Download as
Browse Code »

Commit 06c36ffd7e9d48f97ed49570201029a1c7beabad

Authored by Marcos Pereira
1 parent 27f11bf7
Exists in staging and in 31 other branches all_pending_tasks_api, api-articles-period, api_roles, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_notification_email, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention

Adds delete endpoint to profiles API

Showing 2 changed files with 61 additions and 0 deletions   Show diff stats
lib/noosfero/api/v1/profiles.rb
  Diff comments   View file @06c36ff
@@ -19,6 +19,19 @@ module Noosfero @@ -19,6 +19,19 @@ module Noosfero
19 profile = profiles.find_by id: params[:id] 19 profile = profiles.find_by id: params[:id]
20 present profile, :with => Entities::Profile, :current_person => current_person 20 present profile, :with => Entities::Profile, :current_person => current_person
21 end 21 end
  22 +
  23 + delete ':id' do
  24 + profiles = environment.profiles
  25 + profile = profiles.find_by id: params[:id]
  26 +
  27 + not_found! if profile.blank?
  28 +
  29 + if current_person.has_permission?(:destroy_profile, profile)
  30 + profile.destroy
  31 + else
  32 + forbidden!
  33 + end
  34 + end
22 end 35 end
23 end 36 end
24 end 37 end
test/api/profiles_test.rb
  Diff comments   View file @06c36ff
@@ -29,4 +29,52 @@ class ProfilesTest < ActiveSupport::TestCase @@ -29,4 +29,52 @@ class ProfilesTest < ActiveSupport::TestCase
29 json = JSON.parse(last_response.body) 29 json = JSON.parse(last_response.body)
30 assert_equal community.id, json['id'] 30 assert_equal community.id, json['id']
31 end 31 end
  32 +
  33 + group_kinds = %w(community enterprise)
  34 + group_kinds.each do |kind|
  35 + should "delete #{kind} from profile id with permission" do
  36 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  37 + give_permission(@person, 'destroy_profile', profile)
  38 + assert_not_nil Profile.find_by_id profile.id
  39 +
  40 + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  41 +
  42 + assert_equal 200, last_response.status
  43 + assert_nil Profile.find_by_id profile.id
  44 + end
  45 +
  46 + should "not delete #{kind} from profile id without permission" do
  47 + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
  48 + assert_not_nil Profile.find_by_id profile.id
  49 +
  50 + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  51 +
  52 + assert_equal 403, last_response.status
  53 + assert_not_nil Profile.find_by_id profile.id
  54 + end
  55 + end
  56 +
  57 + should 'person delete itself' do
  58 + delete "/api/v1/profiles/#{@person.id}?#{params.to_query}"
  59 + assert_equal 200, last_response.status
  60 + assert_nil Profile.find_by_id @person.id
  61 + end
  62 +
  63 + should 'only admin delete other people' do
  64 + profile = fast_create(Person, :environment_id => environment.id)
  65 + assert_not_nil Profile.find_by_id profile.id
  66 +
  67 + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  68 +
  69 + assert_equal 403, last_response.status
  70 + assert_not_nil Profile.find_by_id profile.id
  71 +
  72 + environment.add_admin(@person)
  73 +
  74 + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  75 +
  76 + assert_equal 200, last_response.status
  77 + assert_nil Profile.find_by_id profile.id
  78 +
  79 + end
32 end 80 end