Commit a4502c008117e31154378bd3cc9f485ffc261c6e
Exists in
staging
and in
1 other branch
Merge branch 'master' into staging
Showing
2 changed files
with
12 additions
and
1 deletions
Show diff stats
app/api/v1/articles.rb
| ... | ... | @@ -284,7 +284,7 @@ module Api |
| 284 | 284 | |
| 285 | 285 | if params[:path].present? |
| 286 | 286 | article = profile.articles.find_by path: params[:path] |
| 287 | - if !article || !article.display_to?(current_person) | |
| 287 | + if article && !article.display_to?(current_person) | |
| 288 | 288 | article = forbidden! |
| 289 | 289 | end |
| 290 | 290 | ... | ... |
test/api/articles_test.rb
| ... | ... | @@ -386,6 +386,17 @@ class ArticlesTest < ActiveSupport::TestCase |
| 386 | 386 | assert_equal article.id, json["article"]["id"] |
| 387 | 387 | end |
| 388 | 388 | |
| 389 | + should "return an empty array if theres id no article in path of #{kind}" do | |
| 390 | + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) | |
| 391 | + parent_article = Folder.create!(:profile => profile, :name => "Parent Folder") | |
| 392 | + article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article) | |
| 393 | + | |
| 394 | + params[:path] = 'no-path' | |
| 395 | + get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}" | |
| 396 | + json = JSON.parse(last_response.body) | |
| 397 | + assert_nil json["article"] | |
| 398 | + end | |
| 399 | + | |
| 389 | 400 | should "not return article by #{kind} and path if user has no permission to view it" do |
| 390 | 401 | profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) |
| 391 | 402 | parent_article = Folder.create!(:profile => profile, :name => "Parent Folder") | ... | ... |