Commit 38d1534c7c865b2ddee78bc75fb49e34d570f376
1 parent
49b8a45b
Exists in
staging
and in
4 other branches
articles endpoint pagination, security and refactoring helpers
Showing
5 changed files
with
46 additions
and
10 deletions
Show diff stats
lib/noosfero/api/entities.rb
| ... | ... | @@ -49,7 +49,7 @@ module Noosfero |
| 49 | 49 | class Enterprise < Profile |
| 50 | 50 | root 'enterprises', 'enterprise' |
| 51 | 51 | end |
| 52 | - | |
| 52 | + | |
| 53 | 53 | class Community < Profile |
| 54 | 54 | root 'communities', 'community' |
| 55 | 55 | expose :description |
| ... | ... | @@ -95,7 +95,9 @@ module Noosfero |
| 95 | 95 | class Article < ArticleBase |
| 96 | 96 | root 'articles', 'article' |
| 97 | 97 | expose :parent, :using => ArticleBase |
| 98 | - expose :children, :using => ArticleBase | |
| 98 | + expose :children, using: ArticleBase do |article, options| | |
| 99 | + article.children.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE) | |
| 100 | + end | |
| 99 | 101 | end |
| 100 | 102 | |
| 101 | 103 | class Comment < Entity | ... | ... |
lib/noosfero/api/helpers.rb
| 1 | - module Noosfero | |
| 1 | + module Noosfero; | |
| 2 | + | |
| 2 | 3 | module API |
| 3 | 4 | module APIHelpers |
| 4 | 5 | PRIVATE_TOKEN_PARAM = :private_token |
| ... | ... | @@ -77,11 +78,23 @@ |
| 77 | 78 | end |
| 78 | 79 | |
| 79 | 80 | def present_articles(asset) |
| 80 | - articles = select_filtered_collection_of(asset, 'articles', params) | |
| 81 | - articles = articles.display_filter(current_person, nil) | |
| 81 | + articles = find_articles(asset) | |
| 82 | + articles = paginate articles | |
| 82 | 83 | present articles, :with => Entities::Article, :fields => params[:fields] |
| 83 | 84 | end |
| 84 | 85 | |
| 86 | + def find_articles(asset) | |
| 87 | + articles = select_filtered_collection_of(asset, 'articles', params) | |
| 88 | + if current_person.present? | |
| 89 | + articles = articles.display_filter(current_person, nil) | |
| 90 | + else | |
| 91 | + articles = articles.published | |
| 92 | + end | |
| 93 | + if params[:categories_ids] | |
| 94 | + articles = articles.joins(:categories).where('category_id in (?)', params[:categories_ids]) | |
| 95 | + end | |
| 96 | + end | |
| 97 | + | |
| 85 | 98 | def find_task(tasks, id) |
| 86 | 99 | task = tasks.find(id) |
| 87 | 100 | task.display_to?(current_user.person) ? task : forbidden! |
| ... | ... | @@ -335,7 +348,7 @@ |
| 335 | 348 | verify_string = "#{client_id}&#{token}&#{captcha_text}" |
| 336 | 349 | request.body = verify_string |
| 337 | 350 | body = http.request(request).body |
| 338 | - body == '1' ? true : body | |
| 351 | + body == '1' ? true : body | |
| 339 | 352 | end |
| 340 | 353 | |
| 341 | 354 | end | ... | ... |
lib/noosfero/api/v1/articles.rb
| ... | ... | @@ -2,12 +2,15 @@ module Noosfero |
| 2 | 2 | module API |
| 3 | 3 | module V1 |
| 4 | 4 | class Articles < Grape::API |
| 5 | - before { authenticate! } | |
| 6 | 5 | |
| 7 | 6 | ARTICLE_TYPES = Article.descendants.map{|a| a.to_s} |
| 8 | 7 | |
| 8 | + MAX_PER_PAGE = 50 | |
| 9 | + | |
| 9 | 10 | resource :articles do |
| 10 | 11 | |
| 12 | + paginate per_page: MAX_PER_PAGE, max_per_page: MAX_PER_PAGE | |
| 13 | + | |
| 11 | 14 | # Collect articles |
| 12 | 15 | # |
| 13 | 16 | # Parameters: |
| ... | ... | @@ -17,6 +20,7 @@ module Noosfero |
| 17 | 20 | # |
| 18 | 21 | # Example Request: |
| 19 | 22 | # GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317 |
| 23 | + | |
| 20 | 24 | get do |
| 21 | 25 | present_articles(environment) |
| 22 | 26 | end |
| ... | ... | @@ -54,7 +58,6 @@ module Noosfero |
| 54 | 58 | |
| 55 | 59 | end |
| 56 | 60 | |
| 57 | - | |
| 58 | 61 | desc "Returns the total followers for the article" |
| 59 | 62 | get ':id/followers' do |
| 60 | 63 | article = find_article(environment.articles, params[:id]) |
| ... | ... | @@ -64,6 +67,7 @@ module Noosfero |
| 64 | 67 | |
| 65 | 68 | desc "Add a follower for the article" |
| 66 | 69 | post ':id/follow' do |
| 70 | + authenticate! | |
| 67 | 71 | article = find_article(environment.articles, params[:id]) |
| 68 | 72 | if article.article_followers.exists?(:person_id => current_person.id) |
| 69 | 73 | {:success => false, :already_follow => true} |
| ... | ... | @@ -77,6 +81,7 @@ module Noosfero |
| 77 | 81 | end |
| 78 | 82 | |
| 79 | 83 | post ':id/vote' do |
| 84 | + authenticate! | |
| 80 | 85 | value = (params[:value] || 1).to_i |
| 81 | 86 | # FIXME verify allowed values |
| 82 | 87 | render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value) |
| ... | ... | @@ -109,6 +114,7 @@ module Noosfero |
| 109 | 114 | end |
| 110 | 115 | |
| 111 | 116 | post ':id/children/suggest' do |
| 117 | + authenticate! | |
| 112 | 118 | parent_article = environment.articles.find(params[:id]) |
| 113 | 119 | |
| 114 | 120 | suggest_article = SuggestArticle.new |
| ... | ... | @@ -126,7 +132,7 @@ module Noosfero |
| 126 | 132 | # Example Request: |
| 127 | 133 | # POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body |
| 128 | 134 | post ':id/children' do |
| 129 | - | |
| 135 | + authenticate! | |
| 130 | 136 | parent_article = environment.articles.find(params[:id]) |
| 131 | 137 | return forbidden! unless parent_article.allow_create?(current_person) |
| 132 | 138 | ... | ... |
test/unit/api/categories_test.rb
| ... | ... | @@ -33,7 +33,7 @@ class CategoriesTest < ActiveSupport::TestCase |
| 33 | 33 | |
| 34 | 34 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
| 35 | 35 | json = JSON.parse(last_response.body) |
| 36 | - assert_equal({'id' => parent.id, 'name' => parent.name}, json['category']['parent']) | |
| 36 | + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) | |
| 37 | 37 | assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } |
| 38 | 38 | end |
| 39 | 39 | ... | ... |
test/unit/api/helpers_test.rb
| ... | ... | @@ -223,6 +223,21 @@ class APIHelpersTest < ActiveSupport::TestCase |
| 223 | 223 | filter_disabled_plugins_endpoints |
| 224 | 224 | end |
| 225 | 225 | |
| 226 | + should 'find all published articles on environment' do | |
| 227 | + #user = create_user('someuser') | |
| 228 | + #p = fast_create(Profile) | |
| 229 | + #a = fast_create(Article, :published => false, :profile_id => p.id) | |
| 230 | + #fast_create(Article, :profile_id => p.id) | |
| 231 | + | |
| 232 | + #user.generate_private_token! | |
| 233 | + #User.expects(:find_by_private_token).returns(user) | |
| 234 | + #assert_equal 403, find_article(p.articles, a.id).last | |
| 235 | + | |
| 236 | + #assert_equals [article1, article2], present_articles | |
| 237 | + | |
| 238 | + | |
| 239 | + end | |
| 240 | + | |
| 226 | 241 | protected |
| 227 | 242 | |
| 228 | 243 | def error!(info, status) | ... | ... |