Commit 0b6f316d85fdebb2cd80b650f05ad9458b6b68fc
1 parent
464b8a1c
Exists in
send_email_to_admins
and in
5 other branches
api: list only published children when get an article
Showing
2 changed files
with
10 additions
and
1 deletions
Show diff stats
lib/noosfero/api/entities.rb
| @@ -203,7 +203,7 @@ module Noosfero | @@ -203,7 +203,7 @@ module Noosfero | ||
| 203 | root 'articles', 'article' | 203 | root 'articles', 'article' |
| 204 | expose :parent, :using => ArticleBase | 204 | expose :parent, :using => ArticleBase |
| 205 | expose :children, :using => ArticleBase do |article, options| | 205 | expose :children, :using => ArticleBase do |article, options| |
| 206 | - article.children.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE) | 206 | + article.children.published.limit(Noosfero::API::V1::Articles::MAX_PER_PAGE) |
| 207 | end | 207 | end |
| 208 | end | 208 | end |
| 209 | 209 |
test/api/articles_test.rb
| @@ -735,4 +735,13 @@ class ArticlesTest < ActiveSupport::TestCase | @@ -735,4 +735,13 @@ class ArticlesTest < ActiveSupport::TestCase | ||
| 735 | assert_not_includes json["article"].keys, "comments" | 735 | assert_not_includes json["article"].keys, "comments" |
| 736 | end | 736 | end |
| 737 | 737 | ||
| 738 | + should 'not list private child when get the parent article' do | ||
| 739 | + person = fast_create(Person, :environment_id => environment.id) | ||
| 740 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") | ||
| 741 | + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) | ||
| 742 | + get "/api/v1/articles/#{article.id}?#{params.to_query}" | ||
| 743 | + json = JSON.parse(last_response.body) | ||
| 744 | + assert_not_includes json['article']['children'].map {|a| a['id']}, child.id | ||
| 745 | + end | ||
| 746 | + | ||
| 738 | end | 747 | end |