From 0ac23124e3948954d082c3c8348f29814ec34afd Mon Sep 17 00:00:00 2001
From: Rodrigo Souto <rodrigo@colivre.coop.br>
Date: Thu, 12 Nov 2015 16:21:12 -0300
Subject: [PATCH] api: fixes to merge api to rails 4

---
 lib/noosfero/api/entities.rb  | 37 ++++++++++++++++++++++++++++---------
 lib/noosfero/api/session.rb   |  2 +-
 lib/noosfero/api/v1/search.rb |  6 +++---
 lib/noosfero/api/v1/users.rb  | 13 -------------
 test/unit/api/search_test.rb  |  9 +++++----
 test/unit/api/session_test.rb |  6 ++----
 test/unit/api/test_helper.rb  |  2 +-
 test/unit/api/users_test.rb   | 28 +---------------------------
 8 files changed, 41 insertions(+), 62 deletions(-)

diff --git a/lib/noosfero/api/entities.rb b/lib/noosfero/api/entities.rb
index 28394e8..8281cb3 100644
--- a/lib/noosfero/api/entities.rb
+++ b/lib/noosfero/api/entities.rb
@@ -6,15 +6,33 @@ module Noosfero
         date.strftime('%Y/%m/%d %H:%M:%S') if date
       end
 
-      def self.can_display? profile, options, field, admin_only = false
-        current = options[:current_person]
-        admin = !current.blank? && current.is_admin?
-        owner = !current.blank? && current == profile
-        public_field = profile.public_fields.include? field.to_s
-        friend = !current.blank? && current.friends.include?(profile)
+      PERMISSIONS = {
+        :admin => 0,
+        :self  => 10,
+        :friend => 20,
+        :logged_user => 30,
+        :anonymous => 40
+      }
+
+      def self.can_display? profile, options, field, permission = :friend
+        return true if profile.public_fields.include?(field)
+        current_person = options[:current_person]
+
+        current_permission = if current_person.present?
+          if current_person.is_admin?
+            :admin
+          elsif current_person == profile
+            :self
+          elsif current_person.friends.include?(profile)
+            :friend
+          else
+            :logged_user
+          end
+        else
+          :anonymous
+        end
 
-        return true if admin
-        return !admin_only && (owner||friend||public_field)
+        PERMISSIONS[current_permission] <= PERMISSIONS[permission]
       end
 
       class Image < Entity
@@ -144,7 +162,7 @@ module Noosfero
         end
 
         expose :person, :using => Person
-        expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, true)} do |user, options|
+        expose :permissions, :if => lambda{|user,options| Entities.can_display?(user.person, options, :permissions, :self)} do |user, options|
           output = {}
           user.person.role_assignments.map do |role_assigment|
             if role_assigment.resource.respond_to?(:identifier) && !role_assigment.role.nil?
@@ -156,6 +174,7 @@ module Noosfero
       end
 
       class UserLogin < User
+        root 'users', 'user'
         expose :private_token, documentation: {type: 'String', desc: 'A valid authentication code for post/delete api actions'}
       end
 
diff --git a/lib/noosfero/api/session.rb b/lib/noosfero/api/session.rb
index d995f9e..879875f 100644
--- a/lib/noosfero/api/session.rb
+++ b/lib/noosfero/api/session.rb
@@ -47,7 +47,7 @@ module Noosfero
         begin
           user.signup!
           user.generate_private_token! if user.activated?
-          present user, :with => Entities::UserLogin, :current_person => current_person
+          present user, :with => Entities::UserLogin, :current_person => user.person
         rescue ActiveRecord::RecordInvalid
           message = user.errors.as_json.merge((user.person.present? ? user.person.errors : {}).as_json).to_json
           render_api_error!(message, 400)
diff --git a/lib/noosfero/api/v1/search.rb b/lib/noosfero/api/v1/search.rb
index e678254..58a70fc 100644
--- a/lib/noosfero/api/v1/search.rb
+++ b/lib/noosfero/api/v1/search.rb
@@ -13,7 +13,7 @@ module Noosfero
               context = environment
 
               profile = environment.profiles.find(params[:profile_id]) if params[:profile_id]
-              scope = profile.nil? ? environment.articles.public : profile.articles.public
+              scope = profile.nil? ? environment.articles.is_public : profile.articles.is_public
               scope = scope.where(:type => params[:type]) if params[:type] && !(params[:type] == 'Article')
               scope = scope.where(:parent_id => params[:parent_id]) if params[:parent_id].present?
               scope = scope.joins(:categories).where(:categories => {:id => params[:category_ids]}) if params[:category_ids].present?
@@ -22,11 +22,11 @@ module Noosfero
 
               options = {:filter => order, :template_id => params[:template_id]}
 
-              paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)}
+              paginate_options = params.select{|k,v| [:page, :per_page].include?(k.to_sym)}.symbolize_keys
               paginate_options.each_pair{|k,v| v=v.to_i}
               paginate_options[:page]=1 if !paginate_options.keys.include?(:page)
 
-              search_result = find_by_contents(asset, context, scope, query, paginate_options.symbolize_keys, options)
+              search_result = find_by_contents(asset, context, scope, query, paginate_options, options)
 
               articles = search_result[:results]
 
diff --git a/lib/noosfero/api/v1/users.rb b/lib/noosfero/api/v1/users.rb
index 9f2639f..c62adde 100644
--- a/lib/noosfero/api/v1/users.rb
+++ b/lib/noosfero/api/v1/users.rb
@@ -12,19 +12,6 @@ module Noosfero
             present users, :with => Entities::User, :current_person => current_person
           end
 
-          # Example Request:
-          #  POST api/v1/users?user[login]=some_login&user[password]=some
-          post do
-            user = User.new(params[:user])
-            user.terms_of_use = environment.terms_of_use
-            user.environment = environment
-            if !user.save
-              render_api_errors!(user.errors.full_messages)
-            end
-
-            present user, :with => Entities::User, :current_person => current_person
-          end
-
           get "/me" do
             present current_user, :with => Entities::User, :current_person => current_person
           end
diff --git a/test/unit/api/search_test.rb b/test/unit/api/search_test.rb
index cb080e5..0079db5 100644
--- a/test/unit/api/search_test.rb
+++ b/test/unit/api/search_test.rb
@@ -1,4 +1,4 @@
-require File.dirname(__FILE__) + '/test_helper'
+require_relative 'test_helper'
 
 class SearchTest < ActiveSupport::TestCase
 
@@ -130,9 +130,10 @@ class SearchTest < ActiveSupport::TestCase
     article2.categories<< category2
     get "/api/v1/search/article?category_ids[]=#{category1.id}&category_ids[]=#{category2.id}"
     json = JSON.parse(last_response.body)
+    ids = [article1.id, article2.id]
     assert_equal 2, json['articles'].count
-    assert_equal article1.id, json['articles'].first["id"]
-    assert_equal article2.id, json['articles'].last["id"]
-  end  
+    assert_includes ids, json['articles'].first["id"]
+    assert_includes ids, json['articles'].last["id"]
+  end
 
 end
diff --git a/test/unit/api/session_test.rb b/test/unit/api/session_test.rb
index 742e21e..0ed75ae 100644
--- a/test/unit/api/session_test.rb
+++ b/test/unit/api/session_test.rb
@@ -156,10 +156,8 @@ class SessionTest < ActiveSupport::TestCase
   end
 
   should 'change user password and close task' do
-    user = create_user
-    user.activate
-    task = ChangePassword.create!(:requestor => user.person)
-    params = {:code => task.code, :password => 'secret', :password_confirmation => 'secret'}
+    task = ChangePassword.create!(:requestor => @person)
+    params.merge!({:code => task.code, :password => 'secret', :password_confirmation => 'secret'})
     patch "/api/v1/new_password?#{params.to_query}"
     assert_equal Task::Status::FINISHED, task.reload.status
     assert user.reload.authenticated?('secret')
diff --git a/test/unit/api/test_helper.rb b/test/unit/api/test_helper.rb
index fb6cbb8..d23237f 100644
--- a/test/unit/api/test_helper.rb
+++ b/test/unit/api/test_helper.rb
@@ -1,4 +1,4 @@
-require 'test_helper'
+require_relative '../../test_helper'
 
 class ActiveSupport::TestCase
 
diff --git a/test/unit/api/users_test.rb b/test/unit/api/users_test.rb
index e0c5980..0888380 100644
--- a/test/unit/api/users_test.rb
+++ b/test/unit/api/users_test.rb
@@ -1,5 +1,5 @@
 # encoding: UTF-8
-require File.dirname(__FILE__) + '/test_helper'
+require_relative 'test_helper'
 
 class UsersTest < ActiveSupport::TestCase
 
@@ -13,32 +13,6 @@ class UsersTest < ActiveSupport::TestCase
     assert_includes json["users"].map { |a| a["login"] }, user.login
   end
 
-  should 'create a user' do
-    params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}
-    post "/api/v1/users?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 'some', json['user']['login']
-  end
-
-  should 'not create duplicate user' do
-    params[:lang] = :"pt-BR"
-    params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}
-    post "/api/v1/users?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 'some', json['user']['login']
-    params[:user] = {:login => 'some', :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}
-    post "/api/v1/users?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 'Username / Email já está em uso,e-Mail já está em uso', json['message']
-  end
-
-  should 'return 400 status for invalid user creation' do
-    params[:user] = {:login => 'some'}
-    post "/api/v1/users?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 400, last_response.status
-  end
-
   should 'get user' do
     get "/api/v1/users/#{user.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
--
libgit2 0.21.2