Download as
Browse Code »

Commit 07fefd45aaa0ed60fd520334062287c34b8f0c01

Authored by Leandro Santos
Committed by Rodrigo Souto
1 parent 4b7e7897
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

adding people endpoint

Showing 6 changed files with 107 additions and 17 deletions   Show diff stats
app/models/organization.rb
  Diff comments   View file @07fefd4
@@ -8,6 +8,13 @@ class Organization < Profile @@ -8,6 +8,13 @@ class Organization < Profile
8 :display => %w[compact] 8 :display => %w[compact]
9 } 9 }
10 10
  11 + scope :visible_for_person, lambda { |person|
  12 + joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
  13 + .where(
  14 + ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
  15 + (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true]
  16 + ).uniq
  17 + }
11 18
12 settings_items :closed, :type => :boolean, :default => false 19 settings_items :closed, :type => :boolean, :default => false
13 def closed? 20 def closed?
app/models/person.rb
  Diff comments   View file @07fefd4
@@ -39,6 +39,14 @@ roles] } @@ -39,6 +39,14 @@ roles] }
39 { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] } 39 { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
40 } 40 }
41 41
  42 + scope :visible_for_person, lambda { |person|
  43 + joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"')
  44 + .where(
  45 + ['( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?)', person.id, true, true]
  46 + ).uniq
  47 + }
  48 +
  49 +
42 def has_permission_with_admin?(permission, resource) 50 def has_permission_with_admin?(permission, resource)
43 return true if resource.blank? || resource.admins.include?(self) 51 return true if resource.blank? || resource.admins.include?(self)
44 return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self) 52 return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
app/models/profile.rb
  Diff comments   View file @07fefd4
@@ -145,14 +145,6 @@ class Profile < ActiveRecord::Base @@ -145,14 +145,6 @@ class Profile < ActiveRecord::Base
145 scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false } 145 scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
146 scope :enabled, :conditions => { :enabled => true } 146 scope :enabled, :conditions => { :enabled => true }
147 147
148 - scope :visible_for_person, lambda { |person|  
149 - joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')  
150 - .where(  
151 - ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR  
152 - (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true]  
153 - ).uniq  
154 - }  
155 -  
156 # Subclasses must override this method 148 # Subclasses must override this method
157 scope :more_popular 149 scope :more_popular
158 150
lib/api/entities.rb
  Diff comments   View file @07fefd4
@@ -31,7 +31,9 @@ module API @@ -31,7 +31,9 @@ module API
31 expose :image, :using => Image 31 expose :image, :using => Image
32 end 32 end
33 33
34 - class Person < Profile;end; 34 + class Person < Profile
  35 + root 'people', 'person'
  36 + end
35 class Enterprise < Profile 37 class Enterprise < Profile
36 root 'enterprises', 'enterprise' 38 root 'enterprises', 'enterprise'
37 end 39 end
lib/api/v1/people.rb
  Diff comments   View file @07fefd4
@@ -17,12 +17,20 @@ module API @@ -17,12 +17,20 @@ module API
17 # GET /people?reference_id=10&limit=10&oldest 17 # GET /people?reference_id=10&limit=10&oldest
18 get do 18 get do
19 people = select_filtered_collection_of(environment, 'people', params) 19 people = select_filtered_collection_of(environment, 'people', params)
  20 + people = people.visible_for_person(current_person)
20 present people, :with => Entities::Person 21 present people, :with => Entities::Person
21 end 22 end
22 23
23 desc "Return the person information" 24 desc "Return the person information"
24 - get '/:id' do  
25 - present environment.people.find(params[:id]), :with => Entities::Person 25 + get ':id' do
  26 + person = environment.people.visible.find_by_id(params[:id])
  27 + present person, :with => Entities::Person
  28 + end
  29 +
  30 + desc "Return the person friends"
  31 + get ':id/friends' do
  32 + friends = current_person.friends.visible
  33 + present friends, :with => Entities::Person
26 end 34 end
27 35
28 end 36 end
test/unit/api/people_test.rb
  Diff comments   View file @07fefd4
@@ -6,24 +6,97 @@ class PeopleTest &lt; ActiveSupport::TestCase @@ -6,24 +6,97 @@ class PeopleTest &lt; ActiveSupport::TestCase
6 login_api 6 login_api
7 end 7 end
8 8
9 - should 'list persons' do  
10 - person1 = fast_create(Person) 9 +
  10 + should 'list all people' do
  11 + person1 = fast_create(Person, :public_profile => true)
11 person2 = fast_create(Person) 12 person2 = fast_create(Person)
  13 + get "/api/v1/people?#{params.to_query}"
  14 + json = JSON.parse(last_response.body)
  15 + assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}
  16 + end
  17 +
  18 + should 'not list invisible people' do
  19 + person1 = fast_create(Person)
  20 + fast_create(Person, :visible => false)
  21 +
  22 + get "/api/v1/people?#{params.to_query}"
  23 + json = JSON.parse(last_response.body)
  24 + assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
  25 + end
  26 +
  27 + should 'not list private people without permission' do
  28 + person1 = fast_create(Person)
  29 + fast_create(Person, :public_profile => false)
  30 +
  31 + get "/api/v1/people?#{params.to_query}"
  32 + json = JSON.parse(last_response.body)
  33 + assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
  34 + end
  35 +
  36 + should 'list private person for friends' do
  37 + p1 = fast_create(Person)
  38 + p2 = fast_create(Person, :public_profile => false)
  39 + person.add_friend(p2)
  40 + p2.add_friend(person)
12 41
13 get "/api/v1/people?#{params.to_query}" 42 get "/api/v1/people?#{params.to_query}"
14 json = JSON.parse(last_response.body) 43 json = JSON.parse(last_response.body)
  44 + assert_equivalent [p1.id, p2.id, person.id], json['people'].map {|c| c['id']}
  45 + end
  46 +
  47 + should 'get person' do
  48 + person = fast_create(Person)
  49 +
  50 + get "/api/v1/people/#{person.id}?#{params.to_query}"
  51 + json = JSON.parse(last_response.body)
  52 + assert_equal person.id, json['person']['id']
  53 + end
15 54
16 - assert_includes json.map {|c| c['id']}, person1.id  
17 - assert_includes json.map {|c| c['id']}, person2.id 55 + should 'not get invisible person' do
  56 + person = fast_create(Person, :visible => false)
  57 +
  58 + get "/api/v1/people/#{person.id}?#{params.to_query}"
  59 + json = JSON.parse(last_response.body)
  60 + assert json['person'].blank?
18 end 61 end
19 62
20 - should 'return one person by id' do 63 + should 'not get private people without permission' do
21 person = fast_create(Person) 64 person = fast_create(Person)
  65 + fast_create(Person, :public_profile => false)
  66 +
  67 + get "/api/v1/people/#{person.id}?#{params.to_query}"
  68 + json = JSON.parse(last_response.body)
  69 + assert_equal person.id, json['person']['id']
  70 + end
  71 +
  72 + should 'get private person for friends' do
  73 + person = fast_create(Person, :public_profile => false)
  74 + person.add_friend(person)
22 75
23 get "/api/v1/people/#{person.id}?#{params.to_query}" 76 get "/api/v1/people/#{person.id}?#{params.to_query}"
24 json = JSON.parse(last_response.body) 77 json = JSON.parse(last_response.body)
  78 + assert_equal person.id, json['person']['id']
  79 + end
  80 +
  81 + should 'list person friends' do
  82 + p = fast_create(Person)
  83 + fast_create(Person)
  84 + person.add_friend(p)
  85 +
  86 + get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
  87 + json = JSON.parse(last_response.body)
  88 + assert_equivalent [p.id], json['people'].map {|c| c['id']}
  89 + end
25 90
26 - assert_equal person.id, json['id'] 91 + should 'not list person friends invisible' do
  92 + p1 = fast_create(Person)
  93 + p2 = fast_create(Person, :visible => false)
  94 + person.add_friend(p1)
  95 + person.add_friend(p2)
  96 +
  97 + get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
  98 + json = JSON.parse(last_response.body)
  99 + assert_equivalent [p1.id], json['people'].map {|c| c['id']}
27 end 100 end
28 101
29 end 102 end