Download as
Browse Code »

Commit b8a9f0b933ba576b6c4f08de68ea06d95ea83c71

Authored by Leandro Santos
2 parents cb32bc3f 4bfa4aaa
Exists in staging and in 1 other branch production

merge with master

Showing 12 changed files with 445 additions and 150 deletions   Show diff stats
app/api/entities.rb
  Diff comments   View file @b8a9f0b
... ... @@ -111,6 +111,10 @@ module Api
111 111 hash[value.custom_field.name]=value.value
112 112 end
113 113  
  114 + profile.public_fields.each do |field|
  115 + hash[field] = profile.send(field.to_sym)
  116 + end
  117 +
114 118 private_values = profile.custom_field_values - profile.public_values
115 119 private_values.each do |value|
116 120 if Entities.can_display_profile_field?(profile,options)
... ... @@ -259,6 +263,14 @@ module Api
259 263 root 'tasks', 'task'
260 264 expose :id
261 265 expose :type
  266 + expose :requestor, using: Profile
  267 + expose :status
  268 + expose :created_at
  269 + expose :data
  270 + expose :target do |task, options|
  271 + type_map = {Profile => ::Profile, Environment => ::Environment}.find {|h| task.target.kind_of?(h.last)}
  272 + type_map.first.represent(task.target) unless type_map.nil?
  273 + end
262 274 end
263 275  
264 276 class Environment < Entity
... ... @@ -266,6 +278,9 @@ module Api
266 278 expose :id
267 279 expose :description
268 280 expose :layout_template
  281 + expose :signup_intro
  282 + expose :terms_of_use
  283 + expose :top_url, as: :host
269 284 expose :settings, if: lambda { |instance, options| options[:is_admin] }
270 285 end
271 286  
... ...
app/api/helpers.rb
  Diff comments   View file @b8a9f0b
... ... @@ -4,7 +4,7 @@ require &#39;tempfile&#39;
4 4 module Api
5 5 module Helpers
6 6 PRIVATE_TOKEN_PARAM = :private_token
7   - DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived]
  7 + ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived, :status]
8 8  
9 9 include SanitizeParams
10 10 include Noosfero::Plugin::HotSpot
... ... @@ -135,8 +135,8 @@ module Api
135 135 present_partial article, with: Entities::Article, params: params, current_person: current_person
136 136 end
137 137  
138   - def present_articles_for_asset(asset, method = 'articles')
139   - articles = find_articles(asset, method)
  138 + def present_articles_for_asset(asset, method_or_relation = 'articles')
  139 + articles = find_articles(asset, method_or_relation)
140 140 present_articles(articles)
141 141 end
142 142  
... ... @@ -144,8 +144,8 @@ module Api
144 144 present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
145 145 end
146 146  
147   - def find_articles(asset, method = 'articles')
148   - articles = select_filtered_collection_of(asset, method, params)
  147 + def find_articles(asset, method_or_relation = 'articles')
  148 + articles = select_filtered_collection_of(asset, method_or_relation, params)
149 149 if current_person.present?
150 150 articles = articles.display_filter(current_person, nil)
151 151 else
... ... @@ -154,14 +154,17 @@ module Api
154 154 articles
155 155 end
156 156  
157   - def find_task(asset, id)
158   - task = asset.tasks.find(id)
  157 + def find_task(asset, method_or_relation, id)
  158 + task = is_a_relation?(method_or_relation) ? method_or_relation : asset.send(method_or_relation)
  159 + task = task.find_by_id(id)
  160 + not_found! if task.blank?
159 161 current_person.has_permission?(task.permission, asset) ? task : forbidden!
160 162 end
161 163  
162 164 def post_task(asset, params)
163 165 klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
164 166 return forbidden! unless klass_type.constantize <= Task
  167 + return forbidden! if !current_person.has_permission?(:perform_task, asset)
165 168  
166 169 task = klass_type.constantize.new(params[:task])
167 170 task.requestor_id = current_person.id
... ... @@ -174,15 +177,24 @@ module Api
174 177 present_partial task, :with => Entities::Task
175 178 end
176 179  
177   - def present_task(asset)
178   - task = find_task(asset, params[:id])
  180 + def find_tasks(asset, method_or_relation = 'tasks')
  181 + return forbidden! if !current_person.has_permission?(:perform_task, asset)
  182 + tasks = select_filtered_collection_of(asset, method_or_relation, params)
  183 + tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
  184 + tasks
  185 + end
  186 +
  187 + def present_task(asset, method_or_relation = 'tasks')
  188 + task = find_task(asset, method_or_relation, params[:id])
179 189 present_partial task, :with => Entities::Task
180 190 end
181 191  
182   - def present_tasks(asset)
183   - tasks = select_filtered_collection_of(asset, 'tasks', params)
184   - tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
185   - return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
  192 + def present_tasks_for_asset(asset, method_or_relation = 'tasks')
  193 + tasks = find_tasks(asset, method_or_relation)
  194 + present_tasks(tasks)
  195 + end
  196 +
  197 + def present_tasks(tasks)
186 198 present_partial tasks, :with => Entities::Task
187 199 end
188 200  
... ... @@ -191,7 +203,6 @@ module Api
191 203 conditions = {}
192 204 from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from]
193 205 until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until]
194   -
195 206 conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil?
196 207  
197 208 conditions[:created_at] = period(from_date, until_date) if from_date || until_date
... ... @@ -201,7 +212,7 @@ module Api
201 212 end
202 213  
203 214 # changing make_order_with_parameters to avoid sql injection
204   - def make_order_with_parameters(object, method, params)
  215 + def make_order_with_parameters(object, method_or_relation, params)
205 216 order = "created_at DESC"
206 217 unless params[:order].blank?
207 218 if params[:order].include? '\'' or params[:order].include? '"'
... ... @@ -210,9 +221,9 @@ module Api
210 221 order = 'RANDOM()'
211 222 else
212 223 field_name, direction = params[:order].split(' ')
213   - assoc = object.class.reflect_on_association(method.to_sym)
214   - if !field_name.blank? and assoc
215   - if assoc.klass.attribute_names.include? field_name
  224 + assoc_class = extract_associated_classname(method_or_relation)
  225 + if !field_name.blank? and assoc_class
  226 + if assoc_class.attribute_names.include? field_name
216 227 if direction.present? and ['ASC','DESC'].include? direction.upcase
217 228 order = "#{field_name} #{direction.upcase}"
218 229 end
... ... @@ -223,12 +234,14 @@ module Api
223 234 return order
224 235 end
225 236  
226   - def make_timestamp_with_parameters_and_method(params, method)
  237 + def make_timestamp_with_parameters_and_method(params, method_or_relation)
227 238 timestamp = nil
228 239 if params[:timestamp]
229 240 datetime = DateTime.parse(params[:timestamp])
230   - table_name = method.to_s.singularize.camelize.constantize.table_name
231   - timestamp = "#{table_name}.updated_at >= '#{datetime}'"
  241 + table_name = extract_associated_tablename(method_or_relation)
  242 + assoc_class = extract_associated_classname(method_or_relation)
  243 + date_atrr = assoc_class.attribute_names.include?('updated_at') ? 'updated_at' : 'created_at'
  244 + timestamp = "#{table_name}.#{date_atrr} >= '#{datetime}'"
232 245 end
233 246  
234 247 timestamp
... ... @@ -263,12 +276,12 @@ module Api
263 276 scope
264 277 end
265 278  
266   - def select_filtered_collection_of(object, method, params)
  279 + def select_filtered_collection_of(object, method_or_relation, params)
267 280 conditions = make_conditions_with_parameter(params)
268   - order = make_order_with_parameters(object,method,params)
269   - timestamp = make_timestamp_with_parameters_and_method(params, method)
  281 + order = make_order_with_parameters(object,method_or_relation,params)
  282 + timestamp = make_timestamp_with_parameters_and_method(params, method_or_relation)
270 283  
271   - objects = object.send(method)
  284 + objects = is_a_relation?(method_or_relation) ? method_or_relation : object.send(method_or_relation)
272 285 objects = by_reference(objects, params)
273 286 objects = by_categories(objects, params)
274 287 [:start_date, :end_date].each { |attribute| objects = by_period(objects, params, attribute) }
... ... @@ -437,10 +450,27 @@ module Api
437 450 end
438 451 private
439 452  
  453 + def extract_associated_tablename(method_or_relation)
  454 + extract_associated_classname(method_or_relation).table_name
  455 + end
  456 +
  457 + def extract_associated_classname(method_or_relation)
  458 + if is_a_relation?(method_or_relation)
  459 + method_or_relation.blank? ? '' : method_or_relation.first.class
  460 + else
  461 + method_or_relation.to_s.singularize.camelize.constantize
  462 + end
  463 + end
  464 +
  465 + def is_a_relation?(method_or_relation)
  466 + method_or_relation.kind_of?(ActiveRecord::Relation)
  467 + end
  468 +
  469 +
440 470 def parser_params(params)
441 471 parsed_params = {}
442 472 params.map do |k,v|
443   - parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym)
  473 + parsed_params[k.to_sym] = v if ALLOWED_PARAMETERS.include?(k.to_sym)
444 474 end
445 475 parsed_params
446 476 end
... ...
app/api/v1/tasks.rb
  Diff comments   View file @b8a9f0b
1 1 module Api
2 2 module V1
3 3 class Tasks < Grape::API
4   -# before { authenticate! }
  4 + before { authenticate! }
5 5  
6   -# ARTICLE_TYPES = Article.descendants.map{|a| a.to_s}
  6 + MAX_PER_PAGE = 50
7 7  
8 8 resource :tasks do
9 9  
10   - # Collect tasks
  10 + paginate max_per_page: MAX_PER_PAGE
  11 + # Collect all tasks that current person has permission
11 12 #
12 13 # Parameters:
13 14 # from - date where the search will begin. If nothing is passed the default date will be the date of the first article created
... ... @@ -17,15 +18,22 @@ module Api
17 18 # Example Request:
18 19 # GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
19 20 get do
20   - tasks = select_filtered_collection_of(environment, 'tasks', params)
21   - tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)}
22   - present_partial tasks, :with => Entities::Task
  21 + tasks = Task.to(current_person)
  22 + present_tasks_for_asset(current_person, tasks)
23 23 end
24 24  
25 25 desc "Return the task id"
26 26 get ':id' do
27   - task = find_task(environment, params[:id])
28   - present_partial task, :with => Entities::Task
  27 + present_task(current_person, Task.to(current_person))
  28 + end
  29 +
  30 + %w[finish cancel].each do |action|
  31 + desc "#{action.capitalize} a task"
  32 + put ":id/#{action}" do
  33 + task = find_task(current_person, Task.to(current_person), params[:id])
  34 + task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
  35 + present_partial task, :with => Entities::Task
  36 + end
29 37 end
30 38 end
31 39  
... ... @@ -36,7 +44,8 @@ module Api
36 44 resource :tasks do
37 45 get do
38 46 profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
39   - present_tasks(profile)
  47 + tasks = Task.to(profile)
  48 + present_tasks_for_asset(profile, tasks)
40 49 end
41 50  
42 51 get ':id' do
... ...
app/controllers/my_profile/tasks_controller.rb
  Diff comments   View file @b8a9f0b
... ... @@ -18,7 +18,7 @@ class TasksController &lt; MyProfileController
18 18 @task_types = Task.pending_types_for(profile)
19 19 @task_tags = [OpenStruct.new(:name => _('All'), :id => nil) ] + Task.all_tags
20 20  
21   - @tasks = Task.pending_all(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
  21 + @tasks = Task.pending_all_by_filter(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
22 22 @tasks = @tasks.where(:responsible_id => @filter_responsible.to_i != -1 ? @filter_responsible : nil) if @filter_responsible.present?
23 23 @tasks = @tasks.tagged_with(@filter_tags, any: true) if @filter_tags.present?
24 24 @tasks = @tasks.paginate(:per_page => Task.per_page, :page => params[:page])
... ... @@ -121,7 +121,7 @@ class TasksController &lt; MyProfileController
121 121 def search_tasks
122 122 filter_type = params[:filter_type].presence
123 123 filter_text = params[:filter_text].presence
124   - result = Task.pending_all(profile,filter_type, filter_text)
  124 + result = Task.pending_all_by_filter(profile,filter_type, filter_text)
125 125  
126 126 render :json => result.map { |task| {:label => task.data[:name], :value => task.data[:name]} }
127 127 end
... ...
app/helpers/boxes_helper.rb
  Diff comments   View file @b8a9f0b
... ... @@ -285,7 +285,7 @@ module BoxesHelper
285 285 end
286 286  
287 287 if block.respond_to?(:help)
288   - buttons << modal_inline_icon(:help, _('Help on this block'), {}, "#help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help, :style => 'margin-bottom: 1em;') + modal_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
  288 + buttons << modal_inline_icon(:help, _('Help on this block'), {}, "#help-on-box-#{block.id}") << content_tag('div', content_tag('h2', _('Help')) + content_tag('div', block.help.html_safe, :style => 'margin-bottom: 1em;') + modal_close_button(_('Close')), :style => 'display: none;', :id => "help-on-box-#{block.id}")
289 289 end
290 290  
291 291 if block.embedable?
... ...
app/models/task.rb
  Diff comments   View file @b8a9f0b
... ... @@ -337,7 +337,7 @@ class Task &lt; ApplicationRecord
337 337 where "LOWER(#{field}) LIKE ?", "%#{value.downcase}%"
338 338 end
339 339 }
340   - scope :pending_all, -> profile, filter_type, filter_text {
  340 + scope :pending_all_by_filter, -> profile, filter_type, filter_text {
341 341 self.to(profile).without_spam.pending.of(filter_type).like('data', filter_text)
342 342 }
343 343  
... ... @@ -346,10 +346,17 @@ class Task &lt; ApplicationRecord
346 346 if profile.person?
347 347 envs_ids = Environment.all.select{ |env| profile.is_admin?(env) }.map{ |env| "target_id = #{env.id}"}.join(' OR ')
348 348 environment_condition = envs_ids.blank? ? nil : "(target_type = 'Environment' AND (#{envs_ids}))"
  349 +
  350 + organizations = profile.memberships.all.select do |organization|
  351 + profile.has_permission?(:perform_task, organization)
  352 + end
  353 + organization_ids = organizations.map{ |organization| "target_id = #{organization.id}"}.join(' OR ')
  354 +
  355 + organization_conditions = organization_ids.blank? ? nil : "(target_type = 'Profile' AND (#{organization_ids}))"
349 356 end
350 357 profile_condition = "(target_type = 'Profile' AND target_id = #{profile.id})"
351 358  
352   - where [environment_condition, profile_condition].compact.join(' OR ')
  359 + where [environment_condition, organization_conditions, profile_condition].compact.join(' OR ')
353 360 }
354 361  
355 362 scope :from_closed_date, -> closed_from {
... ...
app/views/box_organizer/show_block_type_info.html.erb
  Diff comments   View file @b8a9f0b
... ... @@ -15,7 +15,7 @@
15 15 <div id="block-info-description">
16 16 <h2><%= _('Description') %></h2>
17 17 <p><%= @block.class.description %></p>
18   - <p><%= @block.help if @block.class.method_defined?(:help) %></p>
  18 + <p><%= @block.help.html_safe if @block.class.method_defined?(:help) %></p>
19 19 </div>
20 20  
21 21 </div>
... ...
plugins/proposals_discussion
  Diff comments   View file @b8a9f0b
1   -Subproject commit dabe481afb873d2e409a03f1b83bfbc849027f44
  1 +Subproject commit 3d50338b0fee72107cb18b5a93f3c051c4ff31d9
... ...
test/api/profiles_test.rb
  Diff comments   View file @b8a9f0b
... ... @@ -123,6 +123,24 @@ class ProfilesTest &lt; ActiveSupport::TestCase
123 123 assert_equal community.id, json['id']
124 124 end
125 125  
  126 + should 'display profile public fields to anonymous' do
  127 + some_person = create_user('test', { :email => "lappis@unb.br" }).person
  128 + Person.any_instance.stubs(:public_fields).returns(["email"])
  129 +
  130 + get "/api/v1/profiles/#{some_person.id}?#{params.to_query}"
  131 + json = JSON.parse(last_response.body)
  132 + assert json['additional_data'].has_key?('email')
  133 + assert_equal "lappis@unb.br", json['additional_data']['email']
  134 + end
  135 +
  136 + should 'not display private fields to anonymous' do
  137 + some_person = create_user('test', { :email => "lappis@unb.br" }).person
  138 +
  139 + get "/api/v1/profiles/#{some_person.id}/?#{params.to_query}"
  140 + json = JSON.parse(last_response.body)
  141 + assert !json['additional_data'].has_key?('email')
  142 + end
  143 +
126 144 should 'display public custom fields to anonymous' do
127 145 CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default)
128 146 some_profile = fast_create(Profile)
... ...
test/api/task_test.rb
  Diff comments   View file @b8a9f0b
... ... @@ -11,7 +11,7 @@ class TasksTest &lt; ActiveSupport::TestCase
11 11  
12 12 attr_accessor :person, :community, :environment
13 13  
14   - should 'list tasks of environment' do
  14 + should 'list environment tasks for admin user' do
15 15 environment.add_admin(person)
16 16 task = create(Task, :requestor => person, :target => environment)
17 17 get "/api/v1/tasks?#{params.to_query}"
... ... @@ -19,6 +19,15 @@ class TasksTest &lt; ActiveSupport::TestCase
19 19 assert_includes json["tasks"].map { |a| a["id"] }, task.id
20 20 end
21 21  
  22 + should 'not list tasks of environment for unlogged users' do
  23 + logout_api
  24 + environment.add_admin(person)
  25 + task = create(Task, :requestor => person, :target => environment)
  26 + get "/api/v1/tasks?#{params.to_query}"
  27 + json = JSON.parse(last_response.body)
  28 + assert_equal 401, last_response.status
  29 + end
  30 +
22 31 should 'return environment task by id' do
23 32 environment.add_admin(person)
24 33 task = create(Task, :requestor => person, :target => environment)
... ... @@ -27,147 +36,290 @@ class TasksTest &lt; ActiveSupport::TestCase
27 36 assert_equal task.id, json["task"]["id"]
28 37 end
29 38  
  39 + should 'not return environment task by id for unlogged users' do
  40 + logout_api
  41 + environment.add_admin(person)
  42 + task = create(Task, :requestor => person, :target => environment)
  43 + get "/api/v1/tasks/#{task.id}?#{params.to_query}"
  44 + json = JSON.parse(last_response.body)
  45 + assert_equal 401, last_response.status
  46 + end
  47 +
30 48 should 'not return environmet task if user has no permission to view it' do
31 49 person = fast_create(Person)
32 50 task = create(Task, :requestor => person, :target => environment)
33 51  
34 52 get "/api/v1/tasks/#{task.id}?#{params.to_query}"
35   - assert_equal 403, last_response.status
  53 + assert_equal 404, last_response.status
36 54 end
37 55  
38   - #############################
39   - # Community Tasks #
40   - #############################
  56 + should 'find the current user task even it is finished' do
  57 + t3 = create(Task, :requestor => person, :target => person)
  58 + t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
  59 +
  60 + get "/api/v1/tasks/#{t4.id}?#{params.to_query}"
  61 + json = JSON.parse(last_response.body)
  62 + assert_equal t4.id, json["task"]["id"]
  63 + end
41 64  
42   - should 'return task by community' do
  65 + should 'find the current user task even it is for community' do
43 66 community = fast_create(Community)
44 67 community.add_admin(person)
  68 + t2 = create(Task, :requestor => person, :target => community)
45 69  
46   - task = create(Task, :requestor => person, :target => community)
47   - assert person.is_member_of?(community)
  70 + t3 = create(Task, :requestor => person, :target => person)
48 71  
49   - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
  72 + get "/api/v1/tasks/#{t2.id}?#{params.to_query}"
50 73 json = JSON.parse(last_response.body)
51   - assert_equal task.id, json["task"]["id"]
  74 + assert_equal t2.id, json["task"]["id"]
52 75 end
53 76  
54   - should 'not return task by community if user has no permission to view it' do
55   - community = fast_create(Community)
56   - task = create(Task, :requestor => person, :target => community)
57   - assert !person.is_member_of?(community)
  77 + should 'find the current user task even it is for environment' do
  78 + environment.add_admin(person)
  79 + t1 = create(Task, :requestor => person, :target => environment)
58 80  
59   - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
60   - assert_equal 403, last_response.status
61   - end
  81 + t3 = create(Task, :requestor => person, :target => person)
62 82  
63   - should 'create task in a community' do
64   - community = fast_create(Community)
65   - give_permission(person, 'perform_task', community)
66   - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
  83 + get "/api/v1/tasks/#{t1.id}?#{params.to_query}"
67 84 json = JSON.parse(last_response.body)
68   - assert_not_nil json["task"]["id"]
  85 + assert_equal t1.id, json["task"]["id"]
69 86 end
70 87  
71   - should 'create task defining the requestor as current profile logged in' do
  88 +
  89 + should 'list all tasks of user' do
  90 + environment.add_admin(person)
  91 + t1 = create(Task, :requestor => person, :target => environment)
  92 +
72 93 community = fast_create(Community)
73   - community.add_member(person)
  94 + community.add_admin(person)
  95 + t2 = create(Task, :requestor => person, :target => community)
74 96  
75   - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
76   - json = JSON.parse(last_response.body)
  97 + t3 = create(Task, :requestor => person, :target => person)
  98 + t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
77 99  
78   - assert_equal person, Task.last.requestor
  100 + get "/api/v1/tasks?#{params.to_query}"
  101 + json = JSON.parse(last_response.body)
  102 + assert_equivalent [t1.id, t2.id, t3.id, t4.id], json["tasks"].map { |a| a["id"] }
79 103 end
80 104  
81   - should 'create task defining the target as the community' do
  105 + should 'list all pending tasks of user' do
  106 + environment.add_admin(person)
  107 + t1 = create(Task, :requestor => person, :target => environment, :status => Task::Status::ACTIVE)
  108 +
82 109 community = fast_create(Community)
83   - community.add_member(person)
  110 + community.add_admin(person)
  111 + t2 = create(Task, :requestor => person, :target => community, :status => Task::Status::ACTIVE)
84 112  
85   - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
86   - json = JSON.parse(last_response.body)
  113 + t3 = create(Task, :requestor => person, :target => person, :status => Task::Status::ACTIVE)
  114 + t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
87 115  
88   - assert_equal community, Task.last.target
  116 + get "/api/v1/tasks?#{params.merge(:status => Task::Status::ACTIVE).to_query}"
  117 + json = JSON.parse(last_response.body)
  118 + assert_equivalent [t1.id, t2.id, t3.id], json["tasks"].map { |a| a["id"] }
89 119 end
90 120  
91   - #############################
92   - # Person Tasks #
93   - #############################
94 121  
95   - should 'return task by person' do
96   - task = create(Task, :requestor => person, :target => person)
97   - get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
98   - json = JSON.parse(last_response.body)
99   - assert_equal task.id, json["task"]["id"]
100   - end
  122 + should 'list tasks with pagination' do
  123 + Task.destroy_all
  124 + t1 = create(Task, :requestor => person, :target => person)
  125 + t2 = create(Task, :requestor => person, :target => person)
101 126  
102   - should 'not return task by person if user has no permission to view it' do
103   - some_person = fast_create(Person)
104   - task = create(Task, :requestor => person, :target => some_person)
  127 + params[:page] = 1
  128 + params[:per_page] = 1
  129 + get "/api/v1/tasks/?#{params.to_query}"
  130 + json_page_one = JSON.parse(last_response.body)
105 131  
106   - get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"
107   - assert_equal 403, last_response.status
108   - end
  132 + params[:page] = 2
  133 + params[:per_page] = 1
  134 + get "/api/v1/tasks/?#{params.to_query}"
  135 + json_page_two = JSON.parse(last_response.body)
109 136  
110   - should 'create task for person' do
111   - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
112   - json = JSON.parse(last_response.body)
113   - assert_not_nil json["task"]["id"]
  137 + assert_includes json_page_one["tasks"].map { |a| a["id"] }, t2.id
  138 + assert_not_includes json_page_one["tasks"].map { |a| a["id"] }, t1.id
  139 +
  140 + assert_includes json_page_two["tasks"].map { |a| a["id"] }, t1.id
  141 + assert_not_includes json_page_two["tasks"].map { |a| a["id"] }, t2.id
114 142 end
115 143  
116   - should 'create task for another person' do
117   - some_person = fast_create(Person)
118   - post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"
  144 + should 'list tasks with timestamp' do
  145 + t1 = create(Task, :requestor => person, :target => person)
  146 + t2 = create(Task, :requestor => person, :target => person, :created_at => Time.zone.now)
  147 +
  148 + t1.created_at = Time.zone.now + 3.hours
  149 + t1.save!
  150 +
  151 +
  152 + params[:timestamp] = Time.zone.now + 1.hours
  153 + get "/api/v1/tasks/?#{params.to_query}"
119 154 json = JSON.parse(last_response.body)
120 155  
121   - assert_equal some_person, Task.last.target
  156 + assert_includes json["tasks"].map { |a| a["id"] }, t1.id
  157 + assert_not_includes json["tasks"].map { |a| a["id"] }, t2.id
122 158 end
123 159  
124   - should 'create task defining the target as a person' do
125   - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
126   - json = JSON.parse(last_response.body)
  160 + task_actions=%w[finish cancel]
  161 + task_actions_state={"finish"=>"FINISHED","cancel"=>"CANCELLED"}
  162 + task_actions.each do |action|
  163 + should "person be able to #{action} his own task" do
  164 + person1 = fast_create(Person)
  165 + task = create(Task, :requestor => person1, :target => person)
  166 + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
  167 + assert_equal person.reload.id, task.reload.closed_by_id
  168 + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
  169 + end
  170 +
  171 + should "person be able to #{action} environment task if it's admin user" do
  172 + environment = Environment.default
  173 + environment.add_admin(person)
  174 + task = create(Task, :requestor => person, :target => environment)
  175 + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
  176 + assert_equal person.reload.id, task.reload.closed_by_id
  177 + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
  178 + end
  179 +
  180 + should "person be able to #{action} community task if it has permission on it" do
  181 + community = fast_create(Community)
  182 + community.add_member(person)
  183 + give_permission(person, 'perform_task', community)
  184 + task = create(Task, :requestor => person, :target => community)
  185 + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
  186 + assert_equal person.reload.id, task.reload.closed_by_id
  187 + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
  188 + end
  189 +
  190 + should "person not be able to #{action} community task if it has no permission on it" do
  191 + community = fast_create(Community)
  192 + community.add_member(person)
  193 + task = create(Task, :requestor => person, :target => community)
  194 + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
  195 + assert_equal person.reload.id, task.reload.closed_by_id
  196 + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
  197 + end
  198 +
  199 + should "person not be able to #{action} other person's task" do
  200 + user = fast_create(User)
  201 + person1 = fast_create(Person, :user_id => user)
  202 + task = create(Task, :requestor => person, :target => person1)
  203 + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
  204 + assert_nil task.reload.closed_by_id
  205 + assert_equal Task::Status::ACTIVE, task.status
  206 + end
  207 + end
127 208  
128   - assert_equal person, Task.last.target
  209 + #################################################
  210 + # Person, Community and Enterprise Tasks #
  211 + #################################################
  212 +
  213 + [Person, Community, Enterprise].map do |profile_class|
  214 + define_method "test_should_return_task_by_#{profile_class.name.underscore}" do
  215 + target = profile_class == Person ? person : fast_create(profile_class)
  216 + target.add_admin(person) if target.respond_to?('add_admin')
  217 +
  218 + task = create(Task, :requestor => person, :target => target)
  219 + get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}"
  220 + json = JSON.parse(last_response.body)
  221 + assert_equal task.id, json["task"]["id"]
  222 + end
  223 +
  224 + define_method "test_should_not_return_task_ by#{profile_class.name.underscore}_for_unlogged_users" do
  225 + logout_api
  226 + target = profile_class == Person ? person : fast_create(profile_class)
  227 + target.add_admin(person) if target.respond_to?('add_admin')
  228 +
  229 + task = create(Task, :requestor => person, :target => target)
  230 + get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}"
  231 + json = JSON.parse(last_response.body)
  232 + assert_equal 401, last_response.status
  233 + end
  234 +
  235 + define_method "test_should_not_return_task_by_#{profile_class.name.underscore}_if_user_has_no_permission_to_view_it" do
  236 + target = fast_create(profile_class)
  237 + task = create(Task, :requestor => person, :target => target)
  238 +
  239 + get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}"
  240 + assert_equal 403, last_response.status
  241 + end
  242 +
  243 + define_method "test_should_create_task_for_#{profile_class.name.underscore}" do
  244 + target = profile_class == Person ? person : fast_create(profile_class)
  245 + Person.any_instance.expects(:has_permission?).with(:perform_task, target).returns(true)
  246 +
  247 + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
  248 + json = JSON.parse(last_response.body)
  249 + assert_not_nil json["task"]["id"]
  250 + end
  251 +
  252 + define_method "test_should_not_create_task_for_#{profile_class.name.underscore}_person_has_no_permission" do
  253 + target = fast_create(profile_class)
  254 +
  255 + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
  256 + json = JSON.parse(last_response.body)
  257 + assert_equal 403, last_response.status
  258 + end
  259 +
  260 + define_method "test_should_not_create_task_in_#{profile_class.name.underscore}_for_unlogged_users" do
  261 + logout_api
  262 + target = profile_class == Person ? person : fast_create(profile_class)
  263 + Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true)
  264 +
  265 + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
  266 +
  267 + json = JSON.parse(last_response.body)
  268 + assert_equal 401, last_response.status
  269 + end
  270 +
  271 + define_method "test_should_create_task_defining_the_target_as_a_#{profile_class.name.underscore}" do
  272 + target = profile_class == Person ? person : fast_create(profile_class)
  273 + Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true)
  274 +
  275 + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
  276 + json = JSON.parse(last_response.body)
  277 +
  278 + assert_equal target, Task.last.target
  279 + end
  280 +
  281 + define_method "test_should_create_task_on_#{profile_class.name.underscore}_defining_the_requestor_as_current_profile_logged_in" do
  282 + target = profile_class == Person ? person : fast_create(profile_class)
  283 + Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true)
  284 +
  285 + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
  286 + json = JSON.parse(last_response.body)
  287 +
  288 + assert_equal person, Task.last.requestor
  289 + end
129 290 end
130 291  
131   - #############################
132   - # Enterprise Tasks #
133   - #############################
  292 + should 'list all tasks of user in people context' do
  293 + environment.add_admin(person)
  294 + t1 = create(Task, :requestor => person, :target => environment)
134 295  
135   - should 'return task by enterprise' do
136   - enterprise = fast_create(Enterprise)
137   - enterprise.add_admin(person)
  296 + community = fast_create(Community)
  297 + community.add_admin(person)
  298 + t2 = create(Task, :requestor => person, :target => community)
138 299  
139   - task = create(Task, :requestor => person, :target => enterprise)
140   - assert person.is_member_of?(enterprise)
  300 + t3 = create(Task, :requestor => person, :target => person)
141 301  
142   - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
  302 + get "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
143 303 json = JSON.parse(last_response.body)
144   - assert_equal task.id, json["task"]["id"]
  304 + assert_equivalent [t1.id, t2.id, t3.id], json["tasks"].map { |a| a["id"] }
145 305 end
146 306  
147   - should 'not return task by enterprise if user has no permission to view it' do
148   - enterprise = fast_create(Enterprise)
149   - task = create(Task, :requestor => person, :target => enterprise)
150   - assert !person.is_member_of?(enterprise)
151   -
152   - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
153   - assert_equal 403, last_response.status
154   - end
  307 + should 'list all pending tasks of user in people context' do
  308 + environment.add_admin(person)
  309 + t1 = create(Task, :requestor => person, :target => environment)
  310 + t2 = create(Task, :requestor => person, :target => environment, :status => Task::Status::FINISHED )
155 311  
156   - should 'create task in a enterprise' do
157   - enterprise = fast_create(Enterprise)
158   - give_permission(person, 'perform_task', enterprise)
159   - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
160   - json = JSON.parse(last_response.body)
161   - assert_not_nil json["task"]["id"]
162   - end
  312 + community = fast_create(Community)
  313 + community.add_admin(person)
  314 + t3 = create(Task, :requestor => person, :target => community)
  315 + t4 = create(Task, :requestor => person, :target => community, :status => Task::Status::FINISHED)
163 316  
164   - should 'create task defining the target as the enterprise' do
165   - enterprise = fast_create(Enterprise)
166   - enterprise.add_member(person)
  317 + t5 = create(Task, :requestor => person, :target => person)
  318 + t6 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
167 319  
168   - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
  320 + get "/api/v1/people/#{person.id}/tasks?#{params.merge(:status => Task::Status::ACTIVE).to_query}"
169 321 json = JSON.parse(last_response.body)
170   -
171   - assert_equal enterprise, Task.last.target
  322 + assert_equivalent [t1.id, t3.id, t5.id], json["tasks"].map { |a| a["id"] }
172 323 end
  324 +
173 325 end
... ...
test/unit/person_test.rb
  Diff comments   View file @b8a9f0b
... ... @@ -2005,4 +2005,5 @@ class PersonTest &lt; ActiveSupport::TestCase
2005 2005 person.remove_profile_from_circle(community, circle)
2006 2006 assert_equivalent [circle2], ProfileFollower.with_profile(community).with_follower(person).map(&:circle)
2007 2007 end
  2008 +
2008 2009 end
... ...
test/unit/task_test.rb
  Diff comments   View file @b8a9f0b
... ... @@ -324,24 +324,6 @@ class TaskTest &lt; ActiveSupport::TestCase
324 324 task.activate
325 325 end
326 326  
327   - should 'filter tasks to a profile' do
328   - requestor = fast_create(Person)
329   - person = fast_create(Person)
330   - another_person = fast_create(Person)
331   - environment = Environment.default
332   - environment.add_admin(person)
333   - t1 = create(Task, :requestor => requestor, :target => person)
334   - t2 = create(Task, :requestor => requestor, :target => person)
335   - t3 = create(Task, :requestor => requestor, :target => environment)
336   - t4 = create(Task, :requestor => requestor, :target => another_person)
337   -
338   - assert_includes Task.to(person), t1
339   - assert_includes Task.to(person), t2
340   - assert_includes Task.to(person), t3
341   - assert_not_includes Task.to(person), t4
342   - assert_includes Task.to(another_person), t4
343   - end
344   -
345 327 should 'filter tasks by type with scope' do
346 328 class CleanHouse < Task; end
347 329 class FeedDog < Task; end
... ... @@ -508,6 +490,87 @@ class TaskTest &lt; ActiveSupport::TestCase
508 490 assert_equal person, t.reload.closed_by
509 491 end
510 492  
  493 + should 'named scope to get tasks of a profile' do
  494 + requestor = fast_create(Person)
  495 + person = fast_create(Person)
  496 + another_person = fast_create(Person)
  497 + t1 = create(Task, :requestor => requestor, :target => person)
  498 + t2 = create(Task, :requestor => requestor, :target => another_person)
  499 + t3 = create(Task, :requestor => requestor, :target => person)
  500 +
  501 + assert_equivalent [t1,t3], Task.to(person)
  502 + end
  503 +
  504 + should 'named scope to get environment tasks if passed profile is environment admin' do
  505 + requestor = fast_create(Person)
  506 + person = fast_create(Person)
  507 + another_person = fast_create(Person)
  508 + environment = Environment.default
  509 + environment.add_admin(person)
  510 + t1 = create(Task, :requestor => requestor, :target => person)
  511 + t2 = create(Task, :requestor => requestor, :target => another_person)
  512 + t3 = create(Task, :requestor => requestor, :target => environment)
  513 +
  514 + assert_equivalent [t1,t3], Task.to(person)
  515 + end
  516 +
  517 + should 'named scope to not get environment tasks if passed profile is not environment admin' do
  518 + requestor = fast_create(Person)
  519 + person = fast_create(Person)
  520 + another_person = fast_create(Person)
  521 + environment = Environment.default
  522 + t1 = create(Task, :requestor => requestor, :target => person)
  523 + t2 = create(Task, :requestor => requestor, :target => another_person)
  524 + t3 = create(Task, :requestor => requestor, :target => environment)
  525 +
  526 + assert_equivalent [t1], Task.to(person)
  527 + end
  528 +
  529 + should 'named scope to get communities tasks if passed profile has perform_task permission' do
  530 + requestor = fast_create(Person)
  531 + person = fast_create(Person)
  532 + another_person = fast_create(Person)
  533 + community = fast_create(Community)
  534 + community.add_member(person)
  535 + person.expects(:has_permission?).with(:perform_task, community).returns(true)
  536 + t1 = create(Task, :requestor => requestor, :target => person)
  537 + t2 = create(Task, :requestor => requestor, :target => another_person)
  538 + t3 = create(Task, :requestor => requestor, :target => community)
  539 +
  540 + assert_equivalent [t1, t3], Task.to(person)
  541 + end
  542 +
  543 +
  544 + should 'named scope to not get communities tasks if passed profile has no perform_task permission in community' do
  545 + requestor = fast_create(Person)
  546 + person = fast_create(Person)
  547 + another_person = fast_create(Person)
  548 + community = fast_create(Community)
  549 + community.add_member(person)
  550 + person.expects(:has_permission?).with(:perform_task, community).returns(false)
  551 + t1 = create(Task, :requestor => requestor, :target => person)
  552 + t2 = create(Task, :requestor => requestor, :target => another_person)
  553 + t3 = create(Task, :requestor => requestor, :target => community)
  554 +
  555 + assert_equivalent [t1], Task.to(person)
  556 + end
  557 +
  558 + should 'named scope to return environment, person and communities tasks if user has permission' do
  559 + requestor = fast_create(Person)
  560 + person = fast_create(Person)
  561 + another_person = fast_create(Person)
  562 + community = fast_create(Community)
  563 + community.add_member(person)
  564 + person.expects(:has_permission?).with(:perform_task, community).returns(true)
  565 + environment = Environment.default
  566 + environment.add_admin(person)
  567 + t1 = create(Task, :requestor => requestor, :target => person)
  568 + t2 = create(Task, :requestor => requestor, :target => another_person)
  569 + t3 = create(Task, :requestor => requestor, :target => community)
  570 + t4 = create(Task, :requestor => requestor, :target => environment)
  571 + assert_equivalent [t1,t3,t4], Task.to(person)
  572 + end
  573 +
511 574 protected
512 575  
513 576 def sample_user
... ...