From 6cb8a9fe50616cad2f6b5c1c8232639808fd5c31 Mon Sep 17 00:00:00 2001 From: Ábner Silva de Oliveira Date: Sat, 11 Jul 2015 12:28:36 -0300 Subject: [PATCH] articles endpoint pagination, security and refactoring helpers --- lib/noosfero/api/entities.rb | 6 ++++-- lib/noosfero/api/helpers.rb | 21 +++++++++++++++++---- lib/noosfero/api/v1/articles.rb | 12 +++++++++--- test/unit/api/categories_test.rb | 2 +- test/unit/api/helpers_test.rb | 15 +++++++++++++++ 5 files changed, 46 insertions(+), 10 deletions(-) diff --git a/lib/noosfero/api/entities.rb b/lib/noosfero/api/entities.rb index dc44680..b6ea9e9 100644 --- a/lib/noosfero/api/entities.rb +++ b/lib/noosfero/api/entities.rb @@ -49,7 +49,7 @@ module Noosfero class Enterprise < Profile root 'enterprises', 'enterprise' end - + class Community < Profile root 'communities', 'community' expose :description @@ -95,7 +95,9 @@ module Noosfero class Article < ArticleBase root 'articles', 'article' expose :parent, :using => ArticleBase - expose :children, :using => ArticleBase + expose :children, using: ArticleBase do |article, options| + article.children.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE) + end end class Comment < Entity diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index 20797ed..f97d879 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -1,4 +1,5 @@ - module Noosfero + module Noosfero; + module API module APIHelpers PRIVATE_TOKEN_PARAM = :private_token @@ -77,11 +78,23 @@ end def present_articles(asset) - articles = select_filtered_collection_of(asset, 'articles', params) - articles = articles.display_filter(current_person, nil) + articles = find_articles(asset) + articles = paginate articles present articles, :with => Entities::Article, :fields => params[:fields] end + def find_articles(asset) + articles = select_filtered_collection_of(asset, 'articles', params) + if current_person.present? + articles = articles.display_filter(current_person, nil) + else + articles = articles.published + end + if params[:categories_ids] + articles = articles.joins(:categories).where('category_id in (?)', params[:categories_ids]) + end + end + def find_task(tasks, id) task = tasks.find(id) task.display_to?(current_user.person) ? task : forbidden! @@ -334,7 +347,7 @@ verify_string = "#{client_id}&#{token}&#{captcha_text}" request.body = verify_string body = http.request(request).body - body == '1' ? true : body + body == '1' ? true : body end end diff --git a/lib/noosfero/api/v1/articles.rb b/lib/noosfero/api/v1/articles.rb index e324bc3..204e3e5 100644 --- a/lib/noosfero/api/v1/articles.rb +++ b/lib/noosfero/api/v1/articles.rb @@ -2,12 +2,15 @@ module Noosfero module API module V1 class Articles < Grape::API - before { authenticate! } ARTICLE_TYPES = Article.descendants.map{|a| a.to_s} + MAX_PER_PAGE = 50 + resource :articles do + paginate per_page: MAX_PER_PAGE, max_per_page: MAX_PER_PAGE + # Collect articles # # Parameters: @@ -17,6 +20,7 @@ module Noosfero # # Example Request: # GET host/api/v1/articles?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317 + get do present_articles(environment) end @@ -54,7 +58,6 @@ module Noosfero end - desc "Returns the total followers for the article" get ':id/followers' do article = find_article(environment.articles, params[:id]) @@ -64,6 +67,7 @@ module Noosfero desc "Add a follower for the article" post ':id/follow' do + authenticate! article = find_article(environment.articles, params[:id]) if article.article_followers.exists?(:person_id => current_person.id) {:success => false, :already_follow => true} @@ -77,6 +81,7 @@ module Noosfero end post ':id/vote' do + authenticate! value = (params[:value] || 1).to_i # FIXME verify allowed values render_api_error!('Vote value not allowed', 400) unless [-1, 1].include?(value) @@ -109,6 +114,7 @@ module Noosfero end post ':id/children/suggest' do + authenticate! parent_article = environment.articles.find(params[:id]) suggest_article = SuggestArticle.new @@ -126,7 +132,7 @@ module Noosfero # Example Request: # POST api/v1/articles/:id/children?private_token=234298743290432&article[name]=title&article[body]=body post ':id/children' do - + authenticate! parent_article = environment.articles.find(params[:id]) return forbidden! unless parent_article.allow_create?(current_person) diff --git a/test/unit/api/categories_test.rb b/test/unit/api/categories_test.rb index 24b8244..55d1b6a 100644 --- a/test/unit/api/categories_test.rb +++ b/test/unit/api/categories_test.rb @@ -33,7 +33,7 @@ class CategoriesTest < ActiveSupport::TestCase get "/api/v1/categories/#{category.id}/?#{params.to_query}" json = JSON.parse(last_response.body) - assert_equal({'id' => parent.id, 'name' => parent.name}, json['category']['parent']) + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } end diff --git a/test/unit/api/helpers_test.rb b/test/unit/api/helpers_test.rb index 4303568..e4c5418 100644 --- a/test/unit/api/helpers_test.rb +++ b/test/unit/api/helpers_test.rb @@ -219,6 +219,21 @@ class APIHelpersTest < ActiveSupport::TestCase filter_disabled_plugins_endpoints end + should 'find all published articles on environment' do + #user = create_user('someuser') + #p = fast_create(Profile) + #a = fast_create(Article, :published => false, :profile_id => p.id) + #fast_create(Article, :profile_id => p.id) + + #user.generate_private_token! + #User.expects(:find_by_private_token).returns(user) + #assert_equal 403, find_article(p.articles, a.id).last + + #assert_equals [article1, article2], present_articles + + + end + protected def error!(info, status) -- libgit2 0.21.2