Allowed settings for environments if user is admin

Carlos Purificação · Leandro Santos
1 parent ecb1bf67
Showing 4 changed files with 37 additions and 2 deletions Show diff stats
lib/noosfero/api/entities.rb
lib/noosfero/api/helpers.rb
lib/noosfero/api/v1/environments.rb
test/api/environment_test.rb
@@ -233,6 +233,7 @@ module Noosfero
         expose :name
         expose :id
         expose :description
+        expose :settings, if: lambda { |instance, options| options[:is_admin] }
       end
  
       class Tag < Entity
@@ -30,6 +30,11 @@ require_relative &#39;../../find_by_contents&#39;
         current_user.person unless current_user.nil?
       end
  
+      def is_admin?(environment)
+        return false unless current_user
+        return current_person.is_admin?(environment)
+      end
+
       def logout
         @current_user = nil
       end
@@ -19,7 +19,8 @@ module Noosfero
             else
               resultEnvironment = Environment.find(params[:id])
             end
-            present resultEnvironment, :with => Entities::Environment
+            is_admin = is_admin?(resultEnvironment)
+            present resultEnvironment, :with => Entities::Environment, :is_admin => is_admin?(resultEnvironment)
           end
  
         end
@@ -19,10 +19,38 @@ class EnvironmentTest &lt; ActiveSupport::TestCase
     get "/api/v1/environment/default"
     json = JSON.parse(last_response.body)
     assert_equal environment.id, json['id']
-    puts "json: #{json}"
     assert_nil json['settings']
   end
  
+  def create_admin_user(env)
+    admin_user = User.find_by(login: 'adminuser') || create_user('adminuser', :email => 'adminuser@noosfero.org', :password => 'adminuser', :password_confirmation => 'adminuser', :environment => env)
+    admin_role = Role.find_by(name: 'admin_role') || Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_trusted_sites', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_organizations', 'manage_environment_templates', 'manage_environment_licenses', 'edit_appearance'])
+    create(RoleAssignment, :accessor => admin_user.person, :role => admin_role, :resource => env) unless admin_user.person.role_assignments.map{|ra|[ra.role, ra.accessor, ra.resource]}.include?([admin_role, admin_user, env])
+    admin_user.activate
+    admin_user
+  end
+
+  def login_admin
+    environment = Environment.default
+    admin_user = create_admin_user(environment)
+    params = {:login => "adminuser", :password => "adminuser"}
+    post "/api/v1/login?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    private_token = json['user']["private_token"]
+    assert !private_token.blank?
+    assert_equal admin_user.private_token, private_token
+    @params = {:private_token => private_token}
+  end
+
+  should 'return the default environment settings for admin' do
+    login_admin
+    environment = Environment.default
+    get "/api/v1/environment/default?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal environment.id, json['id']
+    assert_equal environment.settings, json['settings']
+  end
+
   should 'return the default environment description' do
     environment = Environment.default
     get "/api/v1/environment/default"
...	...	@@ -233,6 +233,7 @@ module Noosfero
233	233	expose :name
234	234	expose :id
235	235	expose :description
	236	+ expose :settings, if: lambda { \|instance, options\| options[:is_admin] }
236	237	end
237	238
238	239	class Tag < Entity
...	...
...	...	@@ -30,6 +30,11 @@ require_relative '../../find_by_contents'
30	30	current_user.person unless current_user.nil?
31	31	end
32	32
	33	+ def is_admin?(environment)
	34	+ return false unless current_user
	35	+ return current_person.is_admin?(environment)
	36	+ end
	37	+
33	38	def logout
34	39	@current_user = nil
35	40	end
...	...
...	...	@@ -19,7 +19,8 @@ module Noosfero
19	19	else
20	20	resultEnvironment = Environment.find(params[:id])
21	21	end
22		- present resultEnvironment, :with => Entities::Environment
	22	+ is_admin = is_admin?(resultEnvironment)
	23	+ present resultEnvironment, :with => Entities::Environment, :is_admin => is_admin?(resultEnvironment)
23	24	end
24	25
25	26	end
...	...
...	...	@@ -19,10 +19,38 @@ class EnvironmentTest < ActiveSupport::TestCase
19	19	get "/api/v1/environment/default"
20	20	json = JSON.parse(last_response.body)
21	21	assert_equal environment.id, json['id']
22		- puts "json: #{json}"
23	22	assert_nil json['settings']
24	23	end
25	24
	25	+ def create_admin_user(env)
	26	+ admin_user = User.find_by(login: 'adminuser') \|\| create_user('adminuser', :email => 'adminuser@noosfero.org', :password => 'adminuser', :password_confirmation => 'adminuser', :environment => env)
	27	+ admin_role = Role.find_by(name: 'admin_role') \|\| Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_trusted_sites', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_organizations', 'manage_environment_templates', 'manage_environment_licenses', 'edit_appearance'])
	28	+ create(RoleAssignment, :accessor => admin_user.person, :role => admin_role, :resource => env) unless admin_user.person.role_assignments.map{\|ra\|[ra.role, ra.accessor, ra.resource]}.include?([admin_role, admin_user, env])
	29	+ admin_user.activate
	30	+ admin_user
	31	+ end
	32	+
	33	+ def login_admin
	34	+ environment = Environment.default
	35	+ admin_user = create_admin_user(environment)
	36	+ params = {:login => "adminuser", :password => "adminuser"}
	37	+ post "/api/v1/login?#{params.to_query}"
	38	+ json = JSON.parse(last_response.body)
	39	+ private_token = json['user']["private_token"]
	40	+ assert !private_token.blank?
	41	+ assert_equal admin_user.private_token, private_token
	42	+ @params = {:private_token => private_token}
	43	+ end
	44	+
	45	+ should 'return the default environment settings for admin' do
	46	+ login_admin
	47	+ environment = Environment.default
	48	+ get "/api/v1/environment/default?#{params.to_query}"
	49	+ json = JSON.parse(last_response.body)
	50	+ assert_equal environment.id, json['id']
	51	+ assert_equal environment.settings, json['settings']
	52	+ end
	53	+
26	54	should 'return the default environment description' do
27	55	environment = Environment.default
28	56	get "/api/v1/environment/default"
...	...