Commit 0ac23124e3948954d082c3c8348f29814ec34afd
1 parent
b164af65
Exists in
master
and in
20 other branches
api: fixes to merge api to rails 4
Signed-off-by: Tallys Martins <tallysmartins@yahoo.com.br> Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>
Showing
8 changed files
with
41 additions
and
62 deletions
Show diff stats
lib/noosfero/api/entities.rb
| ... | ... | @@ -6,15 +6,33 @@ module Noosfero |
| 6 | 6 | date.strftime('%Y/%m/%d %H:%M:%S') if date |
| 7 | 7 | end |
| 8 | 8 | |
| 9 | - def self.can_display? profile, options, field, admin_only = false | |
| 10 | - current = options[:current_person] | |
| 11 | - admin = !current.blank? && current.is_admin? | |
| 12 | - owner = !current.blank? && current == profile | |
| 13 | - public_field = profile.public_fields.include? field.to_s | |
| 14 | - friend = !current.blank? && current.friends.include?(profile) | |
| 9 | + PERMISSIONS = { | |
| 10 | + :admin => 0, | |
| 11 | + :self => 10, | |
| 12 | + :friend => 20, | |
| 13 | + :logged_user => 30, | |
| 14 | + :anonymous => 40 | |
| 15 | + } | |
| 16 | + | |
| 17 | + def self.can_display? profile, options, field, permission = :friend | |
| 18 | + return true if profile.public_fields.include?(field) | |
| 19 | + current_person = options[:current_person] | |
| 20 | + | |
| 21 | + current_permission = if current_person.present? | |
| 22 | + if current_person.is_admin? | |
| 23 | + :admin | |
| 24 | + elsif current_person == profile | |
| 25 | + :self | |
| 26 | + elsif current_person.friends.include?(profile) | |
| 27 | + :friend | |
| 28 | + else | |
| 29 | + :logged_user | |
| 30 | + end | |
| 31 | + else | |
| 32 | + :anonymous | |
| 33 | + end | |
| 15 | 34 | |
| 16 | - return true if admin | |
| 17 | - return !admin_only && (owner||friend||public_field) | |
| 35 | + PERMISSIONS[current_permission] <= PERMISSIONS[permission] | |
| 18 | 36 | end |
| 19 | 37 | |
| 20 | 38 | class Image < Entity |
| ... | ... | @@ -144,7 +162,7 @@ module Noosfero |
| 144 | 162 | end |
| 145 | 163 | |
| 146 | 164 | expose :person, :using => Person |
| 147 | - expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, true)} do |user, options| | |
| 165 | + expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options| | |
| 148 | 166 | output = {} |
| 149 | 167 | user.person.role_assignments.map do |role_assigment| |
| 150 | 168 | if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil? |
| ... | ... | @@ -156,6 +174,7 @@ module Noosfero |
| 156 | 174 | end |
| 157 | 175 | |
| 158 | 176 | class UserLogin < User |
| 177 | + root 'users', 'user' | |
| 159 | 178 | expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'} |
| 160 | 179 | end |
| 161 | 180 | ... | ... |
lib/noosfero/api/session.rb
| ... | ... | @@ -47,7 +47,7 @@ module Noosfero |
| 47 | 47 | begin |
| 48 | 48 | user.signup! |
| 49 | 49 | user.generate_private_token! if user.activated? |
| 50 | - present user, :with => Entities::UserLogin, :current_person => current_person | |
| 50 | + present user, :with => Entities::UserLogin, :current_person => user.person | |
| 51 | 51 | rescue ActiveRecord::RecordInvalid |
| 52 | 52 | message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json |
| 53 | 53 | render_api_error!(message, 400) | ... | ... |
lib/noosfero/api/v1/search.rb
| ... | ... | @@ -13,7 +13,7 @@ module Noosfero |
| 13 | 13 | context = environment |
| 14 | 14 | |
| 15 | 15 | profile = environment.profiles.find(params[:profile_id]) if params[:profile_id] |
| 16 | - scope = profile.nil? ? environment.articles.public : profile.articles.public | |
| 16 | + scope = profile.nil? ? environment.articles.is_public : profile.articles.is_public | |
| 17 | 17 | scope = scope.where(:type => params[:type]) if params[:type] && !(params[:type] == 'Article') |
| 18 | 18 | scope = scope.where(:parent_id => params[:parent_id]) if params[:parent_id].present? |
| 19 | 19 | scope = scope.joins(:categories).where(:categories => {:id => params[:category_ids]}) if params[:category_ids].present? |
| ... | ... | @@ -22,11 +22,11 @@ module Noosfero |
| 22 | 22 | |
| 23 | 23 | options = {:filter => order, :template_id => params[:template_id]} |
| 24 | 24 | |
| 25 | - paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)} | |
| 25 | + paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)}.symbolize_keys | |
| 26 | 26 | paginate_options.each_pair{|k,v| v=v.to_i} |
| 27 | 27 | paginate_options[:page]=1 if !paginate_options.keys.include?(:page) |
| 28 | 28 | |
| 29 | - search_result = find_by_contents(asset, context, scope, query, paginate_options.symbolize_keys, options) | |
| 29 | + search_result = find_by_contents(asset, context, scope, query, paginate_options, options) | |
| 30 | 30 | |
| 31 | 31 | articles = search_result[:results] |
| 32 | 32 | ... | ... |
lib/noosfero/api/v1/users.rb
| ... | ... | @@ -12,19 +12,6 @@ module Noosfero |
| 12 | 12 | present users, :with => Entities::User, :current_person => current_person |
| 13 | 13 | end |
| 14 | 14 | |
| 15 | - # Example Request: | |
| 16 | - # POST api/v1/users?user[login]=some_login&user[password]=some | |
| 17 | - post do | |
| 18 | - user = User.new(params[:user]) | |
| 19 | - user.terms_of_use = environment.terms_of_use | |
| 20 | - user.environment = environment | |
| 21 | - if !user.save | |
| 22 | - render_api_errors!(user.errors.full_messages) | |
| 23 | - end | |
| 24 | - | |
| 25 | - present user, :with => Entities::User, :current_person => current_person | |
| 26 | - end | |
| 27 | - | |
| 28 | 15 | get "/me" do |
| 29 | 16 | present current_user, :with => Entities::User, :current_person => current_person |
| 30 | 17 | end | ... | ... |
test/unit/api/search_test.rb
| 1 | -require File.dirname(__FILE__) + '/test_helper' | |
| 1 | +require_relative 'test_helper' | |
| 2 | 2 | |
| 3 | 3 | class SearchTest < ActiveSupport::TestCase |
| 4 | 4 | |
| ... | ... | @@ -130,9 +130,10 @@ class SearchTest < ActiveSupport::TestCase |
| 130 | 130 | article2.categories<< category2 |
| 131 | 131 | get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}" |
| 132 | 132 | json = JSON.parse(last_response.body) |
| 133 | + ids = [article1.id, article2.id] | |
| 133 | 134 | assert_equal 2, json['articles'].count |
| 134 | - assert_equal article1.id, json['articles'].first["id"] | |
| 135 | - assert_equal article2.id, json['articles'].last["id"] | |
| 136 | - end | |
| 135 | + assert_includes ids, json['articles'].first["id"] | |
| 136 | + assert_includes ids, json['articles'].last["id"] | |
| 137 | + end | |
| 137 | 138 | |
| 138 | 139 | end | ... | ... |
test/unit/api/session_test.rb
| ... | ... | @@ -156,10 +156,8 @@ class SessionTest < ActiveSupport::TestCase |
| 156 | 156 | end |
| 157 | 157 | |
| 158 | 158 | should 'change user password and close task' do |
| 159 | - user = create_user | |
| 160 | - user.activate | |
| 161 | - task = ChangePassword.create!(:requestor => user.person) | |
| 162 | - params = {:code => task.code, :password => 'secret', :password_confirmation => 'secret'} | |
| 159 | + task = ChangePassword.create!(:requestor => @person) | |
| 160 | + params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'}) | |
| 163 | 161 | patch "/api/v1/new_password?#{params.to_query}" |
| 164 | 162 | assert_equal Task::Status::FINISHED, task.reload.status |
| 165 | 163 | assert user.reload.authenticated?('secret') | ... | ... |
test/unit/api/test_helper.rb
test/unit/api/users_test.rb
| 1 | 1 | # encoding: UTF-8 |
| 2 | -require File.dirname(__FILE__) + '/test_helper' | |
| 2 | +require_relative 'test_helper' | |
| 3 | 3 | |
| 4 | 4 | class UsersTest < ActiveSupport::TestCase |
| 5 | 5 | |
| ... | ... | @@ -13,32 +13,6 @@ class UsersTest < ActiveSupport::TestCase |
| 13 | 13 | assert_includes json["users"].map { |a| a["login"] }, user.login |
| 14 | 14 | end |
| 15 | 15 | |
| 16 | - should 'create a user' do | |
| 17 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
| 18 | - post "/api/v1/users?#{params.to_query}" | |
| 19 | - json = JSON.parse(last_response.body) | |
| 20 | - assert_equal 'some', json['user']['login'] | |
| 21 | - end | |
| 22 | - | |
| 23 | - should 'not create duplicate user' do | |
| 24 | - params[:lang] = :"pt-BR" | |
| 25 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
| 26 | - post "/api/v1/users?#{params.to_query}" | |
| 27 | - json = JSON.parse(last_response.body) | |
| 28 | - assert_equal 'some', json['user']['login'] | |
| 29 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
| 30 | - post "/api/v1/users?#{params.to_query}" | |
| 31 | - json = JSON.parse(last_response.body) | |
| 32 | - assert_equal 'Username / Email já está em uso,e-Mail já está em uso', json['message'] | |
| 33 | - end | |
| 34 | - | |
| 35 | - should 'return 400 status for invalid user creation' do | |
| 36 | - params[:user] = {:login => 'some'} | |
| 37 | - post "/api/v1/users?#{params.to_query}" | |
| 38 | - json = JSON.parse(last_response.body) | |
| 39 | - assert_equal 400, last_response.status | |
| 40 | - end | |
| 41 | - | |
| 42 | 16 | should 'get user' do |
| 43 | 17 | get "/api/v1/users/#{user.id}?#{params.to_query}" |
| 44 | 18 | json = JSON.parse(last_response.body) | ... | ... |
-
mentioned in commit 7a5ef8200c65fc4429170ad986a858596870045c
