create(Person, :visible => false)  
33 -  
34 - get "/api/v1/people?#{params.to_query}"  
35 - assert_not_includes json_response_ids(:people), invisible_person.id  
36 - end  
37 -  
38 - should 'not list private people without permission' do  
39 - private_person = fast_create(Person, :public_profile => false)  
40 -  
41 - get "/api/v1/people?#{params.to_query}"  
42 - assert_not_includes json_response_ids(:people), private_person.id  
43 - end  
44 -  
45 - should 'list private person for friends' do  
46 - p1 = fast_create(Person)  
47 - p2 = fast_create(Person, :public_profile => false)  
48 - person.add_friend(p2)  
49 - p2.add_friend(person)  
50 -  
51 - get "/api/v1/people?#{params.to_query}"  
52 - assert_includes json_response_ids(:people), p2.id  
53 - end  
54 -  
55 - should 'get person' do  
56 - some_person = fast_create(Person)  
57 -  
58 - get "/api/v1/people/#{some_person.id}?#{params.to_query}"  
59 - json = JSON.parse(last_response.body)  
60 - assert_equal some_person.id, json['person']['id']  
61 - end  
62 -  
63 - should 'people endpoint filter by fields parameter' do  
64 - get "/api/v1/people?#{params.to_query}&fields=name"  
65 - json = JSON.parse(last_response.body)  
66 - expected = {'people' => [{'name' => person.name}]}  
67 - assert_equal expected, json  
68 - end  
69 -  
70 - should 'people endpoint filter by fields parameter with hierarchy' do  
71 - fields = URI.encode({only: [:name, {user: [:login]}]}.to_json)  
72 - get "/api/v1/people?#{params.to_query}&fields=#{fields}"  
73 - json = JSON.parse(last_response.body)  
74 - expected = {'people' => [{'name' => person.name, 'user' => {'login' => 'testapi'}}]}  
75 - assert_equal expected, json  
76 - end  
77 -  
78 - should 'get logged person' do  
79 - get "/api/v1/people/me?#{params.to_query}"  
80 - json = JSON.parse(last_response.body)  
81 - assert_equal person.id, json['person']['id']  
82 - end  
83 -  
84 - should 'me endpoint filter by fields parameter' do  
85 - get "/api/v1/people/me?#{params.to_query}&fields=name"  
86 - json = JSON.parse(last_response.body)  
87 - expected = {'person' => {'name' => person.name}}  
88 - assert_equal expected, json  
89 - end  
90 -  
91 - should 'not get invisible person' do  
92 - person = fast_create(Person, :visible => false)  
93 -  
94 - get "/api/v1/people/#{person.id}?#{params.to_query}"  
95 - json = JSON.parse(last_response.body)  
96 - assert json['person'].blank?  
97 - end  
98 -  
99 - should 'not get private people without permission' do  
100 - private_person = fast_create(Person, :public_profile => false)  
101 -  
102 - get "/api/v1/people/#{private_person.id}?#{params.to_query}"  
103 - json = JSON.parse(last_response.body)  
104 - assert json['person'].blank?  
105 - end  
106 -  
107 - should 'get private person for friends' do  
108 - private_person = fast_create(Person, :public_profile => false)  
109 - person.add_friend(private_person)  
110 - private_person.add_friend(person)  
111 -  
112 - get "/api/v1/people/#{private_person.id}?#{params.to_query}"  
113 - json = JSON.parse(last_response.body)  
114 - assert_equal private_person.id, json['person']['id']  
115 - end  
116 -  
117 - should 'list person friends' do  
118 - friend = fast_create(Person)  
119 - person.add_friend(friend)  
120 - friend.add_friend(person)  
121 -  
122 - get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"  
123 - assert_includes json_response_ids(:people), person.id  
124 - end  
125 -  
126 - should 'not list person invisible friends' do  
127 - friend = fast_create(Person)  
128 - invisible_friend = fast_create(Person, :visible => false)  
129 - person.add_friend(friend)  
130 - person.add_friend(invisible_friend)  
131 - friend.add_friend(person)  
132 - invisible_friend.add_friend(person)  
133 -  
134 - get "/api/v1/people/#{person.id}/friends?#{params.to_query}"  
135 - friends = json_response_ids(:people)  
136 - assert_includes friends, friend.id  
137 - assert_not_includes friends, invisible_friend.id  
138 - end  
139 -  
140 - should 'create a person' do  
141 - login = 'some'  
142 - params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}  
143 - post "/api/v1/people?#{params.to_query}"  
144 - json = JSON.parse(last_response.body)  
145 - assert_equal login, json['person']['identifier']  
146 - end  
147 -  
148 - should 'return 400 status for invalid person creation' do  
149 - params[:person] = {:login => 'some'}  
150 - post "/api/v1/people?#{params.to_query}"  
151 - json = JSON.parse(last_response.body)  
152 - assert_equal 400, last_response.status  
153 - end  
154 -  
155 - should 'display permissions' do  
156 - community = fast_create(Community)  
157 - community.add_member(fast_create(Person))  
158 - community.add_member(person)  
159 - permissions = Profile::Roles.member(person.environment.id).permissions  
160 - get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"  
161 - json = JSON.parse(last_response.body)  
162 -  
163 - assert_equal json[community.identifier], permissions  
164 - end  
165 -  
166 - should 'display permissions if self' do  
167 - get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"  
168 - assert_equal 200, last_response.status  
169 - end  
170 -  
171 - should 'display permissions if admin' do  
172 - environment = person.environment  
173 - environment.add_admin(person)  
174 - some_person = fast_create(Person)  
175 -  
176 - get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"  
177 - assert_equal 200, last_response.status  
178 - end  
179 -  
180 - should 'not display permissions if not admin or self' do  
181 - some_person = create_user('some-person').person  
182 -  
183 - get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"  
184 - assert_equal 403, last_response.status  
185 - end  
186 -  
187 - should 'not update another person' do  
188 - person = fast_create(Person, :environment_id => environment.id)  
189 - post "/api/v1/people/#{person.id}?#{params.to_query}"  
190 - assert_equal 403, last_response.status  
191 - end  
192 -  
193 - should 'update yourself' do  
194 - another_name = 'Another Name'  
195 - params[:person] = {}  
196 - params[:person][:name] = another_name  
197 - assert_not_equal another_name, person.name  
198 - post "/api/v1/people/#{person.id}?#{params.to_query}"  
199 - person.reload  
200 - assert_equal another_name, person.name  
201 - end  
202 -  
203 - should 'display public custom fields' do  
204 - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)  
205 - some_person = create_user('some-person').person  
206 - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} }  
207 - some_person.save!  
208 -  
209 - get "/api/v1/people/#{some_person.id}?#{params.to_query}"  
210 - json = JSON.parse(last_response.body)  
211 - assert json['person']['additional_data'].has_key?('Custom Blog')  
212 - assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']  
213 - end  
214 -  
215 - should 'not display non-public custom fields' do  
216 - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)  
217 - some_person = create_user('some-person').person  
218 - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }  
219 - some_person.save!  
220 -  
221 - get "/api/v1/people/#{some_person.id}?#{params.to_query}"  
222 - json = JSON.parse(last_response.body)  
223 - assert_equal json['person']['additional_data'], {}  
224 - end  
225 -  
226 - should 'display non-public custom fields to friend' do  
227 - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)  
228 - some_person = create_user('some-person').person  
229 - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }  
230 - some_person.save!  
231 -  
232 - f = Friendship.new  
233 - f.friend = some_person  
234 - f.person = person  
235 - f.save!  
236 -  
237 - get "/api/v1/people/#{some_person.id}?#{params.to_query}"  
238 - json = JSON.parse(last_response.body)  
239 - assert json['person']['additional_data'].has_key?("Custom Blog")  
240 - assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']  
241 - end  
242 -  
243 - PERSON_ATTRIBUTES = %w(vote_count comments_count articles_count)  
244 -  
245 - PERSON_ATTRIBUTES.map do |attribute|  
246 - define_method "test_should_not_expose_#{attribute}_attribute_in_person_enpoint_if_field_parameter_does_not_contain_the_attribute" do  
247 - get "/api/v1/people/me?#{params.to_query}&fields=name"  
248 - json = JSON.parse(last_response.body)  
249 - assert_nil json['person'][attribute]  
250 - end  
251 -  
252 - define_method "test_should_expose_#{attribute}_attribute_in_person_enpoints_if_field_parameter_is_passed" do  
253 - get "/api/v1/people/me?#{params.to_query}&fields=#{attribute}"  
254 - json = JSON.parse(last_response.body)  
255 - assert_not_nil json['person'][attribute]  
256 - end  
257 - end  
258 -end  
test/unit/api/profiles_test.rb
View file @0694e6b
@@ -1,32 +0,0 @@ @@ -1,32 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class ProfilesTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - Profile.delete_all  
7 - login_api  
8 - end  
9 -  
10 - should 'list all profiles' do  
11 - person1 = fast_create(Person)  
12 - person2 = fast_create(Person)  
13 - community = fast_create(Community)  
14 - get "/api/v1/profiles?#{params.to_query}"  
15 - json = JSON.parse(last_response.body)  
16 - assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']}  
17 - end  
18 -  
19 - should 'get person from profile id' do  
20 - some_person = fast_create(Person)  
21 - get "/api/v1/profiles/#{some_person.id}?#{params.to_query}"  
22 - json = JSON.parse(last_response.body)  
23 - assert_equal some_person.id, json['id']  
24 - end  
25 -  
26 - should 'get community from profile id' do  
27 - community = fast_create(Community)  
28 - get "/api/v1/profiles/#{community.id}?#{params.to_query}"  
29 - json = JSON.parse(last_response.body)  
30 - assert_equal community.id, json['id']  
31 - end  
32 -end  
test/unit/api/search_test.rb
View file @0694e6b
@@ -1,150 +0,0 @@ @@ -1,150 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class SearchTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - @person = create_user('testing').person  
7 - end  
8 - attr_reader :person  
9 -  
10 - should 'not list unpublished articles' do  
11 - Article.delete_all  
12 - article = fast_create(Article, :profile_id => person.id, :published => false)  
13 - assert !article.published?  
14 - get "/api/v1/search/article"  
15 - json = JSON.parse(last_response.body)  
16 - assert_empty json['articles']  
17 - end  
18 -  
19 - should 'list articles' do  
20 - fast_create(Article, :profile_id => person.id)  
21 - get "/api/v1/search/article"  
22 - json = JSON.parse(last_response.body)  
23 - assert_not_empty json['articles']  
24 - end  
25 -  
26 - should 'list only articles that has children' do  
27 - article = fast_create(Article, :profile_id => person.id)  
28 - parent = create(Article, :profile_id => person.id, :name => 'parent article')  
29 - child = create(Article, :profile_id => person.id, :parent_id => parent.id, :name => 'child article')  
30 -  
31 - get "/api/v1/search/article?has_children=true"  
32 - json = JSON.parse(last_response.body)  
33 - assert_equal parent.id, json['articles'].first['id']  
34 - end  
35 -  
36 - should 'invalid search string articles' do  
37 - fast_create(Article, :profile_id => person.id, :name => 'some article')  
38 - get "/api/v1/search/article?query=test"  
39 - json = JSON.parse(last_response.body)  
40 - assert_empty json['articles']  
41 - end  
42 -  
43 - should 'not list articles of wrong type' do  
44 - Article.delete_all  
45 - fast_create(Article, :profile_id => person.id)  
46 - get "/api/v1/search/article?type=TinyMceArticle"  
47 - json = JSON.parse(last_response.body)  
48 - assert_empty json['articles']  
49 - end  
50 -  
51 - should 'list articles of one type' do  
52 - fast_create(Article, :profile_id => person.id)  
53 - article = fast_create(TinyMceArticle, :profile_id => person.id)  
54 -  
55 - get "/api/v1/search/article?type=TinyMceArticle"  
56 - json = JSON.parse(last_response.body)  
57 - assert_equal article.id, json['articles'].first['id']  
58 - end  
59 -  
60 - should 'list articles of one type and query string' do  
61 - fast_create(Article, :profile_id => person.id, :name => 'some article')  
62 - fast_create(Article, :profile_id => person.id, :name => 'Some thing')  
63 - article = fast_create(TinyMceArticle, :profile_id => person.id, :name => 'Some thing')  
64 - get "/api/v1/search/article?type=TinyMceArticle&query=thing"  
65 - json = JSON.parse(last_response.body)  
66 - assert_equal 1, json['articles'].count  
67 - assert_equal article.id, json['articles'].first['id']  
68 - end  
69 -  
70 - should 'not return more entries than page limit' do  
71 - 1.upto(5).each do |n|  
72 - fast_create(Article, :profile_id => person.id, :name => "Article #{n}")  
73 - end  
74 -  
75 - get "/api/v1/search/article?query=Article&per_page=3"  
76 - json = JSON.parse(last_response.body)  
77 -  
78 - assert_equal 3, json['articles'].count  
79 - end  
80 -  
81 - should 'return entries second page' do  
82 - 1.upto(5).each do |n|  
83 - fast_create(Article, :profile_id => person.id, :name => "Article #{n}")  
84 - end  
85 -  
86 - get "/api/v1/search/article?query=Article&per_page=3&page=2"  
87 - json = JSON.parse(last_response.body)  
88 -  
89 - assert_equal 2, json['articles'].count  
90 - end  
91 -  
92 - should 'search articles in profile' do  
93 - person2 = fast_create(Person)  
94 - fast_create(Article, :profile_id => person.id)  
95 - fast_create(Article, :profile_id => person.id)  
96 - article = fast_create(Article, :profile_id => person2.id)  
97 -  
98 - get "/api/v1/search/article?query=Article&profile_id=#{person2.id}"  
99 - json = JSON.parse(last_response.body)  
100 - assert_equal article.id, json['articles'].first['id']  
101 - end  
102 -  
103 - should 'search and return values specified in fields parameter' do  
104 - fast_create(Article, :profile_id => person.id)  
105 - get "/api/v1/search/article?fields=title"  
106 - json = JSON.parse(last_response.body)  
107 - assert_not_empty json['articles']  
108 - assert_equal ['title'], json['articles'].first.keys  
109 - end  
110 -  
111 - should 'search with parent' do  
112 - parent = fast_create(Folder, :profile_id => person.id)  
113 - fast_create(Article, :profile_id => person.id)  
114 - article = fast_create(Article, :profile_id => person.id, :parent_id => parent.id)  
115 - get "/api/v1/search/article?parent_id=#{parent.id}"  
116 - json = JSON.parse(last_response.body)  
117 - assert_equal 1, json['articles'].count  
118 - assert_equal article.id, json['articles'].first["id"]  
119 - end  
120 -  
121 - should 'search filter by category' do  
122 - Article.delete_all  
123 - fast_create(Article, :profile_id => person.id)  
124 - article = fast_create(Article, :profile_id => person.id)  
125 - category = fast_create(Category)  
126 - article.categories<< category  
127 - get "/api/v1/search/article?category_ids=#{category.id}"  
128 - json = JSON.parse(last_response.body)  
129 - assert_equal 1, json['articles'].count  
130 - assert_equal article.id, json['articles'].first["id"]  
131 - end  
132 -  
133 - should 'search filter by more than one category' do  
134 - Article.delete_all  
135 - fast_create(Article, :profile_id => person.id)  
136 - article1 = fast_create(Article, :profile_id => person.id)  
137 - article2 = fast_create(Article, :profile_id => person.id)  
138 - category1 = fast_create(Category)  
139 - category2 = fast_create(Category)  
140 - article1.categories<< category1  
141 - article2.categories<< category2  
142 - get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}"  
143 - json = JSON.parse(last_response.body)  
144 - ids = [article1.id, article2.id]  
145 - assert_equal 2, json['articles'].count  
146 - assert_includes ids, json['articles'].first["id"]  
147 - assert_includes ids, json['articles'].last["id"]  
148 - end  
149 -  
150 -end  
test/unit/api/session_test.rb
View file @0694e6b
@@ -1,221 +0,0 @@ @@ -1,221 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class SessionTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - login_api  
7 - end  
8 -  
9 - should 'generate private token when login' do  
10 - params = {:login => "testapi", :password => "testapi"}  
11 - post "/api/v1/login?#{params.to_query}"  
12 - json = JSON.parse(last_response.body)  
13 - assert !json['user']["private_token"].blank?  
14 - end  
15 -  
16 - should 'return 401 when login fails' do  
17 - user.destroy  
18 - params = {:login => "testapi", :password => "testapi"}  
19 - post "/api/v1/login?#{params.to_query}"  
20 - assert_equal 401, last_response.status  
21 - end  
22 -  
23 - should 'register a user' do  
24 - Environment.default.enable('skip_new_user_email_confirmation')  
25 - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }  
26 - post "/api/v1/register?#{params.to_query}"  
27 - assert_equal 201, last_response.status  
28 - json = JSON.parse(last_response.body)  
29 - assert User['newuserapi'].activated?  
30 - assert json['user']['activated']  
31 - assert json['user']['private_token'].present?  
32 - end  
33 -  
34 - should 'register a user with name' do  
35 - Environment.default.enable('skip_new_user_email_confirmation')  
36 - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com", :name => "Little John" }  
37 - post "/api/v1/register?#{params.to_query}"  
38 - assert_equal 201, last_response.status  
39 - json = JSON.parse(last_response.body)  
40 - assert json['user']['activated']  
41 - assert json['user']['private_token'].present?  
42 - end  
43 -  
44 - should 'register an inactive user' do  
45 - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }  
46 - post "/api/v1/register?#{params.to_query}"  
47 - assert_equal 201, last_response.status  
48 - json = JSON.parse(last_response.body)  
49 - assert !json['activated']  
50 - assert json['private_token'].blank?  
51 - end  
52 -  
53 - should 'not register a user with invalid login' do  
54 - params = {:login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }  
55 - post "/api/v1/register?#{params.to_query}"  
56 - assert_equal 400, last_response.status  
57 - json = JSON.parse(last_response.body)  
58 - msg = json['message'].split(':')  
59 - key = msg[0][2, 5]  
60 - val = msg[1][2, 38]  
61 - assert_equal "login", key  
62 - assert_equal "is too short (minimum is 2 characters)", val  
63 - end  
64 -  
65 - should 'not register a user with invalid login pt' do  
66 - I18n.locale = "pt-BR"  
67 - params = {:lang => "pt-BR", :login => "c", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }  
68 - post "/api/v1/register?#{params.to_query}"  
69 - assert_equal 400, last_response.status  
70 - json = JSON.parse(last_response.body)  
71 - msg = json['message'].split(':')  
72 - key = msg[0][2, 5]  
73 - val = msg[1][2, 35]  
74 - assert_equal "login", key  
75 - assert val.include? "muito curto"  
76 - end  
77 -  
78 - should 'not register a user without email' do  
79 - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => nil }  
80 - post "/api/v1/register?#{params.to_query}"  
81 - assert_equal 400, last_response.status  
82 - end  
83 -  
84 - should 'not register a duplicated user' do  
85 - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }  
86 - post "/api/v1/register?#{params.to_query}"  
87 - post "/api/v1/register?#{params.to_query}"  
88 - assert_equal 400, last_response.status  
89 - json = JSON.parse(last_response.body)  
90 - end  
91 -  
92 - # TODO: Add another test cases to check register situations  
93 - should 'activate a user' do  
94 - params = {  
95 - :login => "newuserapi",  
96 - :password => "newuserapi",  
97 - :password_confirmation => "newuserapi",  
98 - :email => "newuserapi@email.com"  
99 - }  
100 - user = User.new(params)  
101 - user.save!  
102 -  
103 - params = { activation_code: user.activation_code}  
104 - patch "/api/v1/activate?#{params.to_query}"  
105 - assert_equal 200, last_response.status  
106 - end  
107 -  
108 - should 'do not activate a user if admin must approve him' do  
109 - params = {  
110 - :login => "newuserapi",  
111 - :password => "newuserapi",  
112 - :password_confirmation => "newuserapi",  
113 - :email => "newuserapi@email.com",  
114 - :environment => Environment.default  
115 - }  
116 - user = User.new(params)  
117 - user.environment.enable('admin_must_approve_new_users')  
118 - user.save!  
119 -  
120 - params = { activation_code: user.activation_code}  
121 - patch "/api/v1/activate?#{params.to_query}"  
122 - assert_equal 202, last_response.status  
123 - assert_equal 'Waiting for admin moderate user registration', JSON.parse(last_response.body)["message"]  
124 - end  
125 -  
126 - should 'do not activate a user if the token is invalid' do  
127 - params = {  
128 - :login => "newuserapi",  
129 - :password => "newuserapi",  
130 - :password_confirmation => "newuserapi",  
131 - :email => "newuserapi@email.com",  
132 - :environment => Environment.default  
133 - }  
134 - user = User.new(params)  
135 - user.save!  
136 -  
137 - params = { activation_code: '70250abe20cc6a67ef9399cf3286cb998b96aeaf'}  
138 - patch "/api/v1/activate?#{params.to_query}"  
139 - assert_equal 412, last_response.status  
140 - end  
141 -  
142 - should 'create task to change password by user login' do  
143 - user = create_user  
144 - params = {:value => user.login}  
145 - assert_difference 'ChangePassword.count' do  
146 - post "/api/v1/forgot_password?#{params.to_query}"  
147 - end  
148 - end  
149 -  
150 - should 'not create task to change password when user is not found' do  
151 - params = {:value => 'wronglogin'}  
152 - assert_no_difference 'ChangePassword.count' do  
153 - post "/api/v1/forgot_password?#{params.to_query}"  
154 - end  
155 - assert_equal 404, last_response.status  
156 - end  
157 -  
158 - should 'change user password and close task' do  
159 - task = ChangePassword.create!(:requestor => @person)  
160 - params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'})  
161 - patch "/api/v1/new_password?#{params.to_query}"  
162 - assert_equal Task::Status::FINISHED, task.reload.status  
163 - assert user.reload.authenticated?('secret')  
164 - json = JSON.parse(last_response.body)  
165 - assert_equal user.id, json['user']['id']  
166 - end  
167 -  
168 - should 'do not change user password when password confirmation is wrong' do  
169 - user = create_user  
170 - user.activate  
171 - task = ChangePassword.create!(:requestor => user.person)  
172 - params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'}  
173 - patch "/api/v1/new_password?#{params.to_query}"  
174 - assert_equal Task::Status::ACTIVE, task.reload.status  
175 - assert !user.reload.authenticated?('secret')  
176 - assert_equal 400, last_response.status  
177 - end  
178 -  
179 - should 'render not found when provide a wrong code on password change' do  
180 - params = {:code => "wrongcode", :password => 'secret', :password_confirmation => 'secret'}  
181 - patch "/api/v1/new_password?#{params.to_query}"  
182 - assert_equal 404, last_response.status  
183 - end  
184 -  
185 - should 'not return private token when the registered user is inactive' do  
186 - params = {:login => "newuserapi", :password => "newuserapi", :password_confirmation => "newuserapi", :email => "newuserapi@email.com" }  
187 - post "/api/v1/register?#{params.to_query}"  
188 - assert_equal 201, last_response.status  
189 - json = JSON.parse(last_response.body)  
190 - assert !User['newuserapi'].activated?  
191 - assert !json['user']['activated']  
192 - assert !json['user']['private_token'].present?  
193 - end  
194 -  
195 - should 'resend activation code for an inactive user' do  
196 - user = create_user  
197 - params = {:value => user.login}  
198 - Delayed::Job.destroy_all  
199 - assert_difference 'ActionMailer::Base.deliveries.size' do  
200 - post "/api/v1/resend_activation_code?#{params.to_query}"  
201 - process_delayed_job_queue  
202 - end  
203 - json = JSON.parse(last_response.body)  
204 - refute json['users'].first['private_token']  
205 - assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s  
206 - end  
207 -  
208 - should 'not resend activation code for an active user' do  
209 - user = create_user  
210 - params = {:value => user.login}  
211 - user.activate  
212 - Delayed::Job.destroy_all  
213 - assert_no_difference 'ActionMailer::Base.deliveries.size' do  
214 - post "/api/v1/resend_activation_code?#{params.to_query}"  
215 - process_delayed_job_queue  
216 - end  
217 - json = JSON.parse(last_response.body)  
218 - assert json['users'].first['private_token']  
219 - end  
220 -  
221 -end  
test/unit/api/task_test.rb
View file @0694e6b
@@ -1,173 +0,0 @@ @@ -1,173 +0,0 @@
1 -require_relative 'test_helper'  
2 -  
3 -class TasksTest < ActiveSupport::TestCase  
4 -  
5 - def setup  
6 - login_api  
7 - @person = user.person  
8 - @community = fast_create(Community)  
9 - @environment = Environment.default  
10 - end  
11 -  
12 - attr_accessor :person, :community, :environment  
13 -  
14 - should 'list tasks of environment' do  
15 - environment.add_admin(person)  
16 - task = create(Task, :requestor => person, :target => environment)  
17 - get "/api/v1/tasks?#{params.to_query}"  
18 - json = JSON.parse(last_response.body)  
19 - assert_includes json["tasks"].map { |a| a["id"] }, task.id  
20 - end  
21 -  
22 - should 'return environment task by id' do  
23 - environment.add_admin(person)  
24 - task = create(Task, :requestor => person, :target => environment)  
25 - get "/api/v1/tasks/#{task.id}?#{params.to_query}"  
26 - json = JSON.parse(last_response.body)  
27 - assert_equal task.id, json["task"]["id"]  
28 - end  
29 -  
30 - should 'not return environmet task if user has no permission to view it' do  
31 - person = fast_create(Person)  
32 - task = create(Task, :requestor => person, :target => environment)  
33 -  
34 - get "/api/v1/tasks/#{task.id}?#{params.to_query}"  
35 - assert_equal 403, last_response.status  
36 - end  
37 -  
38 - #############################  
39 - # Community Tasks #  
40 - #############################  
41 -  
42 - should 'return task by community' do  
43 - community = fast_create(Community)  
44 - community.add_admin(person)  
45 -  
46 - task = create(Task, :requestor => person, :target => community)  
47 - assert person.is_member_of?(community)  
48 -  
49 - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"  
50 - json = JSON.parse(last_response.body)  
51 - assert_equal task.id, json["task"]["id"]  
52 - end  
53 -  
54 - should 'not return task by community if user has no permission to view it' do  
55 - community = fast_create(Community)  
56 - task = create(Task, :requestor => person, :target => community)  
57 - assert !person.is_member_of?(community)  
58 -  
59 - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"  
60 - assert_equal 403, last_response.status  
61 - end  
62 -  
63 - should 'create task in a community' do  
64 - community = fast_create(Community)  
65 - give_permission(person, 'perform_task', community)  
66 - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"  
67 - json = JSON.parse(last_response.body)  
68 - assert_not_nil json["task"]["id"]  
69 - end  
70 -  
71 - should 'create task defining the requestor as current profile logged in' do  
72 - community = fast_create(Community)  
73 - community.add_member(person)  
74 -  
75 - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"  
76 - json = JSON.parse(last_response.body)  
77 -  
78 - assert_equal person, Task.last.requestor  
79 - end  
80 -  
81 - should 'create task defining the target as the community' do  
82 - community = fast_create(Community)  
83 - community.add_member(person)  
84 -  
85 - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"  
86 - json = JSON.parse(last_response.body)  
87 -  
88 - assert_equal community, Task.last.target  
89 - end  
90 -  
91 - #############################  
92 - # Person Tasks #  
93 - #############################  
94 -  
95 - should 'return task by person' do  
96 - task = create(Task, :requestor => person, :target => person)  
97 - get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"  
98 - json = JSON.parse(last_response.body)  
99 - assert_equal task.id, json["task"]["id"]  
100 - end  
101 -  
102 - should 'not return task by person if user has no permission to view it' do  
103 - some_person = fast_create(Person)  
104 - task = create(Task, :requestor => person, :target => some_person)  
105 -  
106 - get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"  
107 - assert_equal 403, last_response.status  
108 - end  
109 -  
110 - should 'create task for person' do  
111 - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"  
112 - json = JSON.parse(last_response.body)  
113 - assert_not_nil json["task"]["id"]  
114 - end  
115 -  
116 - should 'create task for another person' do  
117 - some_person = fast_create(Person)  
118 - post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"  
119 - json = JSON.parse(last_response.body)  
120 -  
121 - assert_equal some_person, Task.last.target  
122 - end  
123 -  
124 - should 'create task defining the target as a person' do  
125 - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"  
126 - json = JSON.parse(last_response.body)  
127 -  
128 - assert_equal person, Task.last.target  
129 - end  
130 -  
131 - #############################  
132 - # Enterprise Tasks #  
133 - #############################  
134 -  
135 - should 'return task by enterprise' do  
136 - enterprise = fast_create(Enterprise)  
137 - enterprise.add_admin(person)  
138 -  
139 - task = create(Task, :requestor => person, :target => enterprise)  
140 - assert person.is_member_of?(enterprise)  
141 -  
142 - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"  
143 - json = JSON.parse(last_response.body)  
144 - assert_equal task.id, json["task"]["id"]  
145 - end  
146 -  
147 - should 'not return task by enterprise if user has no permission to view it' do  
148 - enterprise = fast_create(Enterprise)  
149 - task = create(Task, :requestor => person, :target => enterprise)  
150 - assert !person.is_member_of?(enterprise)  
151 -  
152 - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"  
153 - assert_equal 403, last_response.status  
154 - end  
155 -  
156 - should 'create task in a enterprise' do  
157 - enterprise = fast_create(Enterprise)  
158 - give_permission(person, 'perform_task', enterprise)  
159 - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"  
160 - json = JSON.parse(last_response.body)  
161 - assert_not_nil json["task"]["id"]  
162 - end  
163 -  
164 - should 'create task defining the target as the enterprise' do  
165 - enterprise = fast_create(Enterprise)  
166 - enterprise.add_member(person)  
167 -  
168 - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"  
169 - json = JSON.parse(last_response.body)  
170 -  
171 - assert_equal enterprise, Task.last.target  
172 - end  
173 -end  
test/unit/api/test_helper.rb
View file @0694e6b
@@ -1,36 +0,0 @@ @@ -1,36 +0,0 @@
1 -require_relative '../../test_helper'  
2 -  
3 -class ActiveSupport::TestCase  
4 -  
5 - include Rack::Test::Methods  
6 -  
7 - def app  
8 - Noosfero::API::API  
9 - end  
10 -  
11 - def login_api  
12 - @environment = Environment.default  
13 - @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment)  
14 - @user.activate  
15 - @person = @user.person  
16 -  
17 - post "/api/v1/login?login=testapi&password=testapi"  
18 - json = JSON.parse(last_response.body)  
19 - @private_token = json["private_token"]  
20 - unless @private_token  
21 - @user.generate_private_token!  
22 - @private_token = @user.private_token  
23 - end  
24 -  
25 - @params = {:private_token => @private_token}  
26 - end  
27 - attr_accessor :private_token, :user, :person, :params, :environment  
28 -  
29 - private  
30 -  
31 - def json_response_ids(kind)  
32 - json = JSON.parse(last_response.body)  
33 - json[kind.to_s].map {|c| c['id']}  
34 - end  
35 -  
36 -end  
test/unit/api/users_test.rb
View file @0694e6b
@@ -1,105 +0,0 @@ @@ -1,105 +0,0 @@
1 -# encoding: UTF-8  
2 -require_relative 'test_helper'  
3 -  
4 -class UsersTest < ActiveSupport::TestCase  
5 -  
6 - def setup  
7 - login_api  
8 - end  
9 -  
10 - should 'list users' do  
11 - get "/api/v1/users/?#{params.to_query}"  
12 - json = JSON.parse(last_response.body)  
13 - assert_includes json["users"].map { |a| a["login"] }, user.login  
14 - end  
15 -  
16 - should 'get user' do  
17 - get "/api/v1/users/#{user.id}?#{params.to_query}"  
18 - json = JSON.parse(last_response.body)  
19 - assert_equal user.id, json['user']['id']  
20 - end  
21 -  
22 - should 'list user permissions' do  
23 - community = fast_create(Community)  
24 - community.add_admin(person)  
25 - get "/api/v1/users/#{user.id}/?#{params.to_query}"  
26 - json = JSON.parse(last_response.body)  
27 - assert_includes json["user"]["permissions"], community.identifier  
28 - end  
29 -  
30 - should 'get logged user' do  
31 - get "/api/v1/users/me?#{params.to_query}"  
32 - json = JSON.parse(last_response.body)  
33 - assert_equal user.id, json['user']['id']  
34 - end  
35 -  
36 - should 'not show permissions to logged user' do  
37 - target_person = create_user('some-user').person  
38 - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"  
39 - json = JSON.parse(last_response.body)  
40 - refute json["user"].has_key?("permissions")  
41 - end  
42 -  
43 - should 'show permissions to self' do  
44 - get "/api/v1/users/#{user.id}/?#{params.to_query}"  
45 - json = JSON.parse(last_response.body)  
46 - assert json["user"].has_key?("permissions")  
47 - end  
48 -  
49 - should 'not show permissions to friend' do  
50 - target_person = create_user('some-user').person  
51 -  
52 - f = Friendship.new  
53 - f.friend = target_person  
54 - f.person = person  
55 - f.save!  
56 -  
57 - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"  
58 - json = JSON.parse(last_response.body)  
59 - refute json["user"].has_key?("permissions")  
60 - end  
61 -  
62 - should 'not show private attribute to logged user' do  
63 - target_person = create_user('some-user').person  
64 - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"  
65 - json = JSON.parse(last_response.body)  
66 - refute json["user"].has_key?("email")  
67 - end  
68 -  
69 - should 'show private attr to friend' do  
70 - target_person = create_user('some-user').person  
71 - f = Friendship.new  
72 - f.friend = target_person  
73 - f.person = person  
74 - f.save!  
75 - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"  
76 - json = JSON.parse(last_response.body)  
77 - assert json["user"].has_key?("email")  
78 - assert_equal target_person.email, json["user"]["email"]  
79 - end  
80 -  
81 - should 'show public attribute to logged user' do  
82 - target_person = create_user('some-user').person  
83 - target_person.fields_privacy={:email=> 'public'}  
84 - target_person.save!  
85 - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"  
86 - json = JSON.parse(last_response.body)  
87 - assert json["user"].has_key?("email")  
88 - assert_equal json["user"]["email"],target_person.email  
89 - end  
90 -  
91 - should 'show public and private field to admin' do  
92 - Environment.default.add_admin(person)  
93 -  
94 - target_person = create_user('some-user').person  
95 - target_person.fields_privacy={:email=> 'public'}  
96 - target_person.save!  
97 -  
98 - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"  
99 - json = JSON.parse(last_response.body)  
100 - assert json["user"].has_key?("email")  
101 - assert json["user"].has_key?("permissions")  
102 - assert json["user"].has_key?("activated")  
103 - end  
104 -  
105 -end