Commit 7b7390427eecb435b9168b6b6b88841e67bd6a75
Exists in
staging
and in
31 other branches
Merge branch 'api_visitor' into 'master'
Reviews API permissions - Reviewed Profile scopes - Removed required authentication for anonymous - Corrected records fetching (considering permission levels) - Conditionally exposes attributes **Includes all changes introduced in !863** See merge request !867
Showing
29 changed files
with
414 additions
and
292 deletions
Show diff stats
app/models/organization.rb
@@ -16,9 +16,7 @@ class Organization < Profile | @@ -16,9 +16,7 @@ class Organization < Profile | ||
16 | # visible. | 16 | # visible. |
17 | # 4) The user is not a member of the organization but the organization is | 17 | # 4) The user is not a member of the organization but the organization is |
18 | # visible, public and enabled. | 18 | # visible, public and enabled. |
19 | - def self.visible_for_person(person) | ||
20 | - # Visitor if person.nil? | ||
21 | - person_id = person.nil? ? nil : person.id | 19 | + def self.listed_for_person(person) |
22 | joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" | 20 | joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" |
23 | AND "role_assignments"."resource_type" = \'Profile\') OR ( | 21 | AND "role_assignments"."resource_type" = \'Profile\') OR ( |
24 | "role_assignments"."resource_id" = "profiles"."environment_id" AND | 22 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
@@ -28,13 +26,24 @@ class Organization < Profile | @@ -28,13 +26,24 @@ class Organization < Profile | ||
28 | ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) | 26 | ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) |
29 | OR | 27 | OR |
30 | ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | 28 | ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR |
31 | - ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND | 29 | + ( profiles.enabled = ? ) ) AND |
32 | ( profiles.visible = ? ) )', | 30 | ( profiles.visible = ? ) )', |
33 | - 'profile_admin', 'environment_administrator', Profile.name, person_id, | ||
34 | - Profile.name, person_id, true, true, true] | 31 | + 'profile_admin', 'environment_administrator', Profile.name, person.id, |
32 | + Profile.name, person.id, true, true] | ||
35 | ).uniq | 33 | ).uniq |
36 | end | 34 | end |
37 | 35 | ||
36 | + def self.visible_for_person(person) | ||
37 | + listed_for_person(person).where( | ||
38 | + ['( (roles.key = ? OR roles.key = ?) AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) | ||
39 | + OR | ||
40 | + ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | ||
41 | + ( profiles.enabled = ? AND profiles.public_profile = ? ) )', | ||
42 | + 'profile_admin', 'environment_administrator', Profile.name, person.id, | ||
43 | + Profile.name, person.id, true, true] | ||
44 | + ) | ||
45 | + end | ||
46 | + | ||
38 | settings_items :closed, :type => :boolean, :default => false | 47 | settings_items :closed, :type => :boolean, :default => false |
39 | def closed? | 48 | def closed? |
40 | closed | 49 | closed |
app/models/person.rb
@@ -42,8 +42,6 @@ class Person < Profile | @@ -42,8 +42,6 @@ class Person < Profile | ||
42 | } | 42 | } |
43 | 43 | ||
44 | scope :visible_for_person, lambda { |person| | 44 | scope :visible_for_person, lambda { |person| |
45 | - # Visitor if person.nil? | ||
46 | - person_id = person.nil? ? nil : person.id | ||
47 | joins('LEFT JOIN "role_assignments" ON | 45 | joins('LEFT JOIN "role_assignments" ON |
48 | "role_assignments"."resource_id" = "profiles"."environment_id" AND | 46 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
49 | "role_assignments"."resource_type" = \'Environment\'') | 47 | "role_assignments"."resource_type" = \'Environment\'') |
@@ -52,7 +50,7 @@ class Person < Profile | @@ -52,7 +50,7 @@ class Person < Profile | ||
52 | .where( | 50 | .where( |
53 | ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( | 51 | ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( |
54 | ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', | 52 | ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', |
55 | - 'environment_administrator', Profile.name, person_id, person_id, true, true] | 53 | + 'environment_administrator', Profile.name, person.id, person.id, true, true] |
56 | ).uniq | 54 | ).uniq |
57 | } | 55 | } |
58 | 56 | ||
@@ -374,7 +372,7 @@ class Person < Profile | @@ -374,7 +372,7 @@ class Person < Profile | ||
374 | ['%s@%s' % [self.identifier, self.email_domain] ] | 372 | ['%s@%s' % [self.identifier, self.email_domain] ] |
375 | end | 373 | end |
376 | 374 | ||
377 | - def display_info_to?(user) | 375 | + def display_private_info_to?(user) |
378 | if friends.include?(user) | 376 | if friends.include?(user) |
379 | true | 377 | true |
380 | else | 378 | else |
lib/noosfero/api/entities.rb
@@ -9,13 +9,18 @@ module Noosfero | @@ -9,13 +9,18 @@ module Noosfero | ||
9 | PERMISSIONS = { | 9 | PERMISSIONS = { |
10 | :admin => 0, | 10 | :admin => 0, |
11 | :self => 10, | 11 | :self => 10, |
12 | - :friend => 20, | 12 | + :private_content => 20, |
13 | :logged_user => 30, | 13 | :logged_user => 30, |
14 | :anonymous => 40 | 14 | :anonymous => 40 |
15 | } | 15 | } |
16 | 16 | ||
17 | - def self.can_display? profile, options, field, permission = :friend | ||
18 | - return true if profile.public_fields.map{|f| f.to_sym}.include?(field.to_sym) | 17 | + def self.can_display_profile_field? profile, options, permission_options={} |
18 | + permissions={:field => "", :permission => :private_content} | ||
19 | + permissions.merge!(permission_options) | ||
20 | + field = permissions[:field] | ||
21 | + permission = permissions[:permission] | ||
22 | + return true if profile.public? && profile.public_fields.map{|f| f.to_sym}.include?(field.to_sym) | ||
23 | + | ||
19 | current_person = options[:current_person] | 24 | current_person = options[:current_person] |
20 | 25 | ||
21 | current_permission = if current_person.present? | 26 | current_permission = if current_person.present? |
@@ -23,8 +28,8 @@ module Noosfero | @@ -23,8 +28,8 @@ module Noosfero | ||
23 | :admin | 28 | :admin |
24 | elsif current_person == profile | 29 | elsif current_person == profile |
25 | :self | 30 | :self |
26 | - elsif current_person.friends.include?(profile) | ||
27 | - :friend | 31 | + elsif profile.display_private_info_to?(current_person) |
32 | + :private_content | ||
28 | else | 33 | else |
29 | :logged_user | 34 | :logged_user |
30 | end | 35 | end |
@@ -103,7 +108,7 @@ module Noosfero | @@ -103,7 +108,7 @@ module Noosfero | ||
103 | 108 | ||
104 | private_values = profile.custom_field_values - profile.public_values | 109 | private_values = profile.custom_field_values - profile.public_values |
105 | private_values.each do |value| | 110 | private_values.each do |value| |
106 | - if Entities.can_display?(profile,options,:custom_field) | 111 | + if Entities.can_display_profile_field?(profile,options) |
107 | hash[value.custom_field.name]=value.value | 112 | hash[value.custom_field.name]=value.value |
108 | end | 113 | end |
109 | end | 114 | end |
@@ -143,11 +148,11 @@ module Noosfero | @@ -143,11 +148,11 @@ module Noosfero | ||
143 | class Community < Profile | 148 | class Community < Profile |
144 | root 'communities', 'community' | 149 | root 'communities', 'community' |
145 | expose :description | 150 | expose :description |
146 | - expose :admins do |community, options| | 151 | + expose :admins, :if => lambda { |community, options| community.display_info_to? options[:current_person]} do |community, options| |
147 | community.admins.map{|admin| {"name"=>admin.name, "id"=>admin.id, "username" => admin.identifier}} | 152 | community.admins.map{|admin| {"name"=>admin.name, "id"=>admin.id, "username" => admin.identifier}} |
148 | end | 153 | end |
149 | expose :categories, :using => Category | 154 | expose :categories, :using => Category |
150 | - expose :members, :using => Person | 155 | + expose :members, :using => Person , :if => lambda{ |community, options| community.display_info_to? options[:current_person] } |
151 | end | 156 | end |
152 | 157 | ||
153 | class CommentBase < Entity | 158 | class CommentBase < Entity |
@@ -209,11 +214,11 @@ module Noosfero | @@ -209,11 +214,11 @@ module Noosfero | ||
209 | 214 | ||
210 | attrs.each do |attribute| | 215 | attrs.each do |attribute| |
211 | name = aliases.has_key?(attribute) ? aliases[attribute] : attribute | 216 | name = aliases.has_key?(attribute) ? aliases[attribute] : attribute |
212 | - expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display?(user.person, options, attribute)} | 217 | + expose attribute, :as => name, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field => attribute})} |
213 | end | 218 | end |
214 | 219 | ||
215 | - expose :person, :using => Person | ||
216 | - expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options| | 220 | + expose :person, :using => Person, :if => lambda{|user,options| user.person.display_info_to? options[:current_person]} |
221 | + expose :permissions, :if => lambda{|user,options| Entities.can_display_profile_field?(user.person, options, {:field => :permissions, :permission => :self})} do |user, options| | ||
217 | output = {} | 222 | output = {} |
218 | user.person.role_assignments.map do |role_assigment| | 223 | user.person.role_assignments.map do |role_assigment| |
219 | if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil? | 224 | if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil? |
lib/noosfero/api/helpers.rb
@@ -266,6 +266,13 @@ require_relative '../../find_by_contents' | @@ -266,6 +266,13 @@ require_relative '../../find_by_contents' | ||
266 | unauthorized! unless current_user | 266 | unauthorized! unless current_user |
267 | end | 267 | end |
268 | 268 | ||
269 | + def profiles_for_person(profiles, person) | ||
270 | + if person | ||
271 | + profiles.listed_for_person(person) | ||
272 | + else | ||
273 | + profiles.visible | ||
274 | + end | ||
275 | + end | ||
269 | 276 | ||
270 | # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash | 277 | # Checks the occurrences of uniqueness of attributes, each attribute must be present in the params hash |
271 | # or a Bad Request error is invoked. | 278 | # or a Bad Request error is invoked. |
lib/noosfero/api/v1/activities.rb
@@ -7,9 +7,11 @@ module Noosfero | @@ -7,9 +7,11 @@ module Noosfero | ||
7 | resource :profiles do | 7 | resource :profiles do |
8 | 8 | ||
9 | get ':id/activities' do | 9 | get ':id/activities' do |
10 | - profile = environment.profiles | ||
11 | - profile = profile.visible_for_person(current_person) if profile.respond_to?(:visible_for_person) | ||
12 | - profile = profile.find_by id: params[:id] | 10 | + profile = Profile.find_by id: params[:id] |
11 | + | ||
12 | + not_found! if profile.blank? || profile.secret || !profile.visible | ||
13 | + forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person) | ||
14 | + | ||
13 | activities = profile.activities.map(&:activity) | 15 | activities = profile.activities.map(&:activity) |
14 | present activities, :with => Entities::Activity, :current_person => current_person | 16 | present activities, :with => Entities::Activity, :current_person => current_person |
15 | end | 17 | end |
lib/noosfero/api/v1/communities.rb
@@ -17,8 +17,8 @@ module Noosfero | @@ -17,8 +17,8 @@ module Noosfero | ||
17 | # GET /communities?reference_id=10&limit=10&oldest | 17 | # GET /communities?reference_id=10&limit=10&oldest |
18 | get do | 18 | get do |
19 | communities = select_filtered_collection_of(environment, 'communities', params) | 19 | communities = select_filtered_collection_of(environment, 'communities', params) |
20 | - communities = communities.visible | ||
21 | - communities = communities.by_location(params) # Must be the last. May return Exception obj. | 20 | + communities = profiles_for_person(communities, current_person) |
21 | + communities = communities.by_location(params) # Must be the last. May return Exception obj | ||
22 | present communities, :with => Entities::Community, :current_person => current_person | 22 | present communities, :with => Entities::Community, :current_person => current_person |
23 | end | 23 | end |
24 | 24 | ||
@@ -49,7 +49,7 @@ module Noosfero | @@ -49,7 +49,7 @@ module Noosfero | ||
49 | end | 49 | end |
50 | 50 | ||
51 | get ':id' do | 51 | get ':id' do |
52 | - community = environment.communities.visible.find_by(id: params[:id]) | 52 | + community = profiles_for_person(environment.communities, current_person).find_by_id(params[:id]) |
53 | present community, :with => Entities::Community, :current_person => current_person | 53 | present community, :with => Entities::Community, :current_person => current_person |
54 | end | 54 | end |
55 | 55 | ||
@@ -63,6 +63,10 @@ module Noosfero | @@ -63,6 +63,10 @@ module Noosfero | ||
63 | 63 | ||
64 | get do | 64 | get do |
65 | person = environment.people.find(params[:person_id]) | 65 | person = environment.people.find(params[:person_id]) |
66 | + | ||
67 | + not_found! if person.blank? | ||
68 | + forbidden! if !person.display_info_to?(current_person) | ||
69 | + | ||
66 | communities = select_filtered_collection_of(person, 'communities', params) | 70 | communities = select_filtered_collection_of(person, 'communities', params) |
67 | communities = communities.visible | 71 | communities = communities.visible |
68 | present communities, :with => Entities::Community, :current_person => current_person | 72 | present communities, :with => Entities::Community, :current_person => current_person |
lib/noosfero/api/v1/profiles.rb
@@ -16,7 +16,12 @@ module Noosfero | @@ -16,7 +16,12 @@ module Noosfero | ||
16 | profiles = environment.profiles | 16 | profiles = environment.profiles |
17 | profiles = profiles.visible | 17 | profiles = profiles.visible |
18 | profile = profiles.find_by id: params[:id] | 18 | profile = profiles.find_by id: params[:id] |
19 | - present profile, :with => Entities::Profile, :current_person => current_person | 19 | + |
20 | + if profile | ||
21 | + present profile, :with => Entities::Profile, :current_person => current_person | ||
22 | + else | ||
23 | + not_found! | ||
24 | + end | ||
20 | end | 25 | end |
21 | 26 | ||
22 | delete ':id' do | 27 | delete ':id' do |
lib/noosfero/api/v1/tags.rb
@@ -3,16 +3,16 @@ module Noosfero | @@ -3,16 +3,16 @@ module Noosfero | ||
3 | module V1 | 3 | module V1 |
4 | class Tags < Grape::API | 4 | class Tags < Grape::API |
5 | before { authenticate! } | 5 | before { authenticate! } |
6 | - | 6 | + |
7 | resource :articles do | 7 | resource :articles do |
8 | 8 | ||
9 | resource ':id/tags' do | 9 | resource ':id/tags' do |
10 | - | 10 | + |
11 | get do | 11 | get do |
12 | article = find_article(environment.articles, params[:id]) | 12 | article = find_article(environment.articles, params[:id]) |
13 | present article.tag_list | 13 | present article.tag_list |
14 | end | 14 | end |
15 | - | 15 | + |
16 | desc "Add a tag to an article" | 16 | desc "Add a tag to an article" |
17 | post do | 17 | post do |
18 | article = find_article(environment.articles, params[:id]) | 18 | article = find_article(environment.articles, params[:id]) |
@@ -20,10 +20,8 @@ module Noosfero | @@ -20,10 +20,8 @@ module Noosfero | ||
20 | article.save | 20 | article.save |
21 | present article.tag_list | 21 | present article.tag_list |
22 | end | 22 | end |
23 | - | ||
24 | end | 23 | end |
25 | end | 24 | end |
26 | - | ||
27 | end | 25 | end |
28 | end | 26 | end |
29 | end | 27 | end |
lib/noosfero/api/v1/users.rb
@@ -18,10 +18,11 @@ module Noosfero | @@ -18,10 +18,11 @@ module Noosfero | ||
18 | 18 | ||
19 | get ":id" do | 19 | get ":id" do |
20 | user = environment.users.find_by id: params[:id] | 20 | user = environment.users.find_by id: params[:id] |
21 | - unless user.person.display_info_to? current_person | ||
22 | - unauthorized! | 21 | + if user |
22 | + present user, :with => Entities::User, :current_person => current_person | ||
23 | + else | ||
24 | + not_found! | ||
23 | end | 25 | end |
24 | - present user, :with => Entities::User, :current_person => current_person | ||
25 | end | 26 | end |
26 | 27 | ||
27 | get ":id/permissions" do | 28 | get ":id/permissions" do |
plugins/comment_paragraph/test/unit/api_test.rb
@@ -4,6 +4,7 @@ require_relative '../../../../test/api/test_helper' | @@ -4,6 +4,7 @@ require_relative '../../../../test/api/test_helper' | ||
4 | class APITest < ActiveSupport::TestCase | 4 | class APITest < ActiveSupport::TestCase |
5 | 5 | ||
6 | def setup | 6 | def setup |
7 | + create_and_activate_user | ||
7 | login_api | 8 | login_api |
8 | environment.enable_plugin(CommentParagraphPlugin) | 9 | environment.enable_plugin(CommentParagraphPlugin) |
9 | end | 10 | end |
plugins/push_notification/test/api/api_test.rb
@@ -3,6 +3,7 @@ require_relative '../../../../test/api/test_helper' | @@ -3,6 +3,7 @@ require_relative '../../../../test/api/test_helper' | ||
3 | class PushNotificationApiTest < ActiveSupport::TestCase | 3 | class PushNotificationApiTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | + create_and_activate_user | ||
6 | login_api | 7 | login_api |
7 | environment = Environment.default | 8 | environment = Environment.default |
8 | environment.enable_plugin(PushNotificationPlugin) | 9 | environment.enable_plugin(PushNotificationPlugin) |
test/api/activities_test.rb
@@ -3,20 +3,74 @@ require_relative 'test_helper' | @@ -3,20 +3,74 @@ require_relative 'test_helper' | ||
3 | class ActivitiesTest < ActiveSupport::TestCase | 3 | class ActivitiesTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | + create_and_activate_user | ||
6 | login_api | 7 | login_api |
7 | end | 8 | end |
8 | 9 | ||
9 | - should 'get activity from profile' do | ||
10 | - person = fast_create(Person) | ||
11 | - organization = fast_create(Organization) | ||
12 | - assert_difference 'organization.activities_count' do | ||
13 | - ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => organization | ||
14 | - organization.reload | ||
15 | - end | ||
16 | - get "/api/v1/profiles/#{organization.id}/activities?#{params.to_query}" | 10 | + should 'get own activities' do |
11 | + create_activity(person) | ||
12 | + | ||
13 | + get "/api/v1/profiles/#{person.id}/activities?#{params.to_query}" | ||
17 | json = JSON.parse(last_response.body) | 14 | json = JSON.parse(last_response.body) |
15 | + | ||
18 | assert 1, json["activities"].count | 16 | assert 1, json["activities"].count |
19 | - assert_equal organization.activities.map(&:activity).first.id, json["activities"].first["id"] | 17 | + assert_equivalent person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} |
18 | + end | ||
19 | + | ||
20 | + should 'not get private community activities' do | ||
21 | + community = fast_create(Community, :public_profile => false) | ||
22 | + create_activity(community) | ||
23 | + | ||
24 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | ||
25 | + json = JSON.parse(last_response.body) | ||
26 | + assert_nil json["activities"] | ||
27 | + assert_equal 403, last_response.status | ||
28 | + end | ||
29 | + | ||
30 | + should 'not get community activities if not member' do | ||
31 | + community = fast_create(Community) | ||
32 | + other_person = fast_create(Person) | ||
33 | + community.add_member(other_person) # so there is an activity in community | ||
34 | + | ||
35 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | ||
36 | + json = JSON.parse(last_response.body) | ||
37 | + assert_nil json["activities"] | ||
38 | + assert_equal 403, last_response.status | ||
39 | + end | ||
40 | + | ||
41 | + should 'get community activities for member' do | ||
42 | + community = fast_create(Community) | ||
43 | + create_activity(community) | ||
44 | + community.add_member(person) | ||
45 | + | ||
46 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | ||
47 | + json = JSON.parse(last_response.body) | ||
48 | + assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | ||
49 | + end | ||
50 | + | ||
51 | + should 'not get other person activities' do | ||
52 | + other_person = fast_create(Person) | ||
53 | + create_activity(other_person) | ||
54 | + | ||
55 | + get "/api/v1/profiles/#{other_person.id}/activities?#{params.to_query}" | ||
56 | + json = JSON.parse(last_response.body) | ||
57 | + assert_nil json["activities"] | ||
58 | + assert_equal 403, last_response.status | ||
59 | + end | ||
60 | + | ||
61 | + should 'get friend activities' do | ||
62 | + other_person = fast_create(Person) | ||
63 | + other_person.add_friend(person) | ||
64 | + create_activity(other_person) | ||
65 | + | ||
66 | + get "/api/v1/profiles/#{other_person.id}/activities?#{params.to_query}" | ||
67 | + json = JSON.parse(last_response.body) | ||
68 | + assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | ||
69 | + end | ||
70 | + | ||
71 | + def create_activity(target) | ||
72 | + activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target | ||
73 | + ProfileActivity.create! profile_id: target.id, activity: activity | ||
20 | end | 74 | end |
21 | 75 | ||
22 | end | 76 | end |
test/api/articles_test.rb
@@ -3,6 +3,7 @@ require_relative 'test_helper' | @@ -3,6 +3,7 @@ require_relative 'test_helper' | ||
3 | class ArticlesTest < ActiveSupport::TestCase | 3 | class ArticlesTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | + create_and_activate_user | ||
6 | login_api | 7 | login_api |
7 | end | 8 | end |
8 | 9 | ||
@@ -199,7 +200,6 @@ class ArticlesTest < ActiveSupport::TestCase | @@ -199,7 +200,6 @@ class ArticlesTest < ActiveSupport::TestCase | ||
199 | article = fast_create(Article, :profile_id => @person.id, :name => "Some thing", :archived => true) | 200 | article = fast_create(Article, :profile_id => @person.id, :name => "Some thing", :archived => true) |
200 | @params[:value] = 1 | 201 | @params[:value] = 1 |
201 | post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" | 202 | post "/api/v1/articles/#{article.id}/vote?#{params.to_query}" |
202 | - puts JSON.parse(last_response.body) | ||
203 | assert_equal 400, last_response.status | 203 | assert_equal 400, last_response.status |
204 | end | 204 | end |
205 | 205 |
test/api/boxes_test.rb
@@ -3,8 +3,7 @@ require_relative 'test_helper' | @@ -3,8 +3,7 @@ require_relative 'test_helper' | ||
3 | class BoxesTest < ActiveSupport::TestCase | 3 | class BoxesTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | - @controller = AccountController.new | ||
7 | - @request = ActionController::TestRequest.new | 6 | + create_and_activate_user |
8 | login_api | 7 | login_api |
9 | # @request = ActionController::TestRequest.new | 8 | # @request = ActionController::TestRequest.new |
10 | end | 9 | end |
test/api/categories_test.rb
@@ -2,6 +2,9 @@ require_relative 'test_helper' | @@ -2,6 +2,9 @@ require_relative 'test_helper' | ||
2 | 2 | ||
3 | class CategoriesTest < ActiveSupport::TestCase | 3 | class CategoriesTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | + def setup | ||
6 | + create_and_activate_user | ||
7 | + end | ||
5 | 8 | ||
6 | should 'logged user list categories' do | 9 | should 'logged user list categories' do |
7 | login_api | 10 | login_api |
@@ -11,7 +14,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -11,7 +14,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
11 | assert_includes json["categories"].map { |c| c["name"] }, category.name | 14 | assert_includes json["categories"].map { |c| c["name"] }, category.name |
12 | end | 15 | end |
13 | 16 | ||
14 | - should 'logged user get category by id' do | 17 | + should 'get category by id to logged user' do |
15 | login_api | 18 | login_api |
16 | category = fast_create(Category, :environment_id => environment.id) | 19 | category = fast_create(Category, :environment_id => environment.id) |
17 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" | 20 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
@@ -19,7 +22,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -19,7 +22,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
19 | assert_equal category.name, json["category"]["name"] | 22 | assert_equal category.name, json["category"]["name"] |
20 | end | 23 | end |
21 | 24 | ||
22 | - should 'logged user list parent and children when get category by id' do | 25 | + should 'list parent and children when get category by id to logged user' do |
23 | login_api | 26 | login_api |
24 | parent = fast_create(Category, :environment_id => environment.id) | 27 | parent = fast_create(Category, :environment_id => environment.id) |
25 | child_1 = fast_create(Category, :environment_id => environment.id) | 28 | child_1 = fast_create(Category, :environment_id => environment.id) |
@@ -37,7 +40,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -37,7 +40,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
37 | assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } | 40 | assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } |
38 | end | 41 | end |
39 | 42 | ||
40 | - should 'logged user include parent in categories list if params is true' do | 43 | + should 'include parent in categories list if params is true to logged_user' do |
41 | login_api | 44 | login_api |
42 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category | 45 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category |
43 | child_1 = fast_create(Category, :environment_id => environment.id) | 46 | child_1 = fast_create(Category, :environment_id => environment.id) |
@@ -60,7 +63,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -60,7 +63,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
60 | json["categories"].map { |c| c['parent'] && c['parent']['id'] } | 63 | json["categories"].map { |c| c['parent'] && c['parent']['id'] } |
61 | end | 64 | end |
62 | 65 | ||
63 | - should 'logged user include children in categories list if params is true' do | 66 | + should 'include children in categories list if params is true to logged user' do |
64 | login_api | 67 | login_api |
65 | category = fast_create(Category, :environment_id => environment.id) | 68 | category = fast_create(Category, :environment_id => environment.id) |
66 | child_1 = fast_create(Category, :environment_id => environment.id) | 69 | child_1 = fast_create(Category, :environment_id => environment.id) |
@@ -88,7 +91,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -88,7 +91,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
88 | expose_attributes = %w(id name full_name image display_color) | 91 | expose_attributes = %w(id name full_name image display_color) |
89 | 92 | ||
90 | expose_attributes.each do |attr| | 93 | expose_attributes.each do |attr| |
91 | - should "logged user expose category #{attr} attribute by default" do | 94 | + should "expose category #{attr} attribute by default to logged user" do |
92 | login_api | 95 | login_api |
93 | category = fast_create(Category, :environment_id => environment.id) | 96 | category = fast_create(Category, :environment_id => environment.id) |
94 | get "/api/v1/categories/?#{params.to_query}" | 97 | get "/api/v1/categories/?#{params.to_query}" |
@@ -97,24 +100,21 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -97,24 +100,21 @@ class CategoriesTest < ActiveSupport::TestCase | ||
97 | end | 100 | end |
98 | end | 101 | end |
99 | 102 | ||
100 | - should 'anonymous list categories' do | ||
101 | - anonymous_setup | 103 | + should 'list categories to anonymous' do |
102 | category = fast_create(Category, :environment_id => environment.id) | 104 | category = fast_create(Category, :environment_id => environment.id) |
103 | get "/api/v1/categories/?#{params.to_query}" | 105 | get "/api/v1/categories/?#{params.to_query}" |
104 | json = JSON.parse(last_response.body) | 106 | json = JSON.parse(last_response.body) |
105 | assert_includes json["categories"].map { |c| c["name"] }, category.name | 107 | assert_includes json["categories"].map { |c| c["name"] }, category.name |
106 | end | 108 | end |
107 | 109 | ||
108 | - should 'anonymous get category by id' do | ||
109 | - anonymous_setup | 110 | + should 'get category by id to anonymous' do |
110 | category = fast_create(Category, :environment_id => environment.id) | 111 | category = fast_create(Category, :environment_id => environment.id) |
111 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" | 112 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
112 | json = JSON.parse(last_response.body) | 113 | json = JSON.parse(last_response.body) |
113 | assert_equal category.name, json["category"]["name"] | 114 | assert_equal category.name, json["category"]["name"] |
114 | end | 115 | end |
115 | 116 | ||
116 | - should 'anonymous list parent and children when get category by id' do | ||
117 | - anonymous_setup | 117 | + should 'list parent and children when get category by id to anonymous' do |
118 | parent = fast_create(Category, :environment_id => environment.id) | 118 | parent = fast_create(Category, :environment_id => environment.id) |
119 | child_1 = fast_create(Category, :environment_id => environment.id) | 119 | child_1 = fast_create(Category, :environment_id => environment.id) |
120 | child_2 = fast_create(Category, :environment_id => environment.id) | 120 | child_2 = fast_create(Category, :environment_id => environment.id) |
@@ -132,7 +132,6 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -132,7 +132,6 @@ class CategoriesTest < ActiveSupport::TestCase | ||
132 | end | 132 | end |
133 | 133 | ||
134 | should 'anonymous include parent in categories list if params is true' do | 134 | should 'anonymous include parent in categories list if params is true' do |
135 | - anonymous_setup | ||
136 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category | 135 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category |
137 | child_1 = fast_create(Category, :environment_id => environment.id) | 136 | child_1 = fast_create(Category, :environment_id => environment.id) |
138 | child_2 = fast_create(Category, :environment_id => environment.id) | 137 | child_2 = fast_create(Category, :environment_id => environment.id) |
@@ -155,7 +154,6 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -155,7 +154,6 @@ class CategoriesTest < ActiveSupport::TestCase | ||
155 | end | 154 | end |
156 | 155 | ||
157 | should 'anonymous include children in categories list if params is true' do | 156 | should 'anonymous include children in categories list if params is true' do |
158 | - anonymous_setup | ||
159 | category = fast_create(Category, :environment_id => environment.id) | 157 | category = fast_create(Category, :environment_id => environment.id) |
160 | child_1 = fast_create(Category, :environment_id => environment.id) | 158 | child_1 = fast_create(Category, :environment_id => environment.id) |
161 | child_2 = fast_create(Category, :environment_id => environment.id) | 159 | child_2 = fast_create(Category, :environment_id => environment.id) |
@@ -180,8 +178,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -180,8 +178,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
180 | end | 178 | end |
181 | 179 | ||
182 | expose_attributes.each do |attr| | 180 | expose_attributes.each do |attr| |
183 | - should "anonymous expose category #{attr} attribute by default" do | ||
184 | - anonymous_setup | 181 | + should "expose category #{attr} attribute by default to anonymous" do |
185 | category = fast_create(Category, :environment_id => environment.id) | 182 | category = fast_create(Category, :environment_id => environment.id) |
186 | get "/api/v1/categories/?#{params.to_query}" | 183 | get "/api/v1/categories/?#{params.to_query}" |
187 | json = JSON.parse(last_response.body) | 184 | json = JSON.parse(last_response.body) |
@@ -189,6 +186,4 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -189,6 +186,4 @@ class CategoriesTest < ActiveSupport::TestCase | ||
189 | end | 186 | end |
190 | end | 187 | end |
191 | 188 | ||
192 | - | ||
193 | - | ||
194 | end | 189 | end |
test/api/comments_test.rb
@@ -4,13 +4,12 @@ class CommentsTest < ActiveSupport::TestCase | @@ -4,13 +4,12 @@ class CommentsTest < ActiveSupport::TestCase | ||
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | @local_person = fast_create(Person) | 6 | @local_person = fast_create(Person) |
7 | - anonymous_setup | 7 | + create_and_activate_user |
8 | end | 8 | end |
9 | - attr_reader :local_person | ||
10 | 9 | ||
11 | should 'logged user not list comments if user has no permission to view the source article' do | 10 | should 'logged user not list comments if user has no permission to view the source article' do |
12 | login_api | 11 | login_api |
13 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | 12 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", :published => false) |
14 | assert !article.published? | 13 | assert !article.published? |
15 | 14 | ||
16 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 15 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
@@ -19,8 +18,8 @@ class CommentsTest < ActiveSupport::TestCase | @@ -19,8 +18,8 @@ class CommentsTest < ActiveSupport::TestCase | ||
19 | 18 | ||
20 | should 'logged user not return comment if user has no permission to view the source article' do | 19 | should 'logged user not return comment if user has no permission to view the source article' do |
21 | login_api | 20 | login_api |
22 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | ||
23 | - comment = article.comments.create!(:body => "another comment", :author => local_person) | 21 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", :published => false) |
22 | + comment = article.comments.create!(:body => "another comment", :author => @local_person) | ||
24 | assert !article.published? | 23 | assert !article.published? |
25 | 24 | ||
26 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | 25 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
@@ -29,7 +28,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -29,7 +28,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
29 | 28 | ||
30 | should 'logged user not comment an article if user has no permission to view it' do | 29 | should 'logged user not comment an article if user has no permission to view it' do |
31 | login_api | 30 | login_api |
32 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | 31 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", :published => false) |
33 | assert !article.published? | 32 | assert !article.published? |
34 | 33 | ||
35 | post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 34 | post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
@@ -38,9 +37,9 @@ class CommentsTest < ActiveSupport::TestCase | @@ -38,9 +37,9 @@ class CommentsTest < ActiveSupport::TestCase | ||
38 | 37 | ||
39 | should 'logged user return comments of an article' do | 38 | should 'logged user return comments of an article' do |
40 | login_api | 39 | login_api |
41 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | ||
42 | - article.comments.create!(:body => "some comment", :author => local_person) | ||
43 | - article.comments.create!(:body => "another comment", :author => local_person) | 40 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
41 | + article.comments.create!(:body => "some comment", :author => @local_person) | ||
42 | + article.comments.create!(:body => "another comment", :author => @local_person) | ||
44 | 43 | ||
45 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 44 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
46 | json = JSON.parse(last_response.body) | 45 | json = JSON.parse(last_response.body) |
@@ -50,8 +49,8 @@ class CommentsTest < ActiveSupport::TestCase | @@ -50,8 +49,8 @@ class CommentsTest < ActiveSupport::TestCase | ||
50 | 49 | ||
51 | should 'logged user return comment of an article' do | 50 | should 'logged user return comment of an article' do |
52 | login_api | 51 | login_api |
53 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | ||
54 | - comment = article.comments.create!(:body => "another comment", :author => local_person) | 52 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
53 | + comment = article.comments.create!(:body => "another comment", :author => @local_person) | ||
55 | 54 | ||
56 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | 55 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
57 | json = JSON.parse(last_response.body) | 56 | json = JSON.parse(last_response.body) |
@@ -61,7 +60,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -61,7 +60,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
61 | 60 | ||
62 | should 'logged user comment an article' do | 61 | should 'logged user comment an article' do |
63 | login_api | 62 | login_api |
64 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | 63 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
65 | body = 'My comment' | 64 | body = 'My comment' |
66 | params.merge!({:body => body}) | 65 | params.merge!({:body => body}) |
67 | 66 | ||
@@ -84,7 +83,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -84,7 +83,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
84 | should 'logged user comment creation define the source' do | 83 | should 'logged user comment creation define the source' do |
85 | login_api | 84 | login_api |
86 | amount = Comment.count | 85 | amount = Comment.count |
87 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | 86 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
88 | body = 'My comment' | 87 | body = 'My comment' |
89 | params.merge!({:body => body}) | 88 | params.merge!({:body => body}) |
90 | 89 | ||
@@ -103,7 +102,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -103,7 +102,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
103 | Noosfero::Plugin.stubs(:all).returns([Plugin1.name]) | 102 | Noosfero::Plugin.stubs(:all).returns([Plugin1.name]) |
104 | Environment.default.enable_plugin(Plugin1) | 103 | Environment.default.enable_plugin(Plugin1) |
105 | 104 | ||
106 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | 105 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
107 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1") | 106 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1") |
108 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2", :user_agent => 'Jack') | 107 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2", :user_agent => 'Jack') |
109 | 108 | ||
@@ -113,7 +112,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -113,7 +112,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
113 | end | 112 | end |
114 | 113 | ||
115 | should 'anonymous do not return comments marked as spam' do | 114 | should 'anonymous do not return comments marked as spam' do |
116 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | 115 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
117 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1", spam: true) | 116 | c1 = fast_create(Comment, source_id: article.id, body: "comment 1", spam: true) |
118 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2") | 117 | c2 = fast_create(Comment, source_id: article.id, body: "comment 2") |
119 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 118 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
@@ -121,41 +120,42 @@ class CommentsTest < ActiveSupport::TestCase | @@ -121,41 +120,42 @@ class CommentsTest < ActiveSupport::TestCase | ||
121 | assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} | 120 | assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} |
122 | end | 121 | end |
123 | 122 | ||
124 | - should 'not, anonymous list comments if has no permission to view the source article' do | ||
125 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) | 123 | + should 'not list comments if anonymous has no permission to view the source article' do |
124 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | ||
126 | assert !article.published? | 125 | assert !article.published? |
127 | - | 126 | + |
128 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 127 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
129 | assert_equal 403, last_response.status | 128 | assert_equal 403, last_response.status |
130 | end | 129 | end |
131 | - | ||
132 | - should 'anonymous return comments of an article' do | ||
133 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | ||
134 | - article.comments.create!(:body => "some comment", :author => local_person) | ||
135 | - article.comments.create!(:body => "another comment", :author => local_person) | ||
136 | - | 130 | + |
131 | + should 'return comments of an article for anonymous' do | ||
132 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | ||
133 | + article.comments.create!(:body => "some comment", :author => @local_person) | ||
134 | + article.comments.create!(:body => "another comment", :author => @local_person) | ||
135 | + | ||
137 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 136 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
138 | json = JSON.parse(last_response.body) | 137 | json = JSON.parse(last_response.body) |
139 | assert_equal 200, last_response.status | 138 | assert_equal 200, last_response.status |
140 | assert_equal 2, json["comments"].length | 139 | assert_equal 2, json["comments"].length |
141 | end | 140 | end |
142 | - | ||
143 | - should 'anonymous return comment of an article' do | ||
144 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | ||
145 | - comment = article.comments.create!(:body => "another comment", :author => local_person) | ||
146 | - | 141 | + |
142 | + should 'return comment of an article for anonymous' do | ||
143 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") | ||
144 | + comment = article.comments.create!(:body => "another comment", :author => @local_person) | ||
145 | + | ||
147 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | 146 | get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" |
148 | json = JSON.parse(last_response.body) | 147 | json = JSON.parse(last_response.body) |
149 | assert_equal 200, last_response.status | 148 | assert_equal 200, last_response.status |
150 | assert_equal comment.id, json['comment']['id'] | 149 | assert_equal comment.id, json['comment']['id'] |
151 | end | 150 | end |
152 | 151 | ||
153 | - should 'not, anonymous comment an article (at least so far...)' do | ||
154 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | 152 | + should 'anonymous user not comment an article' do |
153 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") | ||
155 | body = 'My comment' | 154 | body = 'My comment' |
156 | name = "John Doe" | 155 | name = "John Doe" |
157 | email = "JohnDoe@gmail.com" | 156 | email = "JohnDoe@gmail.com" |
158 | params.merge!({:body => body, name: name, email: email}) | 157 | params.merge!({:body => body, name: name, email: email}) |
158 | + | ||
159 | post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 159 | post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
160 | json = JSON.parse(last_response.body) | 160 | json = JSON.parse(last_response.body) |
161 | assert_equal 401, last_response.status | 161 | assert_equal 401, last_response.status |
@@ -163,8 +163,8 @@ class CommentsTest < ActiveSupport::TestCase | @@ -163,8 +163,8 @@ class CommentsTest < ActiveSupport::TestCase | ||
163 | 163 | ||
164 | should 'logged user paginate comments' do | 164 | should 'logged user paginate comments' do |
165 | login_api | 165 | login_api |
166 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | ||
167 | - 5.times { article.comments.create!(:body => "some comment", :author => local_person) } | 166 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
167 | + 5.times { article.comments.create!(:body => "some comment", :author => @local_person) } | ||
168 | params[:per_page] = 3 | 168 | params[:per_page] = 3 |
169 | 169 | ||
170 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 170 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
@@ -175,9 +175,9 @@ class CommentsTest < ActiveSupport::TestCase | @@ -175,9 +175,9 @@ class CommentsTest < ActiveSupport::TestCase | ||
175 | 175 | ||
176 | should 'logged user return only root comments' do | 176 | should 'logged user return only root comments' do |
177 | login_api | 177 | login_api |
178 | - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") | ||
179 | - comment1 = article.comments.create!(:body => "some comment", :author => local_person) | ||
180 | - comment2 = article.comments.create!(:body => "another comment", :author => local_person, :reply_of_id => comment1.id) | 178 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing") |
179 | + comment1 = article.comments.create!(:body => "some comment", :author => @local_person) | ||
180 | + comment2 = article.comments.create!(:body => "another comment", :author => @local_person, :reply_of_id => comment1.id) | ||
181 | params[:without_reply] = true | 181 | params[:without_reply] = true |
182 | 182 | ||
183 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | 183 | get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" |
test/api/communities_test.rb
@@ -4,28 +4,31 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -4,28 +4,31 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | Community.delete_all | 6 | Community.delete_all |
7 | + create_and_activate_user | ||
7 | end | 8 | end |
8 | 9 | ||
9 | - should 'logged user list only communities' do | 10 | + should 'list only communities to logged user' do |
10 | login_api | 11 | login_api |
11 | community = fast_create(Community, :environment_id => environment.id) | 12 | community = fast_create(Community, :environment_id => environment.id) |
12 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise | 13 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise |
14 | + | ||
13 | get "/api/v1/communities?#{params.to_query}" | 15 | get "/api/v1/communities?#{params.to_query}" |
14 | json = JSON.parse(last_response.body) | 16 | json = JSON.parse(last_response.body) |
15 | assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id | 17 | assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id |
16 | assert_includes json['communities'].map {|c| c['id']}, community.id | 18 | assert_includes json['communities'].map {|c| c['id']}, community.id |
17 | end | 19 | end |
18 | 20 | ||
19 | - should 'logged user list all communities' do | 21 | + should 'list all communities to logged user' do |
20 | login_api | 22 | login_api |
21 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) | 23 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) |
22 | community2 = fast_create(Community, :environment_id => environment.id) | 24 | community2 = fast_create(Community, :environment_id => environment.id) |
25 | + | ||
23 | get "/api/v1/communities?#{params.to_query}" | 26 | get "/api/v1/communities?#{params.to_query}" |
24 | json = JSON.parse(last_response.body) | 27 | json = JSON.parse(last_response.body) |
25 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | 28 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
26 | end | 29 | end |
27 | 30 | ||
28 | - should 'not, logged user list invisible communities' do | 31 | + should 'not list invisible communities to logged user' do |
29 | login_api | 32 | login_api |
30 | community1 = fast_create(Community, :environment_id => environment.id) | 33 | community1 = fast_create(Community, :environment_id => environment.id) |
31 | fast_create(Community, :environment_id => environment.id, :visible => false) | 34 | fast_create(Community, :environment_id => environment.id, :visible => false) |
@@ -35,28 +38,28 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -35,28 +38,28 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
35 | assert_equal [community1.id], json['communities'].map {|c| c['id']} | 38 | assert_equal [community1.id], json['communities'].map {|c| c['id']} |
36 | end | 39 | end |
37 | 40 | ||
38 | - should 'logged user list private communities' do | ||
39 | - login_api | ||
40 | - community1 = fast_create(Community, :environment_id => environment.id) | ||
41 | - community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | 41 | + should 'list private communities to logged user' do |
42 | + login_api | ||
43 | + community1 = fast_create(Community, :environment_id => environment.id) | ||
44 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
42 | 45 | ||
43 | - get "/api/v1/communities?#{params.to_query}" | ||
44 | - json = JSON.parse(last_response.body) | ||
45 | - assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | 46 | + get "/api/v1/communities?#{params.to_query}" |
47 | + json = JSON.parse(last_response.body) | ||
48 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | ||
46 | end | 49 | end |
47 | 50 | ||
48 | - should 'logged user list private community for members' do | 51 | + should 'list private communities to logged members' do |
49 | login_api | 52 | login_api |
50 | - c1 = fast_create(Community, :environment_id => environment.id) | ||
51 | - c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
52 | - c2.add_member(person) | 53 | + community1 = fast_create(Community, :environment_id => environment.id) |
54 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
55 | + community2.add_member(person) | ||
53 | 56 | ||
54 | get "/api/v1/communities?#{params.to_query}" | 57 | get "/api/v1/communities?#{params.to_query}" |
55 | json = JSON.parse(last_response.body) | 58 | json = JSON.parse(last_response.body) |
56 | - assert_equivalent [c1.id, c2.id], json['communities'].map {|c| c['id']} | 59 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
57 | end | 60 | end |
58 | 61 | ||
59 | - should 'logged user create a community' do | 62 | + should 'create a community with logged user' do |
60 | login_api | 63 | login_api |
61 | params[:community] = {:name => 'some'} | 64 | params[:community] = {:name => 'some'} |
62 | post "/api/v1/communities?#{params.to_query}" | 65 | post "/api/v1/communities?#{params.to_query}" |
@@ -64,14 +67,14 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -64,14 +67,14 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
64 | assert_equal 'some', json['community']['name'] | 67 | assert_equal 'some', json['community']['name'] |
65 | end | 68 | end |
66 | 69 | ||
67 | - should 'logged user return 400 status for invalid community creation' do | 70 | + should 'return 400 status for invalid community creation to logged user ' do |
68 | login_api | 71 | login_api |
69 | post "/api/v1/communities?#{params.to_query}" | 72 | post "/api/v1/communities?#{params.to_query}" |
70 | json = JSON.parse(last_response.body) | 73 | json = JSON.parse(last_response.body) |
71 | assert_equal 400, last_response.status | 74 | assert_equal 400, last_response.status |
72 | end | 75 | end |
73 | 76 | ||
74 | - should 'logged user get community' do | 77 | + should 'get community to logged user' do |
75 | login_api | 78 | login_api |
76 | community = fast_create(Community, :environment_id => environment.id) | 79 | community = fast_create(Community, :environment_id => environment.id) |
77 | 80 | ||
@@ -80,26 +83,27 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -80,26 +83,27 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
80 | assert_equal community.id, json['community']['id'] | 83 | assert_equal community.id, json['community']['id'] |
81 | end | 84 | end |
82 | 85 | ||
83 | - should 'not, logged user get invisible community' do | 86 | + should 'not list invisible community to logged users' do |
84 | login_api | 87 | login_api |
85 | community = fast_create(Community, :environment_id => environment.id, :visible => false) | 88 | community = fast_create(Community, :environment_id => environment.id, :visible => false) |
86 | 89 | ||
87 | get "/api/v1/communities/#{community.id}?#{params.to_query}" | 90 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
88 | json = JSON.parse(last_response.body) | 91 | json = JSON.parse(last_response.body) |
89 | - assert json['community'].blank? | 92 | + |
93 | + assert_nil json["community"] | ||
90 | end | 94 | end |
91 | 95 | ||
92 | - should 'not, logged user get private communities without permission' do | 96 | + should 'not get private community content to non member' do |
93 | login_api | 97 | login_api |
94 | - community = fast_create(Community, :environment_id => environment.id) | ||
95 | - fast_create(Community, :environment_id => environment.id, :public_profile => false) | 98 | + community = fast_create(Community, :environment_id => environment.id, :public_profile => false) |
96 | 99 | ||
97 | get "/api/v1/communities/#{community.id}?#{params.to_query}" | 100 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
98 | json = JSON.parse(last_response.body) | 101 | json = JSON.parse(last_response.body) |
99 | assert_equal community.id, json['community']['id'] | 102 | assert_equal community.id, json['community']['id'] |
103 | + assert_nil json['community']['members'] | ||
100 | end | 104 | end |
101 | 105 | ||
102 | - should 'logged user get private community for members' do | 106 | + should 'get private community to logged member' do |
103 | login_api | 107 | login_api |
104 | community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) | 108 | community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) |
105 | community.add_member(person) | 109 | community.add_member(person) |
@@ -107,9 +111,10 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -107,9 +111,10 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
107 | get "/api/v1/communities/#{community.id}?#{params.to_query}" | 111 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
108 | json = JSON.parse(last_response.body) | 112 | json = JSON.parse(last_response.body) |
109 | assert_equal community.id, json['community']['id'] | 113 | assert_equal community.id, json['community']['id'] |
114 | + assert_not_nil json['community']['members'] | ||
110 | end | 115 | end |
111 | 116 | ||
112 | - should 'logged user list person communities' do | 117 | + should 'list person communities to logged user' do |
113 | login_api | 118 | login_api |
114 | community = fast_create(Community, :environment_id => environment.id) | 119 | community = fast_create(Community, :environment_id => environment.id) |
115 | fast_create(Community, :environment_id => environment.id) | 120 | fast_create(Community, :environment_id => environment.id) |
@@ -120,16 +125,16 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -120,16 +125,16 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
120 | assert_equivalent [community.id], json['communities'].map {|c| c['id']} | 125 | assert_equivalent [community.id], json['communities'].map {|c| c['id']} |
121 | end | 126 | end |
122 | 127 | ||
123 | - should 'not, logged user list person communities invisible' do | 128 | + should 'not list person invisible communities to logged user' do |
124 | login_api | 129 | login_api |
125 | - c1 = fast_create(Community, :environment_id => environment.id) | ||
126 | - c2 = fast_create(Community, :environment_id => environment.id, :visible => false) | ||
127 | - c1.add_member(person) | ||
128 | - c2.add_member(person) | 130 | + community1 = fast_create(Community, :environment_id => environment.id) |
131 | + community2 = fast_create(Community, :environment_id => environment.id, :visible => false) | ||
132 | + community1.add_member(person) | ||
133 | + community2.add_member(person) | ||
129 | 134 | ||
130 | get "/api/v1/people/#{person.id}/communities?#{params.to_query}" | 135 | get "/api/v1/people/#{person.id}/communities?#{params.to_query}" |
131 | json = JSON.parse(last_response.body) | 136 | json = JSON.parse(last_response.body) |
132 | - assert_equivalent [c1.id], json['communities'].map {|c| c['id']} | 137 | + assert_equivalent [community1.id], json['communities'].map {|c| c['id']} |
133 | end | 138 | end |
134 | 139 | ||
135 | should 'logged user list communities with pagination' do | 140 | should 'logged user list communities with pagination' do |
@@ -147,7 +152,6 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -147,7 +152,6 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
147 | get "/api/v1/communities?#{params.to_query}" | 152 | get "/api/v1/communities?#{params.to_query}" |
148 | json_page_one = JSON.parse(last_response.body) | 153 | json_page_one = JSON.parse(last_response.body) |
149 | 154 | ||
150 | - | ||
151 | assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id | 155 | assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id |
152 | assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id | 156 | assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id |
153 | 157 | ||
@@ -155,7 +159,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -155,7 +159,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
155 | assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id | 159 | assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id |
156 | end | 160 | end |
157 | 161 | ||
158 | - should 'logged user list communities with timestamp' do | 162 | + should 'list communities with timestamp to logged user' do |
159 | login_api | 163 | login_api |
160 | community1 = fast_create(Community, :public_profile => true) | 164 | community1 = fast_create(Community, :public_profile => true) |
161 | community2 = fast_create(Community) | 165 | community2 = fast_create(Community) |
@@ -172,9 +176,9 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -172,9 +176,9 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
172 | end | 176 | end |
173 | 177 | ||
174 | should 'anonymous list only communities' do | 178 | should 'anonymous list only communities' do |
175 | - anonymous_setup | ||
176 | community = fast_create(Community, :environment_id => environment.id) | 179 | community = fast_create(Community, :environment_id => environment.id) |
177 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise | 180 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise |
181 | + | ||
178 | get "/api/v1/communities?#{params.to_query}" | 182 | get "/api/v1/communities?#{params.to_query}" |
179 | json = JSON.parse(last_response.body) | 183 | json = JSON.parse(last_response.body) |
180 | assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id | 184 | assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id |
@@ -182,16 +186,15 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -182,16 +186,15 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
182 | end | 186 | end |
183 | 187 | ||
184 | should 'anonymous list all communities' do | 188 | should 'anonymous list all communities' do |
185 | - anonymous_setup | ||
186 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) | 189 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) |
187 | community2 = fast_create(Community, :environment_id => environment.id) | 190 | community2 = fast_create(Community, :environment_id => environment.id) |
191 | + | ||
188 | get "/api/v1/communities?#{params.to_query}" | 192 | get "/api/v1/communities?#{params.to_query}" |
189 | json = JSON.parse(last_response.body) | 193 | json = JSON.parse(last_response.body) |
190 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | 194 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
191 | end | 195 | end |
192 | 196 | ||
193 | - should 'not, anonymous list invisible communities' do | ||
194 | - anonymous_setup | 197 | + should 'not list invisible communities to anonymous' do |
195 | community1 = fast_create(Community, :environment_id => environment.id) | 198 | community1 = fast_create(Community, :environment_id => environment.id) |
196 | fast_create(Community, :environment_id => environment.id, :visible => false) | 199 | fast_create(Community, :environment_id => environment.id, :visible => false) |
197 | 200 | ||
@@ -200,8 +203,17 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -200,8 +203,17 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
200 | assert_equal [community1.id], json['communities'].map {|c| c['id']} | 203 | assert_equal [community1.id], json['communities'].map {|c| c['id']} |
201 | end | 204 | end |
202 | 205 | ||
203 | - should 'anonymous list private communities' do | ||
204 | - anonymous_setup | 206 | + should 'list all visible communities except secret ones to anonymous' do |
207 | + community = fast_create(Community, :environment_id => environment.id) | ||
208 | + private_community = fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
209 | + secret_community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :secret => true) | ||
210 | + | ||
211 | + get "/api/v1/communities?#{params.to_query}" | ||
212 | + json = JSON.parse(last_response.body) | ||
213 | + assert_equivalent [community.id, private_community.id], json['communities'].map {|c| c['id']} | ||
214 | + end | ||
215 | + | ||
216 | + should 'list private communities to anonymous' do | ||
205 | community1 = fast_create(Community, :environment_id => environment.id) | 217 | community1 = fast_create(Community, :environment_id => environment.id) |
206 | community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | 218 | community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) |
207 | 219 | ||
@@ -210,41 +222,59 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -210,41 +222,59 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
210 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | 222 | assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} |
211 | end | 223 | end |
212 | 224 | ||
213 | - should 'not, anonymous create a community' do | ||
214 | - anonymous_setup | 225 | + should 'not create a community as an anonymous user' do |
215 | params[:community] = {:name => 'some'} | 226 | params[:community] = {:name => 'some'} |
227 | + | ||
216 | post "/api/v1/communities?#{params.to_query}" | 228 | post "/api/v1/communities?#{params.to_query}" |
217 | json = JSON.parse(last_response.body) | 229 | json = JSON.parse(last_response.body) |
218 | assert_equal 401, last_response.status | 230 | assert_equal 401, last_response.status |
219 | end | 231 | end |
220 | 232 | ||
221 | - should 'anonymous get community' do | ||
222 | - anonymous_setup | 233 | + should 'get community for anonymous' do |
223 | community = fast_create(Community, :environment_id => environment.id) | 234 | community = fast_create(Community, :environment_id => environment.id) |
224 | get "/api/v1/communities/#{community.id}" | 235 | get "/api/v1/communities/#{community.id}" |
225 | json = JSON.parse(last_response.body) | 236 | json = JSON.parse(last_response.body) |
226 | assert_equal community.id, json['community']['id'] | 237 | assert_equal community.id, json['community']['id'] |
227 | end | 238 | end |
228 | 239 | ||
229 | - should 'not, anonymous get invisible community' do | ||
230 | - anonymous_setup | 240 | + should 'not get invisible community to anonymous user' do |
231 | community = fast_create(Community, :environment_id => environment.id, :visible => false) | 241 | community = fast_create(Community, :environment_id => environment.id, :visible => false) |
232 | get "/api/v1/communities/#{community.id}" | 242 | get "/api/v1/communities/#{community.id}" |
233 | json = JSON.parse(last_response.body) | 243 | json = JSON.parse(last_response.body) |
234 | assert json['community'].blank? | 244 | assert json['community'].blank? |
235 | end | 245 | end |
236 | 246 | ||
237 | - should 'not, anonymous get private communities' do | ||
238 | - anonymous_setup | ||
239 | - community = fast_create(Community, :environment_id => environment.id) | ||
240 | - fast_create(Community, :environment_id => environment.id, :public_profile => false) | 247 | + should 'get private community to anonymous user' do |
248 | + community = fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
249 | + | ||
241 | get "/api/v1/communities/#{community.id}" | 250 | get "/api/v1/communities/#{community.id}" |
242 | json = JSON.parse(last_response.body) | 251 | json = JSON.parse(last_response.body) |
243 | assert_equal community.id, json['community']['id'] | 252 | assert_equal community.id, json['community']['id'] |
253 | + assert_nil json['community']['members'] | ||
254 | + end | ||
255 | + | ||
256 | + should 'list public person communities to anonymous' do | ||
257 | + community = fast_create(Community, :environment_id => environment.id) | ||
258 | + fast_create(Community, :environment_id => environment.id) | ||
259 | + community.add_member(person) | ||
260 | + | ||
261 | + get "/api/v1/people/#{person.id}/communities?#{params.to_query}" | ||
262 | + json = JSON.parse(last_response.body) | ||
263 | + assert_equivalent [community.id], json['communities'].map {|c| c['id']} | ||
244 | end | 264 | end |
245 | 265 | ||
246 | - should 'anonymous list communities with pagination' do | ||
247 | - anonymous_setup | 266 | + should 'not list private person communities to anonymous' do |
267 | + community = fast_create(Community, :environment_id => environment.id) | ||
268 | + fast_create(Community, :environment_id => environment.id) | ||
269 | + person.public_profile = false | ||
270 | + person.save | ||
271 | + community.add_member(person) | ||
272 | + | ||
273 | + get "/api/v1/people/#{person.id}/communities?#{params.to_query}" | ||
274 | + assert_equal 403, last_response.status | ||
275 | + end | ||
276 | + | ||
277 | + should 'list communities with pagination to anonymous' do | ||
248 | community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) | 278 | community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) |
249 | community2 = fast_create(Community, :created_at => 2.days.ago) | 279 | community2 = fast_create(Community, :created_at => 2.days.ago) |
250 | 280 | ||
@@ -265,8 +295,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -265,8 +295,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
265 | assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id | 295 | assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id |
266 | end | 296 | end |
267 | 297 | ||
268 | - should 'anonymous list communities with timestamp' do | ||
269 | - anonymous_setup | 298 | + should 'list communities with timestamp to anonymous ' do |
270 | community1 = fast_create(Community, :public_profile => true) | 299 | community1 = fast_create(Community, :public_profile => true) |
271 | community2 = fast_create(Community) | 300 | community2 = fast_create(Community) |
272 | 301 | ||
@@ -282,7 +311,6 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -282,7 +311,6 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
282 | end | 311 | end |
283 | 312 | ||
284 | should 'display public custom fields to anonymous' do | 313 | should 'display public custom fields to anonymous' do |
285 | - anonymous_setup | ||
286 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) | 314 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) |
287 | some_community = fast_create(Community) | 315 | some_community = fast_create(Community) |
288 | some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | 316 | some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } |
@@ -295,7 +323,6 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -295,7 +323,6 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
295 | end | 323 | end |
296 | 324 | ||
297 | should 'not display private custom fields to anonymous' do | 325 | should 'not display private custom fields to anonymous' do |
298 | - anonymous_setup | ||
299 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) | 326 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) |
300 | some_community = fast_create(Community) | 327 | some_community = fast_create(Community) |
301 | some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | 328 | some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } |
@@ -306,5 +333,4 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -306,5 +333,4 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
306 | refute json['community']['additional_data'].has_key?('Rating') | 333 | refute json['community']['additional_data'].has_key?('Rating') |
307 | end | 334 | end |
308 | 335 | ||
309 | - | ||
310 | end | 336 | end |
test/api/enterprises_test.rb
@@ -4,6 +4,7 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -4,6 +4,7 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | Enterprise.delete_all | 6 | Enterprise.delete_all |
7 | + create_and_activate_user | ||
7 | end | 8 | end |
8 | 9 | ||
9 | should 'logger user list only enterprises' do | 10 | should 'logger user list only enterprises' do |
@@ -17,7 +18,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -17,7 +18,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
17 | end | 18 | end |
18 | 19 | ||
19 | should 'anonymous list only enterprises' do | 20 | should 'anonymous list only enterprises' do |
20 | - anonymous_setup | ||
21 | community = fast_create(Community, :environment_id => environment.id) # should not list this community | 21 | community = fast_create(Community, :environment_id => environment.id) # should not list this community |
22 | enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) | 22 | enterprise = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) |
23 | get "/api/v1/enterprises?#{params.to_query}" | 23 | get "/api/v1/enterprises?#{params.to_query}" |
@@ -27,7 +27,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -27,7 +27,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
27 | end | 27 | end |
28 | 28 | ||
29 | should 'anonymous list all enterprises' do | 29 | should 'anonymous list all enterprises' do |
30 | - anonymous_setup | ||
31 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) | 30 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => true) |
32 | enterprise2 = fast_create(Enterprise, :environment_id => environment.id) | 31 | enterprise2 = fast_create(Enterprise, :environment_id => environment.id) |
33 | get "/api/v1/enterprises?#{params.to_query}" | 32 | get "/api/v1/enterprises?#{params.to_query}" |
@@ -55,7 +54,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -55,7 +54,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
55 | end | 54 | end |
56 | 55 | ||
57 | should 'not, anonymous list invisible enterprises' do | 56 | should 'not, anonymous list invisible enterprises' do |
58 | - anonymous_setup | ||
59 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) | 57 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
60 | fast_create(Enterprise, :visible => false) | 58 | fast_create(Enterprise, :visible => false) |
61 | 59 | ||
@@ -64,7 +62,7 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -64,7 +62,7 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
64 | assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} | 62 | assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} |
65 | end | 63 | end |
66 | 64 | ||
67 | - should 'not, logger user list invisible enterprises' do | 65 | + should 'not, logged user list invisible enterprises' do |
68 | login_api | 66 | login_api |
69 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) | 67 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
70 | fast_create(Enterprise, :visible => false) | 68 | fast_create(Enterprise, :visible => false) |
@@ -75,7 +73,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -75,7 +73,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
75 | end | 73 | end |
76 | 74 | ||
77 | should 'anonymous list private enterprises' do | 75 | should 'anonymous list private enterprises' do |
78 | - anonymous_setup | ||
79 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) | 76 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
80 | enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) | 77 | enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) |
81 | 78 | ||
@@ -106,7 +103,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -106,7 +103,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
106 | end | 103 | end |
107 | 104 | ||
108 | should 'anonymous get enterprise' do | 105 | should 'anonymous get enterprise' do |
109 | - anonymous_setup | ||
110 | enterprise = fast_create(Enterprise, :environment_id => environment.id) | 106 | enterprise = fast_create(Enterprise, :environment_id => environment.id) |
111 | 107 | ||
112 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" | 108 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" |
@@ -133,7 +129,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -133,7 +129,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
133 | end | 129 | end |
134 | 130 | ||
135 | should 'not, anonymous get invisible enterprise' do | 131 | should 'not, anonymous get invisible enterprise' do |
136 | - anonymous_setup | ||
137 | enterprise = fast_create(Enterprise, :visible => false) | 132 | enterprise = fast_create(Enterprise, :visible => false) |
138 | 133 | ||
139 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" | 134 | get "/api/v1/enterprises/#{enterprise.id}?#{params.to_query}" |
@@ -152,7 +147,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -152,7 +147,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
152 | end | 147 | end |
153 | 148 | ||
154 | should 'not, anonymous get private enterprises' do | 149 | should 'not, anonymous get private enterprises' do |
155 | - anonymous_setup | ||
156 | enterprise = fast_create(Enterprise, :environment_id => environment.id) | 150 | enterprise = fast_create(Enterprise, :environment_id => environment.id) |
157 | fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) | 151 | fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) |
158 | 152 | ||
@@ -195,7 +189,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -195,7 +189,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
195 | end | 189 | end |
196 | 190 | ||
197 | should 'display public custom fields to anonymous' do | 191 | should 'display public custom fields to anonymous' do |
198 | - anonymous_setup | ||
199 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) | 192 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) |
200 | some_enterprise = fast_create(Enterprise) | 193 | some_enterprise = fast_create(Enterprise) |
201 | some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | 194 | some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } |
@@ -208,7 +201,6 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -208,7 +201,6 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
208 | end | 201 | end |
209 | 202 | ||
210 | should 'not display public custom fields to anonymous' do | 203 | should 'not display public custom fields to anonymous' do |
211 | - anonymous_setup | ||
212 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) | 204 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) |
213 | some_enterprise = fast_create(Enterprise) | 205 | some_enterprise = fast_create(Enterprise) |
214 | some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | 206 | some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } |
test/api/environment_test.rb
@@ -2,6 +2,10 @@ require_relative 'test_helper' | @@ -2,6 +2,10 @@ require_relative 'test_helper' | ||
2 | 2 | ||
3 | class EnvironmentTest < ActiveSupport::TestCase | 3 | class EnvironmentTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | + def setup | ||
6 | + create_and_activate_user | ||
7 | + end | ||
8 | + | ||
5 | should 'return the default environment' do | 9 | should 'return the default environment' do |
6 | environment = Environment.default | 10 | environment = Environment.default |
7 | get "/api/v1/environment/default" | 11 | get "/api/v1/environment/default" |
@@ -62,6 +66,6 @@ class EnvironmentTest < ActiveSupport::TestCase | @@ -62,6 +66,6 @@ class EnvironmentTest < ActiveSupport::TestCase | ||
62 | get "/api/v1/environment/context" | 66 | get "/api/v1/environment/context" |
63 | json = JSON.parse(last_response.body) | 67 | json = JSON.parse(last_response.body) |
64 | assert_equal context_env.id, json['id'] | 68 | assert_equal context_env.id, json['id'] |
65 | - end | 69 | + end |
66 | 70 | ||
67 | end | 71 | end |
test/api/helpers_test.rb
@@ -6,28 +6,26 @@ class APIHelpersTest < ActiveSupport::TestCase | @@ -6,28 +6,26 @@ class APIHelpersTest < ActiveSupport::TestCase | ||
6 | include Noosfero::API::APIHelpers | 6 | include Noosfero::API::APIHelpers |
7 | 7 | ||
8 | def setup | 8 | def setup |
9 | + create_and_activate_user | ||
9 | @headers = {} | 10 | @headers = {} |
10 | end | 11 | end |
11 | 12 | ||
12 | attr_accessor :headers | 13 | attr_accessor :headers |
13 | 14 | ||
14 | should 'get the current user with valid token' do | 15 | should 'get the current user with valid token' do |
15 | - user = create_user('someuser') | ||
16 | - user.generate_private_token! | 16 | + login_api |
17 | self.params = {:private_token => user.private_token} | 17 | self.params = {:private_token => user.private_token} |
18 | assert_equal user, current_user | 18 | assert_equal user, current_user |
19 | end | 19 | end |
20 | 20 | ||
21 | should 'get the current user with valid token in header' do | 21 | should 'get the current user with valid token in header' do |
22 | - user = create_user('someuser') | ||
23 | - user.generate_private_token! | 22 | + login_api |
24 | headers['Private-Token'] = user.private_token | 23 | headers['Private-Token'] = user.private_token |
25 | assert_equal user, current_user | 24 | assert_equal user, current_user |
26 | end | 25 | end |
27 | 26 | ||
28 | should 'get the current user even with expired token' do | 27 | should 'get the current user even with expired token' do |
29 | - user = create_user('someuser') | ||
30 | - user.generate_private_token! | 28 | + login_api |
31 | user.private_token_generated_at = DateTime.now.prev_year | 29 | user.private_token_generated_at = DateTime.now.prev_year |
32 | user.save | 30 | user.save |
33 | self.params = {:private_token => user.private_token} | 31 | self.params = {:private_token => user.private_token} |
@@ -35,8 +33,7 @@ class APIHelpersTest < ActiveSupport::TestCase | @@ -35,8 +33,7 @@ class APIHelpersTest < ActiveSupport::TestCase | ||
35 | end | 33 | end |
36 | 34 | ||
37 | should 'get the person of current user' do | 35 | should 'get the person of current user' do |
38 | - user = create_user('someuser') | ||
39 | - user.generate_private_token! | 36 | + login_api |
40 | self.params = {:private_token => user.private_token} | 37 | self.params = {:private_token => user.private_token} |
41 | assert_equal user.person, current_person | 38 | assert_equal user.person, current_person |
42 | end | 39 | end |
@@ -106,24 +103,22 @@ class APIHelpersTest < ActiveSupport::TestCase | @@ -106,24 +103,22 @@ class APIHelpersTest < ActiveSupport::TestCase | ||
106 | end | 103 | end |
107 | 104 | ||
108 | should 'find_article return article by id in list passed for user with permission' do | 105 | should 'find_article return article by id in list passed for user with permission' do |
109 | - user = create_user('someuser') | 106 | + login_api |
110 | a = fast_create(Article, :profile_id => user.person.id) | 107 | a = fast_create(Article, :profile_id => user.person.id) |
111 | fast_create(Article, :profile_id => user.person.id) | 108 | fast_create(Article, :profile_id => user.person.id) |
112 | fast_create(Article, :profile_id => user.person.id) | 109 | fast_create(Article, :profile_id => user.person.id) |
113 | 110 | ||
114 | - user.generate_private_token! | ||
115 | self.params = {private_token: user.private_token} | 111 | self.params = {private_token: user.private_token} |
116 | User.expects(:find_by).with(private_token: user.private_token).returns(user) | 112 | User.expects(:find_by).with(private_token: user.private_token).returns(user) |
117 | assert_equal a, find_article(user.person.articles, a.id) | 113 | assert_equal a, find_article(user.person.articles, a.id) |
118 | end | 114 | end |
119 | 115 | ||
120 | should 'find_article return forbidden when a user try to access an article without permission' do | 116 | should 'find_article return forbidden when a user try to access an article without permission' do |
121 | - user = create_user('someuser') | 117 | + login_api |
122 | p = fast_create(Profile) | 118 | p = fast_create(Profile) |
123 | a = fast_create(Article, :published => false, :profile_id => p.id) | 119 | a = fast_create(Article, :published => false, :profile_id => p.id) |
124 | fast_create(Article, :profile_id => p.id) | 120 | fast_create(Article, :profile_id => p.id) |
125 | 121 | ||
126 | - user.generate_private_token! | ||
127 | self.params = {private_token: user.private_token} | 122 | self.params = {private_token: user.private_token} |
128 | User.expects(:find_by).with(private_token: user.private_token).returns(user) | 123 | User.expects(:find_by).with(private_token: user.private_token).returns(user) |
129 | assert_equal 403, find_article(p.articles, a.id).last | 124 | assert_equal 403, find_article(p.articles, a.id).last |
test/api/people_test.rb
@@ -3,7 +3,8 @@ require_relative 'test_helper' | @@ -3,7 +3,8 @@ require_relative 'test_helper' | ||
3 | class PeopleTest < ActiveSupport::TestCase | 3 | class PeopleTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | - Person.delete_all | 6 | + Person.destroy_all |
7 | + create_and_activate_user | ||
7 | end | 8 | end |
8 | 9 | ||
9 | should 'logged user list all people' do | 10 | should 'logged user list all people' do |
@@ -16,12 +17,11 @@ class PeopleTest < ActiveSupport::TestCase | @@ -16,12 +17,11 @@ class PeopleTest < ActiveSupport::TestCase | ||
16 | end | 17 | end |
17 | 18 | ||
18 | should 'anonymous list all people' do | 19 | should 'anonymous list all people' do |
19 | - anonymous_setup | ||
20 | person1 = fast_create(Person, :public_profile => true) | 20 | person1 = fast_create(Person, :public_profile => true) |
21 | person2 = fast_create(Person) | 21 | person2 = fast_create(Person) |
22 | get "/api/v1/people?#{params.to_query}" | 22 | get "/api/v1/people?#{params.to_query}" |
23 | json = JSON.parse(last_response.body) | 23 | json = JSON.parse(last_response.body) |
24 | - assert_equivalent [person1.id, person2.id], json['people'].map {|c| c['id']} | 24 | + assert_equivalent [person.id, person1.id, person2.id], json['people'].map {|c| c['id']} |
25 | end | 25 | end |
26 | 26 | ||
27 | should 'logged user list all members of a community' do | 27 | should 'logged user list all members of a community' do |
@@ -39,7 +39,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -39,7 +39,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
39 | end | 39 | end |
40 | 40 | ||
41 | should 'anonymous list all members of a community' do | 41 | should 'anonymous list all members of a community' do |
42 | - anonymous_setup | ||
43 | person1 = fast_create(Person) | 42 | person1 = fast_create(Person) |
44 | person2 = fast_create(Person) | 43 | person2 = fast_create(Person) |
45 | community = fast_create(Community) | 44 | community = fast_create(Community) |
@@ -61,7 +60,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -61,7 +60,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
61 | end | 60 | end |
62 | 61 | ||
63 | should 'annoymous not list invisible people' do | 62 | should 'annoymous not list invisible people' do |
64 | - anonymous_setup | ||
65 | invisible_person = fast_create(Person, :visible => false) | 63 | invisible_person = fast_create(Person, :visible => false) |
66 | 64 | ||
67 | get "/api/v1/people?#{params.to_query}" | 65 | get "/api/v1/people?#{params.to_query}" |
@@ -77,7 +75,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -77,7 +75,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
77 | end | 75 | end |
78 | 76 | ||
79 | should 'anonymous list private people' do | 77 | should 'anonymous list private people' do |
80 | - anonymous_setup | ||
81 | private_person = fast_create(Person, :public_profile => false) | 78 | private_person = fast_create(Person, :public_profile => false) |
82 | 79 | ||
83 | get "/api/v1/people?#{params.to_query}" | 80 | get "/api/v1/people?#{params.to_query}" |
@@ -105,7 +102,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -105,7 +102,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
105 | end | 102 | end |
106 | 103 | ||
107 | should 'anonymous get person' do | 104 | should 'anonymous get person' do |
108 | - anonymous_setup | ||
109 | some_person = fast_create(Person) | 105 | some_person = fast_create(Person) |
110 | 106 | ||
111 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" | 107 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" |
@@ -113,7 +109,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -113,7 +109,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
113 | assert_equal some_person.id, json['person']['id'] | 109 | assert_equal some_person.id, json['person']['id'] |
114 | end | 110 | end |
115 | 111 | ||
116 | - | ||
117 | should 'people endpoint filter by fields parameter for logged user' do | 112 | should 'people endpoint filter by fields parameter for logged user' do |
118 | login_api | 113 | login_api |
119 | get "/api/v1/people?#{params.to_query}&fields=name" | 114 | get "/api/v1/people?#{params.to_query}&fields=name" |
@@ -156,7 +151,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -156,7 +151,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
156 | end | 151 | end |
157 | 152 | ||
158 | should 'anonymous not get invisible person' do | 153 | should 'anonymous not get invisible person' do |
159 | - anonymous_setup | ||
160 | person = fast_create(Person, :visible => false) | 154 | person = fast_create(Person, :visible => false) |
161 | 155 | ||
162 | get "/api/v1/people/#{person.id}?#{params.to_query}" | 156 | get "/api/v1/people/#{person.id}?#{params.to_query}" |
@@ -174,7 +168,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -174,7 +168,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
174 | end | 168 | end |
175 | 169 | ||
176 | should 'anonymous get private people' do | 170 | should 'anonymous get private people' do |
177 | - anonymous_setup | ||
178 | private_person = fast_create(Person, :public_profile => false) | 171 | private_person = fast_create(Person, :public_profile => false) |
179 | 172 | ||
180 | get "/api/v1/people/#{private_person.id}?#{params.to_query}" | 173 | get "/api/v1/people/#{private_person.id}?#{params.to_query}" |
@@ -203,7 +196,6 @@ class PeopleTest < ActiveSupport::TestCase | @@ -203,7 +196,6 @@ class PeopleTest < ActiveSupport::TestCase | ||
203 | end | 196 | end |
204 | 197 | ||
205 | should 'anonymous list person friends' do | 198 | should 'anonymous list person friends' do |
206 | - anonymous_setup | ||
207 | person = fast_create(Person) | 199 | person = fast_create(Person) |
208 | friend = fast_create(Person) | 200 | friend = fast_create(Person) |
209 | person.add_friend(friend) | 201 | person.add_friend(friend) |
@@ -274,7 +266,7 @@ class PeopleTest < ActiveSupport::TestCase | @@ -274,7 +266,7 @@ class PeopleTest < ActiveSupport::TestCase | ||
274 | 266 | ||
275 | should 'not display permissions if not admin or self' do | 267 | should 'not display permissions if not admin or self' do |
276 | login_api | 268 | login_api |
277 | - some_person = create_user('some-person').person | 269 | + some_person = fast_create(Person) |
278 | 270 | ||
279 | get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" | 271 | get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" |
280 | assert_equal 403, last_response.status | 272 | assert_equal 403, last_response.status |
@@ -300,8 +292,11 @@ class PeopleTest < ActiveSupport::TestCase | @@ -300,8 +292,11 @@ class PeopleTest < ActiveSupport::TestCase | ||
300 | 292 | ||
301 | should 'logged user display public custom fields' do | 293 | should 'logged user display public custom fields' do |
302 | login_api | 294 | login_api |
303 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | ||
304 | - some_person = create_user('some-person').person | 295 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) |
296 | + some_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | ||
297 | + some_person.user.activate | ||
298 | + some_person.reload | ||
299 | + | ||
305 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } | 300 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } |
306 | some_person.save! | 301 | some_person.save! |
307 | 302 | ||
@@ -313,10 +308,11 @@ class PeopleTest < ActiveSupport::TestCase | @@ -313,10 +308,11 @@ class PeopleTest < ActiveSupport::TestCase | ||
313 | 308 | ||
314 | should 'logged user not display non-public custom fields' do | 309 | should 'logged user not display non-public custom fields' do |
315 | login_api | 310 | login_api |
316 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | ||
317 | - some_person = create_user('some-person').person | 311 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) |
312 | + some_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | ||
318 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } | 313 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } |
319 | some_person.save! | 314 | some_person.save! |
315 | + some_person.user.activate | ||
320 | 316 | ||
321 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" | 317 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" |
322 | json = JSON.parse(last_response.body) | 318 | json = JSON.parse(last_response.body) |
@@ -324,36 +320,31 @@ class PeopleTest < ActiveSupport::TestCase | @@ -324,36 +320,31 @@ class PeopleTest < ActiveSupport::TestCase | ||
324 | end | 320 | end |
325 | 321 | ||
326 | should 'display public custom fields to anonymous' do | 322 | should 'display public custom fields to anonymous' do |
327 | - anonymous_setup | ||
328 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | ||
329 | - some_person = create_user('some-person').person | ||
330 | - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } | ||
331 | - some_person.save! | 323 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) |
324 | + person.reload | ||
325 | + person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "true"} } | ||
326 | + person.save! | ||
332 | 327 | ||
333 | - get "/api/v1/people/#{some_person.id}?#{params.to_query}" | 328 | + get "/api/v1/people/#{person.id}?#{params.to_query}" |
334 | json = JSON.parse(last_response.body) | 329 | json = JSON.parse(last_response.body) |
335 | assert json['person']['additional_data'].has_key?('Custom Blog') | 330 | assert json['person']['additional_data'].has_key?('Custom Blog') |
336 | assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] | 331 | assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog'] |
337 | end | 332 | end |
338 | 333 | ||
339 | should 'not display non-public custom fields to anonymous' do | 334 | should 'not display non-public custom fields to anonymous' do |
340 | - anonymous_setup | ||
341 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | ||
342 | - some_person = create_user('some-person').person | ||
343 | - some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } | ||
344 | - some_person.save! | 335 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) |
336 | + person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } | ||
337 | + person.save! | ||
345 | 338 | ||
346 | - get "/api/v1/people/#{some_person.id}?#{params.to_query}" | 339 | + get "/api/v1/people/#{person.id}?#{params.to_query}" |
347 | json = JSON.parse(last_response.body) | 340 | json = JSON.parse(last_response.body) |
348 | assert_equal json['person']['additional_data'], {} | 341 | assert_equal json['person']['additional_data'], {} |
349 | end | 342 | end |
350 | 343 | ||
351 | should 'hide private fields to anonymous' do | 344 | should 'hide private fields to anonymous' do |
352 | - anonymous_setup | ||
353 | - target_person = create_user('some-user').person | ||
354 | - target_person.save! | 345 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) |
355 | 346 | ||
356 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 347 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" |
357 | json = JSON.parse(last_response.body) | 348 | json = JSON.parse(last_response.body) |
358 | refute json["user"].has_key?("permissions") | 349 | refute json["user"].has_key?("permissions") |
359 | refute json["user"].has_key?("activated") | 350 | refute json["user"].has_key?("activated") |
@@ -361,15 +352,16 @@ class PeopleTest < ActiveSupport::TestCase | @@ -361,15 +352,16 @@ class PeopleTest < ActiveSupport::TestCase | ||
361 | 352 | ||
362 | should 'display non-public custom fields to friend' do | 353 | should 'display non-public custom fields to friend' do |
363 | login_api | 354 | login_api |
364 | - CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | ||
365 | - some_person = create_user('some-person').person | 355 | + CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => environment) |
356 | + some_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person | ||
357 | + some_person.user.activate | ||
358 | + some_person.reload | ||
359 | + | ||
366 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } | 360 | some_person.custom_values = { "Custom Blog" => { "value" => "www.blog.org", "public" => "0"} } |
367 | some_person.save! | 361 | some_person.save! |
368 | 362 | ||
369 | - f = Friendship.new | ||
370 | - f.friend = some_person | ||
371 | - f.person = person | ||
372 | - f.save! | 363 | + some_person.add_friend(person) |
364 | + person.add_friend(some_person) | ||
373 | 365 | ||
374 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" | 366 | get "/api/v1/people/#{some_person.id}?#{params.to_query}" |
375 | json = JSON.parse(last_response.body) | 367 | json = JSON.parse(last_response.body) |
test/api/profiles_test.rb
@@ -4,6 +4,7 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -4,6 +4,7 @@ class ProfilesTest < ActiveSupport::TestCase | ||
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | Profile.delete_all | 6 | Profile.delete_all |
7 | + create_and_activate_user | ||
7 | end | 8 | end |
8 | 9 | ||
9 | should 'logged user list all profiles' do | 10 | should 'logged user list all profiles' do |
@@ -24,6 +25,13 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -24,6 +25,13 @@ class ProfilesTest < ActiveSupport::TestCase | ||
24 | assert_equal some_person.id, json['id'] | 25 | assert_equal some_person.id, json['id'] |
25 | end | 26 | end |
26 | 27 | ||
28 | + should 'not get inexistent profile' do | ||
29 | + login_api | ||
30 | + get "/api/v1/profiles/invalid_id?#{params.to_query}" | ||
31 | + json = JSON.parse(last_response.body) | ||
32 | + assert_equal 404, last_response.status | ||
33 | + end | ||
34 | + | ||
27 | should 'logged user get community from profile id' do | 35 | should 'logged user get community from profile id' do |
28 | login_api | 36 | login_api |
29 | community = fast_create(Community) | 37 | community = fast_create(Community) |
@@ -85,7 +93,6 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -85,7 +93,6 @@ class ProfilesTest < ActiveSupport::TestCase | ||
85 | end | 93 | end |
86 | 94 | ||
87 | should 'anonymous user access delete action' do | 95 | should 'anonymous user access delete action' do |
88 | - anonymous_setup | ||
89 | profile = fast_create(Person, :environment_id => environment.id) | 96 | profile = fast_create(Person, :environment_id => environment.id) |
90 | 97 | ||
91 | delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | 98 | delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" |
@@ -99,7 +106,7 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -99,7 +106,7 @@ class ProfilesTest < ActiveSupport::TestCase | ||
99 | community = fast_create(Community) | 106 | community = fast_create(Community) |
100 | get "/api/v1/profiles" | 107 | get "/api/v1/profiles" |
101 | json = JSON.parse(last_response.body) | 108 | json = JSON.parse(last_response.body) |
102 | - assert_equivalent [person1.id, person2.id, community.id], json.map {|p| p['id']} | 109 | + assert_equivalent [person.id, person1.id, person2.id, community.id], json.map {|p| p['id']} |
103 | end | 110 | end |
104 | 111 | ||
105 | should 'anonymous get person from profile id' do | 112 | should 'anonymous get person from profile id' do |
@@ -117,7 +124,6 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -117,7 +124,6 @@ class ProfilesTest < ActiveSupport::TestCase | ||
117 | end | 124 | end |
118 | 125 | ||
119 | should 'display public custom fields to anonymous' do | 126 | should 'display public custom fields to anonymous' do |
120 | - anonymous_setup | ||
121 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) | 127 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) |
122 | some_profile = fast_create(Profile) | 128 | some_profile = fast_create(Profile) |
123 | some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | 129 | some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } |
@@ -130,7 +136,6 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -130,7 +136,6 @@ class ProfilesTest < ActiveSupport::TestCase | ||
130 | end | 136 | end |
131 | 137 | ||
132 | should 'not display private custom fields to anonymous' do | 138 | should 'not display private custom fields to anonymous' do |
133 | - anonymous_setup | ||
134 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) | 139 | CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) |
135 | some_profile = fast_create(Profile) | 140 | some_profile = fast_create(Profile) |
136 | some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | 141 | some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } |
test/api/search_test.rb
@@ -3,9 +3,8 @@ require_relative 'test_helper' | @@ -3,9 +3,8 @@ require_relative 'test_helper' | ||
3 | class SearchTest < ActiveSupport::TestCase | 3 | class SearchTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | - @person = create_user('testing').person | 6 | + create_and_activate_user |
7 | end | 7 | end |
8 | - attr_reader :person | ||
9 | 8 | ||
10 | should 'not list unpublished articles' do | 9 | should 'not list unpublished articles' do |
11 | Article.delete_all | 10 | Article.delete_all |
test/api/session_test.rb
@@ -3,6 +3,7 @@ require_relative 'test_helper' | @@ -3,6 +3,7 @@ require_relative 'test_helper' | ||
3 | class SessionTest < ActiveSupport::TestCase | 3 | class SessionTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | + create_and_activate_user | ||
6 | login_api | 7 | login_api |
7 | end | 8 | end |
8 | 9 | ||
@@ -147,10 +148,9 @@ class SessionTest < ActiveSupport::TestCase | @@ -147,10 +148,9 @@ class SessionTest < ActiveSupport::TestCase | ||
147 | end | 148 | end |
148 | 149 | ||
149 | should 'create task to change password by user login' do | 150 | should 'create task to change password by user login' do |
150 | - user = create_user | ||
151 | params = {:value => user.login} | 151 | params = {:value => user.login} |
152 | assert_difference 'ChangePassword.count' do | 152 | assert_difference 'ChangePassword.count' do |
153 | - post "/api/v1/forgot_password?#{params.to_query}" | 153 | + post "/api/v1/forgot_password?#{params.to_query}" |
154 | end | 154 | end |
155 | end | 155 | end |
156 | 156 | ||
@@ -173,8 +173,6 @@ class SessionTest < ActiveSupport::TestCase | @@ -173,8 +173,6 @@ class SessionTest < ActiveSupport::TestCase | ||
173 | end | 173 | end |
174 | 174 | ||
175 | should 'do not change user password when password confirmation is wrong' do | 175 | should 'do not change user password when password confirmation is wrong' do |
176 | - user = create_user | ||
177 | - user.activate | ||
178 | task = ChangePassword.create!(:requestor => user.person) | 176 | task = ChangePassword.create!(:requestor => user.person) |
179 | params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} | 177 | params = {:code => task.code, :password => 'secret', :password_confirmation => 's3cret'} |
180 | patch "/api/v1/new_password?#{params.to_query}" | 178 | patch "/api/v1/new_password?#{params.to_query}" |
@@ -200,8 +198,8 @@ class SessionTest < ActiveSupport::TestCase | @@ -200,8 +198,8 @@ class SessionTest < ActiveSupport::TestCase | ||
200 | end | 198 | end |
201 | 199 | ||
202 | should 'resend activation code for an inactive user' do | 200 | should 'resend activation code for an inactive user' do |
203 | - user = create_user | ||
204 | - params = {:value => user.login} | 201 | + another_user = User.create!(:login => "userlogin", :password => 'testapi', :password_confirmation => 'testapi', :email => 'test2@test.org', :environment => @environment) |
202 | + params = {:value => another_user.login} | ||
205 | Delayed::Job.destroy_all | 203 | Delayed::Job.destroy_all |
206 | assert_difference 'ActionMailer::Base.deliveries.size' do | 204 | assert_difference 'ActionMailer::Base.deliveries.size' do |
207 | post "/api/v1/resend_activation_code?#{params.to_query}" | 205 | post "/api/v1/resend_activation_code?#{params.to_query}" |
@@ -209,13 +207,11 @@ class SessionTest < ActiveSupport::TestCase | @@ -209,13 +207,11 @@ class SessionTest < ActiveSupport::TestCase | ||
209 | end | 207 | end |
210 | json = JSON.parse(last_response.body) | 208 | json = JSON.parse(last_response.body) |
211 | refute json['users'].first['private_token'] | 209 | refute json['users'].first['private_token'] |
212 | - assert_equal user.email, ActionMailer::Base.deliveries.last['to'].to_s | 210 | + assert_equal another_user.email, ActionMailer::Base.deliveries.last['to'].to_s |
213 | end | 211 | end |
214 | 212 | ||
215 | should 'not resend activation code for an active user' do | 213 | should 'not resend activation code for an active user' do |
216 | - user = create_user | ||
217 | params = {:value => user.login} | 214 | params = {:value => user.login} |
218 | - user.activate | ||
219 | Delayed::Job.destroy_all | 215 | Delayed::Job.destroy_all |
220 | assert_no_difference 'ActionMailer::Base.deliveries.size' do | 216 | assert_no_difference 'ActionMailer::Base.deliveries.size' do |
221 | post "/api/v1/resend_activation_code?#{params.to_query}" | 217 | post "/api/v1/resend_activation_code?#{params.to_query}" |
test/api/task_test.rb
@@ -3,8 +3,8 @@ require_relative 'test_helper' | @@ -3,8 +3,8 @@ require_relative 'test_helper' | ||
3 | class TasksTest < ActiveSupport::TestCase | 3 | class TasksTest < ActiveSupport::TestCase |
4 | 4 | ||
5 | def setup | 5 | def setup |
6 | + create_and_activate_user | ||
6 | login_api | 7 | login_api |
7 | - @person = user.person | ||
8 | @community = fast_create(Community) | 8 | @community = fast_create(Community) |
9 | @environment = Environment.default | 9 | @environment = Environment.default |
10 | end | 10 | end |
test/api/test_helper.rb
@@ -4,17 +4,23 @@ class ActiveSupport::TestCase | @@ -4,17 +4,23 @@ class ActiveSupport::TestCase | ||
4 | 4 | ||
5 | include Rack::Test::Methods | 5 | include Rack::Test::Methods |
6 | 6 | ||
7 | + USER_PASSWORD = "testapi" | ||
8 | + USER_LOGIN = "testapi" | ||
9 | + | ||
7 | def app | 10 | def app |
8 | Noosfero::API::API | 11 | Noosfero::API::API |
9 | end | 12 | end |
10 | 13 | ||
11 | - def login_api | 14 | + def create_and_activate_user |
12 | @environment = Environment.default | 15 | @environment = Environment.default |
13 | - @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => @environment) | 16 | + @user = User.create!(:login => USER_LOGIN, :password => USER_PASSWORD, :password_confirmation => USER_PASSWORD, :email => 'test@test.org', :environment => @environment) |
14 | @user.activate | 17 | @user.activate |
15 | @person = @user.person | 18 | @person = @user.person |
19 | + @params = {} | ||
20 | + end | ||
16 | 21 | ||
17 | - post "/api/v1/login?login=testapi&password=testapi" | 22 | + def login_api |
23 | + post "/api/v1/login?login=#{USER_LOGIN}&password=#{USER_PASSWORD}" | ||
18 | json = JSON.parse(last_response.body) | 24 | json = JSON.parse(last_response.body) |
19 | @private_token = json["private_token"] | 25 | @private_token = json["private_token"] |
20 | unless @private_token | 26 | unless @private_token |
@@ -22,12 +28,7 @@ class ActiveSupport::TestCase | @@ -22,12 +28,7 @@ class ActiveSupport::TestCase | ||
22 | @private_token = @user.private_token | 28 | @private_token = @user.private_token |
23 | end | 29 | end |
24 | 30 | ||
25 | - @params = {:private_token => @private_token} | ||
26 | - end | ||
27 | - | ||
28 | - def anonymous_setup | ||
29 | - @environment = Environment.default | ||
30 | - @params = {} | 31 | + @params[:private_token] = @private_token |
31 | end | 32 | end |
32 | 33 | ||
33 | attr_accessor :private_token, :user, :person, :params, :environment | 34 | attr_accessor :private_token, :user, :person, :params, :environment |
test/api/users_test.rb
@@ -3,6 +3,10 @@ require_relative 'test_helper' | @@ -3,6 +3,10 @@ require_relative 'test_helper' | ||
3 | 3 | ||
4 | class UsersTest < ActiveSupport::TestCase | 4 | class UsersTest < ActiveSupport::TestCase |
5 | 5 | ||
6 | + def setup | ||
7 | + create_and_activate_user | ||
8 | + end | ||
9 | + | ||
6 | should 'logger user list users' do | 10 | should 'logger user list users' do |
7 | login_api | 11 | login_api |
8 | get "/api/v1/users/?#{params.to_query}" | 12 | get "/api/v1/users/?#{params.to_query}" |
@@ -35,8 +39,8 @@ class UsersTest < ActiveSupport::TestCase | @@ -35,8 +39,8 @@ class UsersTest < ActiveSupport::TestCase | ||
35 | 39 | ||
36 | should 'not show permissions to logged user' do | 40 | should 'not show permissions to logged user' do |
37 | login_api | 41 | login_api |
38 | - target_person = create_user('some-user').person | ||
39 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 42 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) |
43 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" | ||
40 | json = JSON.parse(last_response.body) | 44 | json = JSON.parse(last_response.body) |
41 | refute json["user"].has_key?("permissions") | 45 | refute json["user"].has_key?("permissions") |
42 | end | 46 | end |
@@ -50,12 +54,10 @@ class UsersTest < ActiveSupport::TestCase | @@ -50,12 +54,10 @@ class UsersTest < ActiveSupport::TestCase | ||
50 | 54 | ||
51 | should 'not show permissions to friend' do | 55 | should 'not show permissions to friend' do |
52 | login_api | 56 | login_api |
53 | - target_person = create_user('some-user').person | 57 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person |
54 | 58 | ||
55 | - f = Friendship.new | ||
56 | - f.friend = target_person | ||
57 | - f.person = person | ||
58 | - f.save! | 59 | + target_person.add_friend(person) |
60 | + person.add_friend(target_person) | ||
59 | 61 | ||
60 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 62 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
61 | json = JSON.parse(last_response.body) | 63 | json = JSON.parse(last_response.body) |
@@ -64,19 +66,21 @@ class UsersTest < ActiveSupport::TestCase | @@ -64,19 +66,21 @@ class UsersTest < ActiveSupport::TestCase | ||
64 | 66 | ||
65 | should 'not show private attribute to logged user' do | 67 | should 'not show private attribute to logged user' do |
66 | login_api | 68 | login_api |
67 | - target_person = create_user('some-user').person | ||
68 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 69 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) |
70 | + | ||
71 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" | ||
69 | json = JSON.parse(last_response.body) | 72 | json = JSON.parse(last_response.body) |
70 | - refute json["user"].has_key?("email") | 73 | + assert_equal 200, last_response.status |
74 | + assert_nil json['user']['email'] | ||
75 | + assert_nil json['user']['person'] | ||
71 | end | 76 | end |
72 | 77 | ||
73 | should 'show private attr to friend' do | 78 | should 'show private attr to friend' do |
74 | login_api | 79 | login_api |
75 | - target_person = create_user('some-user').person | ||
76 | - f = Friendship.new | ||
77 | - f.friend = target_person | ||
78 | - f.person = person | ||
79 | - f.save! | 80 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person |
81 | + target_person.add_friend(person) | ||
82 | + person.add_friend(target_person) | ||
83 | + | ||
80 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 84 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
81 | json = JSON.parse(last_response.body) | 85 | json = JSON.parse(last_response.body) |
82 | assert json["user"].has_key?("email") | 86 | assert json["user"].has_key?("email") |
@@ -85,9 +89,12 @@ class UsersTest < ActiveSupport::TestCase | @@ -85,9 +89,12 @@ class UsersTest < ActiveSupport::TestCase | ||
85 | 89 | ||
86 | should 'show public attribute to logged user' do | 90 | should 'show public attribute to logged user' do |
87 | login_api | 91 | login_api |
88 | - target_person = create_user('some-user').person | 92 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person |
93 | + target_person.public_profile = true | ||
94 | + target_person.visible = true | ||
89 | target_person.fields_privacy={:email=> 'public'} | 95 | target_person.fields_privacy={:email=> 'public'} |
90 | target_person.save! | 96 | target_person.save! |
97 | + | ||
91 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 98 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
92 | json = JSON.parse(last_response.body) | 99 | json = JSON.parse(last_response.body) |
93 | assert json["user"].has_key?("email") | 100 | assert json["user"].has_key?("email") |
@@ -98,7 +105,7 @@ class UsersTest < ActiveSupport::TestCase | @@ -98,7 +105,7 @@ class UsersTest < ActiveSupport::TestCase | ||
98 | login_api | 105 | login_api |
99 | Environment.default.add_admin(person) | 106 | Environment.default.add_admin(person) |
100 | 107 | ||
101 | - target_person = create_user('some-user').person | 108 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person |
102 | target_person.fields_privacy={:email=> 'public'} | 109 | target_person.fields_privacy={:email=> 'public'} |
103 | target_person.save! | 110 | target_person.save! |
104 | 111 | ||
@@ -110,9 +117,10 @@ class UsersTest < ActiveSupport::TestCase | @@ -110,9 +117,10 @@ class UsersTest < ActiveSupport::TestCase | ||
110 | end | 117 | end |
111 | 118 | ||
112 | should 'show public fields to anonymous' do | 119 | should 'show public fields to anonymous' do |
113 | - anonymous_setup | ||
114 | - target_person = create_user('some-user').person | 120 | + target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person |
115 | target_person.fields_privacy={:email=> 'public'} | 121 | target_person.fields_privacy={:email=> 'public'} |
122 | + target_person.public_profile = true | ||
123 | + target_person.visible = true | ||
116 | target_person.save! | 124 | target_person.save! |
117 | 125 | ||
118 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 126 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
@@ -121,11 +129,9 @@ class UsersTest < ActiveSupport::TestCase | @@ -121,11 +129,9 @@ class UsersTest < ActiveSupport::TestCase | ||
121 | end | 129 | end |
122 | 130 | ||
123 | should 'hide private fields to anonymous' do | 131 | should 'hide private fields to anonymous' do |
124 | - anonymous_setup | ||
125 | - target_person = create_user('some-user').person | ||
126 | - target_person.save! | 132 | + target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment) |
127 | 133 | ||
128 | - get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | 134 | + get "/api/v1/users/#{target_user.id}/?#{params.to_query}" |
129 | json = JSON.parse(last_response.body) | 135 | json = JSON.parse(last_response.body) |
130 | refute json["user"].has_key?("permissions") | 136 | refute json["user"].has_key?("permissions") |
131 | refute json["user"].has_key?("activated") | 137 | refute json["user"].has_key?("activated") |
test/unit/organization_test.rb
@@ -458,7 +458,7 @@ class OrganizationTest < ActiveSupport::TestCase | @@ -458,7 +458,7 @@ class OrganizationTest < ActiveSupport::TestCase | ||
458 | refute c.is_admin?(moderator) | 458 | refute c.is_admin?(moderator) |
459 | end | 459 | end |
460 | 460 | ||
461 | - should 'fetch organizations there are visible for a user' do | 461 | + should 'fetch organizations that are visible for users' do |
462 | person = create_user('some-person').person | 462 | person = create_user('some-person').person |
463 | admin = create_user('some-admin').person | 463 | admin = create_user('some-admin').person |
464 | env_admin = create_user('env-admin').person | 464 | env_admin = create_user('env-admin').person |
@@ -513,18 +513,58 @@ class OrganizationTest < ActiveSupport::TestCase | @@ -513,18 +513,58 @@ class OrganizationTest < ActiveSupport::TestCase | ||
513 | assert_includes env_admin_orgs, o7 | 513 | assert_includes env_admin_orgs, o7 |
514 | end | 514 | end |
515 | 515 | ||
516 | - should 'fetch organizations there are visible for a visitor' do | ||
517 | - visitor = nil | ||
518 | - Organization.destroy_all | 516 | + should 'fetch organizations that are listed for users' do |
517 | + person = create_user('some-person').person | ||
518 | + admin = create_user('some-admin').person | ||
519 | + env_admin = create_user('env-admin').person | ||
520 | + | ||
519 | o1 = fast_create(Organization, :public_profile => true , :visible => true ) | 521 | o1 = fast_create(Organization, :public_profile => true , :visible => true ) |
520 | - o2 = fast_create(Organization, :public_profile => false, :visible => true ) | ||
521 | - o3 = fast_create(Organization, :public_profile => true , :visible => false) | ||
522 | - o4 = fast_create(Organization, :public_profile => false, :visible => false) | ||
523 | - person_orgs = Organization.visible_for_person(visitor) | ||
524 | - assert_includes person_orgs, o1 | ||
525 | - assert_not_includes person_orgs, o2 | ||
526 | - assert_not_includes person_orgs, o3 | ||
527 | - assert_not_includes person_orgs, o4 | ||
528 | - end | 522 | + o1.add_admin(admin) |
523 | + o1.add_member(person) | ||
524 | + | ||
525 | + o2 = fast_create(Organization, :public_profile => true , :visible => true ) | ||
526 | + o3 = fast_create(Organization, :public_profile => false, :visible => true ) | ||
527 | + | ||
528 | + o4 = fast_create(Organization, :public_profile => false, :visible => true) | ||
529 | + o4.add_admin(admin) | ||
530 | + o4.add_member(person) | ||
531 | + | ||
532 | + o5 = fast_create(Organization, :public_profile => true , :visible => false) | ||
533 | + o5.add_admin(admin) | ||
534 | + o5.add_member(person) | ||
535 | + | ||
536 | + o6 = fast_create(Enterprise, :enabled => false, :visible => true) | ||
537 | + o6.add_admin(admin) | ||
538 | + | ||
539 | + o7 = fast_create(Organization, :public_profile => false, :visible => false) | ||
540 | + | ||
541 | + Environment.default.add_admin(env_admin) | ||
542 | + | ||
543 | + person_orgs = Organization.listed_for_person(person) | ||
544 | + admin_orgs = Organization.listed_for_person(admin) | ||
545 | + env_admin_orgs = Organization.listed_for_person(env_admin) | ||
546 | + | ||
547 | + assert_includes person_orgs, o1 | ||
548 | + assert_includes admin_orgs, o1 | ||
549 | + assert_includes env_admin_orgs, o1 | ||
550 | + | ||
551 | + assert_includes person_orgs, o2 | ||
552 | + assert_includes env_admin_orgs, o2 | ||
553 | + assert_includes person_orgs, o3 | ||
554 | + assert_includes env_admin_orgs, o3 | ||
555 | + | ||
556 | + assert_includes person_orgs, o4 | ||
557 | + assert_includes admin_orgs, o4 | ||
558 | + assert_includes env_admin_orgs, o4 | ||
559 | + | ||
560 | + assert_not_includes person_orgs, o5 | ||
561 | + assert_includes admin_orgs, o5 | ||
562 | + assert_includes env_admin_orgs, o5 | ||
529 | 563 | ||
564 | + assert_not_includes person_orgs, o6 | ||
565 | + assert_includes admin_orgs, o6 | ||
566 | + | ||
567 | + assert_not_includes person_orgs, o7 | ||
568 | + assert_includes env_admin_orgs, o7 | ||
569 | + end | ||
530 | end | 570 | end |
test/unit/person_test.rb
@@ -1951,17 +1951,4 @@ class PersonTest < ActiveSupport::TestCase | @@ -1951,17 +1951,4 @@ class PersonTest < ActiveSupport::TestCase | ||
1951 | person.save! | 1951 | person.save! |
1952 | end | 1952 | end |
1953 | 1953 | ||
1954 | - should 'fetch people there are visible for a visitor' do | ||
1955 | - person = nil | ||
1956 | - p1 = fast_create(Person, :public_profile => true , :visible => true) | ||
1957 | - p2 = fast_create(Person, :public_profile => false, :visible => true) | ||
1958 | - p3 = fast_create(Person, :public_profile => true , :visible => false) | ||
1959 | - p4 = fast_create(Person, :public_profile => false, :visible => false) | ||
1960 | - people_visible_by_visitor = Person.visible_for_person(person) | ||
1961 | - assert_includes people_visible_by_visitor, p1 | ||
1962 | - assert_not_includes people_visible_by_visitor, p2 | ||
1963 | - assert_not_includes people_visible_by_visitor, p3 | ||
1964 | - assert_not_includes people_visible_by_visitor, p4 | ||
1965 | - end | ||
1966 | - | ||
1967 | end | 1954 | end |