Download as
Browse Code »

Commit 3590c1bdd9d83e9909fe72e597cccf0cc776908e

Authored by Evandro Junior
Committed by Leandro Santos
1 parent 1ebe6924
Exists in staging and in 31 other branches all_pending_tasks_api, api-articles-period, api_roles, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_notification_email, follower_permition, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, profile_api_improvements, user_mention

API unlocked for visitor

Showing 17 changed files with 378 additions and 35 deletions   Show diff stats
app/models/organization.rb
  Diff comments   View file @3590c1b
... ... @@ -17,6 +17,8 @@ class Organization < Profile
17 17 # 4) The user is not a member of the organization but the organization is
18 18 # visible, public and enabled.
19 19 def self.visible_for_person(person)
  20 + # Visitor if person.nil?
  21 + person.nil? ? person_id = nil : person_id = person.id
20 22 joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id"
21 23 AND "role_assignments"."resource_type" = \'Profile\') OR (
22 24 "role_assignments"."resource_id" = "profiles"."environment_id" AND
... ... @@ -28,8 +30,8 @@ class Organization < Profile
28 30 ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
29 31 ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND
30 32 ( profiles.visible = ? ) )',
31   - 'profile_admin', 'environment_administrator', Profile.name, person.id,
32   - Profile.name, person.id, true, true, true]
  33 + 'profile_admin', 'environment_administrator', Profile.name, person_id,
  34 + Profile.name, person_id, true, true, true]
33 35 ).uniq
34 36 end
35 37  
... ...
app/models/person.rb
  Diff comments   View file @3590c1b
... ... @@ -42,6 +42,8 @@ class Person < Profile
42 42 }
43 43  
44 44 scope :visible_for_person, lambda { |person|
  45 + # Visitor if person.nil?
  46 + person.nil? ? person_id = nil : person_id = person.id
45 47 joins('LEFT JOIN "role_assignments" ON
46 48 "role_assignments"."resource_id" = "profiles"."environment_id" AND
47 49 "role_assignments"."resource_type" = \'Environment\'')
... ... @@ -49,9 +51,10 @@ class Person < Profile
49 51 .joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"')
50 52 .where(
51 53 ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR (
52   - ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', 'environment_administrator', Profile.name, person.id, person.id, true, true]
  54 + ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )',
  55 + 'environment_administrator', Profile.name, person_id, person_id, true, true]
53 56 ).uniq
54   - }
  57 + }
55 58  
56 59 def has_permission_with_admin?(permission, resource)
57 60 return true if resource.blank? || resource.admins.include?(self)
... ...
lib/noosfero/api/v1/categories.rb
  Diff comments   View file @3590c1b
... ... @@ -2,7 +2,6 @@ module Noosfero
2 2 module API
3 3 module V1
4 4 class Categories < Grape::API
5   - before { authenticate! }
6 5  
7 6 resource :categories do
8 7  
... ...
lib/noosfero/api/v1/comments.rb
  Diff comments   View file @3590c1b
... ... @@ -4,7 +4,6 @@ module Noosfero
4 4 class Comments < Grape::API
5 5 MAX_PER_PAGE = 20
6 6  
7   - before { authenticate! }
8 7  
9 8 resource :articles do
10 9 paginate max_per_page: MAX_PER_PAGE
... ... @@ -34,6 +33,7 @@ module Noosfero
34 33 # Example Request:
35 34 # POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New
36 35 post ":id/comments" do
  36 + authenticate!
37 37 article = find_article(environment.articles, params[:id])
38 38 options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
39 39 begin
... ...
lib/noosfero/api/v1/communities.rb
  Diff comments   View file @3590c1b
... ... @@ -2,7 +2,6 @@ module Noosfero
2 2 module API
3 3 module V1
4 4 class Communities < Grape::API
5   - before { authenticate! }
6 5  
7 6 resource :communities do
8 7  
... ... @@ -18,7 +17,7 @@ module Noosfero
18 17 # GET /communities?reference_id=10&limit=10&oldest
19 18 get do
20 19 communities = select_filtered_collection_of(environment, 'communities', params)
21   - communities = communities.visible_for_person(current_person)
  20 + communities = communities.visible
22 21 communities = communities.by_location(params) # Must be the last. May return Exception obj.
23 22 present communities, :with => Entities::Community, :current_person => current_person
24 23 end
... ... @@ -28,6 +27,7 @@ module Noosfero
28 27 # POST api/v1/communties?private_token=234298743290432&community[name]=some_name
29 28 # for each custom field for community, add &community[field_name]=field_value to the request
30 29 post do
  30 + authenticate!
31 31 params[:community] ||= {}
32 32  
33 33 params[:community][:custom_values]={}
... ...
lib/noosfero/api/v1/enterprises.rb
  Diff comments   View file @3590c1b
... ... @@ -19,7 +19,7 @@ module Noosfero
19 19 # GET /enterprises?reference_id=10&limit=10&oldest
20 20 get do
21 21 enterprises = select_filtered_collection_of(environment, 'enterprises', params)
22   - enterprises = enterprises.visible_for_person(current_person)
  22 + enterprises = enterprises.visible
23 23 enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj.
24 24 present enterprises, :with => Entities::Enterprise, :current_person => current_person
25 25 end
... ...
lib/noosfero/api/v1/people.rb
  Diff comments   View file @3590c1b
... ... @@ -35,7 +35,7 @@ module Noosfero
35 35 desc "Find environment's people"
36 36 get do
37 37 people = select_filtered_collection_of(environment, 'people', params)
38   - people = people.visible_for_person(current_person)
  38 + people = people.visible
39 39 present_partial people, :with => Entities::Person, :current_person => current_person
40 40 end
41 41  
... ...
lib/noosfero/api/v1/profiles.rb
  Diff comments   View file @3590c1b
... ... @@ -2,20 +2,19 @@ module Noosfero
2 2 module API
3 3 module V1
4 4 class Profiles < Grape::API
5   - before { authenticate! }
6 5  
7 6 resource :profiles do
8 7  
9 8 get do
10 9 profiles = select_filtered_collection_of(environment, 'profiles', params)
11   - profiles = profiles.visible_for_person(current_person)
  10 + profiles = profiles.visible
12 11 profiles = profiles.by_location(params) # Must be the last. May return Exception obj.
13 12 present profiles, :with => Entities::Profile, :current_person => current_person
14 13 end
15 14  
16 15 get ':id' do
17 16 profiles = environment.profiles
18   - profiles = profiles.visible_for_person(current_person)
  17 + profiles = profiles.visible
19 18 profile = profiles.find_by id: params[:id]
20 19 present profile, :with => Entities::Profile, :current_person => current_person
21 20 end
... ...
test/api/categories_test.rb
  Diff comments   View file @3590c1b
... ... @@ -2,11 +2,9 @@ require_relative &#39;test_helper&#39;
2 2  
3 3 class CategoriesTest < ActiveSupport::TestCase
4 4  
5   - def setup
6   - login_api
7   - end
8 5  
9 6 should 'list categories' do
  7 + login_api
10 8 category = fast_create(Category, :environment_id => environment.id)
11 9 get "/api/v1/categories/?#{params.to_query}"
12 10 json = JSON.parse(last_response.body)
... ... @@ -14,6 +12,7 @@ class CategoriesTest &lt; ActiveSupport::TestCase
14 12 end
15 13  
16 14 should 'get category by id' do
  15 + login_api
17 16 category = fast_create(Category, :environment_id => environment.id)
18 17 get "/api/v1/categories/#{category.id}/?#{params.to_query}"
19 18 json = JSON.parse(last_response.body)
... ... @@ -21,6 +20,7 @@ class CategoriesTest &lt; ActiveSupport::TestCase
21 20 end
22 21  
23 22 should 'list parent and children when get category by id' do
  23 + login_api
24 24 parent = fast_create(Category, :environment_id => environment.id)
25 25 child_1 = fast_create(Category, :environment_id => environment.id)
26 26 child_2 = fast_create(Category, :environment_id => environment.id)
... ... @@ -38,6 +38,7 @@ class CategoriesTest &lt; ActiveSupport::TestCase
38 38 end
39 39  
40 40 should 'include parent in categories list if params is true' do
  41 + login_api
41 42 parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
42 43 child_1 = fast_create(Category, :environment_id => environment.id)
43 44 child_2 = fast_create(Category, :environment_id => environment.id)
... ... @@ -60,6 +61,7 @@ class CategoriesTest &lt; ActiveSupport::TestCase
60 61 end
61 62  
62 63 should 'include children in categories list if params is true' do
  64 + login_api
63 65 category = fast_create(Category, :environment_id => environment.id)
64 66 child_1 = fast_create(Category, :environment_id => environment.id)
65 67 child_2 = fast_create(Category, :environment_id => environment.id)
... ... @@ -87,6 +89,7 @@ class CategoriesTest &lt; ActiveSupport::TestCase
87 89  
88 90 expose_attributes.each do |attr|
89 91 should "expose category #{attr} attribute by default" do
  92 + login_api
90 93 category = fast_create(Category, :environment_id => environment.id)
91 94 get "/api/v1/categories/?#{params.to_query}"
92 95 json = JSON.parse(last_response.body)
... ... @@ -94,4 +97,100 @@ class CategoriesTest &lt; ActiveSupport::TestCase
94 97 end
95 98 end
96 99  
  100 + ############## Visitors' tests #######################################################################33
  101 +
  102 + should 'visitor list categories' do
  103 + visitor_setup
  104 + category = fast_create(Category, :environment_id => environment.id)
  105 + get "/api/v1/categories/?#{params.to_query}"
  106 + json = JSON.parse(last_response.body)
  107 + assert_includes json["categories"].map { |c| c["name"] }, category.name
  108 + end
  109 +
  110 + should 'visitor get category by id' do
  111 + visitor_setup
  112 + category = fast_create(Category, :environment_id => environment.id)
  113 + get "/api/v1/categories/#{category.id}/?#{params.to_query}"
  114 + json = JSON.parse(last_response.body)
  115 + assert_equal category.name, json["category"]["name"]
  116 + end
  117 +
  118 + should 'visitor list parent and children when get category by id' do
  119 + visitor_setup
  120 + parent = fast_create(Category, :environment_id => environment.id)
  121 + child_1 = fast_create(Category, :environment_id => environment.id)
  122 + child_2 = fast_create(Category, :environment_id => environment.id)
  123 +
  124 + category = fast_create(Category, :environment_id => environment.id)
  125 + category.parent = parent
  126 + category.children << child_1
  127 + category.children << child_2
  128 + category.save
  129 +
  130 + get "/api/v1/categories/#{category.id}/?#{params.to_query}"
  131 + json = JSON.parse(last_response.body)
  132 + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent'])
  133 + assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] }
  134 + end
  135 +
  136 + should 'visitor include parent in categories list if params is true' do
  137 + visitor_setup
  138 + parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category
  139 + child_1 = fast_create(Category, :environment_id => environment.id)
  140 + child_2 = fast_create(Category, :environment_id => environment.id)
  141 +
  142 + parent_2 = fast_create(Category, :environment_id => environment.id)
  143 + parent_2.parent = parent_1
  144 + parent_2.children << child_1
  145 + parent_2.children << child_2
  146 + parent_2.save
  147 +
  148 + get "/api/v1/categories/?#{params.to_query}"
  149 + json = JSON.parse(last_response.body)
  150 + assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq
  151 +
  152 + params[:include_parent] = true
  153 + get "/api/v1/categories/?#{params.to_query}"
  154 + json = JSON.parse(last_response.body)
  155 + assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id],
  156 + json["categories"].map { |c| c['parent'] && c['parent']['id'] }
  157 + end
  158 +
  159 + should 'visitor include children in categories list if params is true' do
  160 + visitor_setup
  161 + category = fast_create(Category, :environment_id => environment.id)
  162 + child_1 = fast_create(Category, :environment_id => environment.id)
  163 + child_2 = fast_create(Category, :environment_id => environment.id)
  164 + child_3 = fast_create(Category, :environment_id => environment.id)
  165 +
  166 + category.children << child_1
  167 + category.children << child_2
  168 + category.save
  169 +
  170 + child_1.children << child_3
  171 + child_1.save
  172 +
  173 + get "/api/v1/categories/?#{params.to_query}"
  174 + json = JSON.parse(last_response.body)
  175 + assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq
  176 +
  177 + params[:include_children] = true
  178 + get "/api/v1/categories/?#{params.to_query}"
  179 + json = JSON.parse(last_response.body)
  180 + assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort],
  181 + json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort }
  182 + end
  183 +
  184 + expose_attributes.each do |attr|
  185 + should "visitor expose category #{attr} attribute by default" do
  186 + visitor_setup
  187 + category = fast_create(Category, :environment_id => environment.id)
  188 + get "/api/v1/categories/?#{params.to_query}"
  189 + json = JSON.parse(last_response.body)
  190 + assert json["categories"].last.has_key?(attr)
  191 + end
  192 + end
  193 +
  194 + ################################# End visitors' test ####################################################################################
  195 +
97 196 end
... ...
test/api/comments_test.rb
  Diff comments   View file @3590c1b
... ... @@ -2,11 +2,8 @@ require_relative &#39;test_helper&#39;
2 2  
3 3 class CommentsTest < ActiveSupport::TestCase
4 4  
5   - def setup
6   - login_api
7   - end
8   -
9 5 should 'not list comments if user has no permission to view the source article' do
  6 + login_api
10 7 person = fast_create(Person)
11 8 article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
12 9 assert !article.published?
... ... @@ -16,6 +13,7 @@ class CommentsTest &lt; ActiveSupport::TestCase
16 13 end
17 14  
18 15 should 'not return comment if user has no permission to view the source article' do
  16 + login_api
19 17 person = fast_create(Person)
20 18 article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
21 19 comment = article.comments.create!(:body => "another comment", :author => user.person)
... ... @@ -26,6 +24,7 @@ class CommentsTest &lt; ActiveSupport::TestCase
26 24 end
27 25  
28 26 should 'not comment an article if user has no permission to view it' do
  27 + login_api
29 28 person = fast_create(Person)
30 29 article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
31 30 assert !article.published?
... ... @@ -35,6 +34,7 @@ class CommentsTest &lt; ActiveSupport::TestCase
35 34 end
36 35  
37 36 should 'return comments of an article' do
  37 + login_api
38 38 article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
39 39 article.comments.create!(:body => "some comment", :author => user.person)
40 40 article.comments.create!(:body => "another comment", :author => user.person)
... ... @@ -46,6 +46,7 @@ class CommentsTest &lt; ActiveSupport::TestCase
46 46 end
47 47  
48 48 should 'return comment of an article' do
  49 + login_api
49 50 article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
50 51 comment = article.comments.create!(:body => "another comment", :author => user.person)
51 52  
... ... @@ -56,6 +57,7 @@ class CommentsTest &lt; ActiveSupport::TestCase
56 57 end
57 58  
58 59 should 'comment an article' do
  60 + login_api
59 61 article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
60 62 body = 'My comment'
61 63 params.merge!({:body => body})
... ... @@ -76,6 +78,7 @@ class CommentsTest &lt; ActiveSupport::TestCase
76 78 end
77 79  
78 80 should 'comment creation define the source' do
  81 + login_api
79 82 amount = Comment.count
80 83 article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
81 84 body = 'My comment'
... ... @@ -137,4 +140,53 @@ class CommentsTest &lt; ActiveSupport::TestCase
137 140 json = JSON.parse(last_response.body)
138 141 assert_equal ["comment 2"], json["comments"].map {|c| c["body"]}
139 142 end
  143 +
  144 + should 'not visitor list comments if has no permission to view the source article' do
  145 + visitor_setup
  146 + person = fast_create(Person)
  147 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  148 + assert !article.published?
  149 +
  150 + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  151 + assert_equal 403, last_response.status
  152 + end
  153 +
  154 + should 'visitor return comments of an article' do
  155 + visitor_setup
  156 + person = fast_create(Person)
  157 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  158 + article.comments.create!(:body => "some comment", :author => person)
  159 + article.comments.create!(:body => "another comment", :author => person)
  160 +
  161 + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  162 + json = JSON.parse(last_response.body)
  163 + assert_equal 200, last_response.status
  164 + assert_equal 2, json["comments"].length
  165 + end
  166 +
  167 + should 'visitor return comment of an article' do
  168 + visitor_setup
  169 + person = fast_create(Person)
  170 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  171 + comment = article.comments.create!(:body => "another comment", :author => person)
  172 +
  173 + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
  174 + json = JSON.parse(last_response.body)
  175 + assert_equal 200, last_response.status
  176 + assert_equal comment.id, json['comment']['id']
  177 + end
  178 +
  179 + should 'not visitor comment an article (at least so far...)' do
  180 + visitor_setup
  181 + person = fast_create(Person)
  182 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  183 + body = 'My comment'
  184 + name = "John Doe"
  185 + email = "JohnDoe@gmail.com"
  186 + params.merge!({:body => body, name: name, email: email})
  187 + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  188 + json = JSON.parse(last_response.body)
  189 + assert_equal 401, last_response.status
  190 + end
  191 +
140 192 end
... ...
test/api/communities_test.rb
  Diff comments   View file @3590c1b
... ... @@ -4,10 +4,10 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
4 4  
5 5 def setup
6 6 Community.delete_all
7   - login_api
8 7 end
9 8  
10 9 should 'list only communities' do
  10 + login_api
11 11 community = fast_create(Community, :environment_id => environment.id)
12 12 enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
13 13 get "/api/v1/communities?#{params.to_query}"
... ... @@ -17,6 +17,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
17 17 end
18 18  
19 19 should 'list all communities' do
  20 + login_api
20 21 community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
21 22 community2 = fast_create(Community, :environment_id => environment.id)
22 23 get "/api/v1/communities?#{params.to_query}"
... ... @@ -25,6 +26,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
25 26 end
26 27  
27 28 should 'not list invisible communities' do
  29 + login_api
28 30 community1 = fast_create(Community, :environment_id => environment.id)
29 31 fast_create(Community, :environment_id => environment.id, :visible => false)
30 32  
... ... @@ -33,16 +35,18 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
33 35 assert_equal [community1.id], json['communities'].map {|c| c['id']}
34 36 end
35 37  
36   - should 'not list private communities without permission' do
37   - community1 = fast_create(Community, :environment_id => environment.id)
38   - fast_create(Community, :environment_id => environment.id, :public_profile => false)
  38 + should 'list private communities' do
  39 + login_api
  40 + community1 = fast_create(Community, :environment_id => environment.id)
  41 + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
39 42  
40   - get "/api/v1/communities?#{params.to_query}"
41   - json = JSON.parse(last_response.body)
42   - assert_equal [community1.id], json['communities'].map {|c| c['id']}
  43 + get "/api/v1/communities?#{params.to_query}"
  44 + json = JSON.parse(last_response.body)
  45 + assert_equal [community1.id, community2.id], json['communities'].map {|c| c['id']}
43 46 end
44 47  
45 48 should 'list private community for members' do
  49 + login_api
46 50 c1 = fast_create(Community, :environment_id => environment.id)
47 51 c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
48 52 c2.add_member(person)
... ... @@ -53,6 +57,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
53 57 end
54 58  
55 59 should 'create a community' do
  60 + login_api
56 61 params[:community] = {:name => 'some'}
57 62 post "/api/v1/communities?#{params.to_query}"
58 63 json = JSON.parse(last_response.body)
... ... @@ -60,12 +65,14 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
60 65 end
61 66  
62 67 should 'return 400 status for invalid community creation' do
  68 + login_api
63 69 post "/api/v1/communities?#{params.to_query}"
64 70 json = JSON.parse(last_response.body)
65 71 assert_equal 400, last_response.status
66 72 end
67 73  
68 74 should 'get community' do
  75 + login_api
69 76 community = fast_create(Community, :environment_id => environment.id)
70 77  
71 78 get "/api/v1/communities/#{community.id}?#{params.to_query}"
... ... @@ -74,6 +81,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
74 81 end
75 82  
76 83 should 'not get invisible community' do
  84 + login_api
77 85 community = fast_create(Community, :environment_id => environment.id, :visible => false)
78 86  
79 87 get "/api/v1/communities/#{community.id}?#{params.to_query}"
... ... @@ -82,6 +90,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
82 90 end
83 91  
84 92 should 'not get private communities without permission' do
  93 + login_api
85 94 community = fast_create(Community, :environment_id => environment.id)
86 95 fast_create(Community, :environment_id => environment.id, :public_profile => false)
87 96  
... ... @@ -91,16 +100,17 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
91 100 end
92 101  
93 102 should 'get private community for members' do
  103 + login_api
94 104 community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true)
95 105 community.add_member(person)
96 106  
97   -
98 107 get "/api/v1/communities/#{community.id}?#{params.to_query}"
99 108 json = JSON.parse(last_response.body)
100 109 assert_equal community.id, json['community']['id']
101 110 end
102 111  
103 112 should 'list person communities' do
  113 + login_api
104 114 community = fast_create(Community, :environment_id => environment.id)
105 115 fast_create(Community, :environment_id => environment.id)
106 116 community.add_member(person)
... ... @@ -111,6 +121,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
111 121 end
112 122  
113 123 should 'not list person communities invisible' do
  124 + login_api
114 125 c1 = fast_create(Community, :environment_id => environment.id)
115 126 c2 = fast_create(Community, :environment_id => environment.id, :visible => false)
116 127 c1.add_member(person)
... ... @@ -122,6 +133,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
122 133 end
123 134  
124 135 should 'list communities with pagination' do
  136 + login_api
125 137 community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago)
126 138 community2 = fast_create(Community, :created_at => 2.days.ago)
127 139  
... ... @@ -144,6 +156,121 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
144 156 end
145 157  
146 158 should 'list communities with timestamp' do
  159 + login_api
  160 + community1 = fast_create(Community, :public_profile => true)
  161 + community2 = fast_create(Community)
  162 +
  163 + community1.updated_at = Time.now + 3.hours
  164 + community1.save!
  165 +
  166 + params[:timestamp] = Time.now + 1.hours
  167 + get "/api/v1/communities/?#{params.to_query}"
  168 + json = JSON.parse(last_response.body)
  169 +
  170 + assert_includes json["communities"].map { |a| a["id"] }, community1.id
  171 + assert_not_includes json["communities"].map { |a| a["id"] }, community2.id
  172 + end
  173 +
  174 + ################### Visitor's tests ######################################3
  175 +
  176 + should 'visitor list only communities' do
  177 + visitor_setup
  178 + community = fast_create(Community, :environment_id => environment.id)
  179 + enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise
  180 + get "/api/v1/communities?#{params.to_query}"
  181 + json = JSON.parse(last_response.body)
  182 + assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id
  183 + assert_includes json['communities'].map {|c| c['id']}, community.id
  184 + end
  185 +
  186 + should 'visitor list all communities' do
  187 + visitor_setup
  188 + community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true)
  189 + community2 = fast_create(Community, :environment_id => environment.id)
  190 + get "/api/v1/communities?#{params.to_query}"
  191 + json = JSON.parse(last_response.body)
  192 + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']}
  193 + end
  194 +
  195 + should 'not visitor list invisible communities' do
  196 + visitor_setup
  197 + community1 = fast_create(Community, :environment_id => environment.id)
  198 + fast_create(Community, :environment_id => environment.id, :visible => false)
  199 +
  200 + get "/api/v1/communities?#{params.to_query}"
  201 + json = JSON.parse(last_response.body)
  202 + assert_equal [community1.id], json['communities'].map {|c| c['id']}
  203 + end
  204 +
  205 + should 'visitor list private communities' do
  206 + visitor_setup
  207 + community1 = fast_create(Community, :environment_id => environment.id)
  208 + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false)
  209 +
  210 + get "/api/v1/communities?#{params.to_query}"
  211 + json = JSON.parse(last_response.body)
  212 + assert_equal [community1.id, community2.id], json['communities'].map {|c| c['id']}
  213 + end
  214 +
  215 +
  216 +
  217 + should 'not visitor create a community' do
  218 + visitor_setup
  219 + params[:community] = {:name => 'some'}
  220 + post "/api/v1/communities?#{params.to_query}"
  221 + json = JSON.parse(last_response.body)
  222 + assert_equal 401, last_response.status
  223 + end
  224 +
  225 + should 'visitor get community' do
  226 + visitor_setup
  227 + community = fast_create(Community, :environment_id => environment.id)
  228 + get "/api/v1/communities/#{community.id}"
  229 + json = JSON.parse(last_response.body)
  230 + assert_equal community.id, json['community']['id']
  231 + end
  232 +
  233 + should 'not visitor get invisible community' do
  234 + visitor_setup
  235 + community = fast_create(Community, :environment_id => environment.id, :visible => false)
  236 + get "/api/v1/communities/#{community.id}"
  237 + json = JSON.parse(last_response.body)
  238 + assert json['community'].blank?
  239 + end
  240 +
  241 + should 'visitor not get private communities' do
  242 + visitor_setup
  243 + community = fast_create(Community, :environment_id => environment.id)
  244 + fast_create(Community, :environment_id => environment.id, :public_profile => false)
  245 + get "/api/v1/communities/#{community.id}"
  246 + json = JSON.parse(last_response.body)
  247 + assert_equal community.id, json['community']['id']
  248 + end
  249 +
  250 + should 'visitor list communities with pagination' do
  251 + visitor_setup
  252 + community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago)
  253 + community2 = fast_create(Community, :created_at => 2.days.ago)
  254 +
  255 + params[:page] = 2
  256 + params[:per_page] = 1
  257 + get "/api/v1/communities?#{params.to_query}"
  258 + json_page_two = JSON.parse(last_response.body)
  259 +
  260 + params[:page] = 1
  261 + params[:per_page] = 1
  262 + get "/api/v1/communities?#{params.to_query}"
  263 + json_page_one = JSON.parse(last_response.body)
  264 +
  265 + assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id
  266 + assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id
  267 +
  268 + assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id
  269 + assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id
  270 + end
  271 +
  272 + should 'visitor list communities with timestamp' do
  273 + visitor_setup
147 274 community1 = fast_create(Community, :public_profile => true)
148 275 community2 = fast_create(Community)
149 276  
... ... @@ -157,4 +284,7 @@ class CommunitiesTest &lt; ActiveSupport::TestCase
157 284 assert_includes json["communities"].map { |a| a["id"] }, community1.id
158 285 assert_not_includes json["communities"].map { |a| a["id"] }, community2.id
159 286 end
  287 +
  288 + ###################End Visitor's tests ######################################3
  289 +
160 290 end
... ...
test/api/enterprises_test.rb
  Diff comments   View file @3590c1b
... ... @@ -33,13 +33,13 @@ class EnterprisesTest &lt; ActiveSupport::TestCase
33 33 assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
34 34 end
35 35  
36   - should 'not list private enterprises without permission' do
  36 + should 'list private enterprises' do
37 37 enterprise1 = fast_create(Enterprise, :environment_id => environment.id)
38   - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
  38 + enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false)
39 39  
40 40 get "/api/v1/enterprises?#{params.to_query}"
41 41 json = JSON.parse(last_response.body)
42   - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']}
  42 + assert_equal [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']}
43 43 end
44 44  
45 45 should 'list private enterprise for members' do
... ...
test/api/people_test.rb
  Diff comments   View file @3590c1b
... ... @@ -35,11 +35,11 @@ class PeopleTest &lt; ActiveSupport::TestCase
35 35 assert_not_includes json_response_ids(:people), invisible_person.id
36 36 end
37 37  
38   - should 'not list private people without permission' do
  38 + should 'list private people' do
39 39 private_person = fast_create(Person, :public_profile => false)
40 40  
41 41 get "/api/v1/people?#{params.to_query}"
42   - assert_not_includes json_response_ids(:people), private_person.id
  42 + assert_includes json_response_ids(:people), private_person.id
43 43 end
44 44  
45 45 should 'list private person for friends' do
... ...
test/api/profiles_test.rb
  Diff comments   View file @3590c1b
... ... @@ -4,10 +4,10 @@ class ProfilesTest &lt; ActiveSupport::TestCase
4 4  
5 5 def setup
6 6 Profile.delete_all
7   - login_api
8 7 end
9 8  
10 9 should 'list all profiles' do
  10 + login_api
11 11 person1 = fast_create(Person)
12 12 person2 = fast_create(Person)
13 13 community = fast_create(Community)
... ... @@ -17,6 +17,7 @@ class ProfilesTest &lt; ActiveSupport::TestCase
17 17 end
18 18  
19 19 should 'get person from profile id' do
  20 + login_api
20 21 some_person = fast_create(Person)
21 22 get "/api/v1/profiles/#{some_person.id}?#{params.to_query}"
22 23 json = JSON.parse(last_response.body)
... ... @@ -24,6 +25,7 @@ class ProfilesTest &lt; ActiveSupport::TestCase
24 25 end
25 26  
26 27 should 'get community from profile id' do
  28 + login_api
27 29 community = fast_create(Community)
28 30 get "/api/v1/profiles/#{community.id}?#{params.to_query}"
29 31 json = JSON.parse(last_response.body)
... ... @@ -77,4 +79,28 @@ class ProfilesTest &lt; ActiveSupport::TestCase
77 79 assert_nil Profile.find_by_id profile.id
78 80  
79 81 end
  82 +
  83 + should 'visitor list all profiles' do
  84 + person1 = fast_create(Person)
  85 + person2 = fast_create(Person)
  86 + community = fast_create(Community)
  87 + get "/api/v1/profiles"
  88 + json = JSON.parse(last_response.body)
  89 + assert_equivalent [person1.id, person2.id, community.id], json.map {|p| p['id']}
  90 + end
  91 +
  92 + should 'visitor get person from profile id' do
  93 + some_person = fast_create(Person)
  94 + get "/api/v1/profiles/#{some_person.id}"
  95 + json = JSON.parse(last_response.body)
  96 + assert_equal some_person.id, json['id']
  97 + end
  98 +
  99 + should 'visitor get community from profile id' do
  100 + community = fast_create(Community)
  101 + get "/api/v1/profiles/#{community.id}"
  102 + json = JSON.parse(last_response.body)
  103 + assert_equal community.id, json['id']
  104 + end
  105 +
80 106 end
... ...
test/api/test_helper.rb
  Diff comments   View file @3590c1b
... ... @@ -24,6 +24,12 @@ class ActiveSupport::TestCase
24 24  
25 25 @params = {:private_token => @private_token}
26 26 end
  27 +
  28 + def visitor_setup
  29 + @environment = Environment.default
  30 + @params = {}
  31 + end
  32 +
27 33 attr_accessor :private_token, :user, :person, :params, :environment
28 34  
29 35 private
... ...
test/unit/organization_test.rb
  Diff comments   View file @3590c1b
... ... @@ -437,7 +437,7 @@ class OrganizationTest &lt; ActiveSupport::TestCase
437 437 c = fast_create(Organization, :name => 'my test profile', :identifier => 'mytestprofile')
438 438 admin = create_user('adminuser').person
439 439 c.add_admin(admin)
440   -
  440 +
441 441 assert c.is_admin?(admin)
442 442 end
443 443  
... ... @@ -513,4 +513,18 @@ class OrganizationTest &lt; ActiveSupport::TestCase
513 513 assert_includes env_admin_orgs, o7
514 514 end
515 515  
  516 + should 'fetch organizations there are visible for a visitor' do
  517 + visitor = nil
  518 + Organization.destroy_all
  519 + o1 = fast_create(Organization, :public_profile => true , :visible => true )
  520 + o2 = fast_create(Organization, :public_profile => false, :visible => true )
  521 + o3 = fast_create(Organization, :public_profile => true , :visible => false)
  522 + o4 = fast_create(Organization, :public_profile => false, :visible => false)
  523 + person_orgs = Organization.visible_for_person(visitor)
  524 + assert_includes person_orgs, o1
  525 + assert_not_includes person_orgs, o2
  526 + assert_not_includes person_orgs, o3
  527 + assert_not_includes person_orgs, o4
  528 + end
  529 +
516 530 end
... ...
test/unit/person_test.rb
  Diff comments   View file @3590c1b
... ... @@ -1951,4 +1951,17 @@ class PersonTest &lt; ActiveSupport::TestCase
1951 1951 person.save!
1952 1952 end
1953 1953  
  1954 + should 'fetch people there are visible for a visitor' do
  1955 + person = nil
  1956 + p1 = fast_create(Person, :public_profile => true , :visible => true)
  1957 + p2 = fast_create(Person, :public_profile => false, :visible => true)
  1958 + p3 = fast_create(Person, :public_profile => true , :visible => false)
  1959 + p4 = fast_create(Person, :public_profile => false, :visible => false)
  1960 + people_visible_by_visitor = Person.visible_for_person(person)
  1961 + assert_includes people_visible_by_visitor, p1
  1962 + assert_not_includes people_visible_by_visitor, p2
  1963 + assert_not_includes people_visible_by_visitor, p3
  1964 + assert_not_includes people_visible_by_visitor, p4
  1965 + end
  1966 +
1954 1967 end
... ...