Commit ee9a46b627f35aa99ad88a06f68f0ae7b84a48f7
Exists in
staging
and in
14 other branches
Merge branch 'join-community-api' into 'master'
api: add and remove members from profile See merge request !977
Showing
4 changed files
with
81 additions
and
1 deletions
Show diff stats
app/api/v1/people.rb
... | ... | @@ -119,6 +119,20 @@ module Api |
119 | 119 | members = select_filtered_collection_of(profile, 'members', params) |
120 | 120 | present members, :with => Entities::Person, :current_person => current_person |
121 | 121 | end |
122 | + | |
123 | + post do | |
124 | + authenticate! | |
125 | + profile = environment.profiles.find_by id: params[:profile_id] | |
126 | + profile.add_member(current_person) rescue forbidden! | |
127 | + {pending: !current_person.is_member_of?(profile)} | |
128 | + end | |
129 | + | |
130 | + delete do | |
131 | + authenticate! | |
132 | + profile = environment.profiles.find_by id: params[:profile_id] | |
133 | + profile.remove_member(current_person) | |
134 | + present current_person, :with => Entities::Person, :current_person => current_person | |
135 | + end | |
122 | 136 | end |
123 | 137 | end |
124 | 138 | end | ... | ... |
app/models/profile.rb
... | ... | @@ -758,7 +758,7 @@ private :generate_url, :url_options |
758 | 758 | |
759 | 759 | # Adds a person as member of this Profile. |
760 | 760 | def add_member(person, attributes={}) |
761 | - if self.has_members? | |
761 | + if self.has_members? && !self.secret | |
762 | 762 | if self.closed? && members.count > 0 |
763 | 763 | AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person) |
764 | 764 | else | ... | ... |
test/api/people_test.rb
... | ... | @@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase |
397 | 397 | assert_not_nil person.image |
398 | 398 | assert_equal person.image.filename, base64_image[:filename] |
399 | 399 | end |
400 | + | |
401 | + should 'add logged person as member of a profile' do | |
402 | + login_api | |
403 | + profile = fast_create(Community) | |
404 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
405 | + json = JSON.parse(last_response.body) | |
406 | + assert_equal json['pending'], false | |
407 | + assert person.is_member_of?(profile) | |
408 | + end | |
409 | + | |
410 | + should 'create task when add logged person as member of a moderated profile' do | |
411 | + login_api | |
412 | + profile = fast_create(Community, public_profile: false) | |
413 | + profile.add_member(create_user.person) | |
414 | + profile.closed = true | |
415 | + profile.save! | |
416 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
417 | + json = JSON.parse(last_response.body) | |
418 | + assert_equal json['pending'], true | |
419 | + assert !person.is_member_of?(profile) | |
420 | + end | |
421 | + | |
422 | + should 'remove logged person as member of a profile' do | |
423 | + login_api | |
424 | + profile = fast_create(Community) | |
425 | + profile.add_member(person) | |
426 | + delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
427 | + json = JSON.parse(last_response.body) | |
428 | + assert_equal person.identifier, json['person']['identifier'] | |
429 | + assert !person.is_member_of?(profile) | |
430 | + end | |
431 | + | |
432 | + should 'forbid access to add members for non logged user' do | |
433 | + profile = fast_create(Community) | |
434 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
435 | + assert_equal 401, last_response.status | |
436 | + end | |
437 | + | |
438 | + should 'forbid access to remove members for non logged user' do | |
439 | + profile = fast_create(Community) | |
440 | + delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
441 | + assert_equal 401, last_response.status | |
442 | + end | |
443 | + | |
444 | + should 'forbid to add person as member when the profile does not allow' do | |
445 | + login_api | |
446 | + profile = fast_create(Person) | |
447 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
448 | + assert_equal 403, last_response.status | |
449 | + end | |
450 | + | |
451 | + should 'forbid to add person as member when the profile is secret' do | |
452 | + login_api | |
453 | + profile = fast_create(Community, secret: true) | |
454 | + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}" | |
455 | + assert !person.is_member_of?(profile) | |
456 | + assert_equal 403, last_response.status | |
457 | + end | |
400 | 458 | end | ... | ... |
test/unit/profile_test.rb
... | ... | @@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase |
2224 | 2224 | assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil) |
2225 | 2225 | end |
2226 | 2226 | end |
2227 | + | |
2228 | + should 'not allow to add members in secret profiles' do | |
2229 | + c = fast_create(Community, secret: true) | |
2230 | + p = create_user('mytestuser').person | |
2231 | + assert_raise RuntimeError do | |
2232 | + c.add_member(p) | |
2233 | + end | |
2234 | + end | |
2227 | 2235 | end | ... | ... |