Commit cb13e8b8335ba4110a20c6fa23b32170392f9052
Committed by
Macartur Sousa
Macartur Sousa
1 parent
2b244c2d
Exists in
elasticsearch_api
api: add endpoint to update profiles
Showing
2 changed files
with
54 additions
and
0 deletions
Show diff stats
app/api/v1/profiles.rb
| ... | ... | @@ -22,6 +22,15 @@ module Api |
| 22 | 22 | not_found! |
| 23 | 23 | end |
| 24 | 24 | end |
| 25 | + | |
| 26 | + desc "Update profile information" | |
| 27 | + post ':id' do | |
| 28 | + authenticate! | |
| 29 | + profile = environment.profiles.find_by(id: params[:id]) | |
| 30 | + return forbidden! unless current_person.has_permission?(:edit_profile, profile) | |
| 31 | + profile.update_attributes!(params[:profile]) | |
| 32 | + present profile, :with => Entities::Profile, :current_person => current_person | |
| 33 | + end | |
| 25 | 34 | |
| 26 | 35 | delete ':id' do |
| 27 | 36 | authenticate! | ... | ... |
test/api/profiles_test.rb
| ... | ... | @@ -146,4 +146,49 @@ class ProfilesTest < ActiveSupport::TestCase |
| 146 | 146 | refute json.has_key?('Rating') |
| 147 | 147 | end |
| 148 | 148 | |
| 149 | + [Community, Enterprise].each do |klass| | |
| 150 | + should "update #{klass.name}" do | |
| 151 | + login_api | |
| 152 | + profile = fast_create(klass) | |
| 153 | + profile.add_admin(person) | |
| 154 | + params[:profile] = {} | |
| 155 | + params[:profile][:custom_header] = "Another Header" | |
| 156 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 157 | + assert_equal "Another Header", profile.reload.custom_header | |
| 158 | + end | |
| 159 | + | |
| 160 | + should "not update a #{klass.name} if user does not have permission" do | |
| 161 | + login_api | |
| 162 | + profile = fast_create(klass) | |
| 163 | + params[:profile] = {} | |
| 164 | + params[:profile][:custom_header] = "Another Header" | |
| 165 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 166 | + assert_equal 403, last_response.status | |
| 167 | + end | |
| 168 | + | |
| 169 | + should "not update a #{klass.name} if user is not logged in" do | |
| 170 | + profile = fast_create(klass) | |
| 171 | + params[:profile] = {} | |
| 172 | + params[:profile][:custom_header] = "Another Header" | |
| 173 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 174 | + assert_equal 401, last_response.status | |
| 175 | + end | |
| 176 | + end | |
| 177 | + | |
| 178 | + should 'update person' do | |
| 179 | + login_api | |
| 180 | + params[:profile] = {} | |
| 181 | + params[:profile][:custom_header] = "Another Header" | |
| 182 | + post "/api/v1/profiles/#{person.id}?#{params.to_query}" | |
| 183 | + assert_equal "Another Header", person.reload.custom_header | |
| 184 | + end | |
| 185 | + | |
| 186 | + should 'not update person information if user does not have permission' do | |
| 187 | + login_api | |
| 188 | + profile = fast_create(Person) | |
| 189 | + params[:profile] = {} | |
| 190 | + params[:profile][:custom_header] = "Another Header" | |
| 191 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 192 | + assert_equal 403, last_response.status | |
| 193 | + end | |
| 149 | 194 | end | ... | ... |