From fa8403dfc7b79237a40e17eb10e559a35141b406 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Mon, 23 May 2016 10:35:23 -0300 Subject: [PATCH] api: display activities for non logged users in public communities --- app/api/v1/activities.rb | 3 +-- app/models/organization.rb | 3 +++ test/api/activities_test.rb | 13 +++++++++++-- test/unit/organization_test.rb | 20 ++++++++++++++++++++ 4 files changed, 35 insertions(+), 4 deletions(-) diff --git a/app/api/v1/activities.rb b/app/api/v1/activities.rb index ce697d4..e29245b 100644 --- a/app/api/v1/activities.rb +++ b/app/api/v1/activities.rb @@ -1,7 +1,6 @@ module Api module V1 class Activities < Grape::API - before { authenticate! } resource :profiles do @@ -9,7 +8,7 @@ module Api profile = Profile.find_by id: params[:id] not_found! if profile.blank? || profile.secret || !profile.visible - forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person) + forbidden! if !profile.display_private_info_to?(current_person) activities = profile.activities.map(&:activity) present activities, :with => Entities::Activity, :current_person => current_person diff --git a/app/models/organization.rb b/app/models/organization.rb index 335aa0d..f3a0853 100644 --- a/app/models/organization.rb +++ b/app/models/organization.rb @@ -234,4 +234,7 @@ class Organization < Profile self.admins.where(:id => user.id).exists? end + def display_private_info_to?(user) + (public_profile && visible && !secret) || super + end end diff --git a/test/api/activities_test.rb b/test/api/activities_test.rb index e76d8ee..eaf89ee 100644 --- a/test/api/activities_test.rb +++ b/test/api/activities_test.rb @@ -27,8 +27,8 @@ class ActivitiesTest < ActiveSupport::TestCase assert_equal 403, last_response.status end - should 'not get community activities if not member' do - community = fast_create(Community) + should 'not get community activities if not member and community is private' do + community = fast_create(Community, public_profile: false) other_person = fast_create(Person) community.add_member(other_person) # so there is an activity in community @@ -68,6 +68,15 @@ class ActivitiesTest < ActiveSupport::TestCase assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} end + should 'get activities for non logged user in a public community' do + community = fast_create(Community) + create_activity(community) + community.add_member(person) + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} + end + def create_activity(target) activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target ProfileActivity.create! profile_id: target.id, activity: activity diff --git a/test/unit/organization_test.rb b/test/unit/organization_test.rb index a0150eb..8ad3e99 100644 --- a/test/unit/organization_test.rb +++ b/test/unit/organization_test.rb @@ -567,4 +567,24 @@ class OrganizationTest < ActiveSupport::TestCase assert_not_includes person_orgs, o7 assert_includes env_admin_orgs, o7 end + + should 'return true at display_private_info_to? when profile is public and user is nil' do + organization = fast_create(Organization, public_profile: true) + assert organization.display_private_info_to?(nil) + end + + should 'return false at display_private_info_to? when profile is public and secret' do + organization = fast_create(Organization, public_profile: true, secret: true) + assert !organization.display_private_info_to?(nil) + end + + should 'return false at display_private_info_to? when profile is public and not visible' do + organization = fast_create(Organization, public_profile: true, visible: false) + assert !organization.display_private_info_to?(nil) + end + + should 'return false at display_private_info_to? when profile is private and user is nil' do + organization = fast_create(Organization, public_profile: false) + assert !organization.display_private_info_to?(nil) + end end -- libgit2 0.21.2