Commit ea969be6c37072b25d6c8ff640a4c92fcc4b9e2f
Exists in
staging
and in
4 other branches
Merge branch 'staging' of gitlab.com:participa/noosfero into staging
Showing
9 changed files
with
56 additions
and
19 deletions
Show diff stats
app/models/person.rb
| ... | ... | @@ -221,7 +221,7 @@ class Person < Profile |
| 221 | 221 | contact_informatioin |
| 222 | 222 | ] |
| 223 | 223 | |
| 224 | - xss_terminate :only => [ :custom_footer, :custom_header, :description, :nickname, :sex, :nationality, :country, :state, :city, :district, :zip_code, :address, :address_reference, :cell_phone, :comercial_phone, :personal_website, :jabber_id, :schooling, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization, :organization_website, :contact_phone, :contact_information ], :with => 'white_list' | |
| 224 | + xss_terminate :only => [ :custom_footer, :custom_header, :description, :nickname, :sex, :nationality, :country, :district, :zip_code, :address, :address_reference, :cell_phone, :comercial_phone, :personal_website, :jabber_id, :schooling, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization, :organization_website, :contact_phone, :contact_information ], :with => 'white_list' | |
| 225 | 225 | |
| 226 | 226 | validates_multiparameter_assignments |
| 227 | 227 | ... | ... |
lib/noosfero/api/entities.rb
| ... | ... | @@ -48,6 +48,7 @@ module Noosfero |
| 48 | 48 | |
| 49 | 49 | class Region < Category |
| 50 | 50 | root 'regions', 'region' |
| 51 | + expose :parent_id | |
| 51 | 52 | end |
| 52 | 53 | |
| 53 | 54 | class Profile < Entity |
| ... | ... | @@ -65,6 +66,7 @@ module Noosfero |
| 65 | 66 | class Person < Profile |
| 66 | 67 | root 'people', 'person' |
| 67 | 68 | expose :user, :using => UserBasic, documentation: {type: 'User', desc: 'The user data of a person' } |
| 69 | + expose :orientacao_sexual, :identidade_genero, :transgenero, :etnia | |
| 68 | 70 | end |
| 69 | 71 | |
| 70 | 72 | class Enterprise < Profile |
| ... | ... | @@ -122,7 +124,7 @@ module Noosfero |
| 122 | 124 | expose :id |
| 123 | 125 | expose :login |
| 124 | 126 | expose :email |
| 125 | - expose :person, :using => Profile | |
| 127 | + expose :person, :using => Person | |
| 126 | 128 | expose :activated?, as: :activated |
| 127 | 129 | expose :permissions do |user, options| |
| 128 | 130 | output = {} | ... | ... |
lib/noosfero/api/helpers.rb
| ... | ... | @@ -5,7 +5,7 @@ require 'grape' |
| 5 | 5 | module API |
| 6 | 6 | module APIHelpers |
| 7 | 7 | PRIVATE_TOKEN_PARAM = :private_token |
| 8 | - DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type] | |
| 8 | + DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id] | |
| 9 | 9 | |
| 10 | 10 | include SanitizeParams |
| 11 | 11 | include Noosfero::Plugin::HotSpot |
| ... | ... | @@ -224,7 +224,7 @@ require 'grape' |
| 224 | 224 | |
| 225 | 225 | objects = object.send(method) |
| 226 | 226 | objects = by_reference(objects, params) |
| 227 | - objects = objects.where(conditions).limit(limit).order(order) | |
| 227 | + objects = objects.where(conditions).limit(limit).reorder(order) | |
| 228 | 228 | |
| 229 | 229 | objects |
| 230 | 230 | end | ... | ... |
plugins/comment_paragraph
plugins/email_article
plugins/gamification
plugins/juventude
test/fixtures/article_followers.yml
test/unit/api/articles_test.rb
| ... | ... | @@ -149,6 +149,52 @@ class ArticlesTest < ActiveSupport::TestCase |
| 149 | 149 | end |
| 150 | 150 | end |
| 151 | 151 | |
| 152 | + should "update body of article created by me" do | |
| 153 | + new_value = "Another body" | |
| 154 | + params[:article] = {:body => new_value} | |
| 155 | + article = fast_create(Article, :profile_id => person.id) | |
| 156 | + post "/api/v1/articles/#{article.id}?#{params.to_query}" | |
| 157 | + json = JSON.parse(last_response.body) | |
| 158 | + assert_equal new_value, json["article"]["body"] | |
| 159 | + end | |
| 160 | + | |
| 161 | + should "update title of article created by me" do | |
| 162 | + new_value = "Another name" | |
| 163 | + params[:article] = {:name => new_value} | |
| 164 | + article = fast_create(Article, :profile_id => person.id) | |
| 165 | + post "/api/v1/articles/#{article.id}?#{params.to_query}" | |
| 166 | + json = JSON.parse(last_response.body) | |
| 167 | + assert_equal new_value, json["article"]["title"] | |
| 168 | + end | |
| 169 | + | |
| 170 | + should 'not update article of another user' do | |
| 171 | + another_person = fast_create(Person, :environment_id => environment.id) | |
| 172 | + article = fast_create(Article, :profile_id => another_person.id) | |
| 173 | + params[:article] = {:title => 'Some title'} | |
| 174 | + post "/api/v1/articles/#{article.id}?#{params.to_query}" | |
| 175 | + assert_equal 403, last_response.status | |
| 176 | + end | |
| 177 | + | |
| 178 | + should 'not update article without permission in community' do | |
| 179 | + community = fast_create(Community, :environment_id => environment.id) | |
| 180 | + article = fast_create(Article, :profile_id => community.id) | |
| 181 | + params[:article] = {:name => 'New title'} | |
| 182 | + post "/api/v1/articles/#{article.id}?#{params.to_query}" | |
| 183 | + assert_equal 403, last_response.status | |
| 184 | + end | |
| 185 | + | |
| 186 | + | |
| 187 | + should 'update article of community if user has permission' do | |
| 188 | + community = fast_create(Community, :environment_id => environment.id) | |
| 189 | + give_permission(person, 'post_content', community) | |
| 190 | + article = fast_create(Article, :profile_id => community.id) | |
| 191 | + new_value = "Another body" | |
| 192 | + params[:article] = {:body => new_value} | |
| 193 | + post "/api/v1/articles/#{article.id}?#{params.to_query}" | |
| 194 | + json = JSON.parse(last_response.body) | |
| 195 | + assert_equal new_value, json["article"]["body"] | |
| 196 | + end | |
| 197 | + | |
| 152 | 198 | ############################# |
| 153 | 199 | # Profile Articles # |
| 154 | 200 | ############################# | ... | ... |