Download as
Browse Code »

Commit 0fbb8b5d7b13a5ad731e40534c2c6fc5bc9e1c9e

Authored by Victor Costa
1 parent 4f262d0c
Exists in profile_api_improvements and in 1 other branch fix_sign_up_form

api: add and remove members from profile

Showing 4 changed files with 81 additions and 1 deletions   Show diff stats
app/api/v1/people.rb
  Diff comments   View file @0fbb8b5
@@ -119,6 +119,20 @@ module Api @@ -119,6 +119,20 @@ module Api
119 members = select_filtered_collection_of(profile, 'members', params) 119 members = select_filtered_collection_of(profile, 'members', params)
120 present members, :with => Entities::Person, :current_person => current_person 120 present members, :with => Entities::Person, :current_person => current_person
121 end 121 end
  122 +
  123 + post do
  124 + authenticate!
  125 + profile = environment.profiles.find_by id: params[:profile_id]
  126 + profile.add_member(current_person) rescue forbidden!
  127 + {pending: !current_person.is_member_of?(profile)}
  128 + end
  129 +
  130 + delete do
  131 + authenticate!
  132 + profile = environment.profiles.find_by id: params[:profile_id]
  133 + profile.remove_member(current_person)
  134 + present current_person, :with => Entities::Person, :current_person => current_person
  135 + end
122 end 136 end
123 end 137 end
124 end 138 end
app/models/profile.rb
  Diff comments   View file @0fbb8b5
@@ -758,7 +758,7 @@ private :generate_url, :url_options @@ -758,7 +758,7 @@ private :generate_url, :url_options
758 758
759 # Adds a person as member of this Profile. 759 # Adds a person as member of this Profile.
760 def add_member(person, attributes={}) 760 def add_member(person, attributes={})
761 - if self.has_members? 761 + if self.has_members? && !self.secret
762 if self.closed? && members.count > 0 762 if self.closed? && members.count > 0
763 AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person) 763 AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
764 else 764 else
test/api/people_test.rb
  Diff comments   View file @0fbb8b5
@@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase @@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase
397 assert_not_nil person.image 397 assert_not_nil person.image
398 assert_equal person.image.filename, base64_image[:filename] 398 assert_equal person.image.filename, base64_image[:filename]
399 end 399 end
  400 +
  401 + should 'add logged person as member of a profile' do
  402 + login_api
  403 + profile = fast_create(Community)
  404 + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
  405 + json = JSON.parse(last_response.body)
  406 + assert_equal json['pending'], false
  407 + assert person.is_member_of?(profile)
  408 + end
  409 +
  410 + should 'create task when add logged person as member of a moderated profile' do
  411 + login_api
  412 + profile = fast_create(Community, public_profile: false)
  413 + profile.add_member(create_user.person)
  414 + profile.closed = true
  415 + profile.save!
  416 + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
  417 + json = JSON.parse(last_response.body)
  418 + assert_equal json['pending'], true
  419 + assert !person.is_member_of?(profile)
  420 + end
  421 +
  422 + should 'remove logged person as member of a profile' do
  423 + login_api
  424 + profile = fast_create(Community)
  425 + profile.add_member(person)
  426 + delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
  427 + json = JSON.parse(last_response.body)
  428 + assert_equal person.identifier, json['person']['identifier']
  429 + assert !person.is_member_of?(profile)
  430 + end
  431 +
  432 + should 'forbid access to add members for non logged user' do
  433 + profile = fast_create(Community)
  434 + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
  435 + assert_equal 401, last_response.status
  436 + end
  437 +
  438 + should 'forbid access to remove members for non logged user' do
  439 + profile = fast_create(Community)
  440 + delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
  441 + assert_equal 401, last_response.status
  442 + end
  443 +
  444 + should 'forbid to add person as member when the profile does not allow' do
  445 + login_api
  446 + profile = fast_create(Person)
  447 + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
  448 + assert_equal 403, last_response.status
  449 + end
  450 +
  451 + should 'forbid to add person as member when the profile is secret' do
  452 + login_api
  453 + profile = fast_create(Community, secret: true)
  454 + post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
  455 + assert !person.is_member_of?(profile)
  456 + assert_equal 403, last_response.status
  457 + end
400 end 458 end
test/unit/profile_test.rb
  Diff comments   View file @0fbb8b5
@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase @@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase
2224 assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil) 2224 assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
2225 end 2225 end
2226 end 2226 end
  2227 +
  2228 + should 'not allow to add members in secret profiles' do
  2229 + c = fast_create(Community, secret: true)
  2230 + p = create_user('mytestuser').person
  2231 + assert_raise RuntimeError do
  2232 + c.add_member(p)
  2233 + end
  2234 + end
2227 end 2235 end