Commit 38d1534c7c865b2ddee78bc75fb49e34d570f376
1 parent
49b8a45b
Exists in
staging
and in
4 other branches
articles endpoint pagination, security and refactoring helpers
Showing
5 changed files
with
46 additions
and
10 deletions
Show diff stats
lib/noosfero/api/entities.rb
| @@ -49,7 +49,7 @@ module Noosfero | @@ -49,7 +49,7 @@ module Noosfero | ||
| 49 | class Enterprise < Profile | 49 | class Enterprise < Profile |
| 50 | root 'enterprises', 'enterprise' | 50 | root 'enterprises', 'enterprise' |
| 51 | end | 51 | end |
| 52 | - | 52 | + |
| 53 | class Community < Profile | 53 | class Community < Profile |
| 54 | root 'communities', 'community' | 54 | root 'communities', 'community' |
| 55 | expose :description | 55 | expose :description |
| @@ -95,7 +95,9 @@ module Noosfero | @@ -95,7 +95,9 @@ module Noosfero | ||
| 95 | class Article < ArticleBase | 95 | class Article < ArticleBase |
| 96 | root 'articles', 'article' | 96 | root 'articles', 'article' |
| 97 | expose :parent, :using => ArticleBase | 97 | expose :parent, :using => ArticleBase |
| 98 | - expose :children, :using => ArticleBase | 98 | + expose :children, using: ArticleBase do |article, options| |
| 99 | + article.children.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE) | ||
| 100 | + end | ||
| 99 | end | 101 | end |
| 100 | 102 | ||
| 101 | class Comment < Entity | 103 | class Comment < Entity |
lib/noosfero/api/helpers.rb
| 1 | - module Noosfero | 1 | + module Noosfero; |
| 2 | + | ||
| 2 | module API | 3 | module API |
| 3 | module APIHelpers | 4 | module APIHelpers |
| 4 | PRIVATE_TOKEN_PARAM = :private_token | 5 | PRIVATE_TOKEN_PARAM = :private_token |
| @@ -77,11 +78,23 @@ | @@ -77,11 +78,23 @@ | ||
| 77 | end | 78 | end |
| 78 | 79 | ||
| 79 | def present_articles(asset) | 80 | def present_articles(asset) |
| 80 | - articles = select_filtered_collection_of(asset, 'articles', params) | ||
| 81 | - articles = articles.display_filter(current_person, nil) | 81 | + articles = find_articles(asset) |
| 82 | + articles = paginate articles | ||
| 82 | present articles, :with => Entities::Article, :fields => params[:fields] | 83 | present articles, :with => Entities::Article, :fields => params[:fields] |
| 83 | end | 84 | end |
| 84 | 85 | ||
| 86 | + def find_articles(asset) | ||
| 87 | + articles = select_filtered_collection_of(asset, 'articles', params) | ||
| 88 | + if current_person.present? | ||
| 89 | + articles = articles.display_filter(current_person, nil) | ||
| 90 | + else | ||
| 91 | + articles = articles.published | ||
| 92 | + end | ||
| 93 | + if params[:categories_ids] | ||
| 94 | + articles = articles.joins(:categories).where('category_id in (?)', params[:categories_ids]) | ||
| 95 | + end | ||
| 96 | + end | ||
| 97 | + | ||
| 85 | def find_task(tasks, id) | 98 | def find_task(tasks, id) |
| 86 | task = tasks.find(id) | 99 | task = tasks.find(id) |
| 87 | task.display_to?(current_user.person) ? task : forbidden! | 100 | task.display_to?(current_user.person) ? task : forbidden! |
| @@ -335,7 +348,7 @@ | @@ -335,7 +348,7 @@ | ||
| 335 | verify_string = "#{client_id}&#{token}&#{captcha_text}" | 348 | verify_string = "#{client_id}&#{token}&#{captcha_text}" |
| 336 | request.body = verify_string | 349 | request.body = verify_string |
| 337 | body = http.request(request).body | 350 | body = http.request(request).body |
| 338 | - body == '1' ? true : body | 351 | + body == '1' ? true : body |
| 339 | end | 352 | end |
| 340 | 353 | ||
| 341 | end | 354 | end |
lib/noosfero/api/v1/articles.rb
| @@ -2,12 +2,15 @@ module Noosfero | @@ -2,12 +2,15 @@ module Noosfero | ||
| 2 | module API | 2 | module API |
| 3 | module V1 | 3 | module V1 |
| 4 | class Articles < Grape::API | 4 | class Articles < Grape::API |
| 5 | - before { authenticate! } | ||
| 6 | 5 | ||
| 7 | ARTICLE_TYPES = Article.descendants.map{|a| a.to_s} | 6 | ARTICLE_TYPES = Article.descendants.map{|a| a.to_s} |
| 8 | 7 | ||
| 8 | + MAX_PER_PAGE = 50 | ||
| 9 | + | ||
| 9 | resource :articles do | 10 | resource :articles do |
| 10 | 11 | ||
| 12 | + paginate per_page: MAX_PER_PAGE, max_per_page: MAX_PER_PAGE | ||
| 13 | + | ||
| 11 | # Collect articles | 14 | # Collect articles |
| 12 | # | 15 | # |
| 13 | # Parameters: | 16 | # Parameters: |
| @@ -17,6 +20,7 @@ module Noosfero | @@ -17,6 +20,7 @@ module Noosfero | ||
| 17 | # | 20 | # |
| 18 | # Example Request: | 21 | # Example Request: |
| 19 | # GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317 | 22 | # GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317 |
| 23 | + | ||
| 20 | get do | 24 | get do |
| 21 | present_articles(environment) | 25 | present_articles(environment) |
| 22 | end | 26 | end |
| @@ -54,7 +58,6 @@ module Noosfero | @@ -54,7 +58,6 @@ module Noosfero | ||
| 54 | 58 | ||
| 55 | end | 59 | end |
| 56 | 60 | ||
| 57 | - | ||
| 58 | desc "Returns the total followers for the article" | 61 | desc "Returns the total followers for the article" |
| 59 | get ':id/followers' do | 62 | get ':id/followers' do |
| 60 | article = find_article(environment.articles, params[:id]) | 63 | article = find_article(environment.articles, params[:id]) |
| @@ -64,6 +67,7 @@ module Noosfero | @@ -64,6 +67,7 @@ module Noosfero | ||
| 64 | 67 | ||
| 65 | desc "Add a follower for the article" | 68 | desc "Add a follower for the article" |
| 66 | post ':id/follow' do | 69 | post ':id/follow' do |
| 70 | + authenticate! | ||
| 67 | article = find_article(environment.articles, params[:id]) | 71 | article = find_article(environment.articles, params[:id]) |
| 68 | if article.article_followers.exists?(:person_id => current_person.id) | 72 | if article.article_followers.exists?(:person_id => current_person.id) |
| 69 | {:success => false, :already_follow => true} | 73 | {:success => false, :already_follow => true} |
| @@ -77,6 +81,7 @@ module Noosfero | @@ -77,6 +81,7 @@ module Noosfero | ||
| 77 | end | 81 | end |
| 78 | 82 | ||
| 79 | post ':id/vote' do | 83 | post ':id/vote' do |
| 84 | + authenticate! | ||
| 80 | value = (params[:value] || 1).to_i | 85 | value = (params[:value] || 1).to_i |
| 81 | # FIXME verify allowed values | 86 | # FIXME verify allowed values |
| 82 | render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value) | 87 | render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value) |
| @@ -109,6 +114,7 @@ module Noosfero | @@ -109,6 +114,7 @@ module Noosfero | ||
| 109 | end | 114 | end |
| 110 | 115 | ||
| 111 | post ':id/children/suggest' do | 116 | post ':id/children/suggest' do |
| 117 | + authenticate! | ||
| 112 | parent_article = environment.articles.find(params[:id]) | 118 | parent_article = environment.articles.find(params[:id]) |
| 113 | 119 | ||
| 114 | suggest_article = SuggestArticle.new | 120 | suggest_article = SuggestArticle.new |
| @@ -126,7 +132,7 @@ module Noosfero | @@ -126,7 +132,7 @@ module Noosfero | ||
| 126 | # Example Request: | 132 | # Example Request: |
| 127 | # POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body | 133 | # POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body |
| 128 | post ':id/children' do | 134 | post ':id/children' do |
| 129 | - | 135 | + authenticate! |
| 130 | parent_article = environment.articles.find(params[:id]) | 136 | parent_article = environment.articles.find(params[:id]) |
| 131 | return forbidden! unless parent_article.allow_create?(current_person) | 137 | return forbidden! unless parent_article.allow_create?(current_person) |
| 132 | 138 |
test/unit/api/categories_test.rb
| @@ -33,7 +33,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -33,7 +33,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
| 33 | 33 | ||
| 34 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" | 34 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
| 35 | json = JSON.parse(last_response.body) | 35 | json = JSON.parse(last_response.body) |
| 36 | - assert_equal({'id' => parent.id, 'name' => parent.name}, json['category']['parent']) | 36 | + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) |
| 37 | assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } | 37 | assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } |
| 38 | end | 38 | end |
| 39 | 39 |
test/unit/api/helpers_test.rb
| @@ -223,6 +223,21 @@ class APIHelpersTest < ActiveSupport::TestCase | @@ -223,6 +223,21 @@ class APIHelpersTest < ActiveSupport::TestCase | ||
| 223 | filter_disabled_plugins_endpoints | 223 | filter_disabled_plugins_endpoints |
| 224 | end | 224 | end |
| 225 | 225 | ||
| 226 | + should 'find all published articles on environment' do | ||
| 227 | + #user = create_user('someuser') | ||
| 228 | + #p = fast_create(Profile) | ||
| 229 | + #a = fast_create(Article, :published => false, :profile_id => p.id) | ||
| 230 | + #fast_create(Article, :profile_id => p.id) | ||
| 231 | + | ||
| 232 | + #user.generate_private_token! | ||
| 233 | + #User.expects(:find_by_private_token).returns(user) | ||
| 234 | + #assert_equal 403, find_article(p.articles, a.id).last | ||
| 235 | + | ||
| 236 | + #assert_equals [article1, article2], present_articles | ||
| 237 | + | ||
| 238 | + | ||
| 239 | + end | ||
| 240 | + | ||
| 226 | protected | 241 | protected |
| 227 | 242 | ||
| 228 | def error!(info, status) | 243 | def error!(info, status) |