Commit f8559a31defedb1c01c81ebade7030a43a4b1b1e
1 parent
d3c0aaaf
Exists in
production-vendorized
and in
1 other branch
api: list only published children when get an article
Conflicts: lib/noosfero/api/entities.rb
Showing
2 changed files
with
11 additions
and
2 deletions
Show diff stats
lib/noosfero/api/entities.rb
| @@ -183,8 +183,8 @@ module Noosfero | @@ -183,8 +183,8 @@ module Noosfero | ||
| 183 | class Article < ArticleBase | 183 | class Article < ArticleBase |
| 184 | root 'articles', 'article' | 184 | root 'articles', 'article' |
| 185 | expose :parent, :using => ArticleBase | 185 | expose :parent, :using => ArticleBase |
| 186 | - expose :children, using: ArticleBase do |article, options| | ||
| 187 | - article.children.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE) | 186 | + expose :children, :using => ArticleBase do |article, options| |
| 187 | + article.children.published.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE) | ||
| 188 | end | 188 | end |
| 189 | end | 189 | end |
| 190 | 190 |
test/unit/api/articles_test.rb
| @@ -689,4 +689,13 @@ class ArticlesTest < ActiveSupport::TestCase | @@ -689,4 +689,13 @@ class ArticlesTest < ActiveSupport::TestCase | ||
| 689 | 689 | ||
| 690 | end | 690 | end |
| 691 | 691 | ||
| 692 | + should 'not list private child when get the parent article' do | ||
| 693 | + person = fast_create(Person, :environment_id => environment.id) | ||
| 694 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") | ||
| 695 | + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) | ||
| 696 | + get "/api/v1/articles/#{article.id}?#{params.to_query}" | ||
| 697 | + json = JSON.parse(last_response.body) | ||
| 698 | + assert_not_includes json['article']['children'].map {|a| a['id']}, child.id | ||
| 699 | + end | ||
| 700 | + | ||
| 692 | end | 701 | end |