Merge branch 'join-community-api' into 'master'

api: add and remove members from profile See merge request !977

Merge branch 'join-community-api' into 'master'
api: add and remove members from profile See merge request !977
Leandro Santos
2 parents 5d45f662 0fbb8b5d
Showing 4 changed files with 81 additions and 1 deletions Show diff stats
app/api/v1/people.rb
app/models/profile.rb
test/api/people_test.rb
test/unit/profile_test.rb
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end
@@ -758,7 +758,7 @@ private :generate_url, :url_options
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
@@ -397,4 +397,62 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_not_nil person.image
     assert_equal person.image.filename, base64_image[:filename]
   end
+
+  should 'add logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], false
+    assert person.is_member_of?(profile)
+  end
+
+  should 'create task when add logged person as member of a moderated profile' do
+    login_api
+    profile = fast_create(Community, public_profile: false)
+    profile.add_member(create_user.person)
+    profile.closed = true
+    profile.save!
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], true
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'remove logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    profile.add_member(person)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.identifier, json['person']['identifier']
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'forbid access to add members for non logged user' do
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid access to remove members for non logged user' do
+    profile = fast_create(Community)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile does not allow' do
+    login_api
+    profile = fast_create(Person)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile is secret' do
+    login_api
+    profile = fast_create(Community, secret: true)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert !person.is_member_of?(profile)
+    assert_equal 403, last_response.status
+  end
 end
@@ -2224,4 +2224,12 @@ class ProfileTest &lt; ActiveSupport::TestCase
       assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
     end
   end
+
+  should 'not allow to add members in secret profiles' do
+    c = fast_create(Community, secret: true)
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_member(p)
+    end
+  end
 end
	@@ -119,6 +119,20 @@ module Api		@@ -119,6 +119,20 @@ module Api
119	members = select_filtered_collection_of(profile, 'members', params)	119	members = select_filtered_collection_of(profile, 'members', params)
120	present members, :with => Entities::Person, :current_person => current_person	120	present members, :with => Entities::Person, :current_person => current_person
121	end	121	end
		122	+
		123	+ post do
		124	+ authenticate!
		125	+ profile = environment.profiles.find_by id: params[:profile_id]
		126	+ profile.add_member(current_person) rescue forbidden!
		127	+ {pending: !current_person.is_member_of?(profile)}
		128	+ end
		129	+
		130	+ delete do
		131	+ authenticate!
		132	+ profile = environment.profiles.find_by id: params[:profile_id]
		133	+ profile.remove_member(current_person)
		134	+ present current_person, :with => Entities::Person, :current_person => current_person
		135	+ end
122	end	136	end
123	end	137	end
124	end	138	end
	@@ -758,7 +758,7 @@ private :generate_url, :url_options		@@ -758,7 +758,7 @@ private :generate_url, :url_options
758		758
759	# Adds a person as member of this Profile.	759	# Adds a person as member of this Profile.
760	def add_member(person, attributes={})	760	def add_member(person, attributes={})
761	- if self.has_members?	761	+ if self.has_members? && !self.secret
762	if self.closed? && members.count > 0	762	if self.closed? && members.count > 0
763	AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)	763	AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
764	else	764	else
	@@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase		@@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase
397	assert_not_nil person.image	397	assert_not_nil person.image
398	assert_equal person.image.filename, base64_image[:filename]	398	assert_equal person.image.filename, base64_image[:filename]
399	end	399	end
		400	+
		401	+ should 'add logged person as member of a profile' do
		402	+ login_api
		403	+ profile = fast_create(Community)
		404	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		405	+ json = JSON.parse(last_response.body)
		406	+ assert_equal json['pending'], false
		407	+ assert person.is_member_of?(profile)
		408	+ end
		409	+
		410	+ should 'create task when add logged person as member of a moderated profile' do
		411	+ login_api
		412	+ profile = fast_create(Community, public_profile: false)
		413	+ profile.add_member(create_user.person)
		414	+ profile.closed = true
		415	+ profile.save!
		416	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		417	+ json = JSON.parse(last_response.body)
		418	+ assert_equal json['pending'], true
		419	+ assert !person.is_member_of?(profile)
		420	+ end
		421	+
		422	+ should 'remove logged person as member of a profile' do
		423	+ login_api
		424	+ profile = fast_create(Community)
		425	+ profile.add_member(person)
		426	+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		427	+ json = JSON.parse(last_response.body)
		428	+ assert_equal person.identifier, json['person']['identifier']
		429	+ assert !person.is_member_of?(profile)
		430	+ end
		431	+
		432	+ should 'forbid access to add members for non logged user' do
		433	+ profile = fast_create(Community)
		434	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		435	+ assert_equal 401, last_response.status
		436	+ end
		437	+
		438	+ should 'forbid access to remove members for non logged user' do
		439	+ profile = fast_create(Community)
		440	+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		441	+ assert_equal 401, last_response.status
		442	+ end
		443	+
		444	+ should 'forbid to add person as member when the profile does not allow' do
		445	+ login_api
		446	+ profile = fast_create(Person)
		447	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		448	+ assert_equal 403, last_response.status
		449	+ end
		450	+
		451	+ should 'forbid to add person as member when the profile is secret' do
		452	+ login_api
		453	+ profile = fast_create(Community, secret: true)
		454	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
		455	+ assert !person.is_member_of?(profile)
		456	+ assert_equal 403, last_response.status
		457	+ end
400	end	458	end
	@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase		@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase
2224	assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)	2224	assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
2225	end	2225	end
2226	end	2226	end
		2227	+
		2228	+ should 'not allow to add members in secret profiles' do
		2229	+ c = fast_create(Community, secret: true)
		2230	+ p = create_user('mytestuser').person
		2231	+ assert_raise RuntimeError do
		2232	+ c.add_member(p)
		2233	+ end
		2234	+ end
2227	end	2235	end