Commit 7b7390427eecb435b9168b6b6b88841e67bd6a75
Exists in
staging
and in
31 other branches
Merge branch 'api_visitor' into 'master'
Reviews API permissions - Reviewed Profile scopes - Removed required authentication for anonymous - Corrected records fetching (considering permission levels) - Conditionally exposes attributes **Includes all changes introduced in !863** See merge request !867
Showing
29 changed files
with
414 additions
and
292 deletions
Show diff stats
app/models/organization.rb
... | ... | @@ -16,9 +16,7 @@ class Organization < Profile |
16 | 16 | # visible. |
17 | 17 | # 4) The user is not a member of the organization but the organization is |
18 | 18 | # visible, public and enabled. |
19 | - def self.visible_for_person(person) | |
20 | - # Visitor if person.nil? | |
21 | - person_id = person.nil? ? nil : person.id | |
19 | + def self.listed_for_person(person) | |
22 | 20 | joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" |
23 | 21 | AND "role_assignments"."resource_type" = \'Profile\') OR ( |
24 | 22 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
... | ... | @@ -28,13 +26,24 @@ class Organization < Profile |
28 | 26 | ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) |
29 | 27 | OR |
30 | 28 | ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR |
31 | - ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND | |
29 | + ( profiles.enabled = ? ) ) AND | |
32 | 30 | ( profiles.visible = ? ) )', |
33 | - 'profile_admin', 'environment_administrator', Profile.name, person_id, | |
34 | - Profile.name, person_id, true, true, true] | |
31 | + 'profile_admin', 'environment_administrator', Profile.name, person.id, | |
32 | + Profile.name, person.id, true, true] | |
35 | 33 | ).uniq |
36 | 34 | end |
37 | 35 | |
36 | + def self.visible_for_person(person) | |
37 | + listed_for_person(person).where( | |
38 | + ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) | |
39 | + OR | |
40 | + ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | |
41 | + ( profiles.enabled = ? AND profiles.public_profile = ? ) )', | |
42 | + 'profile_admin', 'environment_administrator', Profile.name, person.id, | |
43 | + Profile.name, person.id, true, true] | |
44 | + ) | |
45 | + end | |
46 | + | |
38 | 47 | settings_items :closed, :type => :boolean, :default => false |
39 | 48 | def closed? |
40 | 49 | closed | ... | ... |
app/models/person.rb
... | ... | @@ -42,8 +42,6 @@ class Person < Profile |
42 | 42 | } |
43 | 43 | |
44 | 44 | scope :visible_for_person, lambda { |person| |
45 | - # Visitor if person.nil? | |
46 | - person_id = person.nil? ? nil : person.id | |
47 | 45 | joins('LEFT JOIN "role_assignments" ON |
48 | 46 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
49 | 47 | "role_assignments"."resource_type" = \'Environment\'') |
... | ... | @@ -52,7 +50,7 @@ class Person < Profile |
52 | 50 | .where( |
53 | 51 | ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( |
54 | 52 | ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', |
55 | - 'environment_administrator', Profile.name, person_id, person_id, true, true] | |
53 | + 'environment_administrator', Profile.name, person.id, person.id, true, true] | |
56 | 54 | ).uniq |
57 | 55 | } |
58 | 56 | |
... | ... | @@ -374,7 +372,7 @@ class Person < Profile |
374 | 372 | ['%s@%s' % [self.identifier, self.email_domain] ] |
375 | 373 | end |
376 | 374 | |
377 | - def display_info_to?(user) | |
375 | + def display_private_info_to?(user) | |
378 | 376 | if friends.include?(user) |
379 | 377 | true |
380 | 378 | else | ... | ... |
lib/noosfero/api/entities.rb
... | ... | @@ -9,13 +9,18 @@ module Noosfero |
9 | 9 | PERMISSIONS = { |
10 | 10 | :admin => 0, |
11 | 11 | :self => 10, |
12 | - :friend => 20, | |
12 | + :private_content => 20, | |
13 | 13 | :logged_user => 30, |
14 | 14 | :anonymous => 40 |
15 | 15 | } |
16 | 16 | |
17 | - def self.can_display? profile, options, field, permission = :friend | |
18 | - return true if profile.public_fields.map{|f| f.to_sym}.include?(field.to_sym) | |
17 | + def self.can_display_profile_field? profile, options, permission_options={} | |
18 | + permissions={:field => "", :permission => :private_content} | |
19 | + permissions.merge!(permission_options) | |
20 | + field = permissions[:field] | |
21 | + permission = permissions[:permission] | |
22 | + return true if profile.public? && profile.public_fields.map{|f| f.to_sym}.include?(field.to_sym) | |
23 | + | |
19 | 24 | current_person = options[:current_person] |
20 | 25 | |
21 | 26 | current_permission = if current_person.present? |
... | ... | @@ -23,8 +28,8 @@ module Noosfero |
23 | 28 | :admin |
24 | 29 | elsif current_person == profile |
25 | 30 | :self |
26 | - elsif current_person.friends.include?(profile) | |
27 | - :friend | |
31 | + elsif profile.display_private_info_to?(current_person) | |
32 | + :private_content | |
28 | 33 | else |
29 | 34 | :logged_user |
30 | 35 | end |
... | ... | @@ -103,7 +108,7 @@ module Noosfero |
103 | 108 | |
104 | 109 | private_values = profile.custom_field_values - profile.public_values |
105 | 110 | private_values.each do |value| |
106 | - if Entities.can_display?(profile,options,:custom_field) | |
111 | + if Entities.can_display_profile_field?(profile,options) | |
107 | 112 | hash[value.custom_field.name]=value.value |
108 | 113 | end |
109 | 114 | end |
... | ... | @@ -143,11 +148,11 @@ module Noosfero |
143 | 148 | class Community < Profile |
144 | 149 | root 'communities', 'community' |
145 | 150 | expose :description |
146 | - expose :admins do |community, options| | |
151 | + expose :admins, :if => lambda { |community, options| community.display_info_to? options[:current_person]} do |community, options| | |
147 | 152 | community.admins.map{|admin| {"name"=>admin.name, "id"=>admin.id, "username" => admin.identifier}} |
148 | 153 | end |
149 | 154 | expose :categories, :using => Category |
150 | - expose :members, :using => Person | |
155 | + expose :members, :using => Person , :if => lambda{ |community, options| community.display_info_to? options[:current_person] } | |
151 | 156 | end |
152 | 157 | |
153 | 158 | class CommentBase < Entity |
... | ... | @@ -209,11 +214,11 @@ module Noosfero |
209 | 214 | |
210 | 215 | attrs.each do |attribute| |
211 | 216 | name = aliases.has_key?(attribute) ? aliases[attribute] : attribute |
212 | - expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)} | |
217 | + expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field => attribute})} | |
213 | 218 | end |
214 | 219 | |
215 | - expose :person, :using => Person | |
216 | - expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options| | |
220 | + expose :person, :using => Person, :if => lambda{|user,options| user.person.display_info_to? options[:current_person]} | |
221 | + expose :permissions, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field => :permissions, :permission => :self})} do |user, options| | |
217 | 222 | output = {} |
218 | 223 | user.person.role_assignments.map do |role_assigment| |
219 | 224 | if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil? | ... | ... |
lib/noosfero/api/helpers.rb
... | ... | @@ -266,6 +266,13 @@ require_relative '../../find_by_contents' |
266 | 266 | unauthorized! unless current_user |
267 | 267 | end |
268 | 268 | |
269 | + def profiles_for_person(profiles, person) | |
270 | + if person | |
271 | + profiles.listed_for_person(person) | |
272 | + else | |
273 | + profiles.visible | |
274 | + end | |
275 | + end | |
269 | 276 | |
270 | 277 | # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash |
271 | 278 | # or a Bad Request error is invoked. | ... | ... |
lib/noosfero/api/v1/activities.rb
... | ... | @@ -7,9 +7,11 @@ module Noosfero |
7 | 7 | resource :profiles do |
8 | 8 | |
9 | 9 | get ':id/activities' do |
10 | - profile = environment.profiles | |
11 | - profile = profile.visible_for_person(current_person) if profile.respond_to?(:visible_for_person) | |
12 | - profile = profile.find_by id: params[:id] | |
10 | + profile = Profile.find_by id: params[:id] | |
11 | + | |
12 | + not_found! if profile.blank? || profile.secret || !profile.visible | |
13 | + forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person) | |
14 | + | |
13 | 15 | activities = profile.activities.map(&:activity) |
14 | 16 | present activities, :with => Entities::Activity, :current_person => current_person |
15 | 17 | end | ... | ... |
lib/noosfero/api/v1/communities.rb
... | ... | @@ -17,8 +17,8 @@ module Noosfero |
17 | 17 | # GET /communities?reference_id=10&limit=10&oldest |
18 | 18 | get do |
19 | 19 | communities = select_filtered_collection_of(environment, 'communities', params) |
20 | - communities = communities.visible | |
21 | - communities = communities.by_location(params) # Must be the last. May return Exception obj. | |
20 | + communities = profiles_for_person(communities, current_person) | |
21 | + communities = communities.by_location(params) # Must be the last. May return Exception obj | |
22 | 22 | present communities, :with => Entities::Community, :current_person => current_person |
23 | 23 | end |
24 | 24 | |
... | ... | @@ -49,7 +49,7 @@ module Noosfero |
49 | 49 | end |
50 | 50 | |
51 | 51 | get ':id' do |
52 | - community = environment.communities.visible.find_by(id: params[:id]) | |
52 | + community = profiles_for_person(environment.communities, current_person).find_by_id(params[:id]) | |
53 | 53 | present community, :with => Entities::Community, :current_person => current_person |
54 | 54 | end |
55 | 55 | |
... | ... | @@ -63,6 +63,10 @@ module Noosfero |
63 | 63 | |
64 | 64 | get do |
65 | 65 | person = environment.people.find(params[:person_id]) |
66 | + | |
67 | + not_found! if person.blank? | |
68 | + forbidden! if !person.display_info_to?(current_person) | |
69 | + | |
66 | 70 | communities = select_filtered_collection_of(person, 'communities', params) |
67 | 71 | communities = communities.visible |
68 | 72 | present communities, :with => Entities::Community, :current_person => current_person | ... | ... |
lib/noosfero/api/v1/profiles.rb
... | ... | @@ -16,7 +16,12 @@ module Noosfero |
16 | 16 | profiles = environment.profiles |
17 | 17 | profiles = profiles.visible |
18 | 18 | profile = profiles.find_by id: params[:id] |
19 | - present profile, :with => Entities::Profile, :current_person => current_person | |
19 | + | |
20 | + if profile | |
21 | + present profile, :with => Entities::Profile, :current_person => current_person | |
22 | + else | |
23 | + not_found! | |
24 | + end | |
20 | 25 | end |
21 | 26 | |
22 | 27 | delete ':id' do | ... | ... |
lib/noosfero/api/v1/tags.rb
... | ... | @@ -3,16 +3,16 @@ module Noosfero |
3 | 3 | module V1 |
4 | 4 | class Tags < Grape::API |
5 | 5 | before { authenticate! } |
6 | - | |
6 | + | |
7 | 7 | resource :articles do |
8 | 8 | |
9 | 9 | resource ':id/tags' do |
10 | - | |
10 | + | |
11 | 11 | get do |
12 | 12 | article = find_article(environment.articles, params[:id]) |
13 | 13 | present article.tag_list |
14 | 14 | end |
15 | - | |
15 | + | |
16 | 16 | desc "Add a tag to an article" |
17 | 17 | post do |
18 | 18 | article = find_article(environment.articles, params[:id]) |
... | ... | @@ -20,10 +20,8 @@ module Noosfero |
20 | 20 | article.save |
21 | 21 | present article.tag_list |
22 | 22 | end |
23 | - | |
24 | 23 | end |
25 | 24 | end |
26 | - | |
27 | 25 | end |
28 | 26 | end |
29 | 27 | end | ... | ... |
lib/noosfero/api/v1/users.rb
... | ... | @@ -18,10 +18,11 @@ module Noosfero |
18 | 18 | |
19 | 19 | get ":id" do |
20 | 20 | user = environment.users.find_by id: params[:id] |
21 | - unless user.person.display_info_to? current_person | |
22 | - unauthorized! | |
21 | + if user | |
22 | + present user, :with => Entities::User, :current_person => current_person | |
23 | + else | |
24 | + not_found! | |
23 | 25 | end |
24 | - present user, :with => Entities::User, :current_person => current_person | |
25 | 26 | end |
26 | 27 | |
27 | 28 | get ":id/permissions" do | ... | ... |
plugins/comment_paragraph/test/unit/api_test.rb
plugins/push_notification/test/api/api_test.rb
... | ... | @@ -3,6 +3,7 @@ require_relative '../../../../test/api/test_helper' |
3 | 3 | class PushNotificationApiTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | + create_and_activate_user | |
6 | 7 | login_api |
7 | 8 | environment = Environment.default |
8 | 9 | environment.enable_plugin(PushNotificationPlugin) | ... | ... |
test/api/activities_test.rb
... | ... | @@ -3,20 +3,74 @@ require_relative 'test_helper' |
3 | 3 | class ActivitiesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | + create_and_activate_user | |
6 | 7 | login_api |
7 | 8 | end |
8 | 9 | |
9 | - should 'get activity from profile' do | |
10 | - person = fast_create(Person) | |
11 | - organization = fast_create(Organization) | |
12 | - assert_difference 'organization.activities_count' do | |
13 | - ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization | |
14 | - organization.reload | |
15 | - end | |
16 | - get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}" | |
10 | + should 'get own activities' do | |
11 | + create_activity(person) | |
12 | + | |
13 | + get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}" | |
17 | 14 | json = JSON.parse(last_response.body) |
15 | + | |
18 | 16 | assert 1, json["activities"].count |
19 | - assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"] | |
17 | + assert_equivalent person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | |
18 | + end | |
19 | + | |
20 | + should 'not get private community activities' do | |
21 | + community = fast_create(Community, :public_profile => false) | |
22 | + create_activity(community) | |
23 | + | |
24 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | |
25 | + json = JSON.parse(last_response.body) | |
26 | + assert_nil json["activities"] | |
27 | + assert_equal 403, last_response.status | |
28 | + end | |
29 | + | |
30 | + should 'not get community activities if not member' do | |
31 | + community = fast_create(Community) | |
32 | + other_person = fast_create(Person) | |
33 | + community.add_member(other_person) # so there is an activity in community | |
34 | + | |
35 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | |
36 | + json = JSON.parse(last_response.body) | |
37 | + assert_nil json["activities"] | |
38 | + assert_equal 403, last_response.status | |
39 | + end | |
40 | + | |
41 | + should 'get community activities for member' do | |
42 | + community = fast_create(Community) | |
43 | + create_activity(community) | |
44 | + community.add_member(person) | |
45 | + | |
46 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | |
47 | + json = JSON.parse(last_response.body) | |
48 | + assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | |
49 | + end | |
50 | + | |
51 | + should 'not get other person activities' do | |
52 | + other_person = fast_create(Person) | |
53 | + create_activity(other_person) | |
54 | + | |
55 | + get "/api/v1/profiles/#{other_person.id}/activities?#{params.to_query}" | |
56 | + json = JSON.parse(last_response.body) | |
57 | + assert_nil json["activities"] | |
58 | + assert_equal 403, last_response.status | |
59 | + end | |
60 | + | |
61 | + should 'get friend activities' do | |
62 | + other_person = fast_create(Person) | |
63 | + other_person.add_friend(person) | |
64 | + create_activity(other_person) | |
65 | + | |
66 | + get "/api/v1/profiles/#{other_person.id}/activities?#{params.to_query}" | |
67 | + json = JSON.parse(last_response.body) | |
68 | + assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | |
69 | + end | |
70 | + | |
71 | + def create_activity(target) | |
72 | + activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target | |
73 | + ProfileActivity.create! profile_id: target.id, activity: activity | |
20 | 74 | end |
21 | 75 | |
22 | 76 | end | ... | ... |
test/api/articles_test.rb
... | ... | @@ -3,6 +3,7 @@ require_relative 'test_helper' |
3 | 3 | class ArticlesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | + create_and_activate_user | |
6 | 7 | login_api |
7 | 8 | end |
8 | 9 | |
... | ... | @@ -199,7 +200,6 @@ class ArticlesTest < ActiveSupport::TestCase |
199 | 200 | article = fast_create(Article, :profile_id => @person.id, :name => "Some thing", :archived => true) |
200 | 201 | @params[:value] = 1 |
201 | 202 | post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" |
202 | - puts JSON.parse(last_response.body) | |
203 | 203 | assert_equal 400, last_response.status |
204 | 204 | end |
205 | 205 | ... | ... |
test/api/boxes_test.rb
... | ... | @@ -3,8 +3,7 @@ require_relative 'test_helper' |
3 | 3 | class BoxesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | - @controller = AccountController.new | |
7 | - @request = ActionController::TestRequest.new | |
6 | + create_and_activate_user | |
8 | 7 | login_api |
9 | 8 | # @request = ActionController::TestRequest.new |
10 | 9 | end | ... | ... |
test/api/categories_test.rb
... | ... | @@ -2,6 +2,9 @@ require_relative 'test_helper' |
2 | 2 | |
3 | 3 | class CategoriesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | + def setup | |
6 | + create_and_activate_user | |
7 | + end | |
5 | 8 | |
6 | 9 | should 'logged user list categories' do |
7 | 10 | login_api |
... | ... | @@ -11,7 +14,7 @@ class CategoriesTest < ActiveSupport::TestCase |
11 | 14 | assert_includes json["categories"].map { |c| c["name"] }, category.name |
12 | 15 | end |
13 | 16 | |
14 | - should 'logged user get category by id' do | |
17 | + should 'get category by id to logged user' do | |
15 | 18 | login_api |
16 | 19 | category = fast_create(Category, :environment_id => environment.id) |
17 | 20 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
... | ... | @@ -19,7 +22,7 @@ class CategoriesTest < ActiveSupport::TestCase |
19 | 22 | assert_equal category.name, json["category"]["name"] |
20 | 23 | end |
21 | 24 | |
22 | - should 'logged user list parent and children when get category by id' do | |
25 | + should 'list parent and children when get category by id to logged user' do | |
23 | 26 | login_api |
24 | 27 | parent = fast_create(Category, :environment_id => environment.id) |
25 | 28 | child_1 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -37,7 +40,7 @@ class CategoriesTest < ActiveSupport::TestCase |
37 | 40 | assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } |
38 | 41 | end |
39 | 42 | |
40 | - should 'logged user include parent in categories list if params is true' do | |
43 | + should 'include parent in categories list if params is true to logged_user' do | |
41 | 44 | login_api |
42 | 45 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category |
43 | 46 | child_1 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -60,7 +63,7 @@ class CategoriesTest < ActiveSupport::TestCase |
60 | 63 | json["categories"].map { |c| c['parent'] && c['parent']['id'] } |
61 | 64 | end |
62 | 65 | |
63 | - should 'logged user include children in categories list if params is true' do | |
66 | + should 'include children in categories list if params is true to logged user' do | |
64 | 67 | login_api |
65 | 68 | category = fast_create(Category, :environment_id => environment.id) |
66 | 69 | child_1 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -88,7 +91,7 @@ class CategoriesTest < ActiveSupport::TestCase |
88 | 91 | expose_attributes = %w(id name full_name image display_color) |
89 | 92 | |
90 | 93 | expose_attributes.each do |attr| |
91 | - should "logged user expose category #{attr} attribute by default" do | |
94 | + should "expose category #{attr} attribute by default to logged user" do | |
92 | 95 | login_api |
93 | 96 | category = fast_create(Category, :environment_id => environment.id) |
94 | 97 | get "/api/v1/categories/?#{params.to_query}" |
... | ... | @@ -97,24 +100,21 @@ class CategoriesTest < ActiveSupport::TestCase |
97 | 100 | end |
98 | 101 | end |
99 | 102 | |
100 | - should 'anonymous list categories' do | |
101 | - anonymous_setup | |
103 | + should 'list categories to anonymous' do | |
102 | 104 | category = fast_create(Category, :environment_id => environment.id) |
103 | 105 | get "/api/v1/categories/?#{params.to_query}" |
104 | 106 | json = JSON.parse(last_response.body) |
105 | 107 | assert_includes json["categories"].map { |c| c["name"] }, category.name |
106 | 108 | end |
107 | 109 | |
108 | - should 'anonymous get category by id' do | |
109 | - anonymous_setup | |
110 | + should 'get category by id to anonymous' do | |
110 | 111 | category = fast_create(Category, :environment_id => environment.id) |
111 | 112 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
112 | 113 | json = JSON.parse(last_response.body) |
113 | 114 | assert_equal category.name, json["category"]["name"] |
114 | 115 | end |
115 | 116 | |
116 | - should 'anonymous list parent and children when get category by id' do | |
117 | - anonymous_setup | |
117 | + should 'list parent and children when get category by id to anonymous' do | |
118 | 118 | parent = fast_create(Category, :environment_id => environment.id) |
119 | 119 | child_1 = fast_create(Category, :environment_id => environment.id) |
120 | 120 | child_2 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -132,7 +132,6 @@ class CategoriesTest < ActiveSupport::TestCase |
132 | 132 | end |
133 | 133 | |
134 | 134 | should 'anonymous include parent in categories list if params is true' do |
135 | - anonymous_setup | |
136 | 135 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category |
137 | 136 | child_1 = fast_create(Category, :environment_id => environment.id) |
138 | 137 | child_2 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -155,7 +154,6 @@ class CategoriesTest < ActiveSupport::TestCase |
155 | 154 | end |
156 | 155 | |
157 | 156 | should 'anonymous include children in categories list if params is true' do |
158 | - anonymous_setup | |
159 | 157 | category = fast_create(Category, :environment_id => environment.id) |
160 | 158 | child_1 = fast_create(Category, :environment_id => environment.id) |
161 | 159 | child_2 = fast_create(Category, :environment_id => environment.id) |
... | ... | @@ -180,8 +178,7 @@ class CategoriesTest < ActiveSupport::TestCase |
180 | 178 | end |
181 | 179 | |
182 | 180 | expose_attributes.each do |attr| |
183 | - should "anonymous expose category #{attr} attribute by default" do | |
184 | - anonymous_setup | |
181 | + should "expose category #{attr} attribute by default to anonymous" do | |
185 | 182 | category = fast_create(Category, :environment_id => environment.id) |
186 | 183 | get "/api/v1/categories/?#{params.to_query}" |
187 | 184 | json = JSON.parse(last_response.body) |
... | ... | @@ -189,6 +186,4 @@ class CategoriesTest < ActiveSupport::TestCase |
189 | 186 | end |
190 | 187 | end |
191 | 188 | |
192 | - | |
193 | - | |
194 | 189 | end | ... | ... |
test/api/comments_test.rb
... | ... | @@ -4,13 +4,12 @@ class CommentsTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | @local_person = fast_create(Person) |
7 | - anonymous_setup | |
7 | + create_and_activate_user | |
8 | 8 | end |
9 | - attr_reader :local_person | |
10 | 9 | |
11 | 10 | should 'logged user not list comments if user has no permission to view the source article' do |
12 | 11 | login_api |
13 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
12 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", :published => false) | |
14 | 13 | assert !article.published? |
15 | 14 | |
16 | 15 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
... | ... | @@ -19,8 +18,8 @@ class CommentsTest < ActiveSupport::TestCase |
19 | 18 | |
20 | 19 | should 'logged user not return comment if user has no permission to view the source article' do |
21 | 20 | login_api |
22 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
23 | - comment = article.comments.create!(:body => "another comment", :author => local_person) | |
21 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", :published => false) | |
22 | + comment = article.comments.create!(:body => "another comment", :author => @local_person) | |
24 | 23 | assert !article.published? |
25 | 24 | |
26 | 25 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
... | ... | @@ -29,7 +28,7 @@ class CommentsTest < ActiveSupport::TestCase |
29 | 28 | |
30 | 29 | should 'logged user not comment an article if user has no permission to view it' do |
31 | 30 | login_api |
32 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
31 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", :published => false) | |
33 | 32 | assert !article.published? |
34 | 33 | |
35 | 34 | post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
... | ... | @@ -38,9 +37,9 @@ class CommentsTest < ActiveSupport::TestCase |
38 | 37 | |
39 | 38 | should 'logged user return comments of an article' do |
40 | 39 | login_api |
41 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
42 | - article.comments.create!(:body => "some comment", :author => local_person) | |
43 | - article.comments.create!(:body => "another comment", :author => local_person) | |
40 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
41 | + article.comments.create!(:body => "some comment", :author => @local_person) | |
42 | + article.comments.create!(:body => "another comment", :author => @local_person) | |
44 | 43 | |
45 | 44 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
46 | 45 | json = JSON.parse(last_response.body) |
... | ... | @@ -50,8 +49,8 @@ class CommentsTest < ActiveSupport::TestCase |
50 | 49 | |
51 | 50 | should 'logged user return comment of an article' do |
52 | 51 | login_api |
53 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
54 | - comment = article.comments.create!(:body => "another comment", :author => local_person) | |
52 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
53 | + comment = article.comments.create!(:body => "another comment", :author => @local_person) | |
55 | 54 | |
56 | 55 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
57 | 56 | json = JSON.parse(last_response.body) |
... | ... | @@ -61,7 +60,7 @@ class CommentsTest < ActiveSupport::TestCase |
61 | 60 | |
62 | 61 | should 'logged user comment an article' do |
63 | 62 | login_api |
64 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
63 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
65 | 64 | body = 'My comment' |
66 | 65 | params.merge!({:body => body}) |
67 | 66 | |
... | ... | @@ -84,7 +83,7 @@ class CommentsTest < ActiveSupport::TestCase |
84 | 83 | should 'logged user comment creation define the source' do |
85 | 84 | login_api |
86 | 85 | amount = Comment.count |
87 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
86 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
88 | 87 | body = 'My comment' |
89 | 88 | params.merge!({:body => body}) |
90 | 89 | |
... | ... | @@ -103,7 +102,7 @@ class CommentsTest < ActiveSupport::TestCase |
103 | 102 | Noosfero::Plugin.stubs(:all).returns([Plugin1.name]) |
104 | 103 | Environment.default.enable_plugin(Plugin1) |
105 | 104 | |
106 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
105 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
107 | 106 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1") |
108 | 107 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2", :user_agent => 'Jack') |
109 | 108 | |
... | ... | @@ -113,7 +112,7 @@ class CommentsTest < ActiveSupport::TestCase |
113 | 112 | end |
114 | 113 | |
115 | 114 | should 'anonymous do not return comments marked as spam' do |
116 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
115 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
117 | 116 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1", spam: true) |
118 | 117 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2") |
119 | 118 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
... | ... | @@ -121,41 +120,42 @@ class CommentsTest < ActiveSupport::TestCase |
121 | 120 | assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} |
122 | 121 | end |
123 | 122 | |
124 | - should 'not, anonymous list comments if has no permission to view the source article' do | |
125 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | |
123 | + should 'not list comments if anonymous has no permission to view the source article' do | |
124 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | |
126 | 125 | assert !article.published? |
127 | - | |
126 | + | |
128 | 127 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
129 | 128 | assert_equal 403, last_response.status |
130 | 129 | end |
131 | - | |
132 | - should 'anonymous return comments of an article' do | |
133 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
134 | - article.comments.create!(:body => "some comment", :author => local_person) | |
135 | - article.comments.create!(:body => "another comment", :author => local_person) | |
136 | - | |
130 | + | |
131 | + should 'return comments of an article for anonymous' do | |
132 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
133 | + article.comments.create!(:body => "some comment", :author => @local_person) | |
134 | + article.comments.create!(:body => "another comment", :author => @local_person) | |
135 | + | |
137 | 136 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
138 | 137 | json = JSON.parse(last_response.body) |
139 | 138 | assert_equal 200, last_response.status |
140 | 139 | assert_equal 2, json["comments"].length |
141 | 140 | end |
142 | - | |
143 | - should 'anonymous return comment of an article' do | |
144 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
145 | - comment = article.comments.create!(:body => "another comment", :author => local_person) | |
146 | - | |
141 | + | |
142 | + should 'return comment of an article for anonymous' do | |
143 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
144 | + comment = article.comments.create!(:body => "another comment", :author => @local_person) | |
145 | + | |
147 | 146 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
148 | 147 | json = JSON.parse(last_response.body) |
149 | 148 | assert_equal 200, last_response.status |
150 | 149 | assert_equal comment.id, json['comment']['id'] |
151 | 150 | end |
152 | 151 | |
153 | - should 'not, anonymous comment an article (at least so far...)' do | |
154 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
152 | + should 'anonymous user not comment an article' do | |
153 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") | |
155 | 154 | body = 'My comment' |
156 | 155 | name = "John Doe" |
157 | 156 | email = "JohnDoe@gmail.com" |
158 | 157 | params.merge!({:body => body, name: name, email: email}) |
158 | + | |
159 | 159 | post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
160 | 160 | json = JSON.parse(last_response.body) |
161 | 161 | assert_equal 401, last_response.status |
... | ... | @@ -163,8 +163,8 @@ class CommentsTest < ActiveSupport::TestCase |
163 | 163 | |
164 | 164 | should 'logged user paginate comments' do |
165 | 165 | login_api |
166 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
167 | - 5.times { article.comments.create!(:body => "some comment", :author => local_person) } | |
166 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
167 | + 5.times { article.comments.create!(:body => "some comment", :author => @local_person) } | |
168 | 168 | params[:per_page] = 3 |
169 | 169 | |
170 | 170 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
... | ... | @@ -175,9 +175,9 @@ class CommentsTest < ActiveSupport::TestCase |
175 | 175 | |
176 | 176 | should 'logged user return only root comments' do |
177 | 177 | login_api |
178 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | |
179 | - comment1 = article.comments.create!(:body => "some comment", :author => local_person) | |
180 | - comment2 = article.comments.create!(:body => "another comment", :author => local_person, :reply_of_id => comment1.id) | |
178 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | |
179 | + comment1 = article.comments.create!(:body => "some comment", :author => @local_person) | |
180 | + comment2 = article.comments.create!(:body => "another comment", :author => @local_person, :reply_of_id => comment1.id) | |
181 | 181 | params[:without_reply] = true |
182 | 182 | |
183 | 183 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | ... | ... |
test/api/communities_test.rb
... | ... | @@ -4,28 +4,31 @@ class CommunitiesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | Community.delete_all |
7 | + create_and_activate_user | |
7 | 8 | end |
8 | 9 | |
9 | - should 'logged user list only communities' do | |
10 | + should 'list only communities to logged user' do | |
10 | 11 | login_api |
11 | 12 | community = fast_create(Community, :environment_id => environment.id) |
12 | 13 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise |
14 | + | |
13 | 15 | get "/api/v1/communities?#{params.to_query}" |
14 | 16 | json = JSON.parse(last_response.body) |
15 | 17 | assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id |
16 | 18 | assert_includes json['communities'].map {|c| c['id']}, community.id |
17 | 19 | end |
18 | 20 | |
19 | - should 'logged user list all communities' do | |
21 | + should 'list all communities to logged user' do | |
20 | 22 | login_api |
21 | 23 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) |
22 | 24 | community2 = fast_create(Community, :environment_id => environment.id) |
25 | + | |
23 | 26 | get "/api/v1/communities?#{params.to_query}" |
24 | 27 | json = JSON.parse(last_response.body) |
25 | 28 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
26 | 29 | end |
27 | 30 | |
28 | - should 'not, logged user list invisible communities' do | |
31 | + should 'not list invisible communities to logged user' do | |
29 | 32 | login_api |
30 | 33 | community1 = fast_create(Community, :environment_id => environment.id) |
31 | 34 | fast_create(Community, :environment_id => environment.id, :visible => false) |
... | ... | @@ -35,28 +38,28 @@ class CommunitiesTest < ActiveSupport::TestCase |
35 | 38 | assert_equal [community1.id], json['communities'].map {|c| c['id']} |
36 | 39 | end |
37 | 40 | |
38 | - should 'logged user list private communities' do | |
39 | - login_api | |
40 | - community1 = fast_create(Community, :environment_id => environment.id) | |
41 | - community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
41 | + should 'list private communities to logged user' do | |
42 | + login_api | |
43 | + community1 = fast_create(Community, :environment_id => environment.id) | |
44 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
42 | 45 | |
43 | - get "/api/v1/communities?#{params.to_query}" | |
44 | - json = JSON.parse(last_response.body) | |
45 | - assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | |
46 | + get "/api/v1/communities?#{params.to_query}" | |
47 | + json = JSON.parse(last_response.body) | |
48 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | |
46 | 49 | end |
47 | 50 | |
48 | - should 'logged user list private community for members' do | |
51 | + should 'list private communities to logged members' do | |
49 | 52 | login_api |
50 | - c1 = fast_create(Community, :environment_id => environment.id) | |
51 | - c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
52 | - c2.add_member(person) | |
53 | + community1 = fast_create(Community, :environment_id => environment.id) | |
54 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
55 | + community2.add_member(person) | |
53 | 56 | |
54 | 57 | get "/api/v1/communities?#{params.to_query}" |
55 | 58 | json = JSON.parse(last_response.body) |
56 | - assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']} | |
59 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | |
57 | 60 | end |
58 | 61 | |
59 | - should 'logged user create a community' do | |
62 | + should 'create a community with logged user' do | |
60 | 63 | login_api |
61 | 64 | params[:community] = {:name => 'some'} |
62 | 65 | post "/api/v1/communities?#{params.to_query}" |
... | ... | @@ -64,14 +67,14 @@ class CommunitiesTest < ActiveSupport::TestCase |
64 | 67 | assert_equal 'some', json['community']['name'] |
65 | 68 | end |
66 | 69 | |
67 | - should 'logged user return 400 status for invalid community creation' do | |
70 | + should 'return 400 status for invalid community creation to logged user ' do | |
68 | 71 | login_api |
69 | 72 | post "/api/v1/communities?#{params.to_query}" |
70 | 73 | json = JSON.parse(last_response.body) |
71 | 74 | assert_equal 400, last_response.status |
72 | 75 | end |
73 | 76 | |
74 | - should 'logged user get community' do | |
77 | + should 'get community to logged user' do | |
75 | 78 | login_api |
76 | 79 | community = fast_create(Community, :environment_id => environment.id) |
77 | 80 | |
... | ... | @@ -80,26 +83,27 @@ class CommunitiesTest < ActiveSupport::TestCase |
80 | 83 | assert_equal community.id, json['community']['id'] |
81 | 84 | end |
82 | 85 | |
83 | - should 'not, logged user get invisible community' do | |
86 | + should 'not list invisible community to logged users' do | |
84 | 87 | login_api |
85 | 88 | community = fast_create(Community, :environment_id => environment.id, :visible => false) |
86 | 89 | |
87 | 90 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
88 | 91 | json = JSON.parse(last_response.body) |
89 | - assert json['community'].blank? | |
92 | + | |
93 | + assert_nil json["community"] | |
90 | 94 | end |
91 | 95 | |
92 | - should 'not, logged user get private communities without permission' do | |
96 | + should 'not get private community content to non member' do | |
93 | 97 | login_api |
94 | - community = fast_create(Community, :environment_id => environment.id) | |
95 | - fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
98 | + community = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
96 | 99 | |
97 | 100 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
98 | 101 | json = JSON.parse(last_response.body) |
99 | 102 | assert_equal community.id, json['community']['id'] |
103 | + assert_nil json['community']['members'] | |
100 | 104 | end |
101 | 105 | |
102 | - should 'logged user get private community for members' do | |
106 | + should 'get private community to logged member' do | |
103 | 107 | login_api |
104 | 108 | community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) |
105 | 109 | community.add_member(person) |
... | ... | @@ -107,9 +111,10 @@ class CommunitiesTest < ActiveSupport::TestCase |
107 | 111 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
108 | 112 | json = JSON.parse(last_response.body) |
109 | 113 | assert_equal community.id, json['community']['id'] |
114 | + assert_not_nil json['community']['members'] | |
110 | 115 | end |
111 | 116 | |
112 | - should 'logged user list person communities' do | |
117 | + should 'list person communities to logged user' do | |
113 | 118 | login_api |
114 | 119 | community = fast_create(Community, :environment_id => environment.id) |
115 | 120 | fast_create(Community, :environment_id => environment.id) |
... | ... | @@ -120,16 +125,16 @@ class CommunitiesTest < ActiveSupport::TestCase |
120 | 125 | assert_equivalent [community.id], json['communities'].map {|c| c['id']} |
121 | 126 | end |
122 | 127 | |
123 | - should 'not, logged user list person communities invisible' do | |
128 | + should 'not list person invisible communities to logged user' do | |
124 | 129 | login_api |
125 | - c1 = fast_create(Community, :environment_id => environment.id) | |
126 | - c2 = fast_create(Community, :environment_id => environment.id, :visible => false) | |
127 | - c1.add_member(person) | |
128 | - c2.add_member(person) | |
130 | + community1 = fast_create(Community, :environment_id => environment.id) | |
131 | + community2 = fast_create(Community, :environment_id => environment.id, :visible => false) | |
132 | + community1.add_member(person) | |
133 | + community2.add_member(person) | |
129 | 134 | |
130 | 135 | get "/api/v1/people/#{person.id}/communities?#{params.to_query}" |
131 | 136 | json = JSON.parse(last_response.body) |
132 | - assert_equivalent [c1.id], json['communities'].map {|c| c['id']} | |
137 | + assert_equivalent [community1.id], json['communities'].map {|c| c['id']} | |
133 | 138 | end |
134 | 139 | |
135 | 140 | should 'logged user list communities with pagination' do |
... | ... | @@ -147,7 +152,6 @@ class CommunitiesTest < ActiveSupport::TestCase |
147 | 152 | get "/api/v1/communities?#{params.to_query}" |
148 | 153 | json_page_one = JSON.parse(last_response.body) |
149 | 154 | |
150 | - | |
151 | 155 | assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id |
152 | 156 | assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id |
153 | 157 | |
... | ... | @@ -155,7 +159,7 @@ class CommunitiesTest < ActiveSupport::TestCase |
155 | 159 | assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id |
156 | 160 | end |
157 | 161 | |
158 | - should 'logged user list communities with timestamp' do | |
162 | + should 'list communities with timestamp to logged user' do | |
159 | 163 | login_api |
160 | 164 | community1 = fast_create(Community, :public_profile => true) |
161 | 165 | community2 = fast_create(Community) |
... | ... | @@ -172,9 +176,9 @@ class CommunitiesTest < ActiveSupport::TestCase |
172 | 176 | end |
173 | 177 | |
174 | 178 | should 'anonymous list only communities' do |
175 | - anonymous_setup | |
176 | 179 | community = fast_create(Community, :environment_id => environment.id) |
177 | 180 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise |
181 | + | |
178 | 182 | get "/api/v1/communities?#{params.to_query}" |
179 | 183 | json = JSON.parse(last_response.body) |
180 | 184 | assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id |
... | ... | @@ -182,16 +186,15 @@ class CommunitiesTest < ActiveSupport::TestCase |
182 | 186 | end |
183 | 187 | |
184 | 188 | should 'anonymous list all communities' do |
185 | - anonymous_setup | |
186 | 189 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) |
187 | 190 | community2 = fast_create(Community, :environment_id => environment.id) |
191 | + | |
188 | 192 | get "/api/v1/communities?#{params.to_query}" |
189 | 193 | json = JSON.parse(last_response.body) |
190 | 194 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
191 | 195 | end |
192 | 196 | |
193 | - should 'not, anonymous list invisible communities' do | |
194 | - anonymous_setup | |
197 | + should 'not list invisible communities to anonymous' do | |
195 | 198 | community1 = fast_create(Community, :environment_id => environment.id) |
196 | 199 | fast_create(Community, :environment_id => environment.id, :visible => false) |
197 | 200 | |
... | ... | @@ -200,8 +203,17 @@ class CommunitiesTest < ActiveSupport::TestCase |
200 | 203 | assert_equal [community1.id], json['communities'].map {|c| c['id']} |
201 | 204 | end |
202 | 205 | |
203 | - should 'anonymous list private communities' do | |
204 | - anonymous_setup | |
206 | + should 'list all visible communities except secret ones to anonymous' do | |
207 | + community = fast_create(Community, :environment_id => environment.id) | |
208 | + private_community = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
209 | + secret_community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :secret => true) | |
210 | + | |
211 | + get "/api/v1/communities?#{params.to_query}" | |
212 | + json = JSON.parse(last_response.body) | |
213 | + assert_equivalent [community.id, private_community.id], json['communities'].map {|c| c['id']} | |
214 | + end | |
215 | + | |
216 | + should 'list private communities to anonymous' do | |
205 | 217 | community1 = fast_create(Community, :environment_id => environment.id) |
206 | 218 | community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) |
207 | 219 | |
... | ... | @@ -210,41 +222,59 @@ class CommunitiesTest < ActiveSupport::TestCase |
210 | 222 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
211 | 223 | end |
212 | 224 | |
213 | - should 'not, anonymous create a community' do | |
214 | - anonymous_setup | |
225 | + should 'not create a community as an anonymous user' do | |
215 | 226 | params[:community] = {:name => 'some'} |
227 | + | |
216 | 228 | post "/api/v1/communities?#{params.to_query}" |
217 | 229 | json = JSON.parse(last_response.body) |
218 | 230 | assert_equal 401, last_response.status |
219 | 231 | end |
220 | 232 | |
221 | - should 'anonymous get community' do | |
222 | - anonymous_setup | |
233 | + should 'get community for anonymous' do | |
223 | 234 | community = fast_create(Community, :environment_id => environment.id) |
224 | 235 | get "/api/v1/communities/#{community.id}" |
225 | 236 | json = JSON.parse(last_response.body) |
226 | 237 | assert_equal community.id, json['community']['id'] |
227 | 238 | end |
228 | 239 | |
229 | - should 'not, anonymous get invisible community' do | |
230 | - anonymous_setup | |
240 | + should 'not get invisible community to anonymous user' do | |
231 | 241 | community = fast_create(Community, :environment_id => environment.id, :visible => false) |
232 | 242 | get "/api/v1/communities/#{community.id}" |
233 | 243 | json = JSON.parse(last_response.body) |
234 | 244 | assert json['community'].blank? |
235 | 245 | end |
236 | 246 | |
237 | - should 'not, anonymous get private communities' do | |
238 | - anonymous_setup | |
239 | - community = fast_create(Community, :environment_id => environment.id) | |
240 | - fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
247 | + should 'get private community to anonymous user' do | |
248 | + community = fast_create(Community, :environment_id => environment.id, :public_profile => false) | |
249 | + | |
241 | 250 | get "/api/v1/communities/#{community.id}" |
242 | 251 | json = JSON.parse(last_response.body) |
243 | 252 | assert_equal community.id, json['community']['id'] |
253 | + assert_nil json['community']['members'] | |
254 | + end | |
255 | + | |
256 | + should 'list public person communities to anonymous' do | |
257 | + community = fast_create(Community, :environment_id => environment.id) | |
258 | + fast_create(Community, :environment_id => environment.id) | |
259 | + community.add_member(person) | |
260 | + | |
261 | + get "/api/v1/people/#{person.id}/communities?#{params.to_query}" | |
262 | + json = JSON.parse(last_response.body) | |
263 | + assert_equivalent [community.id], json['communities'].map {|c| c['id']} | |
244 | 264 | end |
245 | 265 | |
246 | - should 'anonymous list communities with pagination' do | |
247 | - anonymous_setup | |
266 | + should 'not list private person communities to anonymous' do | |
267 | + community = fast_create(Community, :environment_id => environment.id) | |
268 | + fast_create(Community, :environment_id => environment.id) | |
269 | + person.public_profile = false | |
270 | + person.save | |
271 | + community.add_member(person) | |
272 | + | |
273 | + get "/api/v1/people/#{person.id}/communities?#{params.to_query}" | |
274 | + assert_equal 403, last_response.status | |
275 | + end | |
276 | + | |
277 | + should 'list communities with pagination to anonymous' do | |
248 | 278 | community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) |
249 | 279 | community2 = fast_create(Community, :created_at => 2.days.ago) |
250 | 280 | |
... | ... | @@ -265,8 +295,7 @@ class CommunitiesTest < ActiveSupport::TestCase |
265 | 295 | assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id |
266 | 296 | end |
267 | 297 | |
268 | - should 'anonymous list communities with timestamp' do | |
269 | - anonymous_setup | |
298 | + should 'list communities with timestamp to anonymous ' do | |
270 | 299 | community1 = fast_create(Community, :public_profile => true) |
271 | 300 | community2 = fast_create(Community) |
272 | 301 | |
... | ... | @@ -282,7 +311,6 @@ class CommunitiesTest < ActiveSupport::TestCase |
282 | 311 | end |
283 | 312 | |
284 | 313 | should 'display public custom fields to anonymous' do |
285 | - anonymous_setup | |
286 | 314 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) |
287 | 315 | some_community = fast_create(Community) |
288 | 316 | some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } |
... | ... | @@ -295,7 +323,6 @@ class CommunitiesTest < ActiveSupport::TestCase |
295 | 323 | end |
296 | 324 | |
297 | 325 | should 'not display private custom fields to anonymous' do |
298 | - anonymous_setup | |
299 | 326 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) |
300 | 327 | some_community = fast_create(Community) |
301 | 328 | some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } |
... | ... | @@ -306,5 +333,4 @@ class CommunitiesTest < ActiveSupport::TestCase |
306 | 333 | refute json['community']['additional_data'].has_key?('Rating') |
307 | 334 | end |
308 | 335 | |
309 | - | |
310 | 336 | end | ... | ... |
test/api/enterprises_test.rb
... | ... | @@ -4,6 +4,7 @@ class EnterprisesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | Enterprise.delete_all |
7 | + create_and_activate_user | |
7 | 8 | end |
8 | 9 | |
9 | 10 | should 'logger user list only enterprises' do |
... | ... | @@ -17,7 +18,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
17 | 18 | end |
18 | 19 | |
19 | 20 | should 'anonymous list only enterprises' do |
20 | - anonymous_setup | |
21 | 21 | community = fast_create(Community, :environment_id => environment.id) # should not list this community |
22 | 22 | enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) |
23 | 23 | get "/api/v1/enterprises?#{params.to_query}" |
... | ... | @@ -27,7 +27,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
27 | 27 | end |
28 | 28 | |
29 | 29 | should 'anonymous list all enterprises' do |
30 | - anonymous_setup | |
31 | 30 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) |
32 | 31 | enterprise2 = fast_create(Enterprise, :environment_id => environment.id) |
33 | 32 | get "/api/v1/enterprises?#{params.to_query}" |
... | ... | @@ -55,7 +54,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
55 | 54 | end |
56 | 55 | |
57 | 56 | should 'not, anonymous list invisible enterprises' do |
58 | - anonymous_setup | |
59 | 57 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
60 | 58 | fast_create(Enterprise, :visible => false) |
61 | 59 | |
... | ... | @@ -64,7 +62,7 @@ class EnterprisesTest < ActiveSupport::TestCase |
64 | 62 | assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} |
65 | 63 | end |
66 | 64 | |
67 | - should 'not, logger user list invisible enterprises' do | |
65 | + should 'not, logged user list invisible enterprises' do | |
68 | 66 | login_api |
69 | 67 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
70 | 68 | fast_create(Enterprise, :visible => false) |
... | ... | @@ -75,7 +73,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
75 | 73 | end |
76 | 74 | |
77 | 75 | should 'anonymous list private enterprises' do |
78 | - anonymous_setup | |
79 | 76 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
80 | 77 | enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) |
81 | 78 | |
... | ... | @@ -106,7 +103,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
106 | 103 | end |
107 | 104 | |
108 | 105 | should 'anonymous get enterprise' do |
109 | - anonymous_setup | |
110 | 106 | enterprise = fast_create(Enterprise, :environment_id => environment.id) |
111 | 107 | |
112 | 108 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" |
... | ... | @@ -133,7 +129,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
133 | 129 | end |
134 | 130 | |
135 | 131 | should 'not, anonymous get invisible enterprise' do |
136 | - anonymous_setup | |
137 | 132 | enterprise = fast_create(Enterprise, :visible => false) |
138 | 133 | |
139 | 134 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" |
... | ... | @@ -152,7 +147,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
152 | 147 | end |
153 | 148 | |
154 | 149 | should 'not, anonymous get private enterprises' do |
155 | - anonymous_setup | |
156 | 150 | enterprise = fast_create(Enterprise, :environment_id => environment.id) |
157 | 151 | fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) |
158 | 152 | |
... | ... | @@ -195,7 +189,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
195 | 189 | end |
196 | 190 | |
197 | 191 | should 'display public custom fields to anonymous' do |
198 | - anonymous_setup | |
199 | 192 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) |
200 | 193 | some_enterprise = fast_create(Enterprise) |
201 | 194 | some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } |
... | ... | @@ -208,7 +201,6 @@ class EnterprisesTest < ActiveSupport::TestCase |
208 | 201 | end |
209 | 202 | |
210 | 203 | should 'not display public custom fields to anonymous' do |
211 | - anonymous_setup | |
212 | 204 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) |
213 | 205 | some_enterprise = fast_create(Enterprise) |
214 | 206 | some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | ... | ... |
test/api/environment_test.rb
... | ... | @@ -2,6 +2,10 @@ require_relative 'test_helper' |
2 | 2 | |
3 | 3 | class EnvironmentTest < ActiveSupport::TestCase |
4 | 4 | |
5 | + def setup | |
6 | + create_and_activate_user | |
7 | + end | |
8 | + | |
5 | 9 | should 'return the default environment' do |
6 | 10 | environment = Environment.default |
7 | 11 | get "/api/v1/environment/default" |
... | ... | @@ -62,6 +66,6 @@ class EnvironmentTest < ActiveSupport::TestCase |
62 | 66 | get "/api/v1/environment/context" |
63 | 67 | json = JSON.parse(last_response.body) |
64 | 68 | assert_equal context_env.id, json['id'] |
65 | - end | |
69 | + end | |
66 | 70 | |
67 | 71 | end | ... | ... |
test/api/helpers_test.rb
... | ... | @@ -6,28 +6,26 @@ class APIHelpersTest < ActiveSupport::TestCase |
6 | 6 | include Noosfero::API::APIHelpers |
7 | 7 | |
8 | 8 | def setup |
9 | + create_and_activate_user | |
9 | 10 | @headers = {} |
10 | 11 | end |
11 | 12 | |
12 | 13 | attr_accessor :headers |
13 | 14 | |
14 | 15 | should 'get the current user with valid token' do |
15 | - user = create_user('someuser') | |
16 | - user.generate_private_token! | |
16 | + login_api | |
17 | 17 | self.params = {:private_token => user.private_token} |
18 | 18 | assert_equal user, current_user |
19 | 19 | end |
20 | 20 | |
21 | 21 | should 'get the current user with valid token in header' do |
22 | - user = create_user('someuser') | |
23 | - user.generate_private_token! | |
22 | + login_api | |
24 | 23 | headers['Private-Token'] = user.private_token |
25 | 24 | assert_equal user, current_user |
26 | 25 | end |
27 | 26 | |
28 | 27 | should 'get the current user even with expired token' do |
29 | - user = create_user('someuser') | |
30 | - user.generate_private_token! | |
28 | + login_api | |
31 | 29 | user.private_token_generated_at = DateTime.now.prev_year |
32 | 30 | user.save |
33 | 31 | self.params = {:private_token => user.private_token} |
... | ... | @@ -35,8 +33,7 @@ class APIHelpersTest < ActiveSupport::TestCase |
35 | 33 | end |
36 | 34 | |
37 | 35 | should 'get the person of current user' do |
38 | - user = create_user('someuser') | |
39 | - user.generate_private_token! | |
36 | + login_api | |
40 | 37 | self.params = {:private_token => user.private_token} |
41 | 38 | assert_equal user.person, current_person |
42 | 39 | end |
... | ... | @@ -106,24 +103,22 @@ class APIHelpersTest < ActiveSupport::TestCase |
106 | 103 | end |
107 | 104 | |
108 | 105 | should 'find_article return article by id in list passed for user with permission' do |
109 | - user = create_user('someuser') | |
106 | + login_api | |
110 | 107 | a = fast_create(Article, :profile_id => user.person.id) |
111 | 108 | fast_create(Article, :profile_id => user.person.id) |
112 | 109 | fast_create(Article, :profile_id => user.person.id) |
113 | 110 | |
114 | - user.generate_private_token! | |
115 | 111 | self.params = {private_token: user.private_token} |
116 | 112 | User.expects(:find_by).with(private_token: user.private_token).returns(user) |
117 | 113 | assert_equal a, find_article(user.person.articles, a.id) |
118 | 114 | end |
119 | 115 | |
120 | 116 | should 'find_article return forbidden when a user try to access an article without permission' do |
121 | - user = create_user('someuser') | |
117 | + login_api | |
122 | 118 | p = fast_create(Profile) |
123 | 119 | a = fast_create(Article, :published => false, :profile_id => p.id) |
124 | 120 | fast_create(Article, :profile_id => p.id) |
125 | 121 | |
126 | - user.generate_private_token! | |
127 | 122 | self.params = {private_token: user.private_token} |
128 | 123 | User.expects(:find_by).with(private_token: user.private_token).returns(user) |
129 | 124 | assert_equal 403, find_article(p.articles, a.id).last | ... | ... |
test/api/people_test.rb
... | ... | @@ -3,7 +3,8 @@ require_relative 'test_helper' |
3 | 3 | class PeopleTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | - Person.delete_all | |
6 | + Person.destroy_all | |
7 | + create_and_activate_user | |
7 | 8 | end |
8 | 9 | |
9 | 10 | should 'logged user list all people' do |
... | ... | @@ -16,12 +17,11 @@ class PeopleTest < ActiveSupport::TestCase |
16 | 17 | end |
17 | 18 | |
18 | 19 | should 'anonymous list all people' do |
19 | - anonymous_setup | |
20 | 20 | person1 = fast_create(Person, :public_profile => true) |
21 | 21 | person2 = fast_create(Person) |
22 | 22 | get "/api/v1/people?#{params.to_query}" |
23 | 23 | json = JSON.parse(last_response.body) |
24 | - assert_equivalent [person1.id, person2.id], json['people'].map {|c| c['id']} | |
24 | + assert_equivalent [person.id, person1.id, person2.id], json['people'].map {|c| c['id']} | |
25 | 25 | end |
26 | 26 | |
27 | 27 | should 'logged user list all members of a community' do |
... | ... | @@ -39,7 +39,6 @@ class PeopleTest < ActiveSupport::TestCase |
39 | 39 | end |
40 | 40 | |
41 | 41 | should 'anonymous list all members of a community' do |
42 | - anonymous_setup | |
43 | 42 | person1 = fast_create(Person) |
44 | 43 | person2 = fast_create(Person) |
45 | 44 | community = fast_create(Community) |
... | ... | @@ -61,7 +60,6 @@ class PeopleTest < ActiveSupport::TestCase |
61 | 60 | end |
62 | 61 | |
63 | 62 | should 'annoymous not list invisible people' do |
64 | - anonymous_setup | |
65 | 63 | invisible_person = fast_create(Person, :visible => false) |
66 | 64 | |
67 | 65 | get "/api/v1/people?#{params.to_query}" |
... | ... | @@ -77,7 +75,6 @@ class PeopleTest < ActiveSupport::TestCase |
77 | 75 | end |
78 | 76 | |
79 | 77 | should 'anonymous list private people' do |
80 | - anonymous_setup | |
81 | 78 | private_person = fast_create(Person, :public_profile => false) |
82 | 79 | |
83 | 80 | get "/api/v1/people?#{params.to_query}" |
... | ... | @@ -105,7 +102,6 @@ class PeopleTest < ActiveSupport::TestCase |
105 | 102 | end |
106 | 103 | |
107 | 104 | should 'anonymous get person' do |
108 | - anonymous_setup | |
109 | 105 | some_person = fast_create(Person) |
110 | 106 | |
111 | 107 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" |
... | ... | @@ -113,7 +109,6 @@ class PeopleTest < ActiveSupport::TestCase |
113 | 109 | assert_equal some_person.id, json['person']['id'] |
114 | 110 | end |
115 | 111 | |
116 | - | |
117 | 112 | should 'people endpoint filter by fields parameter for logged user' do |
118 | 113 | login_api |
119 | 114 | get "/api/v1/people?#{params.to_query}&fields=name" |
... | ... | @@ -156,7 +151,6 @@ class PeopleTest < ActiveSupport::TestCase |
156 | 151 | end |
157 | 152 | |
158 | 153 | should 'anonymous not get invisible person' do |
159 | - anonymous_setup | |
160 | 154 | person = fast_create(Person, :visible => false) |
161 | 155 | |
162 | 156 | get "/api/v1/people/#{person.id}?#{params.to_query}" |
... | ... | @@ -174,7 +168,6 @@ class PeopleTest < ActiveSupport::TestCase |
174 | 168 | end |
175 | 169 | |
176 | 170 | should 'anonymous get private people' do |
177 | - anonymous_setup | |
178 | 171 | private_person = fast_create(Person, :public_profile => false) |
179 | 172 | |
180 | 173 | get "/api/v1/people/#{private_person.id}?#{params.to_query}" |
... | ... | @@ -203,7 +196,6 @@ class PeopleTest < ActiveSupport::TestCase |
203 | 196 | end |
204 | 197 | |
205 | 198 | should 'anonymous list person friends' do |
206 | - anonymous_setup | |
207 | 199 | person = fast_create(Person) |
208 | 200 | friend = fast_create(Person) |
209 | 201 | person.add_friend(friend) |
... | ... | @@ -274,7 +266,7 @@ class PeopleTest < ActiveSupport::TestCase |
274 | 266 | |
275 | 267 | should 'not display permissions if not admin or self' do |
276 | 268 | login_api |
277 | - some_person = create_user('some-person').person | |
269 | + some_person = fast_create(Person) | |
278 | 270 | |
279 | 271 | get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" |
280 | 272 | assert_equal 403, last_response.status |
... | ... | @@ -300,8 +292,11 @@ class PeopleTest < ActiveSupport::TestCase |
300 | 292 | |
301 | 293 | should 'logged user display public custom fields' do |
302 | 294 | login_api |
303 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | |
304 | - some_person = create_user('some-person').person | |
295 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) | |
296 | + some_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
297 | + some_person.user.activate | |
298 | + some_person.reload | |
299 | + | |
305 | 300 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } |
306 | 301 | some_person.save! |
307 | 302 | |
... | ... | @@ -313,10 +308,11 @@ class PeopleTest < ActiveSupport::TestCase |
313 | 308 | |
314 | 309 | should 'logged user not display non-public custom fields' do |
315 | 310 | login_api |
316 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | |
317 | - some_person = create_user('some-person').person | |
311 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) | |
312 | + some_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
318 | 313 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } |
319 | 314 | some_person.save! |
315 | + some_person.user.activate | |
320 | 316 | |
321 | 317 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" |
322 | 318 | json = JSON.parse(last_response.body) |
... | ... | @@ -324,36 +320,31 @@ class PeopleTest < ActiveSupport::TestCase |
324 | 320 | end |
325 | 321 | |
326 | 322 | should 'display public custom fields to anonymous' do |
327 | - anonymous_setup | |
328 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | |
329 | - some_person = create_user('some-person').person | |
330 | - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } | |
331 | - some_person.save! | |
323 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) | |
324 | + person.reload | |
325 | + person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } | |
326 | + person.save! | |
332 | 327 | |
333 | - get "/api/v1/people/#{some_person.id}?#{params.to_query}" | |
328 | + get "/api/v1/people/#{person.id}?#{params.to_query}" | |
334 | 329 | json = JSON.parse(last_response.body) |
335 | 330 | assert json['person']['additional_data'].has_key?('Custom Blog') |
336 | 331 | assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] |
337 | 332 | end |
338 | 333 | |
339 | 334 | should 'not display non-public custom fields to anonymous' do |
340 | - anonymous_setup | |
341 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | |
342 | - some_person = create_user('some-person').person | |
343 | - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } | |
344 | - some_person.save! | |
335 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) | |
336 | + person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } | |
337 | + person.save! | |
345 | 338 | |
346 | - get "/api/v1/people/#{some_person.id}?#{params.to_query}" | |
339 | + get "/api/v1/people/#{person.id}?#{params.to_query}" | |
347 | 340 | json = JSON.parse(last_response.body) |
348 | 341 | assert_equal json['person']['additional_data'], {} |
349 | 342 | end |
350 | 343 | |
351 | 344 | should 'hide private fields to anonymous' do |
352 | - anonymous_setup | |
353 | - target_person = create_user('some-user').person | |
354 | - target_person.save! | |
345 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) | |
355 | 346 | |
356 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
347 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" | |
357 | 348 | json = JSON.parse(last_response.body) |
358 | 349 | refute json["user"].has_key?("permissions") |
359 | 350 | refute json["user"].has_key?("activated") |
... | ... | @@ -361,15 +352,16 @@ class PeopleTest < ActiveSupport::TestCase |
361 | 352 | |
362 | 353 | should 'display non-public custom fields to friend' do |
363 | 354 | login_api |
364 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | |
365 | - some_person = create_user('some-person').person | |
355 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) | |
356 | + some_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
357 | + some_person.user.activate | |
358 | + some_person.reload | |
359 | + | |
366 | 360 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } |
367 | 361 | some_person.save! |
368 | 362 | |
369 | - f = Friendship.new | |
370 | - f.friend = some_person | |
371 | - f.person = person | |
372 | - f.save! | |
363 | + some_person.add_friend(person) | |
364 | + person.add_friend(some_person) | |
373 | 365 | |
374 | 366 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" |
375 | 367 | json = JSON.parse(last_response.body) | ... | ... |
test/api/profiles_test.rb
... | ... | @@ -4,6 +4,7 @@ class ProfilesTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | 6 | Profile.delete_all |
7 | + create_and_activate_user | |
7 | 8 | end |
8 | 9 | |
9 | 10 | should 'logged user list all profiles' do |
... | ... | @@ -24,6 +25,13 @@ class ProfilesTest < ActiveSupport::TestCase |
24 | 25 | assert_equal some_person.id, json['id'] |
25 | 26 | end |
26 | 27 | |
28 | + should 'not get inexistent profile' do | |
29 | + login_api | |
30 | + get "/api/v1/profiles/invalid_id?#{params.to_query}" | |
31 | + json = JSON.parse(last_response.body) | |
32 | + assert_equal 404, last_response.status | |
33 | + end | |
34 | + | |
27 | 35 | should 'logged user get community from profile id' do |
28 | 36 | login_api |
29 | 37 | community = fast_create(Community) |
... | ... | @@ -85,7 +93,6 @@ class ProfilesTest < ActiveSupport::TestCase |
85 | 93 | end |
86 | 94 | |
87 | 95 | should 'anonymous user access delete action' do |
88 | - anonymous_setup | |
89 | 96 | profile = fast_create(Person, :environment_id => environment.id) |
90 | 97 | |
91 | 98 | delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" |
... | ... | @@ -99,7 +106,7 @@ class ProfilesTest < ActiveSupport::TestCase |
99 | 106 | community = fast_create(Community) |
100 | 107 | get "/api/v1/profiles" |
101 | 108 | json = JSON.parse(last_response.body) |
102 | - assert_equivalent [person1.id, person2.id, community.id], json.map {|p| p['id']} | |
109 | + assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']} | |
103 | 110 | end |
104 | 111 | |
105 | 112 | should 'anonymous get person from profile id' do |
... | ... | @@ -117,7 +124,6 @@ class ProfilesTest < ActiveSupport::TestCase |
117 | 124 | end |
118 | 125 | |
119 | 126 | should 'display public custom fields to anonymous' do |
120 | - anonymous_setup | |
121 | 127 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) |
122 | 128 | some_profile = fast_create(Profile) |
123 | 129 | some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } |
... | ... | @@ -130,7 +136,6 @@ class ProfilesTest < ActiveSupport::TestCase |
130 | 136 | end |
131 | 137 | |
132 | 138 | should 'not display private custom fields to anonymous' do |
133 | - anonymous_setup | |
134 | 139 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) |
135 | 140 | some_profile = fast_create(Profile) |
136 | 141 | some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | ... | ... |
test/api/search_test.rb
... | ... | @@ -3,9 +3,8 @@ require_relative 'test_helper' |
3 | 3 | class SearchTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | - @person = create_user('testing').person | |
6 | + create_and_activate_user | |
7 | 7 | end |
8 | - attr_reader :person | |
9 | 8 | |
10 | 9 | should 'not list unpublished articles' do |
11 | 10 | Article.delete_all | ... | ... |
test/api/session_test.rb
... | ... | @@ -3,6 +3,7 @@ require_relative 'test_helper' |
3 | 3 | class SessionTest < ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | def setup |
6 | + create_and_activate_user | |
6 | 7 | login_api |
7 | 8 | end |
8 | 9 | |
... | ... | @@ -147,10 +148,9 @@ class SessionTest < ActiveSupport::TestCase |
147 | 148 | end |
148 | 149 | |
149 | 150 | should 'create task to change password by user login' do |
150 | - user = create_user | |
151 | 151 | params = {:value => user.login} |
152 | 152 | assert_difference 'ChangePassword.count' do |
153 | - post "/api/v1/forgot_password?#{params.to_query}" | |
153 | + post "/api/v1/forgot_password?#{params.to_query}" | |
154 | 154 | end |
155 | 155 | end |
156 | 156 | |
... | ... | @@ -173,8 +173,6 @@ class SessionTest < ActiveSupport::TestCase |
173 | 173 | end |
174 | 174 | |
175 | 175 | should 'do not change user password when password confirmation is wrong' do |
176 | - user = create_user | |
177 | - user.activate | |
178 | 176 | task = ChangePassword.create!(:requestor => user.person) |
179 | 177 | params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} |
180 | 178 | patch "/api/v1/new_password?#{params.to_query}" |
... | ... | @@ -200,8 +198,8 @@ class SessionTest < ActiveSupport::TestCase |
200 | 198 | end |
201 | 199 | |
202 | 200 | should 'resend activation code for an inactive user' do |
203 | - user = create_user | |
204 | - params = {:value => user.login} | |
201 | + another_user = User.create!(:login => "userlogin", :password => 'testapi', :password_confirmation => 'testapi', :email => 'test2@test.org', :environment => @environment) | |
202 | + params = {:value => another_user.login} | |
205 | 203 | Delayed::Job.destroy_all |
206 | 204 | assert_difference 'ActionMailer::Base.deliveries.size' do |
207 | 205 | post "/api/v1/resend_activation_code?#{params.to_query}" |
... | ... | @@ -209,13 +207,11 @@ class SessionTest < ActiveSupport::TestCase |
209 | 207 | end |
210 | 208 | json = JSON.parse(last_response.body) |
211 | 209 | refute json['users'].first['private_token'] |
212 | - assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s | |
210 | + assert_equal another_user.email, ActionMailer::Base.deliveries.last['to'].to_s | |
213 | 211 | end |
214 | 212 | |
215 | 213 | should 'not resend activation code for an active user' do |
216 | - user = create_user | |
217 | 214 | params = {:value => user.login} |
218 | - user.activate | |
219 | 215 | Delayed::Job.destroy_all |
220 | 216 | assert_no_difference 'ActionMailer::Base.deliveries.size' do |
221 | 217 | post "/api/v1/resend_activation_code?#{params.to_query}" | ... | ... |
test/api/task_test.rb
test/api/test_helper.rb
... | ... | @@ -4,17 +4,23 @@ class ActiveSupport::TestCase |
4 | 4 | |
5 | 5 | include Rack::Test::Methods |
6 | 6 | |
7 | + USER_PASSWORD = "testapi" | |
8 | + USER_LOGIN = "testapi" | |
9 | + | |
7 | 10 | def app |
8 | 11 | Noosfero::API::API |
9 | 12 | end |
10 | 13 | |
11 | - def login_api | |
14 | + def create_and_activate_user | |
12 | 15 | @environment = Environment.default |
13 | - @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment) | |
16 | + @user = User.create!(:login => USER_LOGIN, :password => USER_PASSWORD, :password_confirmation => USER_PASSWORD, :email => 'test@test.org', :environment => @environment) | |
14 | 17 | @user.activate |
15 | 18 | @person = @user.person |
19 | + @params = {} | |
20 | + end | |
16 | 21 | |
17 | - post "/api/v1/login?login=testapi&password=testapi" | |
22 | + def login_api | |
23 | + post "/api/v1/login?login=#{USER_LOGIN}&password=#{USER_PASSWORD}" | |
18 | 24 | json = JSON.parse(last_response.body) |
19 | 25 | @private_token = json["private_token"] |
20 | 26 | unless @private_token |
... | ... | @@ -22,12 +28,7 @@ class ActiveSupport::TestCase |
22 | 28 | @private_token = @user.private_token |
23 | 29 | end |
24 | 30 | |
25 | - @params = {:private_token => @private_token} | |
26 | - end | |
27 | - | |
28 | - def anonymous_setup | |
29 | - @environment = Environment.default | |
30 | - @params = {} | |
31 | + @params[:private_token] = @private_token | |
31 | 32 | end |
32 | 33 | |
33 | 34 | attr_accessor :private_token, :user, :person, :params, :environment | ... | ... |
test/api/users_test.rb
... | ... | @@ -3,6 +3,10 @@ require_relative 'test_helper' |
3 | 3 | |
4 | 4 | class UsersTest < ActiveSupport::TestCase |
5 | 5 | |
6 | + def setup | |
7 | + create_and_activate_user | |
8 | + end | |
9 | + | |
6 | 10 | should 'logger user list users' do |
7 | 11 | login_api |
8 | 12 | get "/api/v1/users/?#{params.to_query}" |
... | ... | @@ -35,8 +39,8 @@ class UsersTest < ActiveSupport::TestCase |
35 | 39 | |
36 | 40 | should 'not show permissions to logged user' do |
37 | 41 | login_api |
38 | - target_person = create_user('some-user').person | |
39 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
42 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) | |
43 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" | |
40 | 44 | json = JSON.parse(last_response.body) |
41 | 45 | refute json["user"].has_key?("permissions") |
42 | 46 | end |
... | ... | @@ -50,12 +54,10 @@ class UsersTest < ActiveSupport::TestCase |
50 | 54 | |
51 | 55 | should 'not show permissions to friend' do |
52 | 56 | login_api |
53 | - target_person = create_user('some-user').person | |
57 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
54 | 58 | |
55 | - f = Friendship.new | |
56 | - f.friend = target_person | |
57 | - f.person = person | |
58 | - f.save! | |
59 | + target_person.add_friend(person) | |
60 | + person.add_friend(target_person) | |
59 | 61 | |
60 | 62 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
61 | 63 | json = JSON.parse(last_response.body) |
... | ... | @@ -64,19 +66,21 @@ class UsersTest < ActiveSupport::TestCase |
64 | 66 | |
65 | 67 | should 'not show private attribute to logged user' do |
66 | 68 | login_api |
67 | - target_person = create_user('some-user').person | |
68 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
69 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) | |
70 | + | |
71 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" | |
69 | 72 | json = JSON.parse(last_response.body) |
70 | - refute json["user"].has_key?("email") | |
73 | + assert_equal 200, last_response.status | |
74 | + assert_nil json['user']['email'] | |
75 | + assert_nil json['user']['person'] | |
71 | 76 | end |
72 | 77 | |
73 | 78 | should 'show private attr to friend' do |
74 | 79 | login_api |
75 | - target_person = create_user('some-user').person | |
76 | - f = Friendship.new | |
77 | - f.friend = target_person | |
78 | - f.person = person | |
79 | - f.save! | |
80 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
81 | + target_person.add_friend(person) | |
82 | + person.add_friend(target_person) | |
83 | + | |
80 | 84 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
81 | 85 | json = JSON.parse(last_response.body) |
82 | 86 | assert json["user"].has_key?("email") |
... | ... | @@ -85,9 +89,12 @@ class UsersTest < ActiveSupport::TestCase |
85 | 89 | |
86 | 90 | should 'show public attribute to logged user' do |
87 | 91 | login_api |
88 | - target_person = create_user('some-user').person | |
92 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
93 | + target_person.public_profile = true | |
94 | + target_person.visible = true | |
89 | 95 | target_person.fields_privacy={:email=> 'public'} |
90 | 96 | target_person.save! |
97 | + | |
91 | 98 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
92 | 99 | json = JSON.parse(last_response.body) |
93 | 100 | assert json["user"].has_key?("email") |
... | ... | @@ -98,7 +105,7 @@ class UsersTest < ActiveSupport::TestCase |
98 | 105 | login_api |
99 | 106 | Environment.default.add_admin(person) |
100 | 107 | |
101 | - target_person = create_user('some-user').person | |
108 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
102 | 109 | target_person.fields_privacy={:email=> 'public'} |
103 | 110 | target_person.save! |
104 | 111 | |
... | ... | @@ -110,9 +117,10 @@ class UsersTest < ActiveSupport::TestCase |
110 | 117 | end |
111 | 118 | |
112 | 119 | should 'show public fields to anonymous' do |
113 | - anonymous_setup | |
114 | - target_person = create_user('some-user').person | |
120 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | |
115 | 121 | target_person.fields_privacy={:email=> 'public'} |
122 | + target_person.public_profile = true | |
123 | + target_person.visible = true | |
116 | 124 | target_person.save! |
117 | 125 | |
118 | 126 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
... | ... | @@ -121,11 +129,9 @@ class UsersTest < ActiveSupport::TestCase |
121 | 129 | end |
122 | 130 | |
123 | 131 | should 'hide private fields to anonymous' do |
124 | - anonymous_setup | |
125 | - target_person = create_user('some-user').person | |
126 | - target_person.save! | |
132 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) | |
127 | 133 | |
128 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
134 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" | |
129 | 135 | json = JSON.parse(last_response.body) |
130 | 136 | refute json["user"].has_key?("permissions") |
131 | 137 | refute json["user"].has_key?("activated") | ... | ... |
test/unit/organization_test.rb
... | ... | @@ -458,7 +458,7 @@ class OrganizationTest < ActiveSupport::TestCase |
458 | 458 | refute c.is_admin?(moderator) |
459 | 459 | end |
460 | 460 | |
461 | - should 'fetch organizations there are visible for a user' do | |
461 | + should 'fetch organizations that are visible for users' do | |
462 | 462 | person = create_user('some-person').person |
463 | 463 | admin = create_user('some-admin').person |
464 | 464 | env_admin = create_user('env-admin').person |
... | ... | @@ -513,18 +513,58 @@ class OrganizationTest < ActiveSupport::TestCase |
513 | 513 | assert_includes env_admin_orgs, o7 |
514 | 514 | end |
515 | 515 | |
516 | - should 'fetch organizations there are visible for a visitor' do | |
517 | - visitor = nil | |
518 | - Organization.destroy_all | |
516 | + should 'fetch organizations that are listed for users' do | |
517 | + person = create_user('some-person').person | |
518 | + admin = create_user('some-admin').person | |
519 | + env_admin = create_user('env-admin').person | |
520 | + | |
519 | 521 | o1 = fast_create(Organization, :public_profile => true , :visible => true ) |
520 | - o2 = fast_create(Organization, :public_profile => false, :visible => true ) | |
521 | - o3 = fast_create(Organization, :public_profile => true , :visible => false) | |
522 | - o4 = fast_create(Organization, :public_profile => false, :visible => false) | |
523 | - person_orgs = Organization.visible_for_person(visitor) | |
524 | - assert_includes person_orgs, o1 | |
525 | - assert_not_includes person_orgs, o2 | |
526 | - assert_not_includes person_orgs, o3 | |
527 | - assert_not_includes person_orgs, o4 | |
528 | - end | |
522 | + o1.add_admin(admin) | |
523 | + o1.add_member(person) | |
524 | + | |
525 | + o2 = fast_create(Organization, :public_profile => true , :visible => true ) | |
526 | + o3 = fast_create(Organization, :public_profile => false, :visible => true ) | |
527 | + | |
528 | + o4 = fast_create(Organization, :public_profile => false, :visible => true) | |
529 | + o4.add_admin(admin) | |
530 | + o4.add_member(person) | |
531 | + | |
532 | + o5 = fast_create(Organization, :public_profile => true , :visible => false) | |
533 | + o5.add_admin(admin) | |
534 | + o5.add_member(person) | |
535 | + | |
536 | + o6 = fast_create(Enterprise, :enabled => false, :visible => true) | |
537 | + o6.add_admin(admin) | |
538 | + | |
539 | + o7 = fast_create(Organization, :public_profile => false, :visible => false) | |
540 | + | |
541 | + Environment.default.add_admin(env_admin) | |
542 | + | |
543 | + person_orgs = Organization.listed_for_person(person) | |
544 | + admin_orgs = Organization.listed_for_person(admin) | |
545 | + env_admin_orgs = Organization.listed_for_person(env_admin) | |
546 | + | |
547 | + assert_includes person_orgs, o1 | |
548 | + assert_includes admin_orgs, o1 | |
549 | + assert_includes env_admin_orgs, o1 | |
550 | + | |
551 | + assert_includes person_orgs, o2 | |
552 | + assert_includes env_admin_orgs, o2 | |
553 | + assert_includes person_orgs, o3 | |
554 | + assert_includes env_admin_orgs, o3 | |
555 | + | |
556 | + assert_includes person_orgs, o4 | |
557 | + assert_includes admin_orgs, o4 | |
558 | + assert_includes env_admin_orgs, o4 | |
559 | + | |
560 | + assert_not_includes person_orgs, o5 | |
561 | + assert_includes admin_orgs, o5 | |
562 | + assert_includes env_admin_orgs, o5 | |
529 | 563 | |
564 | + assert_not_includes person_orgs, o6 | |
565 | + assert_includes admin_orgs, o6 | |
566 | + | |
567 | + assert_not_includes person_orgs, o7 | |
568 | + assert_includes env_admin_orgs, o7 | |
569 | + end | |
530 | 570 | end | ... | ... |
test/unit/person_test.rb
... | ... | @@ -1951,17 +1951,4 @@ class PersonTest < ActiveSupport::TestCase |
1951 | 1951 | person.save! |
1952 | 1952 | end |
1953 | 1953 | |
1954 | - should 'fetch people there are visible for a visitor' do | |
1955 | - person = nil | |
1956 | - p1 = fast_create(Person, :public_profile => true , :visible => true) | |
1957 | - p2 = fast_create(Person, :public_profile => false, :visible => true) | |
1958 | - p3 = fast_create(Person, :public_profile => true , :visible => false) | |
1959 | - p4 = fast_create(Person, :public_profile => false, :visible => false) | |
1960 | - people_visible_by_visitor = Person.visible_for_person(person) | |
1961 | - assert_includes people_visible_by_visitor, p1 | |
1962 | - assert_not_includes people_visible_by_visitor, p2 | |
1963 | - assert_not_includes people_visible_by_visitor, p3 | |
1964 | - assert_not_includes people_visible_by_visitor, p4 | |
1965 | - end | |
1966 | - | |
1967 | 1954 | end | ... | ... |