Commit fa8403dfc7b79237a40e17eb10e559a35141b406
1 parent
9f79ead3
Exists in
staging
and in
27 other branches
api: display activities for non logged users in public communities
Showing
4 changed files
with
35 additions
and
4 deletions
Show diff stats
app/api/v1/activities.rb
| 1 | 1 | module Api |
| 2 | 2 | module V1 |
| 3 | 3 | class Activities < Grape::API |
| 4 | - before { authenticate! } | |
| 5 | 4 | |
| 6 | 5 | resource :profiles do |
| 7 | 6 | |
| ... | ... | @@ -9,7 +8,7 @@ module Api |
| 9 | 8 | profile = Profile.find_by id: params[:id] |
| 10 | 9 | |
| 11 | 10 | not_found! if profile.blank? || profile.secret || !profile.visible |
| 12 | - forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person) | |
| 11 | + forbidden! if !profile.display_private_info_to?(current_person) | |
| 13 | 12 | |
| 14 | 13 | activities = profile.activities.map(&:activity) |
| 15 | 14 | present activities, :with => Entities::Activity, :current_person => current_person | ... | ... |
app/models/organization.rb
test/api/activities_test.rb
| ... | ... | @@ -27,8 +27,8 @@ class ActivitiesTest < ActiveSupport::TestCase |
| 27 | 27 | assert_equal 403, last_response.status |
| 28 | 28 | end |
| 29 | 29 | |
| 30 | - should 'not get community activities if not member' do | |
| 31 | - community = fast_create(Community) | |
| 30 | + should 'not get community activities if not member and community is private' do | |
| 31 | + community = fast_create(Community, public_profile: false) | |
| 32 | 32 | other_person = fast_create(Person) |
| 33 | 33 | community.add_member(other_person) # so there is an activity in community |
| 34 | 34 | |
| ... | ... | @@ -68,6 +68,15 @@ class ActivitiesTest < ActiveSupport::TestCase |
| 68 | 68 | assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} |
| 69 | 69 | end |
| 70 | 70 | |
| 71 | + should 'get activities for non logged user in a public community' do | |
| 72 | + community = fast_create(Community) | |
| 73 | + create_activity(community) | |
| 74 | + community.add_member(person) | |
| 75 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | |
| 76 | + json = JSON.parse(last_response.body) | |
| 77 | + assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | |
| 78 | + end | |
| 79 | + | |
| 71 | 80 | def create_activity(target) |
| 72 | 81 | activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target |
| 73 | 82 | ProfileActivity.create! profile_id: target.id, activity: activity | ... | ... |
test/unit/organization_test.rb
| ... | ... | @@ -567,4 +567,24 @@ class OrganizationTest < ActiveSupport::TestCase |
| 567 | 567 | assert_not_includes person_orgs, o7 |
| 568 | 568 | assert_includes env_admin_orgs, o7 |
| 569 | 569 | end |
| 570 | + | |
| 571 | + should 'return true at display_private_info_to? when profile is public and user is nil' do | |
| 572 | + organization = fast_create(Organization, public_profile: true) | |
| 573 | + assert organization.display_private_info_to?(nil) | |
| 574 | + end | |
| 575 | + | |
| 576 | + should 'return false at display_private_info_to? when profile is public and secret' do | |
| 577 | + organization = fast_create(Organization, public_profile: true, secret: true) | |
| 578 | + assert !organization.display_private_info_to?(nil) | |
| 579 | + end | |
| 580 | + | |
| 581 | + should 'return false at display_private_info_to? when profile is public and not visible' do | |
| 582 | + organization = fast_create(Organization, public_profile: true, visible: false) | |
| 583 | + assert !organization.display_private_info_to?(nil) | |
| 584 | + end | |
| 585 | + | |
| 586 | + should 'return false at display_private_info_to? when profile is private and user is nil' do | |
| 587 | + organization = fast_create(Organization, public_profile: false) | |
| 588 | + assert !organization.display_private_info_to?(nil) | |
| 589 | + end | |
| 570 | 590 | end | ... | ... |