Commit 55c72be93e86011d7b78bc70dec6c0c75bbe83b6
Exists in
staging
and in
31 other branches
Merge branch 'api_visitor' into 'master'
Some API methods unlocked for visitor Enable visitor to browser some of the API methods See merge request !863
Showing
19 changed files
with
816 additions
and
136 deletions
Show diff stats
app/models/organization.rb
... | ... | @@ -17,6 +17,8 @@ class Organization < Profile |
17 | 17 | # 4) The user is not a member of the organization but the organization is |
18 | 18 | # visible, public and enabled. |
19 | 19 | def self.visible_for_person(person) |
20 | + # Visitor if person.nil? | |
21 | + person_id = person.nil? ? nil : person.id | |
20 | 22 | joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" |
21 | 23 | AND "role_assignments"."resource_type" = \'Profile\') OR ( |
22 | 24 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
... | ... | @@ -28,8 +30,8 @@ class Organization < Profile |
28 | 30 | ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR |
29 | 31 | ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND |
30 | 32 | ( profiles.visible = ? ) )', |
31 | - 'profile_admin', 'environment_administrator', Profile.name, person.id, | |
32 | - Profile.name, person.id, true, true, true] | |
33 | + 'profile_admin', 'environment_administrator', Profile.name, person_id, | |
34 | + Profile.name, person_id, true, true, true] | |
33 | 35 | ).uniq |
34 | 36 | end |
35 | 37 | ... | ... |
app/models/person.rb
... | ... | @@ -42,6 +42,8 @@ class Person < Profile |
42 | 42 | } |
43 | 43 | |
44 | 44 | scope :visible_for_person, lambda { |person| |
45 | + # Visitor if person.nil? | |
46 | + person_id = person.nil? ? nil : person.id | |
45 | 47 | joins('LEFT JOIN "role_assignments" ON |
46 | 48 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
47 | 49 | "role_assignments"."resource_type" = \'Environment\'') |
... | ... | @@ -49,9 +51,10 @@ class Person < Profile |
49 | 51 | .joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"') |
50 | 52 | .where( |
51 | 53 | ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( |
52 | - ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', 'environment_administrator', Profile.name, person.id, person.id, true, true] | |
54 | + ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', | |
55 | + 'environment_administrator', Profile.name, person_id, person_id, true, true] | |
53 | 56 | ).uniq |
54 | - } | |
57 | + } | |
55 | 58 | |
56 | 59 | def has_permission_with_admin?(permission, resource) |
57 | 60 | return true if resource.blank? || resource.admins.include?(self) | ... | ... |
lib/noosfero/api/v1/categories.rb
lib/noosfero/api/v1/comments.rb
... | ... | @@ -4,7 +4,6 @@ module Noosfero |
4 | 4 | class Comments < Grape::API |
5 | 5 | MAX_PER_PAGE = 20 |
6 | 6 | |
7 | - before { authenticate! } | |
8 | 7 | |
9 | 8 | resource :articles do |
10 | 9 | paginate max_per_page: MAX_PER_PAGE |
... | ... | @@ -34,6 +33,7 @@ module Noosfero |
34 | 33 | # Example Request: |
35 | 34 | # POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New |
36 | 35 | post ":id/comments" do |
36 | + authenticate! | |
37 | 37 | article = find_article(environment.articles, params[:id]) |
38 | 38 | options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article) |
39 | 39 | begin | ... | ... |
lib/noosfero/api/v1/communities.rb
... | ... | @@ -2,7 +2,6 @@ module Noosfero |
2 | 2 | module API |
3 | 3 | module V1 |
4 | 4 | class Communities < Grape::API |
5 | - before { authenticate! } | |
6 | 5 | |
7 | 6 | resource :communities do |
8 | 7 | |
... | ... | @@ -18,7 +17,7 @@ module Noosfero |
18 | 17 | # GET /communities?reference_id=10&limit=10&oldest |
19 | 18 | get do |
20 | 19 | communities = select_filtered_collection_of(environment, 'communities', params) |
21 | - communities = communities.visible_for_person(current_person) | |
20 | + communities = communities.visible | |
22 | 21 | communities = communities.by_location(params) # Must be the last. May return Exception obj. |
23 | 22 | present communities, :with => Entities::Community, :current_person => current_person |
24 | 23 | end |
... | ... | @@ -28,6 +27,7 @@ module Noosfero |
28 | 27 | # POST api/v1/communties?private_token=234298743290432&community[name]=some_name |
29 | 28 | # for each custom field for community, add &community[field_name]=field_value to the request |
30 | 29 | post do |
30 | + authenticate! | |
31 | 31 | params[:community] ||= {} |
32 | 32 | |
33 | 33 | params[:community][:custom_values]={} |
... | ... | @@ -49,7 +49,7 @@ module Noosfero |
49 | 49 | end |
50 | 50 | |
51 | 51 | get ':id' do |
52 | - community = environment.communities.visible_for_person(current_person).find_by id: params[:id] | |
52 | + community = environment.communities.visible.find_by(id: params[:id]) | |
53 | 53 | present community, :with => Entities::Community, :current_person => current_person |
54 | 54 | end |
55 | 55 | ... | ... |
lib/noosfero/api/v1/enterprises.rb
... | ... | @@ -2,7 +2,6 @@ module Noosfero |
2 | 2 | module API |
3 | 3 | module V1 |
4 | 4 | class Enterprises < Grape::API |
5 | - before { authenticate! } | |
6 | 5 | |
7 | 6 | resource :enterprises do |
8 | 7 | |
... | ... | @@ -19,14 +18,14 @@ module Noosfero |
19 | 18 | # GET /enterprises?reference_id=10&limit=10&oldest |
20 | 19 | get do |
21 | 20 | enterprises = select_filtered_collection_of(environment, 'enterprises', params) |
22 | - enterprises = enterprises.visible_for_person(current_person) | |
21 | + enterprises = enterprises.visible | |
23 | 22 | enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj. |
24 | 23 | present enterprises, :with => Entities::Enterprise, :current_person => current_person |
25 | 24 | end |
26 | 25 | |
27 | 26 | desc "Return one enterprise by id" |
28 | 27 | get ':id' do |
29 | - enterprise = environment.enterprises.visible_for_person(current_person).find_by id: params[:id] | |
28 | + enterprise = environment.enterprises.visible.find_by(id: params[:id]) | |
30 | 29 | present enterprise, :with => Entities::Enterprise, :current_person => current_person |
31 | 30 | end |
32 | 31 | ... | ... |
lib/noosfero/api/v1/people.rb
... | ... | @@ -2,7 +2,6 @@ module Noosfero |
2 | 2 | module API |
3 | 3 | module V1 |
4 | 4 | class People < Grape::API |
5 | - before { authenticate! } | |
6 | 5 | |
7 | 6 | MAX_PER_PAGE = 50 |
8 | 7 | |
... | ... | @@ -35,24 +34,26 @@ module Noosfero |
35 | 34 | desc "Find environment's people" |
36 | 35 | get do |
37 | 36 | people = select_filtered_collection_of(environment, 'people', params) |
38 | - people = people.visible_for_person(current_person) | |
37 | + people = people.visible | |
39 | 38 | present_partial people, :with => Entities::Person, :current_person => current_person |
40 | 39 | end |
41 | 40 | |
42 | 41 | desc "Return the logged user information" |
43 | 42 | get "/me" do |
43 | + authenticate! | |
44 | 44 | present_partial current_person, :with => Entities::Person, :current_person => current_person |
45 | 45 | end |
46 | 46 | |
47 | 47 | desc "Return the person information" |
48 | 48 | get ':id' do |
49 | - person = environment.people.visible_for_person(current_person).find_by id: params[:id] | |
49 | + person = environment.people.visible.find_by(id: params[:id]) | |
50 | 50 | return not_found! if person.blank? |
51 | 51 | present person, :with => Entities::Person, :current_person => current_person |
52 | 52 | end |
53 | 53 | |
54 | 54 | desc "Update person information" |
55 | 55 | post ':id' do |
56 | + authenticate! | |
56 | 57 | return forbidden! if current_person.id.to_s != params[:id] |
57 | 58 | current_person.update_attributes!(params[:person]) |
58 | 59 | present current_person, :with => Entities::Person, :current_person => current_person |
... | ... | @@ -63,6 +64,7 @@ module Noosfero |
63 | 64 | # for each custom field for person, add &person[field_name]=field_value to the request |
64 | 65 | desc "Create person" |
65 | 66 | post do |
67 | + authenticate! | |
66 | 68 | user_data = {} |
67 | 69 | user_data[:login] = params[:person].delete(:login) || params[:person][:identifier] |
68 | 70 | user_data[:email] = params[:person].delete(:email) |
... | ... | @@ -87,7 +89,7 @@ module Noosfero |
87 | 89 | |
88 | 90 | desc "Return the person friends" |
89 | 91 | get ':id/friends' do |
90 | - person = environment.people.visible_for_person(current_person).find_by id: params[:id] | |
92 | + person = environment.people.visible.find_by(id: params[:id]) | |
91 | 93 | return not_found! if person.blank? |
92 | 94 | friends = person.friends.visible |
93 | 95 | present friends, :with => Entities::Person, :current_person => current_person |
... | ... | @@ -95,6 +97,7 @@ module Noosfero |
95 | 97 | |
96 | 98 | desc "Return the person permissions on other profiles" |
97 | 99 | get ":id/permissions" do |
100 | + authenticate! | |
98 | 101 | person = environment.people.find(params[:id]) |
99 | 102 | return not_found! if person.blank? |
100 | 103 | return forbidden! unless current_person == person || environment.admins.include?(current_person) | ... | ... |
lib/noosfero/api/v1/profiles.rb
... | ... | @@ -2,25 +2,25 @@ module Noosfero |
2 | 2 | module API |
3 | 3 | module V1 |
4 | 4 | class Profiles < Grape::API |
5 | - before { authenticate! } | |
6 | 5 | |
7 | 6 | resource :profiles do |
8 | 7 | |
9 | 8 | get do |
10 | 9 | profiles = select_filtered_collection_of(environment, 'profiles', params) |
11 | - profiles = profiles.visible_for_person(current_person) | |
10 | + profiles = profiles.visible | |
12 | 11 | profiles = profiles.by_location(params) # Must be the last. May return Exception obj. |
13 | 12 | present profiles, :with => Entities::Profile, :current_person => current_person |
14 | 13 | end |
15 | 14 | |
16 | 15 | get ':id' do |
17 | 16 | profiles = environment.profiles |
18 | - profiles = profiles.visible_for_person(current_person) | |
17 | + profiles = profiles.visible | |
19 | 18 | profile = profiles.find_by id: params[:id] |
20 | 19 | present profile, :with => Entities::Profile, :current_person => current_person |
21 | 20 | end |
22 | 21 | |
23 | 22 | delete ':id' do |
23 | + authenticate! | |
24 | 24 | profiles = environment.profiles |
25 | 25 | profile = profiles.find_by id: params[:id] |
26 | 26 | ... | ... |
lib/noosfero/api/v1/users.rb
... | ... | @@ -2,7 +2,6 @@ module Noosfero |
2 | 2 | module API |
3 | 3 | module V1 |
4 | 4 | class Users < Grape::API |
5 | - before { authenticate! } | |
6 | 5 | |
7 | 6 | resource :users do |
8 | 7 | |
... | ... | @@ -13,6 +12,7 @@ module Noosfero |
13 | 12 | end |
14 | 13 | |
15 | 14 | get "/me" do |
15 | + authenticate! | |
16 | 16 | present current_user, :with => Entities::User, :current_person => current_person |
17 | 17 | end |
18 | 18 | |
... | ... | @@ -25,6 +25,7 @@ module Noosfero |
25 | 25 | end |
26 | 26 | |
27 | 27 | get ":id/permissions" do |
28 | + authenticate! | |
28 | 29 | user = environment.users.find(params[:id]) |
29 | 30 | output = {} |
30 | 31 | user.person.role_assignments.map do |role_assigment| | ... | ... |
test/api/categories_test.rb
... | ... | @@ -2,25 +2,25 @@ require_relative 'test_helper' |
2 | 2 | |
3 | 3 | class CategoriesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | - def setup | |
6 | - login_api | |
7 | - end | |
8 | 5 | |
9 | - should 'list categories' do | |
6 | + should 'logged user list categories' do | |
7 | + login_api | |
10 | 8 | category = fast_create(Category, :environment_id => environment.id) |
11 | 9 | get "/api/v1/categories/?#{params.to_query}" |
12 | 10 | json = JSON.parse(last_response.body) |
13 | 11 | assert_includes json["categories"].map { |c| c["name"] }, category.name |
14 | 12 | end |
15 | 13 | |
16 | - should 'get category by id' do | |
14 | + should 'logged user get category by id' do | |
15 | + login_api | |
17 | 16 | category = fast_create(Category, :environment_id => environment.id) |
18 | 17 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
19 | 18 | json = JSON.parse(last_response.body) |
20 | 19 | assert_equal category.name, json["category"]["name"] |
21 | 20 | end |
22 | 21 | |
23 | - should 'list parent and children when get category by id' do | |
22 | + should 'logged user list parent and children when get category by id' do | |
23 | + login_api | |
24 | 24 | parent = fast_create(Category, :environment_id => environment.id) |
25 | 25 | child_1 = fast_create(Category, :environment_id => environment.id) |
26 | 26 | child_2 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -37,7 +37,8 @@ class CategoriesTest < ActiveSupport::TestCase |
37 | 37 | assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } |
38 | 38 | end |
39 | 39 | |
40 | - should 'include parent in categories list if params is true' do | |
40 | + should 'logged user include parent in categories list if params is true' do | |
41 | + login_api | |
41 | 42 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category |
42 | 43 | child_1 = fast_create(Category, :environment_id => environment.id) |
43 | 44 | child_2 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -59,7 +60,8 @@ class CategoriesTest < ActiveSupport::TestCase |
59 | 60 | json["categories"].map { |c| c['parent'] && c['parent']['id'] } |
60 | 61 | end |
61 | 62 | |
62 | - should 'include children in categories list if params is true' do | |
63 | + should 'logged user include children in categories list if params is true' do | |
64 | + login_api | |
63 | 65 | category = fast_create(Category, :environment_id => environment.id) |
64 | 66 | child_1 = fast_create(Category, :environment_id => environment.id) |
65 | 67 | child_2 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -86,7 +88,8 @@ class CategoriesTest < ActiveSupport::TestCase |
86 | 88 | expose_attributes = %w(id name full_name image display_color) |
87 | 89 | |
88 | 90 | expose_attributes.each do |attr| |
89 | - should "expose category #{attr} attribute by default" do | |
91 | + should "logged user expose category #{attr} attribute by default" do | |
92 | + login_api | |
90 | 93 | category = fast_create(Category, :environment_id => environment.id) |
91 | 94 | get "/api/v1/categories/?#{params.to_query}" |
92 | 95 | json = JSON.parse(last_response.body) |
... | ... | @@ -94,4 +97,98 @@ class CategoriesTest < ActiveSupport::TestCase |
94 | 97 | end |
95 | 98 | end |
96 | 99 | |
100 | + should 'anonymous list categories' do | |
101 | + anonymous_setup | |
102 | + category = fast_create(Category, :environment_id => environment.id) | |
103 | + get "/api/v1/categories/?#{params.to_query}" | |
104 | + json = JSON.parse(last_response.body) | |
105 | + assert_includes json["categories"].map { |c| c["name"] }, category.name | |
106 | + end | |
107 | + | |
108 | + should 'anonymous get category by id' do | |
109 | + anonymous_setup | |
110 | + category = fast_create(Category, :environment_id => environment.id) | |
111 | + get "/api/v1/categories/#{category.id}/?#{params.to_query}" | |
112 | + json = JSON.parse(last_response.body) | |
113 | + assert_equal category.name, json["category"]["name"] | |
114 | + end | |
115 | + | |
116 | + should 'anonymous list parent and children when get category by id' do | |
117 | + anonymous_setup | |
118 | + parent = fast_create(Category, :environment_id => environment.id) | |
119 | + child_1 = fast_create(Category, :environment_id => environment.id) | |
120 | + child_2 = fast_create(Category, :environment_id => environment.id) | |
121 | + | |
122 | + category = fast_create(Category, :environment_id => environment.id) | |
123 | + category.parent = parent | |
124 | + category.children << child_1 | |
125 | + category.children << child_2 | |
126 | + category.save | |
127 | + | |
128 | + get "/api/v1/categories/#{category.id}/?#{params.to_query}" | |
129 | + json = JSON.parse(last_response.body) | |
130 | + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) | |
131 | + assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } | |
132 | + end | |
133 | + | |
134 | + should 'anonymous include parent in categories list if params is true' do | |
135 | + anonymous_setup | |
136 | + parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category | |
137 | + child_1 = fast_create(Category, :environment_id => environment.id) | |
138 | + child_2 = fast_create(Category, :environment_id => environment.id) | |
139 | + | |
140 | + parent_2 = fast_create(Category, :environment_id => environment.id) | |
141 | + parent_2.parent = parent_1 | |
142 | + parent_2.children << child_1 | |
143 | + parent_2.children << child_2 | |
144 | + parent_2.save | |
145 | + | |
146 | + get "/api/v1/categories/?#{params.to_query}" | |
147 | + json = JSON.parse(last_response.body) | |
148 | + assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq | |
149 | + | |
150 | + params[:include_parent] = true | |
151 | + get "/api/v1/categories/?#{params.to_query}" | |
152 | + json = JSON.parse(last_response.body) | |
153 | + assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id], | |
154 | + json["categories"].map { |c| c['parent'] && c['parent']['id'] } | |
155 | + end | |
156 | + | |
157 | + should 'anonymous include children in categories list if params is true' do | |
158 | + anonymous_setup | |
159 | + category = fast_create(Category, :environment_id => environment.id) | |
160 | + child_1 = fast_create(Category, :environment_id => environment.id) | |
161 | + child_2 = fast_create(Category, :environment_id => environment.id) | |
162 | + child_3 = fast_create(Category, :environment_id => environment.id) | |
163 | + | |
164 | + category.children << child_1 | |
165 | + category.children << child_2 | |
166 | + category.save | |
167 | + | |
168 | + child_1.children << child_3 | |
169 | + child_1.save | |
170 | + | |
171 | + get "/api/v1/categories/?#{params.to_query}" | |
172 | + json = JSON.parse(last_response.body) | |
173 | + assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq | |
174 | + | |
175 | + params[:include_children] = true | |
176 | + get "/api/v1/categories/?#{params.to_query}" | |
177 | + json = JSON.parse(last_response.body) | |
178 | + assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort], | |
179 | + json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort } | |
180 | + end | |
181 | + | |
182 | + expose_attributes.each do |attr| | |
183 | + should "anonymous expose category #{attr} attribute by default" do | |
184 | + anonymous_setup | |
185 | + category = fast_create(Category, :environment_id => environment.id) | |
186 | + get "/api/v1/categories/?#{params.to_query}" | |
187 | + json = JSON.parse(last_response.body) | |
188 | + assert json["categories"].last.has_key?(attr) | |
189 | + end | |
190 | + end | |
191 | + | |
192 | + | |
193 | + | |
97 | 194 | end | ... | ... |
test/api/comments_test.rb
... | ... | @@ -3,41 +3,44 @@ require_relative 'test_helper' |
3 | 3 | class CommentsTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | - login_api | |
6 | + @local_person = fast_create(Person) | |
7 | + anonymous_setup | |
7 | 8 | end |
9 | + attr_reader :local_person | |
8 | 10 | |
9 | - should 'not list comments if user has no permission to view the source article' do | |
10 | - person = fast_create(Person) | |
11 | - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | |
11 | + should 'logged user not list comments if user has no permission to view the source article' do | |
12 | + login_api | |
13 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
12 | 14 | assert !article.published? |
13 | 15 | |
14 | 16 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
15 | 17 | assert_equal 403, last_response.status |
16 | 18 | end |
17 | 19 | |
18 | - should 'not return comment if user has no permission to view the source article' do | |
19 | - person = fast_create(Person) | |
20 | - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | |
21 | - comment = article.comments.create!(:body => "another comment", :author => user.person) | |
20 | + should 'logged user not return comment if user has no permission to view the source article' do | |
21 | + login_api | |
22 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
23 | + comment = article.comments.create!(:body => "another comment", :author => local_person) | |
22 | 24 | assert !article.published? |
23 | 25 | |
24 | 26 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
25 | 27 | assert_equal 403, last_response.status |
26 | 28 | end |
27 | 29 | |
28 | - should 'not comment an article if user has no permission to view it' do | |
29 | - person = fast_create(Person) | |
30 | - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | |
30 | + should 'logged user not comment an article if user has no permission to view it' do | |
31 | + login_api | |
32 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
31 | 33 | assert !article.published? |
32 | 34 | |
33 | 35 | post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
34 | 36 | assert_equal 403, last_response.status |
35 | 37 | end |
36 | 38 | |
37 | - should 'return comments of an article' do | |
38 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
39 | - article.comments.create!(:body => "some comment", :author => user.person) | |
40 | - article.comments.create!(:body => "another comment", :author => user.person) | |
39 | + should 'logged user return comments of an article' do | |
40 | + login_api | |
41 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
42 | + article.comments.create!(:body => "some comment", :author => local_person) | |
43 | + article.comments.create!(:body => "another comment", :author => local_person) | |
41 | 44 | |
42 | 45 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
43 | 46 | json = JSON.parse(last_response.body) |
... | ... | @@ -45,9 +48,10 @@ class CommentsTest < ActiveSupport::TestCase |
45 | 48 | assert_equal 2, json["comments"].length |
46 | 49 | end |
47 | 50 | |
48 | - should 'return comment of an article' do | |
49 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
50 | - comment = article.comments.create!(:body => "another comment", :author => user.person) | |
51 | + should 'logged user return comment of an article' do | |
52 | + login_api | |
53 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
54 | + comment = article.comments.create!(:body => "another comment", :author => local_person) | |
51 | 55 | |
52 | 56 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
53 | 57 | json = JSON.parse(last_response.body) |
... | ... | @@ -55,8 +59,9 @@ class CommentsTest < ActiveSupport::TestCase |
55 | 59 | assert_equal comment.id, json['comment']['id'] |
56 | 60 | end |
57 | 61 | |
58 | - should 'comment an article' do | |
59 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
62 | + should 'logged user comment an article' do | |
63 | + login_api | |
64 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
60 | 65 | body = 'My comment' |
61 | 66 | params.merge!({:body => body}) |
62 | 67 | |
... | ... | @@ -66,7 +71,8 @@ class CommentsTest < ActiveSupport::TestCase |
66 | 71 | assert_equal body, json['comment']['body'] |
67 | 72 | end |
68 | 73 | |
69 | - should 'not comment an archived article' do | |
74 | + should 'logged user not comment an archived article' do | |
75 | + login_api | |
70 | 76 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true) |
71 | 77 | body = 'My comment' |
72 | 78 | params.merge!({:body => body}) |
... | ... | @@ -75,9 +81,10 @@ class CommentsTest < ActiveSupport::TestCase |
75 | 81 | assert_equal 400, last_response.status |
76 | 82 | end |
77 | 83 | |
78 | - should 'comment creation define the source' do | |
84 | + should 'logged user comment creation define the source' do | |
85 | + login_api | |
79 | 86 | amount = Comment.count |
80 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
87 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
81 | 88 | body = 'My comment' |
82 | 89 | params.merge!({:body => body}) |
83 | 90 | |
... | ... | @@ -87,29 +94,6 @@ class CommentsTest < ActiveSupport::TestCase |
87 | 94 | assert_not_nil comment.source |
88 | 95 | end |
89 | 96 | |
90 | - should 'paginate comments' do | |
91 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
92 | - 5.times { article.comments.create!(:body => "some comment", :author => user.person) } | |
93 | - params[:per_page] = 3 | |
94 | - | |
95 | - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
96 | - json = JSON.parse(last_response.body) | |
97 | - assert_equal 200, last_response.status | |
98 | - assert_equal 3, json["comments"].length | |
99 | - end | |
100 | - | |
101 | - should 'return only root comments' do | |
102 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
103 | - comment1 = article.comments.create!(:body => "some comment", :author => user.person) | |
104 | - comment2 = article.comments.create!(:body => "another comment", :author => user.person, :reply_of_id => comment1.id) | |
105 | - params[:without_reply] = true | |
106 | - | |
107 | - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
108 | - json = JSON.parse(last_response.body) | |
109 | - assert_equal 200, last_response.status | |
110 | - assert_equal [comment1.id], json["comments"].map { |c| c['id'] } | |
111 | - end | |
112 | - | |
113 | 97 | should 'call plugin hotspot to filter unavailable comments' do |
114 | 98 | class Plugin1 < Noosfero::Plugin |
115 | 99 | def unavailable_comments(scope) |
... | ... | @@ -119,7 +103,7 @@ class CommentsTest < ActiveSupport::TestCase |
119 | 103 | Noosfero::Plugin.stubs(:all).returns([Plugin1.name]) |
120 | 104 | Environment.default.enable_plugin(Plugin1) |
121 | 105 | |
122 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
106 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
123 | 107 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1") |
124 | 108 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2", :user_agent => 'Jack') |
125 | 109 | |
... | ... | @@ -128,13 +112,78 @@ class CommentsTest < ActiveSupport::TestCase |
128 | 112 | assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} |
129 | 113 | end |
130 | 114 | |
131 | - should 'do not return comments marked as spam' do | |
132 | - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | |
115 | + should 'anonymous do not return comments marked as spam' do | |
116 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
133 | 117 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1", spam: true) |
134 | 118 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2") |
135 | - | |
136 | 119 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
137 | 120 | json = JSON.parse(last_response.body) |
138 | 121 | assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} |
139 | 122 | end |
123 | + | |
124 | + should 'not, anonymous list comments if has no permission to view the source article' do | |
125 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
126 | + assert !article.published? | |
127 | + | |
128 | + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
129 | + assert_equal 403, last_response.status | |
130 | + end | |
131 | + | |
132 | + should 'anonymous return comments of an article' do | |
133 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
134 | + article.comments.create!(:body => "some comment", :author => local_person) | |
135 | + article.comments.create!(:body => "another comment", :author => local_person) | |
136 | + | |
137 | + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
138 | + json = JSON.parse(last_response.body) | |
139 | + assert_equal 200, last_response.status | |
140 | + assert_equal 2, json["comments"].length | |
141 | + end | |
142 | + | |
143 | + should 'anonymous return comment of an article' do | |
144 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
145 | + comment = article.comments.create!(:body => "another comment", :author => local_person) | |
146 | + | |
147 | + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | |
148 | + json = JSON.parse(last_response.body) | |
149 | + assert_equal 200, last_response.status | |
150 | + assert_equal comment.id, json['comment']['id'] | |
151 | + end | |
152 | + | |
153 | + should 'not, anonymous comment an article (at least so far...)' do | |
154 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
155 | + body = 'My comment' | |
156 | + name = "John Doe" | |
157 | + email = "JohnDoe@gmail.com" | |
158 | + params.merge!({:body => body, name: name, email: email}) | |
159 | + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
160 | + json = JSON.parse(last_response.body) | |
161 | + assert_equal 401, last_response.status | |
162 | + end | |
163 | + | |
164 | + should 'logged user paginate comments' do | |
165 | + login_api | |
166 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
167 | + 5.times { article.comments.create!(:body => "some comment", :author => local_person) } | |
168 | + params[:per_page] = 3 | |
169 | + | |
170 | + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
171 | + json = JSON.parse(last_response.body) | |
172 | + assert_equal 200, last_response.status | |
173 | + assert_equal 3, json["comments"].length | |
174 | + end | |
175 | + | |
176 | + should 'logged user return only root comments' do | |
177 | + login_api | |
178 | + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
179 | + comment1 = article.comments.create!(:body => "some comment", :author => local_person) | |
180 | + comment2 = article.comments.create!(:body => "another comment", :author => local_person, :reply_of_id => comment1.id) | |
181 | + params[:without_reply] = true | |
182 | + | |
183 | + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
184 | + json = JSON.parse(last_response.body) | |
185 | + assert_equal 200, last_response.status | |
186 | + assert_equal [comment1.id], json["comments"].map { |c| c['id'] } | |
187 | + end | |
188 | + | |
140 | 189 | end | ... | ... |
test/api/communities_test.rb
... | ... | @@ -4,10 +4,10 @@ class CommunitiesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | Community.delete_all |
7 | - login_api | |
8 | 7 | end |
9 | 8 | |
10 | - should 'list only communities' do | |
9 | + should 'logged user list only communities' do | |
10 | + login_api | |
11 | 11 | community = fast_create(Community, :environment_id => environment.id) |
12 | 12 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise |
13 | 13 | get "/api/v1/communities?#{params.to_query}" |
... | ... | @@ -16,7 +16,8 @@ class CommunitiesTest < ActiveSupport::TestCase |
16 | 16 | assert_includes json['communities'].map {|c| c['id']}, community.id |
17 | 17 | end |
18 | 18 | |
19 | - should 'list all communities' do | |
19 | + should 'logged user list all communities' do | |
20 | + login_api | |
20 | 21 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) |
21 | 22 | community2 = fast_create(Community, :environment_id => environment.id) |
22 | 23 | get "/api/v1/communities?#{params.to_query}" |
... | ... | @@ -24,7 +25,8 @@ class CommunitiesTest < ActiveSupport::TestCase |
24 | 25 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
25 | 26 | end |
26 | 27 | |
27 | - should 'not list invisible communities' do | |
28 | + should 'not, logged user list invisible communities' do | |
29 | + login_api | |
28 | 30 | community1 = fast_create(Community, :environment_id => environment.id) |
29 | 31 | fast_create(Community, :environment_id => environment.id, :visible => false) |
30 | 32 | |
... | ... | @@ -33,16 +35,18 @@ class CommunitiesTest < ActiveSupport::TestCase |
33 | 35 | assert_equal [community1.id], json['communities'].map {|c| c['id']} |
34 | 36 | end |
35 | 37 | |
36 | - should 'not list private communities without permission' do | |
37 | - community1 = fast_create(Community, :environment_id => environment.id) | |
38 | - fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
38 | + should 'logged user list private communities' do | |
39 | + login_api | |
40 | + community1 = fast_create(Community, :environment_id => environment.id) | |
41 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
39 | 42 | |
40 | - get "/api/v1/communities?#{params.to_query}" | |
41 | - json = JSON.parse(last_response.body) | |
42 | - assert_equal [community1.id], json['communities'].map {|c| c['id']} | |
43 | + get "/api/v1/communities?#{params.to_query}" | |
44 | + json = JSON.parse(last_response.body) | |
45 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | |
43 | 46 | end |
44 | 47 | |
45 | - should 'list private community for members' do | |
48 | + should 'logged user list private community for members' do | |
49 | + login_api | |
46 | 50 | c1 = fast_create(Community, :environment_id => environment.id) |
47 | 51 | c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) |
48 | 52 | c2.add_member(person) |
... | ... | @@ -52,20 +56,23 @@ class CommunitiesTest < ActiveSupport::TestCase |
52 | 56 | assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']} |
53 | 57 | end |
54 | 58 | |
55 | - should 'create a community' do | |
59 | + should 'logged user create a community' do | |
60 | + login_api | |
56 | 61 | params[:community] = {:name => 'some'} |
57 | 62 | post "/api/v1/communities?#{params.to_query}" |
58 | 63 | json = JSON.parse(last_response.body) |
59 | 64 | assert_equal 'some', json['community']['name'] |
60 | 65 | end |
61 | 66 | |
62 | - should 'return 400 status for invalid community creation' do | |
67 | + should 'logged user return 400 status for invalid community creation' do | |
68 | + login_api | |
63 | 69 | post "/api/v1/communities?#{params.to_query}" |
64 | 70 | json = JSON.parse(last_response.body) |
65 | 71 | assert_equal 400, last_response.status |
66 | 72 | end |
67 | 73 | |
68 | - should 'get community' do | |
74 | + should 'logged user get community' do | |
75 | + login_api | |
69 | 76 | community = fast_create(Community, :environment_id => environment.id) |
70 | 77 | |
71 | 78 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
... | ... | @@ -73,7 +80,8 @@ class CommunitiesTest < ActiveSupport::TestCase |
73 | 80 | assert_equal community.id, json['community']['id'] |
74 | 81 | end |
75 | 82 | |
76 | - should 'not get invisible community' do | |
83 | + should 'not, logged user get invisible community' do | |
84 | + login_api | |
77 | 85 | community = fast_create(Community, :environment_id => environment.id, :visible => false) |
78 | 86 | |
79 | 87 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
... | ... | @@ -81,7 +89,8 @@ class CommunitiesTest < ActiveSupport::TestCase |
81 | 89 | assert json['community'].blank? |
82 | 90 | end |
83 | 91 | |
84 | - should 'not get private communities without permission' do | |
92 | + should 'not, logged user get private communities without permission' do | |
93 | + login_api | |
85 | 94 | community = fast_create(Community, :environment_id => environment.id) |
86 | 95 | fast_create(Community, :environment_id => environment.id, :public_profile => false) |
87 | 96 | |
... | ... | @@ -90,17 +99,18 @@ class CommunitiesTest < ActiveSupport::TestCase |
90 | 99 | assert_equal community.id, json['community']['id'] |
91 | 100 | end |
92 | 101 | |
93 | - should 'get private community for members' do | |
102 | + should 'logged user get private community for members' do | |
103 | + login_api | |
94 | 104 | community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) |
95 | 105 | community.add_member(person) |
96 | 106 | |
97 | - | |
98 | 107 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
99 | 108 | json = JSON.parse(last_response.body) |
100 | 109 | assert_equal community.id, json['community']['id'] |
101 | 110 | end |
102 | 111 | |
103 | - should 'list person communities' do | |
112 | + should 'logged user list person communities' do | |
113 | + login_api | |
104 | 114 | community = fast_create(Community, :environment_id => environment.id) |
105 | 115 | fast_create(Community, :environment_id => environment.id) |
106 | 116 | community.add_member(person) |
... | ... | @@ -110,7 +120,8 @@ class CommunitiesTest < ActiveSupport::TestCase |
110 | 120 | assert_equivalent [community.id], json['communities'].map {|c| c['id']} |
111 | 121 | end |
112 | 122 | |
113 | - should 'not list person communities invisible' do | |
123 | + should 'not, logged user list person communities invisible' do | |
124 | + login_api | |
114 | 125 | c1 = fast_create(Community, :environment_id => environment.id) |
115 | 126 | c2 = fast_create(Community, :environment_id => environment.id, :visible => false) |
116 | 127 | c1.add_member(person) |
... | ... | @@ -121,7 +132,8 @@ class CommunitiesTest < ActiveSupport::TestCase |
121 | 132 | assert_equivalent [c1.id], json['communities'].map {|c| c['id']} |
122 | 133 | end |
123 | 134 | |
124 | - should 'list communities with pagination' do | |
135 | + should 'logged user list communities with pagination' do | |
136 | + login_api | |
125 | 137 | community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) |
126 | 138 | community2 = fast_create(Community, :created_at => 2.days.ago) |
127 | 139 | |
... | ... | @@ -143,7 +155,118 @@ class CommunitiesTest < ActiveSupport::TestCase |
143 | 155 | assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id |
144 | 156 | end |
145 | 157 | |
146 | - should 'list communities with timestamp' do | |
158 | + should 'logged user list communities with timestamp' do | |
159 | + login_api | |
160 | + community1 = fast_create(Community, :public_profile => true) | |
161 | + community2 = fast_create(Community) | |
162 | + | |
163 | + community1.updated_at = Time.now + 3.hours | |
164 | + community1.save! | |
165 | + | |
166 | + params[:timestamp] = Time.now + 1.hours | |
167 | + get "/api/v1/communities/?#{params.to_query}" | |
168 | + json = JSON.parse(last_response.body) | |
169 | + | |
170 | + assert_includes json["communities"].map { |a| a["id"] }, community1.id | |
171 | + assert_not_includes json["communities"].map { |a| a["id"] }, community2.id | |
172 | + end | |
173 | + | |
174 | + should 'anonymous list only communities' do | |
175 | + anonymous_setup | |
176 | + community = fast_create(Community, :environment_id => environment.id) | |
177 | + enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise | |
178 | + get "/api/v1/communities?#{params.to_query}" | |
179 | + json = JSON.parse(last_response.body) | |
180 | + assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id | |
181 | + assert_includes json['communities'].map {|c| c['id']}, community.id | |
182 | + end | |
183 | + | |
184 | + should 'anonymous list all communities' do | |
185 | + anonymous_setup | |
186 | + community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) | |
187 | + community2 = fast_create(Community, :environment_id => environment.id) | |
188 | + get "/api/v1/communities?#{params.to_query}" | |
189 | + json = JSON.parse(last_response.body) | |
190 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | |
191 | + end | |
192 | + | |
193 | + should 'not, anonymous list invisible communities' do | |
194 | + anonymous_setup | |
195 | + community1 = fast_create(Community, :environment_id => environment.id) | |
196 | + fast_create(Community, :environment_id => environment.id, :visible => false) | |
197 | + | |
198 | + get "/api/v1/communities?#{params.to_query}" | |
199 | + json = JSON.parse(last_response.body) | |
200 | + assert_equal [community1.id], json['communities'].map {|c| c['id']} | |
201 | + end | |
202 | + | |
203 | + should 'anonymous list private communities' do | |
204 | + anonymous_setup | |
205 | + community1 = fast_create(Community, :environment_id => environment.id) | |
206 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
207 | + | |
208 | + get "/api/v1/communities?#{params.to_query}" | |
209 | + json = JSON.parse(last_response.body) | |
210 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | |
211 | + end | |
212 | + | |
213 | + should 'not, anonymous create a community' do | |
214 | + anonymous_setup | |
215 | + params[:community] = {:name => 'some'} | |
216 | + post "/api/v1/communities?#{params.to_query}" | |
217 | + json = JSON.parse(last_response.body) | |
218 | + assert_equal 401, last_response.status | |
219 | + end | |
220 | + | |
221 | + should 'anonymous get community' do | |
222 | + anonymous_setup | |
223 | + community = fast_create(Community, :environment_id => environment.id) | |
224 | + get "/api/v1/communities/#{community.id}" | |
225 | + json = JSON.parse(last_response.body) | |
226 | + assert_equal community.id, json['community']['id'] | |
227 | + end | |
228 | + | |
229 | + should 'not, anonymous get invisible community' do | |
230 | + anonymous_setup | |
231 | + community = fast_create(Community, :environment_id => environment.id, :visible => false) | |
232 | + get "/api/v1/communities/#{community.id}" | |
233 | + json = JSON.parse(last_response.body) | |
234 | + assert json['community'].blank? | |
235 | + end | |
236 | + | |
237 | + should 'not, anonymous get private communities' do | |
238 | + anonymous_setup | |
239 | + community = fast_create(Community, :environment_id => environment.id) | |
240 | + fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
241 | + get "/api/v1/communities/#{community.id}" | |
242 | + json = JSON.parse(last_response.body) | |
243 | + assert_equal community.id, json['community']['id'] | |
244 | + end | |
245 | + | |
246 | + should 'anonymous list communities with pagination' do | |
247 | + anonymous_setup | |
248 | + community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) | |
249 | + community2 = fast_create(Community, :created_at => 2.days.ago) | |
250 | + | |
251 | + params[:page] = 2 | |
252 | + params[:per_page] = 1 | |
253 | + get "/api/v1/communities?#{params.to_query}" | |
254 | + json_page_two = JSON.parse(last_response.body) | |
255 | + | |
256 | + params[:page] = 1 | |
257 | + params[:per_page] = 1 | |
258 | + get "/api/v1/communities?#{params.to_query}" | |
259 | + json_page_one = JSON.parse(last_response.body) | |
260 | + | |
261 | + assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id | |
262 | + assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id | |
263 | + | |
264 | + assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id | |
265 | + assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id | |
266 | + end | |
267 | + | |
268 | + should 'anonymous list communities with timestamp' do | |
269 | + anonymous_setup | |
147 | 270 | community1 = fast_create(Community, :public_profile => true) |
148 | 271 | community2 = fast_create(Community) |
149 | 272 | |
... | ... | @@ -157,4 +280,31 @@ class CommunitiesTest < ActiveSupport::TestCase |
157 | 280 | assert_includes json["communities"].map { |a| a["id"] }, community1.id |
158 | 281 | assert_not_includes json["communities"].map { |a| a["id"] }, community2.id |
159 | 282 | end |
283 | + | |
284 | + should 'display public custom fields to anonymous' do | |
285 | + anonymous_setup | |
286 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) | |
287 | + some_community = fast_create(Community) | |
288 | + some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | |
289 | + some_community.save! | |
290 | + | |
291 | + get "/api/v1/communities/#{some_community.id}?#{params.to_query}" | |
292 | + json = JSON.parse(last_response.body) | |
293 | + assert json['community']['additional_data'].has_key?('Rating') | |
294 | + assert_equal "Five stars", json['community']['additional_data']['Rating'] | |
295 | + end | |
296 | + | |
297 | + should 'not display private custom fields to anonymous' do | |
298 | + anonymous_setup | |
299 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) | |
300 | + some_community = fast_create(Community) | |
301 | + some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | |
302 | + some_community.save! | |
303 | + | |
304 | + get "/api/v1/communities/#{some_community.id}?#{params.to_query}" | |
305 | + json = JSON.parse(last_response.body) | |
306 | + refute json['community']['additional_data'].has_key?('Rating') | |
307 | + end | |
308 | + | |
309 | + | |
160 | 310 | end | ... | ... |
test/api/enterprises_test.rb
... | ... | @@ -4,10 +4,20 @@ class EnterprisesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | Enterprise.delete_all |
7 | + end | |
8 | + | |
9 | + should 'logger user list only enterprises' do | |
7 | 10 | login_api |
11 | + community = fast_create(Community, :environment_id => environment.id) # should not list this community | |
12 | + enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) | |
13 | + get "/api/v1/enterprises?#{params.to_query}" | |
14 | + json = JSON.parse(last_response.body) | |
15 | + assert_includes json['enterprises'].map {|c| c['id']}, enterprise.id | |
16 | + assert_not_includes json['enterprises'].map {|c| c['id']}, community.id | |
8 | 17 | end |
9 | 18 | |
10 | - should 'list only enterprises' do | |
19 | + should 'anonymous list only enterprises' do | |
20 | + anonymous_setup | |
11 | 21 | community = fast_create(Community, :environment_id => environment.id) # should not list this community |
12 | 22 | enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) |
13 | 23 | get "/api/v1/enterprises?#{params.to_query}" |
... | ... | @@ -16,7 +26,17 @@ class EnterprisesTest < ActiveSupport::TestCase |
16 | 26 | assert_not_includes json['enterprises'].map {|c| c['id']}, community.id |
17 | 27 | end |
18 | 28 | |
19 | - should 'list all enterprises' do | |
29 | + should 'anonymous list all enterprises' do | |
30 | + anonymous_setup | |
31 | + enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) | |
32 | + enterprise2 = fast_create(Enterprise, :environment_id => environment.id) | |
33 | + get "/api/v1/enterprises?#{params.to_query}" | |
34 | + json = JSON.parse(last_response.body) | |
35 | + assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} | |
36 | + end | |
37 | + | |
38 | + should 'logger user list all enterprises' do | |
39 | + login_api | |
20 | 40 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) |
21 | 41 | enterprise2 = fast_create(Enterprise, :environment_id => environment.id) |
22 | 42 | get "/api/v1/enterprises?#{params.to_query}" |
... | ... | @@ -25,6 +45,7 @@ class EnterprisesTest < ActiveSupport::TestCase |
25 | 45 | end |
26 | 46 | |
27 | 47 | should 'not list invisible enterprises' do |
48 | + login_api | |
28 | 49 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
29 | 50 | fast_create(Enterprise, :visible => false) |
30 | 51 | |
... | ... | @@ -33,16 +54,48 @@ class EnterprisesTest < ActiveSupport::TestCase |
33 | 54 | assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} |
34 | 55 | end |
35 | 56 | |
36 | - should 'not list private enterprises without permission' do | |
57 | + should 'not, anonymous list invisible enterprises' do | |
58 | + anonymous_setup | |
37 | 59 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
38 | - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) | |
60 | + fast_create(Enterprise, :visible => false) | |
61 | + | |
62 | + get "/api/v1/enterprises?#{params.to_query}" | |
63 | + json = JSON.parse(last_response.body) | |
64 | + assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} | |
65 | + end | |
66 | + | |
67 | + should 'not, logger user list invisible enterprises' do | |
68 | + login_api | |
69 | + enterprise1 = fast_create(Enterprise, :environment_id => environment.id) | |
70 | + fast_create(Enterprise, :visible => false) | |
39 | 71 | |
40 | 72 | get "/api/v1/enterprises?#{params.to_query}" |
41 | 73 | json = JSON.parse(last_response.body) |
42 | 74 | assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} |
43 | 75 | end |
44 | 76 | |
45 | - should 'list private enterprise for members' do | |
77 | + should 'anonymous list private enterprises' do | |
78 | + anonymous_setup | |
79 | + enterprise1 = fast_create(Enterprise, :environment_id => environment.id) | |
80 | + enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) | |
81 | + | |
82 | + get "/api/v1/enterprises?#{params.to_query}" | |
83 | + json = JSON.parse(last_response.body) | |
84 | + assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} | |
85 | + end | |
86 | + | |
87 | + should 'logged user list private enterprises' do | |
88 | + login_api | |
89 | + enterprise1 = fast_create(Enterprise, :environment_id => environment.id) | |
90 | + enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) | |
91 | + | |
92 | + get "/api/v1/enterprises?#{params.to_query}" | |
93 | + json = JSON.parse(last_response.body) | |
94 | + assert_equivalent [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} | |
95 | + end | |
96 | + | |
97 | + should 'logged user list private enterprise for members' do | |
98 | + login_api | |
46 | 99 | c1 = fast_create(Enterprise, :environment_id => environment.id) |
47 | 100 | c2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) |
48 | 101 | c2.add_member(person) |
... | ... | @@ -52,7 +105,17 @@ class EnterprisesTest < ActiveSupport::TestCase |
52 | 105 | assert_equivalent [c1.id, c2.id], json['enterprises'].map {|c| c['id']} |
53 | 106 | end |
54 | 107 | |
55 | - should 'get enterprise' do | |
108 | + should 'anonymous get enterprise' do | |
109 | + anonymous_setup | |
110 | + enterprise = fast_create(Enterprise, :environment_id => environment.id) | |
111 | + | |
112 | + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" | |
113 | + json = JSON.parse(last_response.body) | |
114 | + assert_equal enterprise.id, json['enterprise']['id'] | |
115 | + end | |
116 | + | |
117 | + should 'logged user get enterprise' do | |
118 | + login_api | |
56 | 119 | enterprise = fast_create(Enterprise, :environment_id => environment.id) |
57 | 120 | |
58 | 121 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" |
... | ... | @@ -60,7 +123,17 @@ class EnterprisesTest < ActiveSupport::TestCase |
60 | 123 | assert_equal enterprise.id, json['enterprise']['id'] |
61 | 124 | end |
62 | 125 | |
63 | - should 'not get invisible enterprise' do | |
126 | + should 'not, logger user get invisible enterprise' do | |
127 | + login_api | |
128 | + enterprise = fast_create(Enterprise, :visible => false) | |
129 | + | |
130 | + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" | |
131 | + json = JSON.parse(last_response.body) | |
132 | + assert json['enterprise'].blank? | |
133 | + end | |
134 | + | |
135 | + should 'not, anonymous get invisible enterprise' do | |
136 | + anonymous_setup | |
64 | 137 | enterprise = fast_create(Enterprise, :visible => false) |
65 | 138 | |
66 | 139 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" |
... | ... | @@ -69,6 +142,17 @@ class EnterprisesTest < ActiveSupport::TestCase |
69 | 142 | end |
70 | 143 | |
71 | 144 | should 'not get private enterprises without permission' do |
145 | + login_api | |
146 | + enterprise = fast_create(Enterprise, :environment_id => environment.id) | |
147 | + fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) | |
148 | + | |
149 | + get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" | |
150 | + json = JSON.parse(last_response.body) | |
151 | + assert_equal enterprise.id, json['enterprise']['id'] | |
152 | + end | |
153 | + | |
154 | + should 'not, anonymous get private enterprises' do | |
155 | + anonymous_setup | |
72 | 156 | enterprise = fast_create(Enterprise, :environment_id => environment.id) |
73 | 157 | fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) |
74 | 158 | |
... | ... | @@ -78,6 +162,7 @@ class EnterprisesTest < ActiveSupport::TestCase |
78 | 162 | end |
79 | 163 | |
80 | 164 | should 'get private enterprise for members' do |
165 | + login_api | |
81 | 166 | enterprise = fast_create(Enterprise, :public_profile => false) |
82 | 167 | enterprise.add_member(person) |
83 | 168 | |
... | ... | @@ -87,6 +172,7 @@ class EnterprisesTest < ActiveSupport::TestCase |
87 | 172 | end |
88 | 173 | |
89 | 174 | should 'list person enterprises' do |
175 | + login_api | |
90 | 176 | enterprise = fast_create(Enterprise, :environment_id => environment.id) |
91 | 177 | fast_create(Enterprise, :environment_id => environment.id) |
92 | 178 | enterprise.add_member(person) |
... | ... | @@ -97,6 +183,7 @@ class EnterprisesTest < ActiveSupport::TestCase |
97 | 183 | end |
98 | 184 | |
99 | 185 | should 'not list person enterprises invisible' do |
186 | + login_api | |
100 | 187 | c1 = fast_create(Enterprise, :environment_id => environment.id) |
101 | 188 | c2 = fast_create(Enterprise, :environment_id => environment.id, :visible => false) |
102 | 189 | c1.add_member(person) |
... | ... | @@ -107,4 +194,29 @@ class EnterprisesTest < ActiveSupport::TestCase |
107 | 194 | assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']} |
108 | 195 | end |
109 | 196 | |
197 | + should 'display public custom fields to anonymous' do | |
198 | + anonymous_setup | |
199 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) | |
200 | + some_enterprise = fast_create(Enterprise) | |
201 | + some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | |
202 | + some_enterprise.save! | |
203 | + | |
204 | + get "/api/v1/enterprises/#{some_enterprise.id}?#{params.to_query}" | |
205 | + json = JSON.parse(last_response.body) | |
206 | + assert json['enterprise']['additional_data'].has_key?('Rating') | |
207 | + assert_equal "Five stars", json['enterprise']['additional_data']['Rating'] | |
208 | + end | |
209 | + | |
210 | + should 'not display public custom fields to anonymous' do | |
211 | + anonymous_setup | |
212 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) | |
213 | + some_enterprise = fast_create(Enterprise) | |
214 | + some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | |
215 | + some_enterprise.save! | |
216 | + | |
217 | + get "/api/v1/enterprises/#{some_enterprise.id}?#{params.to_query}" | |
218 | + json = JSON.parse(last_response.body) | |
219 | + refute json['enterprise']['additional_data'].has_key?('Rating') | |
220 | + end | |
221 | + | |
110 | 222 | end | ... | ... |
test/api/people_test.rb
... | ... | @@ -4,10 +4,10 @@ class PeopleTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | Person.delete_all |
7 | - login_api | |
8 | 7 | end |
9 | 8 | |
10 | - should 'list all people' do | |
9 | + should 'logged user list all people' do | |
10 | + login_api | |
11 | 11 | person1 = fast_create(Person, :public_profile => true) |
12 | 12 | person2 = fast_create(Person) |
13 | 13 | get "/api/v1/people?#{params.to_query}" |
... | ... | @@ -15,7 +15,31 @@ class PeopleTest < ActiveSupport::TestCase |
15 | 15 | assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']} |
16 | 16 | end |
17 | 17 | |
18 | - should 'list all members of a community' do | |
18 | + should 'anonymous list all people' do | |
19 | + anonymous_setup | |
20 | + person1 = fast_create(Person, :public_profile => true) | |
21 | + person2 = fast_create(Person) | |
22 | + get "/api/v1/people?#{params.to_query}" | |
23 | + json = JSON.parse(last_response.body) | |
24 | + assert_equivalent [person1.id, person2.id], json['people'].map {|c| c['id']} | |
25 | + end | |
26 | + | |
27 | + should 'logged user list all members of a community' do | |
28 | + login_api | |
29 | + person1 = fast_create(Person) | |
30 | + person2 = fast_create(Person) | |
31 | + community = fast_create(Community) | |
32 | + community.add_member(person1) | |
33 | + community.add_member(person2) | |
34 | + | |
35 | + get "/api/v1/profiles/#{community.id}/members?#{params.to_query}" | |
36 | + json = JSON.parse(last_response.body) | |
37 | + assert_equal 2, json["people"].count | |
38 | + assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]} | |
39 | + end | |
40 | + | |
41 | + should 'anonymous list all members of a community' do | |
42 | + anonymous_setup | |
19 | 43 | person1 = fast_create(Person) |
20 | 44 | person2 = fast_create(Person) |
21 | 45 | community = fast_create(Community) |
... | ... | @@ -28,21 +52,40 @@ class PeopleTest < ActiveSupport::TestCase |
28 | 52 | assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]} |
29 | 53 | end |
30 | 54 | |
31 | - should 'not list invisible people' do | |
55 | + should 'logged user not list invisible people' do | |
56 | + login_api | |
57 | + invisible_person = fast_create(Person, :visible => false) | |
58 | + | |
59 | + get "/api/v1/people?#{params.to_query}" | |
60 | + assert_not_includes json_response_ids(:people), invisible_person.id | |
61 | + end | |
62 | + | |
63 | + should 'annoymous not list invisible people' do | |
64 | + anonymous_setup | |
32 | 65 | invisible_person = fast_create(Person, :visible => false) |
33 | 66 | |
34 | 67 | get "/api/v1/people?#{params.to_query}" |
35 | 68 | assert_not_includes json_response_ids(:people), invisible_person.id |
36 | 69 | end |
37 | 70 | |
38 | - should 'not list private people without permission' do | |
71 | + should 'logged user list private people' do | |
72 | + login_api | |
39 | 73 | private_person = fast_create(Person, :public_profile => false) |
40 | 74 | |
41 | 75 | get "/api/v1/people?#{params.to_query}" |
42 | - assert_not_includes json_response_ids(:people), private_person.id | |
76 | + assert_includes json_response_ids(:people), private_person.id | |
43 | 77 | end |
44 | 78 | |
45 | - should 'list private person for friends' do | |
79 | + should 'anonymous list private people' do | |
80 | + anonymous_setup | |
81 | + private_person = fast_create(Person, :public_profile => false) | |
82 | + | |
83 | + get "/api/v1/people?#{params.to_query}" | |
84 | + assert_includes json_response_ids(:people), private_person.id | |
85 | + end | |
86 | + | |
87 | + should 'logged user list private person for friends' do | |
88 | + login_api | |
46 | 89 | p1 = fast_create(Person) |
47 | 90 | p2 = fast_create(Person, :public_profile => false) |
48 | 91 | person.add_friend(p2) |
... | ... | @@ -52,7 +95,8 @@ class PeopleTest < ActiveSupport::TestCase |
52 | 95 | assert_includes json_response_ids(:people), p2.id |
53 | 96 | end |
54 | 97 | |
55 | - should 'get person' do | |
98 | + should 'logged user get person' do | |
99 | + login_api | |
56 | 100 | some_person = fast_create(Person) |
57 | 101 | |
58 | 102 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" |
... | ... | @@ -60,14 +104,26 @@ class PeopleTest < ActiveSupport::TestCase |
60 | 104 | assert_equal some_person.id, json['person']['id'] |
61 | 105 | end |
62 | 106 | |
63 | - should 'people endpoint filter by fields parameter' do | |
107 | + should 'anonymous get person' do | |
108 | + anonymous_setup | |
109 | + some_person = fast_create(Person) | |
110 | + | |
111 | + get "/api/v1/people/#{some_person.id}?#{params.to_query}" | |
112 | + json = JSON.parse(last_response.body) | |
113 | + assert_equal some_person.id, json['person']['id'] | |
114 | + end | |
115 | + | |
116 | + | |
117 | + should 'people endpoint filter by fields parameter for logged user' do | |
118 | + login_api | |
64 | 119 | get "/api/v1/people?#{params.to_query}&fields=name" |
65 | 120 | json = JSON.parse(last_response.body) |
66 | 121 | expected = {'people' => [{'name' => person.name}]} |
67 | 122 | assert_equal expected, json |
68 | 123 | end |
69 | 124 | |
70 | - should 'people endpoint filter by fields parameter with hierarchy' do | |
125 | + should 'people endpoint filter by fields parameter with hierarchy for logged user' do | |
126 | + login_api | |
71 | 127 | fields = URI.encode({only: [:name, {user: [:login]}]}.to_json.to_str) |
72 | 128 | get "/api/v1/people?#{params.to_query}&fields=#{fields}" |
73 | 129 | json = JSON.parse(last_response.body) |
... | ... | @@ -76,19 +132,22 @@ class PeopleTest < ActiveSupport::TestCase |
76 | 132 | end |
77 | 133 | |
78 | 134 | should 'get logged person' do |
135 | + login_api | |
79 | 136 | get "/api/v1/people/me?#{params.to_query}" |
80 | 137 | json = JSON.parse(last_response.body) |
81 | 138 | assert_equal person.id, json['person']['id'] |
82 | 139 | end |
83 | 140 | |
84 | - should 'me endpoint filter by fields parameter' do | |
141 | + should 'access me endpoint filter by fields parameter' do | |
142 | + login_api | |
85 | 143 | get "/api/v1/people/me?#{params.to_query}&fields=name" |
86 | 144 | json = JSON.parse(last_response.body) |
87 | 145 | expected = {'person' => {'name' => person.name}} |
88 | 146 | assert_equal expected, json |
89 | 147 | end |
90 | 148 | |
91 | - should 'not get invisible person' do | |
149 | + should 'logged user not get invisible person' do | |
150 | + login_api | |
92 | 151 | person = fast_create(Person, :visible => false) |
93 | 152 | |
94 | 153 | get "/api/v1/people/#{person.id}?#{params.to_query}" |
... | ... | @@ -96,15 +155,35 @@ class PeopleTest < ActiveSupport::TestCase |
96 | 155 | assert json['person'].blank? |
97 | 156 | end |
98 | 157 | |
99 | - should 'not get private people without permission' do | |
158 | + should 'anonymous not get invisible person' do | |
159 | + anonymous_setup | |
160 | + person = fast_create(Person, :visible => false) | |
161 | + | |
162 | + get "/api/v1/people/#{person.id}?#{params.to_query}" | |
163 | + json = JSON.parse(last_response.body) | |
164 | + assert json['person'].blank? | |
165 | + end | |
166 | + | |
167 | + should 'get private people' do | |
168 | + login_api | |
100 | 169 | private_person = fast_create(Person, :public_profile => false) |
101 | 170 | |
102 | 171 | get "/api/v1/people/#{private_person.id}?#{params.to_query}" |
103 | 172 | json = JSON.parse(last_response.body) |
104 | - assert json['person'].blank? | |
173 | + assert_equal json['person']['id'], private_person.id | |
174 | + end | |
175 | + | |
176 | + should 'anonymous get private people' do | |
177 | + anonymous_setup | |
178 | + private_person = fast_create(Person, :public_profile => false) | |
179 | + | |
180 | + get "/api/v1/people/#{private_person.id}?#{params.to_query}" | |
181 | + json = JSON.parse(last_response.body) | |
182 | + assert_equal json['person']['id'], private_person.id | |
105 | 183 | end |
106 | 184 | |
107 | 185 | should 'get private person for friends' do |
186 | + login_api | |
108 | 187 | private_person = fast_create(Person, :public_profile => false) |
109 | 188 | person.add_friend(private_person) |
110 | 189 | private_person.add_friend(person) |
... | ... | @@ -115,15 +194,26 @@ class PeopleTest < ActiveSupport::TestCase |
115 | 194 | end |
116 | 195 | |
117 | 196 | should 'list person friends' do |
197 | + login_api | |
118 | 198 | friend = fast_create(Person) |
119 | 199 | person.add_friend(friend) |
120 | 200 | friend.add_friend(person) |
201 | + get "/api/v1/people/#{friend.id}/friends?#{params.to_query}" | |
202 | + assert_includes json_response_ids(:people), person.id | |
203 | + end | |
121 | 204 | |
205 | + should 'anonymous list person friends' do | |
206 | + anonymous_setup | |
207 | + person = fast_create(Person) | |
208 | + friend = fast_create(Person) | |
209 | + person.add_friend(friend) | |
210 | + friend.add_friend(person) | |
122 | 211 | get "/api/v1/people/#{friend.id}/friends?#{params.to_query}" |
123 | 212 | assert_includes json_response_ids(:people), person.id |
124 | 213 | end |
125 | 214 | |
126 | 215 | should 'not list person invisible friends' do |
216 | + login_api | |
127 | 217 | friend = fast_create(Person) |
128 | 218 | invisible_friend = fast_create(Person, :visible => false) |
129 | 219 | person.add_friend(friend) |
... | ... | @@ -138,6 +228,7 @@ class PeopleTest < ActiveSupport::TestCase |
138 | 228 | end |
139 | 229 | |
140 | 230 | should 'create a person' do |
231 | + login_api | |
141 | 232 | login = 'some' |
142 | 233 | params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} |
143 | 234 | post "/api/v1/people?#{params.to_query}" |
... | ... | @@ -146,6 +237,7 @@ class PeopleTest < ActiveSupport::TestCase |
146 | 237 | end |
147 | 238 | |
148 | 239 | should 'return 400 status for invalid person creation' do |
240 | + login_api | |
149 | 241 | params[:person] = {:login => 'some'} |
150 | 242 | post "/api/v1/people?#{params.to_query}" |
151 | 243 | json = JSON.parse(last_response.body) |
... | ... | @@ -153,6 +245,7 @@ class PeopleTest < ActiveSupport::TestCase |
153 | 245 | end |
154 | 246 | |
155 | 247 | should 'display permissions' do |
248 | + login_api | |
156 | 249 | community = fast_create(Community) |
157 | 250 | community.add_member(fast_create(Person)) |
158 | 251 | community.add_member(person) |
... | ... | @@ -164,11 +257,13 @@ class PeopleTest < ActiveSupport::TestCase |
164 | 257 | end |
165 | 258 | |
166 | 259 | should 'display permissions if self' do |
260 | + login_api | |
167 | 261 | get "/api/v1/people/#{person.id}/permissions?#{params.to_query}" |
168 | 262 | assert_equal 200, last_response.status |
169 | 263 | end |
170 | 264 | |
171 | 265 | should 'display permissions if admin' do |
266 | + login_api | |
172 | 267 | environment = person.environment |
173 | 268 | environment.add_admin(person) |
174 | 269 | some_person = fast_create(Person) |
... | ... | @@ -178,6 +273,7 @@ class PeopleTest < ActiveSupport::TestCase |
178 | 273 | end |
179 | 274 | |
180 | 275 | should 'not display permissions if not admin or self' do |
276 | + login_api | |
181 | 277 | some_person = create_user('some-person').person |
182 | 278 | |
183 | 279 | get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" |
... | ... | @@ -185,12 +281,14 @@ class PeopleTest < ActiveSupport::TestCase |
185 | 281 | end |
186 | 282 | |
187 | 283 | should 'not update another person' do |
284 | + login_api | |
188 | 285 | person = fast_create(Person, :environment_id => environment.id) |
189 | 286 | post "/api/v1/people/#{person.id}?#{params.to_query}" |
190 | 287 | assert_equal 403, last_response.status |
191 | 288 | end |
192 | 289 | |
193 | 290 | should 'update yourself' do |
291 | + login_api | |
194 | 292 | another_name = 'Another Name' |
195 | 293 | params[:person] = {} |
196 | 294 | params[:person][:name] = another_name |
... | ... | @@ -200,7 +298,33 @@ class PeopleTest < ActiveSupport::TestCase |
200 | 298 | assert_equal another_name, person.name |
201 | 299 | end |
202 | 300 | |
203 | - should 'display public custom fields' do | |
301 | + should 'logged user display public custom fields' do | |
302 | + login_api | |
303 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | |
304 | + some_person = create_user('some-person').person | |
305 | + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } | |
306 | + some_person.save! | |
307 | + | |
308 | + get "/api/v1/people/#{some_person.id}?#{params.to_query}" | |
309 | + json = JSON.parse(last_response.body) | |
310 | + assert json['person']['additional_data'].has_key?('Custom Blog') | |
311 | + assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] | |
312 | + end | |
313 | + | |
314 | + should 'logged user not display non-public custom fields' do | |
315 | + login_api | |
316 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | |
317 | + some_person = create_user('some-person').person | |
318 | + some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } | |
319 | + some_person.save! | |
320 | + | |
321 | + get "/api/v1/people/#{some_person.id}?#{params.to_query}" | |
322 | + json = JSON.parse(last_response.body) | |
323 | + assert_equal json['person']['additional_data'], {} | |
324 | + end | |
325 | + | |
326 | + should 'display public custom fields to anonymous' do | |
327 | + anonymous_setup | |
204 | 328 | CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) |
205 | 329 | some_person = create_user('some-person').person |
206 | 330 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } |
... | ... | @@ -212,7 +336,8 @@ class PeopleTest < ActiveSupport::TestCase |
212 | 336 | assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] |
213 | 337 | end |
214 | 338 | |
215 | - should 'not display non-public custom fields' do | |
339 | + should 'not display non-public custom fields to anonymous' do | |
340 | + anonymous_setup | |
216 | 341 | CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) |
217 | 342 | some_person = create_user('some-person').person |
218 | 343 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } |
... | ... | @@ -223,7 +348,19 @@ class PeopleTest < ActiveSupport::TestCase |
223 | 348 | assert_equal json['person']['additional_data'], {} |
224 | 349 | end |
225 | 350 | |
351 | + should 'hide private fields to anonymous' do | |
352 | + anonymous_setup | |
353 | + target_person = create_user('some-user').person | |
354 | + target_person.save! | |
355 | + | |
356 | + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
357 | + json = JSON.parse(last_response.body) | |
358 | + refute json["user"].has_key?("permissions") | |
359 | + refute json["user"].has_key?("activated") | |
360 | + end | |
361 | + | |
226 | 362 | should 'display non-public custom fields to friend' do |
363 | + login_api | |
227 | 364 | CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) |
228 | 365 | some_person = create_user('some-person').person |
229 | 366 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } |
... | ... | @@ -244,12 +381,14 @@ class PeopleTest < ActiveSupport::TestCase |
244 | 381 | |
245 | 382 | PERSON_ATTRIBUTES.map do |attribute| |
246 | 383 | define_method "test_should_not_expose_#{attribute}_attribute_in_person_enpoint_if_field_parameter_does_not_contain_the_attribute" do |
384 | + login_api | |
247 | 385 | get "/api/v1/people/me?#{params.to_query}&fields=name" |
248 | 386 | json = JSON.parse(last_response.body) |
249 | 387 | assert_nil json['person'][attribute] |
250 | 388 | end |
251 | 389 | |
252 | 390 | define_method "test_should_expose_#{attribute}_attribute_in_person_enpoints_if_field_parameter_is_passed" do |
391 | + login_api | |
253 | 392 | get "/api/v1/people/me?#{params.to_query}&fields=#{attribute}" |
254 | 393 | json = JSON.parse(last_response.body) |
255 | 394 | assert_not_nil json['person'][attribute] | ... | ... |
test/api/profiles_test.rb
... | ... | @@ -4,10 +4,10 @@ class ProfilesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | Profile.delete_all |
7 | - login_api | |
8 | 7 | end |
9 | 8 | |
10 | - should 'list all profiles' do | |
9 | + should 'logged user list all profiles' do | |
10 | + login_api | |
11 | 11 | person1 = fast_create(Person) |
12 | 12 | person2 = fast_create(Person) |
13 | 13 | community = fast_create(Community) |
... | ... | @@ -16,14 +16,16 @@ class ProfilesTest < ActiveSupport::TestCase |
16 | 16 | assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']} |
17 | 17 | end |
18 | 18 | |
19 | - should 'get person from profile id' do | |
19 | + should 'logged user get person from profile id' do | |
20 | + login_api | |
20 | 21 | some_person = fast_create(Person) |
21 | 22 | get "/api/v1/profiles/#{some_person.id}?#{params.to_query}" |
22 | 23 | json = JSON.parse(last_response.body) |
23 | 24 | assert_equal some_person.id, json['id'] |
24 | 25 | end |
25 | 26 | |
26 | - should 'get community from profile id' do | |
27 | + should 'logged user get community from profile id' do | |
28 | + login_api | |
27 | 29 | community = fast_create(Community) |
28 | 30 | get "/api/v1/profiles/#{community.id}?#{params.to_query}" |
29 | 31 | json = JSON.parse(last_response.body) |
... | ... | @@ -33,6 +35,7 @@ class ProfilesTest < ActiveSupport::TestCase |
33 | 35 | group_kinds = %w(community enterprise) |
34 | 36 | group_kinds.each do |kind| |
35 | 37 | should "delete #{kind} from profile id with permission" do |
38 | + login_api | |
36 | 39 | profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) |
37 | 40 | give_permission(@person, 'destroy_profile', profile) |
38 | 41 | assert_not_nil Profile.find_by_id profile.id |
... | ... | @@ -44,6 +47,7 @@ class ProfilesTest < ActiveSupport::TestCase |
44 | 47 | end |
45 | 48 | |
46 | 49 | should "not delete #{kind} from profile id without permission" do |
50 | + login_api | |
47 | 51 | profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) |
48 | 52 | assert_not_nil Profile.find_by_id profile.id |
49 | 53 | |
... | ... | @@ -55,12 +59,14 @@ class ProfilesTest < ActiveSupport::TestCase |
55 | 59 | end |
56 | 60 | |
57 | 61 | should 'person delete itself' do |
62 | + login_api | |
58 | 63 | delete "/api/v1/profiles/#{@person.id}?#{params.to_query}" |
59 | 64 | assert_equal 200, last_response.status |
60 | 65 | assert_nil Profile.find_by_id @person.id |
61 | 66 | end |
62 | 67 | |
63 | 68 | should 'only admin delete other people' do |
69 | + login_api | |
64 | 70 | profile = fast_create(Person, :environment_id => environment.id) |
65 | 71 | assert_not_nil Profile.find_by_id profile.id |
66 | 72 | |
... | ... | @@ -77,4 +83,62 @@ class ProfilesTest < ActiveSupport::TestCase |
77 | 83 | assert_nil Profile.find_by_id profile.id |
78 | 84 | |
79 | 85 | end |
86 | + | |
87 | + should 'anonymous user access delete action' do | |
88 | + anonymous_setup | |
89 | + profile = fast_create(Person, :environment_id => environment.id) | |
90 | + | |
91 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
92 | + assert_equal 401, last_response.status | |
93 | + assert_not_nil Profile.find_by_id profile.id | |
94 | + end | |
95 | + | |
96 | + should 'anonymous list all profiles' do | |
97 | + person1 = fast_create(Person) | |
98 | + person2 = fast_create(Person) | |
99 | + community = fast_create(Community) | |
100 | + get "/api/v1/profiles" | |
101 | + json = JSON.parse(last_response.body) | |
102 | + assert_equivalent [person1.id, person2.id, community.id], json.map {|p| p['id']} | |
103 | + end | |
104 | + | |
105 | + should 'anonymous get person from profile id' do | |
106 | + some_person = fast_create(Person) | |
107 | + get "/api/v1/profiles/#{some_person.id}" | |
108 | + json = JSON.parse(last_response.body) | |
109 | + assert_equal some_person.id, json['id'] | |
110 | + end | |
111 | + | |
112 | + should 'anonymous get community from profile id' do | |
113 | + community = fast_create(Community) | |
114 | + get "/api/v1/profiles/#{community.id}" | |
115 | + json = JSON.parse(last_response.body) | |
116 | + assert_equal community.id, json['id'] | |
117 | + end | |
118 | + | |
119 | + should 'display public custom fields to anonymous' do | |
120 | + anonymous_setup | |
121 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) | |
122 | + some_profile = fast_create(Profile) | |
123 | + some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | |
124 | + some_profile.save! | |
125 | + | |
126 | + get "/api/v1/profiles/#{some_profile.id}?#{params.to_query}" | |
127 | + json = JSON.parse(last_response.body) | |
128 | + assert json['additional_data'].has_key?('Rating') | |
129 | + assert_equal "Five stars", json['additional_data']['Rating'] | |
130 | + end | |
131 | + | |
132 | + should 'not display private custom fields to anonymous' do | |
133 | + anonymous_setup | |
134 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) | |
135 | + some_profile = fast_create(Profile) | |
136 | + some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | |
137 | + some_profile.save! | |
138 | + | |
139 | + get "/api/v1/profiles/#{some_profile.id}?#{params.to_query}" | |
140 | + json = JSON.parse(last_response.body) | |
141 | + refute json.has_key?('Rating') | |
142 | + end | |
143 | + | |
80 | 144 | end | ... | ... |
test/api/test_helper.rb
... | ... | @@ -24,6 +24,12 @@ class ActiveSupport::TestCase |
24 | 24 | |
25 | 25 | @params = {:private_token => @private_token} |
26 | 26 | end |
27 | + | |
28 | + def anonymous_setup | |
29 | + @environment = Environment.default | |
30 | + @params = {} | |
31 | + end | |
32 | + | |
27 | 33 | attr_accessor :private_token, :user, :person, :params, :environment |
28 | 34 | |
29 | 35 | private | ... | ... |
test/api/users_test.rb
... | ... | @@ -3,23 +3,22 @@ require_relative 'test_helper' |
3 | 3 | |
4 | 4 | class UsersTest < ActiveSupport::TestCase |
5 | 5 | |
6 | - def setup | |
6 | + should 'logger user list users' do | |
7 | 7 | login_api |
8 | - end | |
9 | - | |
10 | - should 'list users' do | |
11 | 8 | get "/api/v1/users/?#{params.to_query}" |
12 | 9 | json = JSON.parse(last_response.body) |
13 | 10 | assert_includes json["users"].map { |a| a["login"] }, user.login |
14 | 11 | end |
15 | 12 | |
16 | - should 'get user' do | |
13 | + should 'logger user get user info' do | |
14 | + login_api | |
17 | 15 | get "/api/v1/users/#{user.id}?#{params.to_query}" |
18 | 16 | json = JSON.parse(last_response.body) |
19 | 17 | assert_equal user.id, json['user']['id'] |
20 | 18 | end |
21 | 19 | |
22 | - should 'list user permissions' do | |
20 | + should 'logger user list user permissions' do | |
21 | + login_api | |
23 | 22 | community = fast_create(Community) |
24 | 23 | community.add_admin(person) |
25 | 24 | get "/api/v1/users/#{user.id}/?#{params.to_query}" |
... | ... | @@ -28,25 +27,29 @@ class UsersTest < ActiveSupport::TestCase |
28 | 27 | end |
29 | 28 | |
30 | 29 | should 'get logged user' do |
30 | + login_api | |
31 | 31 | get "/api/v1/users/me?#{params.to_query}" |
32 | 32 | json = JSON.parse(last_response.body) |
33 | 33 | assert_equal user.id, json['user']['id'] |
34 | 34 | end |
35 | 35 | |
36 | 36 | should 'not show permissions to logged user' do |
37 | + login_api | |
37 | 38 | target_person = create_user('some-user').person |
38 | 39 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
39 | 40 | json = JSON.parse(last_response.body) |
40 | 41 | refute json["user"].has_key?("permissions") |
41 | 42 | end |
42 | 43 | |
43 | - should 'show permissions to self' do | |
44 | + should 'logger user show permissions to self' do | |
45 | + login_api | |
44 | 46 | get "/api/v1/users/#{user.id}/?#{params.to_query}" |
45 | 47 | json = JSON.parse(last_response.body) |
46 | 48 | assert json["user"].has_key?("permissions") |
47 | 49 | end |
48 | 50 | |
49 | 51 | should 'not show permissions to friend' do |
52 | + login_api | |
50 | 53 | target_person = create_user('some-user').person |
51 | 54 | |
52 | 55 | f = Friendship.new |
... | ... | @@ -60,6 +63,7 @@ class UsersTest < ActiveSupport::TestCase |
60 | 63 | end |
61 | 64 | |
62 | 65 | should 'not show private attribute to logged user' do |
66 | + login_api | |
63 | 67 | target_person = create_user('some-user').person |
64 | 68 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
65 | 69 | json = JSON.parse(last_response.body) |
... | ... | @@ -67,6 +71,7 @@ class UsersTest < ActiveSupport::TestCase |
67 | 71 | end |
68 | 72 | |
69 | 73 | should 'show private attr to friend' do |
74 | + login_api | |
70 | 75 | target_person = create_user('some-user').person |
71 | 76 | f = Friendship.new |
72 | 77 | f.friend = target_person |
... | ... | @@ -79,6 +84,7 @@ class UsersTest < ActiveSupport::TestCase |
79 | 84 | end |
80 | 85 | |
81 | 86 | should 'show public attribute to logged user' do |
87 | + login_api | |
82 | 88 | target_person = create_user('some-user').person |
83 | 89 | target_person.fields_privacy={:email=> 'public'} |
84 | 90 | target_person.save! |
... | ... | @@ -89,6 +95,7 @@ class UsersTest < ActiveSupport::TestCase |
89 | 95 | end |
90 | 96 | |
91 | 97 | should 'show public and private field to admin' do |
98 | + login_api | |
92 | 99 | Environment.default.add_admin(person) |
93 | 100 | |
94 | 101 | target_person = create_user('some-user').person |
... | ... | @@ -102,4 +109,26 @@ class UsersTest < ActiveSupport::TestCase |
102 | 109 | assert json["user"].has_key?("activated") |
103 | 110 | end |
104 | 111 | |
112 | + should 'show public fields to anonymous' do | |
113 | + anonymous_setup | |
114 | + target_person = create_user('some-user').person | |
115 | + target_person.fields_privacy={:email=> 'public'} | |
116 | + target_person.save! | |
117 | + | |
118 | + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
119 | + json = JSON.parse(last_response.body) | |
120 | + assert json["user"].has_key?("email") | |
121 | + end | |
122 | + | |
123 | + should 'hide private fields to anonymous' do | |
124 | + anonymous_setup | |
125 | + target_person = create_user('some-user').person | |
126 | + target_person.save! | |
127 | + | |
128 | + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
129 | + json = JSON.parse(last_response.body) | |
130 | + refute json["user"].has_key?("permissions") | |
131 | + refute json["user"].has_key?("activated") | |
132 | + end | |
133 | + | |
105 | 134 | end | ... | ... |
test/unit/organization_test.rb
... | ... | @@ -437,7 +437,7 @@ class OrganizationTest < ActiveSupport::TestCase |
437 | 437 | c = fast_create(Organization, :name => 'my test profile', :identifier => 'mytestprofile') |
438 | 438 | admin = create_user('adminuser').person |
439 | 439 | c.add_admin(admin) |
440 | - | |
440 | + | |
441 | 441 | assert c.is_admin?(admin) |
442 | 442 | end |
443 | 443 | |
... | ... | @@ -513,4 +513,18 @@ class OrganizationTest < ActiveSupport::TestCase |
513 | 513 | assert_includes env_admin_orgs, o7 |
514 | 514 | end |
515 | 515 | |
516 | + should 'fetch organizations there are visible for a visitor' do | |
517 | + visitor = nil | |
518 | + Organization.destroy_all | |
519 | + o1 = fast_create(Organization, :public_profile => true , :visible => true ) | |
520 | + o2 = fast_create(Organization, :public_profile => false, :visible => true ) | |
521 | + o3 = fast_create(Organization, :public_profile => true , :visible => false) | |
522 | + o4 = fast_create(Organization, :public_profile => false, :visible => false) | |
523 | + person_orgs = Organization.visible_for_person(visitor) | |
524 | + assert_includes person_orgs, o1 | |
525 | + assert_not_includes person_orgs, o2 | |
526 | + assert_not_includes person_orgs, o3 | |
527 | + assert_not_includes person_orgs, o4 | |
528 | + end | |
529 | + | |
516 | 530 | end | ... | ... |
test/unit/person_test.rb
... | ... | @@ -1951,4 +1951,17 @@ class PersonTest < ActiveSupport::TestCase |
1951 | 1951 | person.save! |
1952 | 1952 | end |
1953 | 1953 | |
1954 | + should 'fetch people there are visible for a visitor' do | |
1955 | + person = nil | |
1956 | + p1 = fast_create(Person, :public_profile => true , :visible => true) | |
1957 | + p2 = fast_create(Person, :public_profile => false, :visible => true) | |
1958 | + p3 = fast_create(Person, :public_profile => true , :visible => false) | |
1959 | + p4 = fast_create(Person, :public_profile => false, :visible => false) | |
1960 | + people_visible_by_visitor = Person.visible_for_person(person) | |
1961 | + assert_includes people_visible_by_visitor, p1 | |
1962 | + assert_not_includes people_visible_by_visitor, p2 | |
1963 | + assert_not_includes people_visible_by_visitor, p3 | |
1964 | + assert_not_includes people_visible_by_visitor, p4 | |
1965 | + end | |
1966 | + | |
1954 | 1967 | end | ... | ... |