Download as
Browse Code »

Commit 1af9c0453b627c659cfc30b1adfc409c0f0dd2bb

Authored by Leandro Santos
2 parents 0cf297a8 e43f331f
Exists in staging and in 27 other branches all_pending_tasks_api, api_roles, comments_permissions, elasticsearch, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention

Merge branch 'update-profile-api' into 'master' 

api: add endpoint to update profiles



See merge request !937
Showing 2 changed files with 54 additions and 0 deletions   Show diff stats
app/api/v1/profiles.rb
  Diff comments   View file @1af9c04
... ... @@ -22,6 +22,15 @@ module Api
22 22 not_found!
23 23 end
24 24 end
  25 +
  26 + desc "Update profile information"
  27 + post ':id' do
  28 + authenticate!
  29 + profile = environment.profiles.find_by(id: params[:id])
  30 + return forbidden! unless current_person.has_permission?(:edit_profile, profile)
  31 + profile.update_attributes!(params[:profile])
  32 + present profile, :with => Entities::Profile, :current_person => current_person
  33 + end
25 34  
26 35 delete ':id' do
27 36 authenticate!
... ...
test/api/profiles_test.rb
  Diff comments   View file @1af9c04
... ... @@ -146,4 +146,49 @@ class ProfilesTest < ActiveSupport::TestCase
146 146 refute json.has_key?('Rating')
147 147 end
148 148  
  149 + [Community, Enterprise].each do |klass|
  150 + should "update #{klass.name}" do
  151 + login_api
  152 + profile = fast_create(klass)
  153 + profile.add_admin(person)
  154 + params[:profile] = {}
  155 + params[:profile][:custom_header] = "Another Header"
  156 + post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  157 + assert_equal "Another Header", profile.reload.custom_header
  158 + end
  159 +
  160 + should "not update a #{klass.name} if user does not have permission" do
  161 + login_api
  162 + profile = fast_create(klass)
  163 + params[:profile] = {}
  164 + params[:profile][:custom_header] = "Another Header"
  165 + post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  166 + assert_equal 403, last_response.status
  167 + end
  168 +
  169 + should "not update a #{klass.name} if user is not logged in" do
  170 + profile = fast_create(klass)
  171 + params[:profile] = {}
  172 + params[:profile][:custom_header] = "Another Header"
  173 + post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  174 + assert_equal 401, last_response.status
  175 + end
  176 + end
  177 +
  178 + should 'update person' do
  179 + login_api
  180 + params[:profile] = {}
  181 + params[:profile][:custom_header] = "Another Header"
  182 + post "/api/v1/profiles/#{person.id}?#{params.to_query}"
  183 + assert_equal "Another Header", person.reload.custom_header
  184 + end
  185 +
  186 + should 'not update person information if user does not have permission' do
  187 + login_api
  188 + profile = fast_create(Person)
  189 + params[:profile] = {}
  190 + params[:profile][:custom_header] = "Another Header"
  191 + post "/api/v1/profiles/#{profile.id}?#{params.to_query}"
  192 + assert_equal 403, last_response.status
  193 + end
149 194 end
... ...