Commit 15cd9768ff9d3e5fa95e3d3bb076ed10d8c2adae
1 parent
56e31cda
Exists in
ratings_minor_fixes
and in
3 other branches
api: do not create comment when article does not accept it
Showing
2 changed files
with
11 additions
and
0 deletions
Show diff stats
app/api/v1/comments.rb
| ... | ... | @@ -34,6 +34,7 @@ module Api |
| 34 | 34 | post ":id/comments" do |
| 35 | 35 | authenticate! |
| 36 | 36 | article = find_article(environment.articles, params[:id]) |
| 37 | + return forbidden! unless article.accept_comments? | |
| 37 | 38 | options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article) |
| 38 | 39 | begin |
| 39 | 40 | comment = Comment.create!(options) | ... | ... |
test/api/comments_test.rb
| ... | ... | @@ -70,6 +70,16 @@ class CommentsTest < ActiveSupport::TestCase |
| 70 | 70 | assert_equal body, json['comment']['body'] |
| 71 | 71 | end |
| 72 | 72 | |
| 73 | + should 'not create comment when an article does not accept comments' do | |
| 74 | + login_api | |
| 75 | + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", accept_comments: false) | |
| 76 | + body = 'My comment' | |
| 77 | + params.merge!({:body => body}) | |
| 78 | + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | |
| 79 | + json = JSON.parse(last_response.body) | |
| 80 | + assert_equal 403, last_response.status | |
| 81 | + end | |
| 82 | + | |
| 73 | 83 | should 'logged user not comment an archived article' do |
| 74 | 84 | login_api |
| 75 | 85 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true) | ... | ... |