Commit 06c36ffd7e9d48f97ed49570201029a1c7beabad
1 parent
27f11bf7
Exists in
send_email_to_admins
and in
5 other branches
Adds delete endpoint to profiles API
Showing
2 changed files
with
61 additions
and
0 deletions
Show diff stats
lib/noosfero/api/v1/profiles.rb
| ... | ... | @@ -19,6 +19,19 @@ module Noosfero |
| 19 | 19 | profile = profiles.find_by id: params[:id] |
| 20 | 20 | present profile, :with => Entities::Profile, :current_person => current_person |
| 21 | 21 | end |
| 22 | + | |
| 23 | + delete ':id' do | |
| 24 | + profiles = environment.profiles | |
| 25 | + profile = profiles.find_by id: params[:id] | |
| 26 | + | |
| 27 | + not_found! if profile.blank? | |
| 28 | + | |
| 29 | + if current_person.has_permission?(:destroy_profile, profile) | |
| 30 | + profile.destroy | |
| 31 | + else | |
| 32 | + forbidden! | |
| 33 | + end | |
| 34 | + end | |
| 22 | 35 | end |
| 23 | 36 | end |
| 24 | 37 | end | ... | ... |
test/api/profiles_test.rb
| ... | ... | @@ -29,4 +29,52 @@ class ProfilesTest < ActiveSupport::TestCase |
| 29 | 29 | json = JSON.parse(last_response.body) |
| 30 | 30 | assert_equal community.id, json['id'] |
| 31 | 31 | end |
| 32 | + | |
| 33 | + group_kinds = %w(community enterprise) | |
| 34 | + group_kinds.each do |kind| | |
| 35 | + should "delete #{kind} from profile id with permission" do | |
| 36 | + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) | |
| 37 | + give_permission(@person, 'destroy_profile', profile) | |
| 38 | + assert_not_nil Profile.find_by_id profile.id | |
| 39 | + | |
| 40 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 41 | + | |
| 42 | + assert_equal 200, last_response.status | |
| 43 | + assert_nil Profile.find_by_id profile.id | |
| 44 | + end | |
| 45 | + | |
| 46 | + should "not delete #{kind} from profile id without permission" do | |
| 47 | + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) | |
| 48 | + assert_not_nil Profile.find_by_id profile.id | |
| 49 | + | |
| 50 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 51 | + | |
| 52 | + assert_equal 403, last_response.status | |
| 53 | + assert_not_nil Profile.find_by_id profile.id | |
| 54 | + end | |
| 55 | + end | |
| 56 | + | |
| 57 | + should 'person delete itself' do | |
| 58 | + delete "/api/v1/profiles/#{@person.id}?#{params.to_query}" | |
| 59 | + assert_equal 200, last_response.status | |
| 60 | + assert_nil Profile.find_by_id @person.id | |
| 61 | + end | |
| 62 | + | |
| 63 | + should 'only admin delete other people' do | |
| 64 | + profile = fast_create(Person, :environment_id => environment.id) | |
| 65 | + assert_not_nil Profile.find_by_id profile.id | |
| 66 | + | |
| 67 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 68 | + | |
| 69 | + assert_equal 403, last_response.status | |
| 70 | + assert_not_nil Profile.find_by_id profile.id | |
| 71 | + | |
| 72 | + environment.add_admin(@person) | |
| 73 | + | |
| 74 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | |
| 75 | + | |
| 76 | + assert_equal 200, last_response.status | |
| 77 | + assert_nil Profile.find_by_id profile.id | |
| 78 | + | |
| 79 | + end | |
| 32 | 80 | end | ... | ... |
-
mentioned in commit f80df4d26ee4368a1329da228d7ee2453f64afa1
