Download as
Browse Code »

Commit 15cd9768ff9d3e5fa95e3d3bb076ed10d8c2adae

Authored by Victor Costa
1 parent 56e31cda
Exists in ratings_minor_fixes and in 3 other branches fix_sign_up_form, organization_ratings_improvements, profile_api_improvements

api: do not create comment when article does not accept it

Showing 2 changed files with 11 additions and 0 deletions   Show diff stats
app/api/v1/comments.rb
  Diff comments   View file @15cd976
@@ -34,6 +34,7 @@ module Api @@ -34,6 +34,7 @@ module Api
34 post ":id/comments" do 34 post ":id/comments" do
35 authenticate! 35 authenticate!
36 article = find_article(environment.articles, params[:id]) 36 article = find_article(environment.articles, params[:id])
  37 + return forbidden! unless article.accept_comments?
37 options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article) 38 options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
38 begin 39 begin
39 comment = Comment.create!(options) 40 comment = Comment.create!(options)
test/api/comments_test.rb
  Diff comments   View file @15cd976
@@ -70,6 +70,16 @@ class CommentsTest < ActiveSupport::TestCase @@ -70,6 +70,16 @@ class CommentsTest < ActiveSupport::TestCase
70 assert_equal body, json['comment']['body'] 70 assert_equal body, json['comment']['body']
71 end 71 end
72 72
  73 + should 'not create comment when an article does not accept comments' do
  74 + login_api
  75 + article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", accept_comments: false)
  76 + body = 'My comment'
  77 + params.merge!({:body => body})
  78 + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  79 + json = JSON.parse(last_response.body)
  80 + assert_equal 403, last_response.status
  81 + end
  82 +
73 should 'logged user not comment an archived article' do 83 should 'logged user not comment an archived article' do
74 login_api 84 login_api
75 article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true) 85 article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true)