Commit 0ac23124e3948954d082c3c8348f29814ec34afd
1 parent
b164af65
Exists in
master
and in
20 other branches
api: fixes to merge api to rails 4
Signed-off-by: Tallys Martins <tallysmartins@yahoo.com.br> Signed-off-by: Marcos Ronaldo <marcos.rpj2@gmail.com>
Showing
8 changed files
with
41 additions
and
62 deletions
Show diff stats
lib/noosfero/api/entities.rb
... | ... | @@ -6,15 +6,33 @@ module Noosfero |
6 | 6 | date.strftime('%Y/%m/%d %H:%M:%S') if date |
7 | 7 | end |
8 | 8 | |
9 | - def self.can_display? profile, options, field, admin_only = false | |
10 | - current = options[:current_person] | |
11 | - admin = !current.blank? && current.is_admin? | |
12 | - owner = !current.blank? && current == profile | |
13 | - public_field = profile.public_fields.include? field.to_s | |
14 | - friend = !current.blank? && current.friends.include?(profile) | |
9 | + PERMISSIONS = { | |
10 | + :admin => 0, | |
11 | + :self => 10, | |
12 | + :friend => 20, | |
13 | + :logged_user => 30, | |
14 | + :anonymous => 40 | |
15 | + } | |
16 | + | |
17 | + def self.can_display? profile, options, field, permission = :friend | |
18 | + return true if profile.public_fields.include?(field) | |
19 | + current_person = options[:current_person] | |
20 | + | |
21 | + current_permission = if current_person.present? | |
22 | + if current_person.is_admin? | |
23 | + :admin | |
24 | + elsif current_person == profile | |
25 | + :self | |
26 | + elsif current_person.friends.include?(profile) | |
27 | + :friend | |
28 | + else | |
29 | + :logged_user | |
30 | + end | |
31 | + else | |
32 | + :anonymous | |
33 | + end | |
15 | 34 | |
16 | - return true if admin | |
17 | - return !admin_only && (owner||friend||public_field) | |
35 | + PERMISSIONS[current_permission] <= PERMISSIONS[permission] | |
18 | 36 | end |
19 | 37 | |
20 | 38 | class Image < Entity |
... | ... | @@ -144,7 +162,7 @@ module Noosfero |
144 | 162 | end |
145 | 163 | |
146 | 164 | expose :person, :using => Person |
147 | - expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, true)} do |user, options| | |
165 | + expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options| | |
148 | 166 | output = {} |
149 | 167 | user.person.role_assignments.map do |role_assigment| |
150 | 168 | if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil? |
... | ... | @@ -156,6 +174,7 @@ module Noosfero |
156 | 174 | end |
157 | 175 | |
158 | 176 | class UserLogin < User |
177 | + root 'users', 'user' | |
159 | 178 | expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'} |
160 | 179 | end |
161 | 180 | ... | ... |
lib/noosfero/api/session.rb
... | ... | @@ -47,7 +47,7 @@ module Noosfero |
47 | 47 | begin |
48 | 48 | user.signup! |
49 | 49 | user.generate_private_token! if user.activated? |
50 | - present user, :with => Entities::UserLogin, :current_person => current_person | |
50 | + present user, :with => Entities::UserLogin, :current_person => user.person | |
51 | 51 | rescue ActiveRecord::RecordInvalid |
52 | 52 | message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json |
53 | 53 | render_api_error!(message, 400) | ... | ... |
lib/noosfero/api/v1/search.rb
... | ... | @@ -13,7 +13,7 @@ module Noosfero |
13 | 13 | context = environment |
14 | 14 | |
15 | 15 | profile = environment.profiles.find(params[:profile_id]) if params[:profile_id] |
16 | - scope = profile.nil? ? environment.articles.public : profile.articles.public | |
16 | + scope = profile.nil? ? environment.articles.is_public : profile.articles.is_public | |
17 | 17 | scope = scope.where(:type => params[:type]) if params[:type] && !(params[:type] == 'Article') |
18 | 18 | scope = scope.where(:parent_id => params[:parent_id]) if params[:parent_id].present? |
19 | 19 | scope = scope.joins(:categories).where(:categories => {:id => params[:category_ids]}) if params[:category_ids].present? |
... | ... | @@ -22,11 +22,11 @@ module Noosfero |
22 | 22 | |
23 | 23 | options = {:filter => order, :template_id => params[:template_id]} |
24 | 24 | |
25 | - paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)} | |
25 | + paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)}.symbolize_keys | |
26 | 26 | paginate_options.each_pair{|k,v| v=v.to_i} |
27 | 27 | paginate_options[:page]=1 if !paginate_options.keys.include?(:page) |
28 | 28 | |
29 | - search_result = find_by_contents(asset, context, scope, query, paginate_options.symbolize_keys, options) | |
29 | + search_result = find_by_contents(asset, context, scope, query, paginate_options, options) | |
30 | 30 | |
31 | 31 | articles = search_result[:results] |
32 | 32 | ... | ... |
lib/noosfero/api/v1/users.rb
... | ... | @@ -12,19 +12,6 @@ module Noosfero |
12 | 12 | present users, :with => Entities::User, :current_person => current_person |
13 | 13 | end |
14 | 14 | |
15 | - # Example Request: | |
16 | - # POST api/v1/users?user[login]=some_login&user[password]=some | |
17 | - post do | |
18 | - user = User.new(params[:user]) | |
19 | - user.terms_of_use = environment.terms_of_use | |
20 | - user.environment = environment | |
21 | - if !user.save | |
22 | - render_api_errors!(user.errors.full_messages) | |
23 | - end | |
24 | - | |
25 | - present user, :with => Entities::User, :current_person => current_person | |
26 | - end | |
27 | - | |
28 | 15 | get "/me" do |
29 | 16 | present current_user, :with => Entities::User, :current_person => current_person |
30 | 17 | end | ... | ... |
test/unit/api/search_test.rb
1 | -require File.dirname(__FILE__) + '/test_helper' | |
1 | +require_relative 'test_helper' | |
2 | 2 | |
3 | 3 | class SearchTest < ActiveSupport::TestCase |
4 | 4 | |
... | ... | @@ -130,9 +130,10 @@ class SearchTest < ActiveSupport::TestCase |
130 | 130 | article2.categories<< category2 |
131 | 131 | get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}" |
132 | 132 | json = JSON.parse(last_response.body) |
133 | + ids = [article1.id, article2.id] | |
133 | 134 | assert_equal 2, json['articles'].count |
134 | - assert_equal article1.id, json['articles'].first["id"] | |
135 | - assert_equal article2.id, json['articles'].last["id"] | |
136 | - end | |
135 | + assert_includes ids, json['articles'].first["id"] | |
136 | + assert_includes ids, json['articles'].last["id"] | |
137 | + end | |
137 | 138 | |
138 | 139 | end | ... | ... |
test/unit/api/session_test.rb
... | ... | @@ -156,10 +156,8 @@ class SessionTest < ActiveSupport::TestCase |
156 | 156 | end |
157 | 157 | |
158 | 158 | should 'change user password and close task' do |
159 | - user = create_user | |
160 | - user.activate | |
161 | - task = ChangePassword.create!(:requestor => user.person) | |
162 | - params = {:code => task.code, :password => 'secret', :password_confirmation => 'secret'} | |
159 | + task = ChangePassword.create!(:requestor => @person) | |
160 | + params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'}) | |
163 | 161 | patch "/api/v1/new_password?#{params.to_query}" |
164 | 162 | assert_equal Task::Status::FINISHED, task.reload.status |
165 | 163 | assert user.reload.authenticated?('secret') | ... | ... |
test/unit/api/test_helper.rb
test/unit/api/users_test.rb
1 | 1 | # encoding: UTF-8 |
2 | -require File.dirname(__FILE__) + '/test_helper' | |
2 | +require_relative 'test_helper' | |
3 | 3 | |
4 | 4 | class UsersTest < ActiveSupport::TestCase |
5 | 5 | |
... | ... | @@ -13,32 +13,6 @@ class UsersTest < ActiveSupport::TestCase |
13 | 13 | assert_includes json["users"].map { |a| a["login"] }, user.login |
14 | 14 | end |
15 | 15 | |
16 | - should 'create a user' do | |
17 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
18 | - post "/api/v1/users?#{params.to_query}" | |
19 | - json = JSON.parse(last_response.body) | |
20 | - assert_equal 'some', json['user']['login'] | |
21 | - end | |
22 | - | |
23 | - should 'not create duplicate user' do | |
24 | - params[:lang] = :"pt-BR" | |
25 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
26 | - post "/api/v1/users?#{params.to_query}" | |
27 | - json = JSON.parse(last_response.body) | |
28 | - assert_equal 'some', json['user']['login'] | |
29 | - params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'} | |
30 | - post "/api/v1/users?#{params.to_query}" | |
31 | - json = JSON.parse(last_response.body) | |
32 | - assert_equal 'Username / Email já está em uso,e-Mail já está em uso', json['message'] | |
33 | - end | |
34 | - | |
35 | - should 'return 400 status for invalid user creation' do | |
36 | - params[:user] = {:login => 'some'} | |
37 | - post "/api/v1/users?#{params.to_query}" | |
38 | - json = JSON.parse(last_response.body) | |
39 | - assert_equal 400, last_response.status | |
40 | - end | |
41 | - | |
42 | 16 | should 'get user' do |
43 | 17 | get "/api/v1/users/#{user.id}?#{params.to_query}" |
44 | 18 | json = JSON.parse(last_response.body) | ... | ... |
-
mentioned in commit 7a5ef8200c65fc4429170ad986a858596870045c