From c89d93a4e112713fe02a8fcc366b3fcc0a9134c7 Mon Sep 17 00:00:00 2001 From: Leandro Nunes dos Santos Date: Mon, 10 Aug 2015 16:43:37 -0300 Subject: [PATCH] creating person endpoint --- lib/noosfero/api/v1/people.rb | 7 +++++++ test/unit/api/people_test.rb | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 0 deletions(-) diff --git a/lib/noosfero/api/v1/people.rb b/lib/noosfero/api/v1/people.rb index dc9e8ab..bf13ea1 100644 --- a/lib/noosfero/api/v1/people.rb +++ b/lib/noosfero/api/v1/people.rb @@ -48,6 +48,13 @@ module Noosfero present person, :with => Entities::Person end + desc "Update person information" + post ':id' do + return forbidden! if current_person.id.to_s != params[:id] + current_person.update_attributes!(params[:person]) + present current_person, :with => Entities::Person + end + # Example Request: # POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack desc "Create person" diff --git a/test/unit/api/people_test.rb b/test/unit/api/people_test.rb index e35f8eb..ff3ccad 100644 --- a/test/unit/api/people_test.rb +++ b/test/unit/api/people_test.rb @@ -148,4 +148,21 @@ class PeopleTest < ActiveSupport::TestCase get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}" assert_equal 403, last_response.status end + + should 'not update another person' do + person = fast_create(Person, :environment_id => environment.id) + post "/api/v1/people/#{person.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'update yourself' do + another_name = 'Another Name' + params[:person] = {} + params[:person][:name] = another_name + assert_not_equal another_name, person.name + post "/api/v1/people/#{person.id}?#{params.to_query}" + person.reload + assert_equal another_name, person.name + end + end -- libgit2 0.21.2