added tests for anonymous

Evandro Junior · Leandro Santos
1 parent b03d485a
Showing 2 changed files with 118 additions and 13 deletions Show diff stats
lib/noosfero/api/v1/people.rb
test/api/people_test.rb
@@ -2,7 +2,6 @@ module Noosfero
   module API
     module V1
       class People < Grape::API
-        before { authenticate! }
         MAX_PER_PAGE = 50
@@ -41,6 +40,7 @@ module Noosfero
           desc "Return the logged user information"
           get "/me" do
+            authenticate!
             present_partial current_person, :with => Entities::Person, :current_person => current_person
           end
@@ -53,6 +53,7 @@ module Noosfero
           desc "Update person information"
           post ':id' do
+            authenticate!
             return forbidden! if current_person.id.to_s != params[:id]
             current_person.update_attributes!(params[:person])
             present current_person, :with => Entities::Person, :current_person => current_person
@@ -63,6 +64,7 @@ module Noosfero
           #  for each custom field for person, add &person[field_name]=field_value to the request
           desc "Create person"
           post do
+            authenticate!
             user_data = {}
             user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
             user_data[:email] = params[:person].delete(:email)
@@ -95,6 +97,7 @@ module Noosfero
           desc "Return the person permissions on other profiles"
           get ":id/permissions" do
+            authenticate!
             person = environment.people.find(params[:id])
             return not_found! if person.blank?
             return forbidden! unless current_person == person || environment.admins.include?(current_person)
@@ -6,7 +6,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     Person.delete_all
   end
-  should 'list all people' do
+  should 'logged user list all people' do
     login_api
     person1 = fast_create(Person, :public_profile => true)
     person2 = fast_create(Person)
@@ -15,7 +15,16 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}
   end
-  should 'list all members of a community' do
+  should 'anonymous list all people' do
+    anonymous_setup
+    person1 = fast_create(Person, :public_profile => true)
+    person2 = fast_create(Person)
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person2.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'logged user list all members of a community' do
     login_api
     person1 = fast_create(Person)
     person2 = fast_create(Person)
@@ -29,7 +38,21 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]}
   end
-  should 'not list invisible people' do
+  should 'anonymous list all members of a community' do
+    anonymous_setup
+    person1 = fast_create(Person)
+    person2 = fast_create(Person)
+    community = fast_create(Community)
+    community.add_member(person1)
+    community.add_member(person2)
+
+    get "/api/v1/profiles/#{community.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 2, json["people"].count
+    assert_equivalent [person1.id,person2.id], json["people"].map{|p| p["id"]}
+  end
+
+  should 'logged user not list invisible people' do
     login_api
     invisible_person = fast_create(Person, :visible => false)
@@ -37,7 +60,15 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_not_includes json_response_ids(:people), invisible_person.id
   end
-  should 'list private people' do
+  should 'annoymous not list invisible people' do
+    anonymous_setup
+    invisible_person = fast_create(Person, :visible => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    assert_not_includes json_response_ids(:people), invisible_person.id
+  end
+
+  should 'logged user list private people' do
     login_api
     private_person = fast_create(Person, :public_profile => false)
@@ -45,7 +76,15 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_includes json_response_ids(:people), private_person.id
   end
-  should 'list private person for friends' do
+  should 'anonymous list private people' do
+    anonymous_setup
+    private_person = fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    assert_includes json_response_ids(:people), private_person.id
+  end
+
+  should 'logged user list private person for friends' do
     login_api
     p1 = fast_create(Person)
     p2 = fast_create(Person, :public_profile => false)
@@ -56,7 +95,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_includes json_response_ids(:people), p2.id
   end
-  should 'get person' do
+  should 'logged user get person' do
     login_api
     some_person = fast_create(Person)
@@ -65,7 +104,17 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal some_person.id, json['person']['id']
   end
-  should 'people endpoint filter by fields parameter' do
+  should 'anonymous get person' do
+    anonymous_setup
+    some_person = fast_create(Person)
+
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal some_person.id, json['person']['id']
+  end
+
+
+  should 'people endpoint filter by fields parameter for logged user' do
     login_api
     get "/api/v1/people?#{params.to_query}&fields=name"
     json = JSON.parse(last_response.body)
@@ -73,7 +122,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal expected, json
   end
-  should 'people endpoint filter by fields parameter with hierarchy' do
+  should 'people endpoint filter by fields parameter with hierarchy for logged user' do
     login_api
     fields = URI.encode({only: [:name, {user: [:login]}]}.to_json.to_str)
     get "/api/v1/people?#{params.to_query}&fields=#{fields}"
@@ -89,7 +138,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal person.id, json['person']['id']
   end
-  should 'me endpoint filter by fields parameter' do
+  should 'access me endpoint filter by fields parameter' do
     login_api
     get "/api/v1/people/me?#{params.to_query}&fields=name"
     json = JSON.parse(last_response.body)
@@ -97,7 +146,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal expected, json
   end
-  should 'not get invisible person' do
+  should 'logged user not get invisible person' do
     login_api
     person = fast_create(Person, :visible => false)
@@ -106,6 +155,15 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert json['person'].blank?
   end
+  should 'anonymous not get invisible person' do
+    anonymous_setup
+    person = fast_create(Person, :visible => false)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person'].blank?
+  end
+
   should 'get private people' do
     login_api
     private_person = fast_create(Person, :public_profile => false)
@@ -115,6 +173,15 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal json['person']['id'], private_person.id
   end
+  should 'anonymous get private people' do
+    anonymous_setup
+    private_person = fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people/#{private_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['person']['id'], private_person.id
+  end
+
   should 'get private person for friends' do
     login_api
     private_person = fast_create(Person, :public_profile => false)
@@ -135,6 +202,16 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_includes json_response_ids(:people), person.id
   end
+  should 'anonymous list person friends' do
+    anonymous_setup
+    person = fast_create(Person)
+    friend = fast_create(Person)
+    person.add_friend(friend)
+    friend.add_friend(person)
+    get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
+    assert_includes json_response_ids(:people), person.id
+  end
+
   should 'not list person invisible friends' do
     login_api
     friend = fast_create(Person)
@@ -221,7 +298,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal another_name, person.name
   end
-  should 'display public custom fields' do
+  should 'logged user display public custom fields' do
     login_api
     CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
     some_person = create_user('some-person').person
@@ -234,7 +311,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
   end
-  should 'not display non-public custom fields' do
+  should 'logged user not display non-public custom fields' do
     login_api
     CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
     some_person = create_user('some-person').person
@@ -246,6 +323,31 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal json['person']['additional_data'], {}
   end
+  should 'display public custom fields to anonymous' do
+    anonymous_setup
+    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
+    some_person = create_user('some-person').person
+    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} }
+    some_person.save!
+
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person']['additional_data'].has_key?('Custom Blog')
+    assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
+  end
+
+  should 'not display non-public custom fields to anonymous' do
+    anonymous_setup
+    CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
+    some_person = create_user('some-person').person
+    some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
+    some_person.save!
+
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['person']['additional_data'], {}
+  end
+
   should 'display non-public custom fields to friend' do
     login_api
     CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
	@@ -6,7 +6,7 @@ class PeopleTest < ActiveSupport::TestCase		@@ -6,7 +6,7 @@ class PeopleTest < ActiveSupport::TestCase
6	Person.delete_all	6	Person.delete_all
7	end	7	end
8		8
9	- should 'list all people' do	9	+ should 'logged user list all people' do
10	login_api	10	login_api
11	person1 = fast_create(Person, :public_profile => true)	11	person1 = fast_create(Person, :public_profile => true)
12	person2 = fast_create(Person)	12	person2 = fast_create(Person)
	@@ -15,7 +15,16 @@ class PeopleTest < ActiveSupport::TestCase		@@ -15,7 +15,16 @@ class PeopleTest < ActiveSupport::TestCase
15	assert_equivalent [person1.id, person2.id, person.id], json['people'].map {\|c\| c['id']}	15	assert_equivalent [person1.id, person2.id, person.id], json['people'].map {\|c\| c['id']}
16	end	16	end
17		17
18	- should 'list all members of a community' do	18	+ should 'anonymous list all people' do
		19	+ anonymous_setup
		20	+ person1 = fast_create(Person, :public_profile => true)
		21	+ person2 = fast_create(Person)
		22	+ get "/api/v1/people?#{params.to_query}"
		23	+ json = JSON.parse(last_response.body)
		24	+ assert_equivalent [person1.id, person2.id], json['people'].map {\|c\| c['id']}
		25	+ end
		26	+
		27	+ should 'logged user list all members of a community' do
19	login_api	28	login_api
20	person1 = fast_create(Person)	29	person1 = fast_create(Person)
21	person2 = fast_create(Person)	30	person2 = fast_create(Person)
	@@ -29,7 +38,21 @@ class PeopleTest < ActiveSupport::TestCase		@@ -29,7 +38,21 @@ class PeopleTest < ActiveSupport::TestCase
29	assert_equivalent [person1.id,person2.id], json["people"].map{\|p\| p["id"]}	38	assert_equivalent [person1.id,person2.id], json["people"].map{\|p\| p["id"]}
30	end	39	end
31		40
32	- should 'not list invisible people' do	41	+ should 'anonymous list all members of a community' do
		42	+ anonymous_setup
		43	+ person1 = fast_create(Person)
		44	+ person2 = fast_create(Person)
		45	+ community = fast_create(Community)
		46	+ community.add_member(person1)
		47	+ community.add_member(person2)
		48	+
		49	+ get "/api/v1/profiles/#{community.id}/members?#{params.to_query}"
		50	+ json = JSON.parse(last_response.body)
		51	+ assert_equal 2, json["people"].count
		52	+ assert_equivalent [person1.id,person2.id], json["people"].map{\|p\| p["id"]}
		53	+ end
		54	+
		55	+ should 'logged user not list invisible people' do
33	login_api	56	login_api
34	invisible_person = fast_create(Person, :visible => false)	57	invisible_person = fast_create(Person, :visible => false)
35		58
	@@ -37,7 +60,15 @@ class PeopleTest < ActiveSupport::TestCase		@@ -37,7 +60,15 @@ class PeopleTest < ActiveSupport::TestCase
37	assert_not_includes json_response_ids(:people), invisible_person.id	60	assert_not_includes json_response_ids(:people), invisible_person.id
38	end	61	end
39		62
40	- should 'list private people' do	63	+ should 'annoymous not list invisible people' do
		64	+ anonymous_setup
		65	+ invisible_person = fast_create(Person, :visible => false)
		66	+
		67	+ get "/api/v1/people?#{params.to_query}"
		68	+ assert_not_includes json_response_ids(:people), invisible_person.id
		69	+ end
		70	+
		71	+ should 'logged user list private people' do
41	login_api	72	login_api
42	private_person = fast_create(Person, :public_profile => false)	73	private_person = fast_create(Person, :public_profile => false)
43		74
	@@ -45,7 +76,15 @@ class PeopleTest < ActiveSupport::TestCase		@@ -45,7 +76,15 @@ class PeopleTest < ActiveSupport::TestCase
45	assert_includes json_response_ids(:people), private_person.id	76	assert_includes json_response_ids(:people), private_person.id
46	end	77	end
47		78
48	- should 'list private person for friends' do	79	+ should 'anonymous list private people' do
		80	+ anonymous_setup
		81	+ private_person = fast_create(Person, :public_profile => false)
		82	+
		83	+ get "/api/v1/people?#{params.to_query}"
		84	+ assert_includes json_response_ids(:people), private_person.id
		85	+ end
		86	+
		87	+ should 'logged user list private person for friends' do
49	login_api	88	login_api
50	p1 = fast_create(Person)	89	p1 = fast_create(Person)
51	p2 = fast_create(Person, :public_profile => false)	90	p2 = fast_create(Person, :public_profile => false)
	@@ -56,7 +95,7 @@ class PeopleTest < ActiveSupport::TestCase		@@ -56,7 +95,7 @@ class PeopleTest < ActiveSupport::TestCase
56	assert_includes json_response_ids(:people), p2.id	95	assert_includes json_response_ids(:people), p2.id
57	end	96	end
58		97
59	- should 'get person' do	98	+ should 'logged user get person' do
60	login_api	99	login_api
61	some_person = fast_create(Person)	100	some_person = fast_create(Person)
62		101
	@@ -65,7 +104,17 @@ class PeopleTest < ActiveSupport::TestCase		@@ -65,7 +104,17 @@ class PeopleTest < ActiveSupport::TestCase
65	assert_equal some_person.id, json['person']['id']	104	assert_equal some_person.id, json['person']['id']
66	end	105	end
67		106
68	- should 'people endpoint filter by fields parameter' do	107	+ should 'anonymous get person' do
		108	+ anonymous_setup
		109	+ some_person = fast_create(Person)
		110	+
		111	+ get "/api/v1/people/#{some_person.id}?#{params.to_query}"
		112	+ json = JSON.parse(last_response.body)
		113	+ assert_equal some_person.id, json['person']['id']
		114	+ end
		115	+
		116	+
		117	+ should 'people endpoint filter by fields parameter for logged user' do
69	login_api	118	login_api
70	get "/api/v1/people?#{params.to_query}&fields=name"	119	get "/api/v1/people?#{params.to_query}&fields=name"
71	json = JSON.parse(last_response.body)	120	json = JSON.parse(last_response.body)
	@@ -73,7 +122,7 @@ class PeopleTest < ActiveSupport::TestCase		@@ -73,7 +122,7 @@ class PeopleTest < ActiveSupport::TestCase
73	assert_equal expected, json	122	assert_equal expected, json
74	end	123	end
75		124
76	- should 'people endpoint filter by fields parameter with hierarchy' do	125	+ should 'people endpoint filter by fields parameter with hierarchy for logged user' do
77	login_api	126	login_api
78	fields = URI.encode({only: [:name, {user: [:login]}]}.to_json.to_str)	127	fields = URI.encode({only: [:name, {user: [:login]}]}.to_json.to_str)
79	get "/api/v1/people?#{params.to_query}&fields=#{fields}"	128	get "/api/v1/people?#{params.to_query}&fields=#{fields}"
	@@ -89,7 +138,7 @@ class PeopleTest < ActiveSupport::TestCase		@@ -89,7 +138,7 @@ class PeopleTest < ActiveSupport::TestCase
89	assert_equal person.id, json['person']['id']	138	assert_equal person.id, json['person']['id']
90	end	139	end
91		140
92	- should 'me endpoint filter by fields parameter' do	141	+ should 'access me endpoint filter by fields parameter' do
93	login_api	142	login_api
94	get "/api/v1/people/me?#{params.to_query}&fields=name"	143	get "/api/v1/people/me?#{params.to_query}&fields=name"
95	json = JSON.parse(last_response.body)	144	json = JSON.parse(last_response.body)
	@@ -97,7 +146,7 @@ class PeopleTest < ActiveSupport::TestCase		@@ -97,7 +146,7 @@ class PeopleTest < ActiveSupport::TestCase
97	assert_equal expected, json	146	assert_equal expected, json
98	end	147	end
99		148
100	- should 'not get invisible person' do	149	+ should 'logged user not get invisible person' do
101	login_api	150	login_api
102	person = fast_create(Person, :visible => false)	151	person = fast_create(Person, :visible => false)
103		152
	@@ -106,6 +155,15 @@ class PeopleTest < ActiveSupport::TestCase		@@ -106,6 +155,15 @@ class PeopleTest < ActiveSupport::TestCase
106	assert json['person'].blank?	155	assert json['person'].blank?
107	end	156	end
108		157
		158	+ should 'anonymous not get invisible person' do
		159	+ anonymous_setup
		160	+ person = fast_create(Person, :visible => false)
		161	+
		162	+ get "/api/v1/people/#{person.id}?#{params.to_query}"
		163	+ json = JSON.parse(last_response.body)
		164	+ assert json['person'].blank?
		165	+ end
		166	+
109	should 'get private people' do	167	should 'get private people' do
110	login_api	168	login_api
111	private_person = fast_create(Person, :public_profile => false)	169	private_person = fast_create(Person, :public_profile => false)
	@@ -115,6 +173,15 @@ class PeopleTest < ActiveSupport::TestCase		@@ -115,6 +173,15 @@ class PeopleTest < ActiveSupport::TestCase
115	assert_equal json['person']['id'], private_person.id	173	assert_equal json['person']['id'], private_person.id
116	end	174	end
117		175
		176	+ should 'anonymous get private people' do
		177	+ anonymous_setup
		178	+ private_person = fast_create(Person, :public_profile => false)
		179	+
		180	+ get "/api/v1/people/#{private_person.id}?#{params.to_query}"
		181	+ json = JSON.parse(last_response.body)
		182	+ assert_equal json['person']['id'], private_person.id
		183	+ end
		184	+
118	should 'get private person for friends' do	185	should 'get private person for friends' do
119	login_api	186	login_api
120	private_person = fast_create(Person, :public_profile => false)	187	private_person = fast_create(Person, :public_profile => false)
	@@ -135,6 +202,16 @@ class PeopleTest < ActiveSupport::TestCase		@@ -135,6 +202,16 @@ class PeopleTest < ActiveSupport::TestCase
135	assert_includes json_response_ids(:people), person.id	202	assert_includes json_response_ids(:people), person.id
136	end	203	end
137		204
		205	+ should 'anonymous list person friends' do
		206	+ anonymous_setup
		207	+ person = fast_create(Person)
		208	+ friend = fast_create(Person)
		209	+ person.add_friend(friend)
		210	+ friend.add_friend(person)
		211	+ get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
		212	+ assert_includes json_response_ids(:people), person.id
		213	+ end
		214	+
138	should 'not list person invisible friends' do	215	should 'not list person invisible friends' do
139	login_api	216	login_api
140	friend = fast_create(Person)	217	friend = fast_create(Person)
	@@ -221,7 +298,7 @@ class PeopleTest < ActiveSupport::TestCase		@@ -221,7 +298,7 @@ class PeopleTest < ActiveSupport::TestCase
221	assert_equal another_name, person.name	298	assert_equal another_name, person.name
222	end	299	end
223		300
224	- should 'display public custom fields' do	301	+ should 'logged user display public custom fields' do
225	login_api	302	login_api
226	CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)	303	CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
227	some_person = create_user('some-person').person	304	some_person = create_user('some-person').person
	@@ -234,7 +311,7 @@ class PeopleTest < ActiveSupport::TestCase		@@ -234,7 +311,7 @@ class PeopleTest < ActiveSupport::TestCase
234	assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']	311	assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
235	end	312	end
236		313
237	- should 'not display non-public custom fields' do	314	+ should 'logged user not display non-public custom fields' do
238	login_api	315	login_api
239	CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)	316	CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
240	some_person = create_user('some-person').person	317	some_person = create_user('some-person').person
	@@ -246,6 +323,31 @@ class PeopleTest < ActiveSupport::TestCase		@@ -246,6 +323,31 @@ class PeopleTest < ActiveSupport::TestCase
246	assert_equal json['person']['additional_data'], {}	323	assert_equal json['person']['additional_data'], {}
247	end	324	end
248		325
		326	+ should 'display public custom fields to anonymous' do
		327	+ anonymous_setup
		328	+ CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
		329	+ some_person = create_user('some-person').person
		330	+ some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} }
		331	+ some_person.save!
		332	+
		333	+ get "/api/v1/people/#{some_person.id}?#{params.to_query}"
		334	+ json = JSON.parse(last_response.body)
		335	+ assert json['person']['additional_data'].has_key?('Custom Blog')
		336	+ assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
		337	+ end
		338	+
		339	+ should 'not display non-public custom fields to anonymous' do
		340	+ anonymous_setup
		341	+ CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)
		342	+ some_person = create_user('some-person').person
		343	+ some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} }
		344	+ some_person.save!
		345	+
		346	+ get "/api/v1/people/#{some_person.id}?#{params.to_query}"
		347	+ json = JSON.parse(last_response.body)
		348	+ assert_equal json['person']['additional_data'], {}
		349	+ end
		350	+
249	should 'display non-public custom fields to friend' do	351	should 'display non-public custom fields to friend' do
250	login_api	352	login_api
251	CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)	353	CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default)