diff --git a/app/api/helpers.rb b/app/api/helpers.rb index 606b2e9..2dcae6b 100644 --- a/app/api/helpers.rb +++ b/app/api/helpers.rb @@ -4,7 +4,7 @@ require 'tempfile' module Api module Helpers PRIVATE_TOKEN_PARAM = :private_token - DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived] + ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived, :status] include SanitizeParams include Noosfero::Plugin::HotSpot @@ -124,8 +124,8 @@ module Api present_partial article, with: Entities::Article, params: params, current_person: current_person end - def present_articles_for_asset(asset, method = 'articles') - articles = find_articles(asset, method) + def present_articles_for_asset(asset, method_or_relation = 'articles') + articles = find_articles(asset, method_or_relation) present_articles(articles) end @@ -133,8 +133,8 @@ module Api present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person end - def find_articles(asset, method = 'articles') - articles = select_filtered_collection_of(asset, method, params) + def find_articles(asset, method_or_relation = 'articles') + articles = select_filtered_collection_of(asset, method_or_relation, params) if current_person.present? articles = articles.display_filter(current_person, nil) else @@ -143,8 +143,9 @@ module Api articles end - def find_task(asset, id) - task = asset.tasks.find_by(id: id) + def find_task(asset, method_or_relation, id) + task = is_a_relation?(method_or_relation) ? method_or_relation : asset.send(method_or_relation) + task = task.find_by_id(id) not_found! if task.blank? current_person.has_permission?(task.permission, asset) ? task : forbidden! end @@ -152,6 +153,7 @@ module Api def post_task(asset, params) klass_type= params[:content_type].nil? ? 'Task' : params[:content_type] return forbidden! unless klass_type.constantize <= Task + return forbidden! if !current_person.has_permission?(:perform_task, asset) task = klass_type.constantize.new(params[:task]) task.requestor_id = current_person.id @@ -164,15 +166,24 @@ module Api present_partial task, :with => Entities::Task end - def present_task(asset) - task = find_task(asset, params[:id]) + def find_tasks(asset, method_or_relation = 'tasks') + return forbidden! if !current_person.has_permission?(:perform_task, asset) + tasks = select_filtered_collection_of(asset, method_or_relation, params) + tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)} + tasks + end + + def present_task(asset, method_or_relation = 'tasks') + task = find_task(asset, method_or_relation, params[:id]) present_partial task, :with => Entities::Task end - def present_tasks(asset) - tasks = select_filtered_collection_of(asset, 'tasks', params) - tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)} - return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset) + def present_tasks_for_asset(asset, method_or_relation = 'tasks') + tasks = find_tasks(asset, method_or_relation) + present_tasks(tasks) + end + + def present_tasks(tasks) present_partial tasks, :with => Entities::Task end @@ -181,7 +192,6 @@ module Api conditions = {} from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from] until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until] - conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil? conditions[:created_at] = period(from_date, until_date) if from_date || until_date @@ -191,7 +201,7 @@ module Api end # changing make_order_with_parameters to avoid sql injection - def make_order_with_parameters(object, method, params) + def make_order_with_parameters(object, method_or_relation, params) order = "created_at DESC" unless params[:order].blank? if params[:order].include? '\'' or params[:order].include? '"' @@ -200,9 +210,9 @@ module Api order = 'RANDOM()' else field_name, direction = params[:order].split(' ') - assoc = object.class.reflect_on_association(method.to_sym) + assoc_class = extract_associated_classname(method_or_relation) if !field_name.blank? and assoc - if assoc.klass.attribute_names.include? field_name + if assoc_class.attribute_names.include? field_name if direction.present? and ['ASC','DESC'].include? direction.upcase order = "#{field_name} #{direction.upcase}" end @@ -213,12 +223,14 @@ module Api return order end - def make_timestamp_with_parameters_and_method(params, method) + def make_timestamp_with_parameters_and_method(params, method_or_relation) timestamp = nil if params[:timestamp] datetime = DateTime.parse(params[:timestamp]) - table_name = method.to_s.singularize.camelize.constantize.table_name - timestamp = "#{table_name}.updated_at >= '#{datetime}'" + table_name = extract_associated_tablename(method_or_relation) + assoc_class = extract_associated_classname(method_or_relation) + date_atrr = assoc_class.attribute_names.include?('updated_at') ? 'updated_at' : 'created_at' + timestamp = "#{table_name}.#{date_atrr} >= '#{datetime}'" end timestamp @@ -243,12 +255,12 @@ module Api end end - def select_filtered_collection_of(object, method, params) + def select_filtered_collection_of(object, method_or_relation, params) conditions = make_conditions_with_parameter(params) - order = make_order_with_parameters(object,method,params) - timestamp = make_timestamp_with_parameters_and_method(params, method) + order = make_order_with_parameters(object,method_or_relation,params) + timestamp = make_timestamp_with_parameters_and_method(params, method_or_relation) - objects = object.send(method) + objects = is_a_relation?(method_or_relation) ? method_or_relation : object.send(method_or_relation) objects = by_reference(objects, params) objects = by_categories(objects, params) @@ -394,10 +406,27 @@ module Api end private + def extract_associated_tablename(method_or_relation) + extract_associated_classname(method_or_relation).table_name + end + + def extract_associated_classname(method_or_relation) + if is_a_relation?(method_or_relation) + method_or_relation.blank? ? '' : method_or_relation.first.class + else + method_or_relation.to_s.singularize.camelize.constantize + end + end + + def is_a_relation?(method_or_relation) + method_or_relation.kind_of?(ActiveRecord::Relation) + end + + def parser_params(params) parsed_params = {} params.map do |k,v| - parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym) + parsed_params[k.to_sym] = v if ALLOWED_PARAMETERS.include?(k.to_sym) end parsed_params end diff --git a/app/api/v1/tasks.rb b/app/api/v1/tasks.rb index 8654335..2c283bd 100644 --- a/app/api/v1/tasks.rb +++ b/app/api/v1/tasks.rb @@ -8,7 +8,7 @@ module Api resource :tasks do paginate max_per_page: MAX_PER_PAGE - # Collect tasks + # Collect all tasks that current person has permission # # Parameters: # from - date where the search will begin. If nothing is passed the default date will be the date of the first article created @@ -18,19 +18,13 @@ module Api # Example Request: # GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317 get do - if params[:all_pending].present? - tasks = current_person.all_pending_tasks - else - tasks = select_filtered_collection_of(environment, 'tasks', params) - tasks = tasks.select {|t| current_person.has_permission?(t.permission, environment)} - end - present_partial paginate(tasks), :with => Entities::Task + tasks = Task.to(current_person) + present_tasks_for_asset(current_person, tasks) end desc "Return the task id" get ':id' do - task = find_task(environment, params[:id]) - present_partial task, :with => Entities::Task + present_task(current_person, Task.to(current_person)) end %w[finish cancel].each do |action| @@ -51,7 +45,8 @@ module Api resource :tasks do get do profile = environment.send(kind.pluralize).find(params["#{kind}_id"]) - present_tasks(profile) + tasks = Task.to(profile) + present_tasks_for_asset(profile, tasks) end get ':id' do diff --git a/app/controllers/my_profile/tasks_controller.rb b/app/controllers/my_profile/tasks_controller.rb index 9b1bac5..50c5b44 100644 --- a/app/controllers/my_profile/tasks_controller.rb +++ b/app/controllers/my_profile/tasks_controller.rb @@ -14,7 +14,7 @@ class TasksController < MyProfileController @filter_text = params[:filter_text].presence @filter_responsible = params[:filter_responsible] @task_types = Task.pending_types_for(profile) - @tasks = Task.pending_all(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page]) + @tasks = Task.pending_all_by_filter(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page]) @tasks = @tasks.where(:responsible_id => @filter_responsible.to_i != -1 ? @filter_responsible : nil) if @filter_responsible.present? @tasks = @tasks.paginate(:per_page => Task.per_page, :page => params[:page]) @failed = params ? params[:failed] : {} @@ -101,7 +101,7 @@ class TasksController < MyProfileController def search_tasks filter_type = params[:filter_type].presence filter_text = params[:filter_text].presence - result = Task.pending_all(profile,filter_type, filter_text) + result = Task.pending_all_by_filter(profile,filter_type, filter_text) render :json => result.map { |task| {:label => task.data[:name], :value => task.data[:name]} } end diff --git a/app/models/person.rb b/app/models/person.rb index b264c30..828b536 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -440,12 +440,6 @@ class Person < Profile organization.tasks.pending.select{|task| self.has_permission?(task.permission, organization)} end - def all_pending_tasks - [self.memberships, environment].flatten.map do |target| - target.tasks.pending.select{|task| self.has_permission?(task.permission, target)} - end.flatten + tasks.pending - end - def build_contact(profile, params = {}) Contact.new(params.merge(:name => name, :email => email, :sender => self, :dest => profile)) end diff --git a/app/models/task.rb b/app/models/task.rb index 4bd1a71..9b20921 100644 --- a/app/models/task.rb +++ b/app/models/task.rb @@ -314,7 +314,7 @@ class Task < ApplicationRecord where "LOWER(#{field}) LIKE ?", "%#{value.downcase}%" end } - scope :pending_all, -> profile, filter_type, filter_text { + scope :pending_all_by_filter, -> profile, filter_type, filter_text { self.to(profile).without_spam.pending.of(filter_type).like('data', filter_text) } @@ -323,10 +323,17 @@ class Task < ApplicationRecord if profile.person? envs_ids = Environment.all.select{ |env| profile.is_admin?(env) }.map{ |env| "target_id = #{env.id}"}.join(' OR ') environment_condition = envs_ids.blank? ? nil : "(target_type = 'Environment' AND (#{envs_ids}))" + + organizations = profile.memberships.all.select do |organization| + profile.has_permission?(:perform_task, organization) + end + organization_ids = organizations.map{ |organization| "target_id = #{organization.id}"}.join(' OR ') + + organization_conditions = organization_ids.blank? ? nil : "(target_type = 'Profile' AND (#{organization_ids}))" end profile_condition = "(target_type = 'Profile' AND target_id = #{profile.id})" - where [environment_condition, profile_condition].compact.join(' OR ') + where [environment_condition, organization_conditions, profile_condition].compact.join(' OR ') } scope :from_closed_date, -> closed_from { diff --git a/test/api/task_test.rb b/test/api/task_test.rb index 15f8581..7e8b23e 100644 --- a/test/api/task_test.rb +++ b/test/api/task_test.rb @@ -11,7 +11,7 @@ class TasksTest < ActiveSupport::TestCase attr_accessor :person, :community, :environment - should 'list tasks of environment' do + should 'list environment tasks for admin user' do environment.add_admin(person) task = create(Task, :requestor => person, :target => environment) get "/api/v1/tasks?#{params.to_query}" @@ -53,134 +53,108 @@ class TasksTest < ActiveSupport::TestCase assert_equal 403, last_response.status end - ############################# - # Community Tasks # - ############################# + should 'find the current user task even it is finished' do + t3 = create(Task, :requestor => person, :target => person) + t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED) - should 'return task by community' do - community = fast_create(Community) - community.add_admin(person) - - task = create(Task, :requestor => person, :target => community) - assert person.is_member_of?(community) - - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}" + get "/api/v1/tasks/#{t4.id}?#{params.to_query}" json = JSON.parse(last_response.body) - assert_equal task.id, json["task"]["id"] + assert_equal t4.id, json["task"]["id"] end - should 'not return task by community for unlogged users' do - logout_api + should 'find the current user task even it is for community' do community = fast_create(Community) community.add_admin(person) + t2 = create(Task, :requestor => person, :target => community) - task = create(Task, :requestor => person, :target => community) - assert person.is_member_of?(community) + t3 = create(Task, :requestor => person, :target => person) - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}" + get "/api/v1/tasks/#{t2.id}?#{params.to_query}" json = JSON.parse(last_response.body) - assert_equal 401, last_response.status + assert_equal t2.id, json["task"]["id"] end - should 'not return task by community if user has no permission to view it' do - community = fast_create(Community) - task = create(Task, :requestor => person, :target => community) - assert !person.is_member_of?(community) + should 'find the current user task even it is for environment' do + environment.add_admin(person) + t1 = create(Task, :requestor => person, :target => environment) - get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}" - assert_equal 403, last_response.status - end + t3 = create(Task, :requestor => person, :target => person) - should 'create task in a community' do - community = fast_create(Community) - give_permission(person, 'perform_task', community) - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" + get "/api/v1/tasks/#{t1.id}?#{params.to_query}" json = JSON.parse(last_response.body) - assert_not_nil json["task"]["id"] + assert_equal t1.id, json["task"]["id"] end - should 'not create task in a community for unlogged users' do - logout_api - community = fast_create(Community) - give_permission(person, 'perform_task', community) - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 401, last_response.status - end - should 'create task defining the requestor as current profile logged in' do + should 'list all tasks of user' do + environment.add_admin(person) + t1 = create(Task, :requestor => person, :target => environment) + community = fast_create(Community) - community.add_member(person) + community.add_admin(person) + t2 = create(Task, :requestor => person, :target => community) - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) + t3 = create(Task, :requestor => person, :target => person) + t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED) - assert_equal person, Task.last.requestor + get "/api/v1/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [t1.id, t2.id, t3.id, t4.id], json["tasks"].map { |a| a["id"] } end - should 'create task defining the target as the community' do + should 'list all pending tasks of user' do + environment.add_admin(person) + t1 = create(Task, :requestor => person, :target => environment, :status => Task::Status::ACTIVE) + community = fast_create(Community) - community.add_member(person) + community.add_admin(person) + t2 = create(Task, :requestor => person, :target => community, :status => Task::Status::ACTIVE) - post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) + t3 = create(Task, :requestor => person, :target => person, :status => Task::Status::ACTIVE) + t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED) - assert_equal community, Task.last.target + get "/api/v1/tasks?#{params.merge(:status => Task::Status::ACTIVE).to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [t1.id, t2.id, t3.id], json["tasks"].map { |a| a["id"] } end - ############################# - # Person Tasks # - ############################# - should 'return task by person' do - task = create(Task, :requestor => person, :target => person) - get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal task.id, json["task"]["id"] - end + should 'list tasks with pagination' do + Task.destroy_all + t1 = create(Task, :requestor => person, :target => person) + t2 = create(Task, :requestor => person, :target => person) - should 'not return task by person for unlogged users' do - logout_api - task = create(Task, :requestor => person, :target => person) - get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 401, last_response.status - end + params[:page] = 1 + params[:per_page] = 1 + get "/api/v1/tasks/?#{params.to_query}" + json_page_one = JSON.parse(last_response.body) - should 'not return task by person if user has no permission to view it' do - some_person = fast_create(Person) - task = create(Task, :requestor => person, :target => some_person) + params[:page] = 2 + params[:per_page] = 1 + get "/api/v1/tasks/?#{params.to_query}" + json_page_two = JSON.parse(last_response.body) - get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}" - assert_equal 403, last_response.status - end + assert_includes json_page_one["tasks"].map { |a| a["id"] }, t2.id + assert_not_includes json_page_one["tasks"].map { |a| a["id"] }, t1.id - should 'create task for person' do - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_nil json["task"]["id"] + assert_includes json_page_two["tasks"].map { |a| a["id"] }, t1.id + assert_not_includes json_page_two["tasks"].map { |a| a["id"] }, t2.id end - should 'not create task in person for unlogged users' do - logout_api - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 401, last_response.status - end + should 'list tasks with timestamp' do + t1 = create(Task, :requestor => person, :target => person) + t2 = create(Task, :requestor => person, :target => person, :created_at => Time.zone.now) - should 'create task for another person' do - some_person = fast_create(Person) - post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) + t1.created_at = Time.zone.now + 3.hours + t1.save! - assert_equal some_person, Task.last.target - end - should 'create task defining the target as a person' do - post "/api/v1/people/#{person.id}/tasks?#{params.to_query}" + params[:timestamp] = Time.zone.now + 1.hours + get "/api/v1/tasks/?#{params.to_query}" json = JSON.parse(last_response.body) - assert_equal person, Task.last.target + assert_includes json["tasks"].map { |a| a["id"] }, t1.id + assert_not_includes json["tasks"].map { |a| a["id"] }, t2.id end task_actions=%w[finish cancel] @@ -206,80 +180,120 @@ class TasksTest < ActiveSupport::TestCase end end - ############################# - # Enterprise Tasks # - ############################# + ################################################# + # Person, Community and Enterprise Tasks # + ################################################# - should 'return task by enterprise' do - enterprise = fast_create(Enterprise) - enterprise.add_admin(person) + [Person, Community, Enterprise].map do |profile_class| + define_method "test_should_return_task_by_#{profile_class.name.underscore}" do + target = profile_class == Person ? person : fast_create(profile_class) + target.add_admin(person) if target.respond_to?('add_admin') - task = create(Task, :requestor => person, :target => enterprise) - assert person.is_member_of?(enterprise) + task = create(Task, :requestor => person, :target => target) + get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal task.id, json["task"]["id"] + end - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal task.id, json["task"]["id"] - end + define_method "test_should_not_return_task_ by#{profile_class.name.underscore}_for_unlogged_users" do + logout_api + target = profile_class == Person ? person : fast_create(profile_class) + target.add_admin(person) if target.respond_to?('add_admin') - should 'not return task by enterprise for unlogged users' do - logout_api - enterprise = fast_create(Enterprise) - enterprise.add_admin(person) + task = create(Task, :requestor => person, :target => target) + get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 401, last_response.status + end - task = create(Task, :requestor => person, :target => enterprise) - assert person.is_member_of?(enterprise) + define_method "test_should_not_return_task_by_#{profile_class.name.underscore}_if_user_has_no_permission_to_view_it" do + target = fast_create(profile_class) + task = create(Task, :requestor => person, :target => target) + + get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}" + assert_equal 403, last_response.status + end - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 401, last_response.status - end + define_method "test_should_create_task_for_#{profile_class.name.underscore}" do + target = profile_class == Person ? person : fast_create(profile_class) + Person.any_instance.expects(:has_permission?).with(:perform_task, target).returns(true) - should 'not return task by enterprise if user has no permission to view it' do - enterprise = fast_create(Enterprise) - task = create(Task, :requestor => person, :target => enterprise) - assert !person.is_member_of?(enterprise) + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_nil json["task"]["id"] + end - get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}" - assert_equal 403, last_response.status - end + define_method "test_should_not_create_task_for_#{profile_class.name.underscore}_person_has_no_permission" do + target = fast_create(profile_class) - should 'create task in a enterprise' do - enterprise = fast_create(Enterprise) - give_permission(person, 'perform_task', enterprise) - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_nil json["task"]["id"] + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 403, last_response.status + end + + define_method "test_should_not_create_task_in_#{profile_class.name.underscore}_for_unlogged_users" do + logout_api + target = profile_class == Person ? person : fast_create(profile_class) + Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true) + + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}" + + json = JSON.parse(last_response.body) + assert_equal 401, last_response.status + end + + define_method "test_should_create_task_defining_the_target_as_a_#{profile_class.name.underscore}" do + target = profile_class == Person ? person : fast_create(profile_class) + Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true) + + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal target, Task.last.target + end + + define_method "test_should_create_task_on_#{profile_class.name.underscore}_defining_the_requestor_as_current_profile_logged_in" do + target = profile_class == Person ? person : fast_create(profile_class) + Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true) + + post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_equal person, Task.last.requestor + end end - should 'not create task in a enterprise for unlogged users' do - logout_api - enterprise = fast_create(Enterprise) - give_permission(person, 'perform_task', enterprise) - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}" + should 'list all tasks of user in people context' do + environment.add_admin(person) + t1 = create(Task, :requestor => person, :target => environment) + + community = fast_create(Community) + community.add_admin(person) + t2 = create(Task, :requestor => person, :target => community) + + t3 = create(Task, :requestor => person, :target => person) + + get "/api/v1/people/#{person.id}/tasks?#{params.to_query}" json = JSON.parse(last_response.body) - assert_equal 401, last_response.status + assert_equivalent [t1.id, t2.id, t3.id], json["tasks"].map { |a| a["id"] } end - should 'create task defining the target as the enterprise' do - enterprise = fast_create(Enterprise) - enterprise.add_member(person) + should 'list all pending tasks of user in people context' do + environment.add_admin(person) + t1 = create(Task, :requestor => person, :target => environment) + t2 = create(Task, :requestor => person, :target => environment, :status => Task::Status::FINISHED ) - post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}" - json = JSON.parse(last_response.body) + community = fast_create(Community) + community.add_admin(person) + t3 = create(Task, :requestor => person, :target => community) + t4 = create(Task, :requestor => person, :target => community, :status => Task::Status::FINISHED) - assert_equal enterprise, Task.last.target - end + t5 = create(Task, :requestor => person, :target => person) + t6 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED) - should 'list all pending tasks for the current person' do - task1 = create(Task, :requestor => person, :target => person) - task2 = create(Task, :requestor => person, :target => person) - task3 = create(Task, :requestor => person, :target => person) - params[:per_page] = 2 - params[:all_pending] = true - get "/api/v1/tasks?#{params.to_query}" + get "/api/v1/people/#{person.id}/tasks?#{params.merge(:status => Task::Status::ACTIVE).to_query}" json = JSON.parse(last_response.body) - assert_equal [task3.id, task2.id], json["tasks"].map {|t| t["id"]} + assert_equivalent [t1.id, t3.id, t5.id], json["tasks"].map { |a| a["id"] } end end diff --git a/test/unit/person_test.rb b/test/unit/person_test.rb index 44ae367..ea94e2f 100644 --- a/test/unit/person_test.rb +++ b/test/unit/person_test.rb @@ -2006,21 +2006,4 @@ class PersonTest < ActiveSupport::TestCase assert_equivalent [circle2], ProfileFollower.with_profile(community).with_follower(person).map(&:circle) end - should 'return all pending task for a person' do - person = create_user('testuser').person - community1 = fast_create(Community) - community1.add_admin(person) - community2 = fast_create(Community) - task1 = Task.new - task2 = Task.new - task3 = Task.new - task4 = Task.new - person.tasks << task1 - community1.tasks << task2 - community2.tasks << task3 - person.environment.tasks << task4 - person.environment.add_admin(person) - assert_equivalent [task4, task2, task1], person.all_pending_tasks - end - end diff --git a/test/unit/task_test.rb b/test/unit/task_test.rb index 2c570ee..7987142 100644 --- a/test/unit/task_test.rb +++ b/test/unit/task_test.rb @@ -324,24 +324,6 @@ class TaskTest < ActiveSupport::TestCase task.activate end - should 'filter tasks to a profile' do - requestor = fast_create(Person) - person = fast_create(Person) - another_person = fast_create(Person) - environment = Environment.default - environment.add_admin(person) - t1 = create(Task, :requestor => requestor, :target => person) - t2 = create(Task, :requestor => requestor, :target => person) - t3 = create(Task, :requestor => requestor, :target => environment) - t4 = create(Task, :requestor => requestor, :target => another_person) - - assert_includes Task.to(person), t1 - assert_includes Task.to(person), t2 - assert_includes Task.to(person), t3 - assert_not_includes Task.to(person), t4 - assert_includes Task.to(another_person), t4 - end - should 'filter tasks by type with scope' do class CleanHouse < Task; end class FeedDog < Task; end @@ -479,6 +461,87 @@ class TaskTest < ActiveSupport::TestCase assert_equal person, t.reload.closed_by end + should 'named scope to get tasks of a profile' do + requestor = fast_create(Person) + person = fast_create(Person) + another_person = fast_create(Person) + t1 = create(Task, :requestor => requestor, :target => person) + t2 = create(Task, :requestor => requestor, :target => another_person) + t3 = create(Task, :requestor => requestor, :target => person) + + assert_equivalent [t1,t3], Task.to(person) + end + + should 'named scope to get environment tasks if passed profile is environment admin' do + requestor = fast_create(Person) + person = fast_create(Person) + another_person = fast_create(Person) + environment = Environment.default + environment.add_admin(person) + t1 = create(Task, :requestor => requestor, :target => person) + t2 = create(Task, :requestor => requestor, :target => another_person) + t3 = create(Task, :requestor => requestor, :target => environment) + + assert_equivalent [t1,t3], Task.to(person) + end + + should 'named scope to not get environment tasks if passed profile is not environment admin' do + requestor = fast_create(Person) + person = fast_create(Person) + another_person = fast_create(Person) + environment = Environment.default + t1 = create(Task, :requestor => requestor, :target => person) + t2 = create(Task, :requestor => requestor, :target => another_person) + t3 = create(Task, :requestor => requestor, :target => environment) + + assert_equivalent [t1], Task.to(person) + end + + should 'named scope to get communities tasks if passed profile has perform_task permission' do + requestor = fast_create(Person) + person = fast_create(Person) + another_person = fast_create(Person) + community = fast_create(Community) + community.add_member(person) + person.expects(:has_permission?).with(:perform_task, community).returns(true) + t1 = create(Task, :requestor => requestor, :target => person) + t2 = create(Task, :requestor => requestor, :target => another_person) + t3 = create(Task, :requestor => requestor, :target => community) + + assert_equivalent [t1, t3], Task.to(person) + end + + + should 'named scope to not get communities tasks if passed profile has no perform_task permission in community' do + requestor = fast_create(Person) + person = fast_create(Person) + another_person = fast_create(Person) + community = fast_create(Community) + community.add_member(person) + person.expects(:has_permission?).with(:perform_task, community).returns(false) + t1 = create(Task, :requestor => requestor, :target => person) + t2 = create(Task, :requestor => requestor, :target => another_person) + t3 = create(Task, :requestor => requestor, :target => community) + + assert_equivalent [t1], Task.to(person) + end + + should 'named scope to return environment, person and communities tasks if user has permission' do + requestor = fast_create(Person) + person = fast_create(Person) + another_person = fast_create(Person) + community = fast_create(Community) + community.add_member(person) + person.expects(:has_permission?).with(:perform_task, community).returns(true) + environment = Environment.default + environment.add_admin(person) + t1 = create(Task, :requestor => requestor, :target => person) + t2 = create(Task, :requestor => requestor, :target => another_person) + t3 = create(Task, :requestor => requestor, :target => community) + t4 = create(Task, :requestor => requestor, :target => environment) + assert_equivalent [t1,t3,t4], Task.to(person) + end + protected def sample_user -- libgit2 0.21.2