api: add and remove members from profile

Victor Costa
1 parent 4f262d0c
Showing 4 changed files with 81 additions and 1 deletions Show diff stats
app/api/v1/people.rb
app/models/profile.rb
test/api/people_test.rb
test/unit/profile_test.rb
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end
@@ -758,7 +758,7 @@ private :generate_url, :url_options
  
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else
@@ -397,4 +397,62 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_not_nil person.image
     assert_equal person.image.filename, base64_image[:filename]
   end
+
+  should 'add logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], false
+    assert person.is_member_of?(profile)
+  end
+
+  should 'create task when add logged person as member of a moderated profile' do
+    login_api
+    profile = fast_create(Community, public_profile: false)
+    profile.add_member(create_user.person)
+    profile.closed = true
+    profile.save!
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], true
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'remove logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    profile.add_member(person)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.identifier, json['person']['identifier']
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'forbid access to add members for non logged user' do
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid access to remove members for non logged user' do
+    profile = fast_create(Community)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile does not allow' do
+    login_api
+    profile = fast_create(Person)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile is secret' do
+    login_api
+    profile = fast_create(Community, secret: true)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert !person.is_member_of?(profile)
+    assert_equal 403, last_response.status
+  end
 end
@@ -2224,4 +2224,12 @@ class ProfileTest &lt; ActiveSupport::TestCase
       assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
     end
   end
+
+  should 'not allow to add members in secret profiles' do
+    c = fast_create(Community, secret: true)
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_member(p)
+    end
+  end
 end
...	...	@@ -119,6 +119,20 @@ module Api
119	119	members = select_filtered_collection_of(profile, 'members', params)
120	120	present members, :with => Entities::Person, :current_person => current_person
121	121	end
	122	+
	123	+ post do
	124	+ authenticate!
	125	+ profile = environment.profiles.find_by id: params[:profile_id]
	126	+ profile.add_member(current_person) rescue forbidden!
	127	+ {pending: !current_person.is_member_of?(profile)}
	128	+ end
	129	+
	130	+ delete do
	131	+ authenticate!
	132	+ profile = environment.profiles.find_by id: params[:profile_id]
	133	+ profile.remove_member(current_person)
	134	+ present current_person, :with => Entities::Person, :current_person => current_person
	135	+ end
122	136	end
123	137	end
124	138	end
...	...
...	...	@@ -758,7 +758,7 @@ private :generate_url, :url_options
758	758
759	759	# Adds a person as member of this Profile.
760	760	def add_member(person, attributes={})
761		- if self.has_members?
	761	+ if self.has_members? && !self.secret
762	762	if self.closed? && members.count > 0
763	763	AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
764	764	else
...	...
...	...	@@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase
397	397	assert_not_nil person.image
398	398	assert_equal person.image.filename, base64_image[:filename]
399	399	end
	400	+
	401	+ should 'add logged person as member of a profile' do
	402	+ login_api
	403	+ profile = fast_create(Community)
	404	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
	405	+ json = JSON.parse(last_response.body)
	406	+ assert_equal json['pending'], false
	407	+ assert person.is_member_of?(profile)
	408	+ end
	409	+
	410	+ should 'create task when add logged person as member of a moderated profile' do
	411	+ login_api
	412	+ profile = fast_create(Community, public_profile: false)
	413	+ profile.add_member(create_user.person)
	414	+ profile.closed = true
	415	+ profile.save!
	416	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
	417	+ json = JSON.parse(last_response.body)
	418	+ assert_equal json['pending'], true
	419	+ assert !person.is_member_of?(profile)
	420	+ end
	421	+
	422	+ should 'remove logged person as member of a profile' do
	423	+ login_api
	424	+ profile = fast_create(Community)
	425	+ profile.add_member(person)
	426	+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
	427	+ json = JSON.parse(last_response.body)
	428	+ assert_equal person.identifier, json['person']['identifier']
	429	+ assert !person.is_member_of?(profile)
	430	+ end
	431	+
	432	+ should 'forbid access to add members for non logged user' do
	433	+ profile = fast_create(Community)
	434	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
	435	+ assert_equal 401, last_response.status
	436	+ end
	437	+
	438	+ should 'forbid access to remove members for non logged user' do
	439	+ profile = fast_create(Community)
	440	+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
	441	+ assert_equal 401, last_response.status
	442	+ end
	443	+
	444	+ should 'forbid to add person as member when the profile does not allow' do
	445	+ login_api
	446	+ profile = fast_create(Person)
	447	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
	448	+ assert_equal 403, last_response.status
	449	+ end
	450	+
	451	+ should 'forbid to add person as member when the profile is secret' do
	452	+ login_api
	453	+ profile = fast_create(Community, secret: true)
	454	+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
	455	+ assert !person.is_member_of?(profile)
	456	+ assert_equal 403, last_response.status
	457	+ end
400	458	end
...	...
...	...	@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase
2224	2224	assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
2225	2225	end
2226	2226	end
	2227	+
	2228	+ should 'not allow to add members in secret profiles' do
	2229	+ c = fast_create(Community, secret: true)
	2230	+ p = create_user('mytestuser').person
	2231	+ assert_raise RuntimeError do
	2232	+ c.add_member(p)
	2233	+ end
	2234	+ end
2227	2235	end
...	...