From adeac9bc4d203166de6229d11a0ecedec21935a7 Mon Sep 17 00:00:00 2001 From: Carlos Purificacao Date: Tue, 19 Apr 2016 16:42:30 -0300 Subject: [PATCH] Allowed settings for environments if user is admin --- lib/noosfero/api/entities.rb | 1 + lib/noosfero/api/helpers.rb | 5 +++++ lib/noosfero/api/v1/environments.rb | 3 ++- test/api/environment_test.rb | 30 +++++++++++++++++++++++++++++- 4 files changed, 37 insertions(+), 2 deletions(-) diff --git a/lib/noosfero/api/entities.rb b/lib/noosfero/api/entities.rb index 7d3791e..531b876 100644 --- a/lib/noosfero/api/entities.rb +++ b/lib/noosfero/api/entities.rb @@ -233,6 +233,7 @@ module Noosfero expose :name expose :id expose :description + expose :settings, if: lambda { |instance, options| options[:is_admin] } end class Tag < Entity diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb index dcdae61..3765ff2 100644 --- a/lib/noosfero/api/helpers.rb +++ b/lib/noosfero/api/helpers.rb @@ -30,6 +30,11 @@ require_relative '../../find_by_contents' current_user.person unless current_user.nil? end + def is_admin?(environment) + return false unless current_user + return current_person.is_admin?(environment) + end + def logout @current_user = nil end diff --git a/lib/noosfero/api/v1/environments.rb b/lib/noosfero/api/v1/environments.rb index 070f095..f0b26ad 100644 --- a/lib/noosfero/api/v1/environments.rb +++ b/lib/noosfero/api/v1/environments.rb @@ -19,7 +19,8 @@ module Noosfero else resultEnvironment = Environment.find(params[:id]) end - present resultEnvironment, :with => Entities::Environment + is_admin = is_admin?(resultEnvironment) + present resultEnvironment, :with => Entities::Environment, :is_admin => is_admin?(resultEnvironment) end end diff --git a/test/api/environment_test.rb b/test/api/environment_test.rb index 58b91b5..932cac6 100644 --- a/test/api/environment_test.rb +++ b/test/api/environment_test.rb @@ -19,10 +19,38 @@ class EnvironmentTest < ActiveSupport::TestCase get "/api/v1/environment/default" json = JSON.parse(last_response.body) assert_equal environment.id, json['id'] - puts "json: #{json}" assert_nil json['settings'] end + def create_admin_user(env) + admin_user = User.find_by(login: 'adminuser') || create_user('adminuser', :email => 'adminuser@noosfero.org', :password => 'adminuser', :password_confirmation => 'adminuser', :environment => env) + admin_role = Role.find_by(name: 'admin_role') || Role.create!(:name => 'admin_role', :permissions => ['view_environment_admin_panel','edit_environment_features', 'edit_environment_design', 'manage_environment_categories', 'manage_environment_roles', 'manage_environment_trusted_sites', 'manage_environment_validators', 'manage_environment_users', 'manage_environment_organizations', 'manage_environment_templates', 'manage_environment_licenses', 'edit_appearance']) + create(RoleAssignment, :accessor => admin_user.person, :role => admin_role, :resource => env) unless admin_user.person.role_assignments.map{|ra|[ra.role, ra.accessor, ra.resource]}.include?([admin_role, admin_user, env]) + admin_user.activate + admin_user + end + + def login_admin + environment = Environment.default + admin_user = create_admin_user(environment) + params = {:login => "adminuser", :password => "adminuser"} + post "/api/v1/login?#{params.to_query}" + json = JSON.parse(last_response.body) + private_token = json['user']["private_token"] + assert !private_token.blank? + assert_equal admin_user.private_token, private_token + @params = {:private_token => private_token} + end + + should 'return the default environment settings for admin' do + login_admin + environment = Environment.default + get "/api/v1/environment/default?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal environment.id, json['id'] + assert_equal environment.settings, json['settings'] + end + should 'return the default environment description' do environment = Environment.default get "/api/v1/environment/default" -- libgit2 0.21.2