Commit 1af9c0453b627c659cfc30b1adfc409c0f0dd2bb
Exists in
ratings_minor_fixes
and in
3 other branches
Merge branch 'update-profile-api' into 'master'
api: add endpoint to update profiles See merge request !937
Showing
2 changed files
with
54 additions
and
0 deletions
Show diff stats
app/api/v1/profiles.rb
| @@ -22,6 +22,15 @@ module Api | @@ -22,6 +22,15 @@ module Api | ||
| 22 | not_found! | 22 | not_found! |
| 23 | end | 23 | end |
| 24 | end | 24 | end |
| 25 | + | ||
| 26 | + desc "Update profile information" | ||
| 27 | + post ':id' do | ||
| 28 | + authenticate! | ||
| 29 | + profile = environment.profiles.find_by(id: params[:id]) | ||
| 30 | + return forbidden! unless current_person.has_permission?(:edit_profile, profile) | ||
| 31 | + profile.update_attributes!(params[:profile]) | ||
| 32 | + present profile, :with => Entities::Profile, :current_person => current_person | ||
| 33 | + end | ||
| 25 | 34 | ||
| 26 | delete ':id' do | 35 | delete ':id' do |
| 27 | authenticate! | 36 | authenticate! |
test/api/profiles_test.rb
| @@ -146,4 +146,49 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -146,4 +146,49 @@ class ProfilesTest < ActiveSupport::TestCase | ||
| 146 | refute json.has_key?('Rating') | 146 | refute json.has_key?('Rating') |
| 147 | end | 147 | end |
| 148 | 148 | ||
| 149 | + [Community, Enterprise].each do |klass| | ||
| 150 | + should "update #{klass.name}" do | ||
| 151 | + login_api | ||
| 152 | + profile = fast_create(klass) | ||
| 153 | + profile.add_admin(person) | ||
| 154 | + params[:profile] = {} | ||
| 155 | + params[:profile][:custom_header] = "Another Header" | ||
| 156 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 157 | + assert_equal "Another Header", profile.reload.custom_header | ||
| 158 | + end | ||
| 159 | + | ||
| 160 | + should "not update a #{klass.name} if user does not have permission" do | ||
| 161 | + login_api | ||
| 162 | + profile = fast_create(klass) | ||
| 163 | + params[:profile] = {} | ||
| 164 | + params[:profile][:custom_header] = "Another Header" | ||
| 165 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 166 | + assert_equal 403, last_response.status | ||
| 167 | + end | ||
| 168 | + | ||
| 169 | + should "not update a #{klass.name} if user is not logged in" do | ||
| 170 | + profile = fast_create(klass) | ||
| 171 | + params[:profile] = {} | ||
| 172 | + params[:profile][:custom_header] = "Another Header" | ||
| 173 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 174 | + assert_equal 401, last_response.status | ||
| 175 | + end | ||
| 176 | + end | ||
| 177 | + | ||
| 178 | + should 'update person' do | ||
| 179 | + login_api | ||
| 180 | + params[:profile] = {} | ||
| 181 | + params[:profile][:custom_header] = "Another Header" | ||
| 182 | + post "/api/v1/profiles/#{person.id}?#{params.to_query}" | ||
| 183 | + assert_equal "Another Header", person.reload.custom_header | ||
| 184 | + end | ||
| 185 | + | ||
| 186 | + should 'not update person information if user does not have permission' do | ||
| 187 | + login_api | ||
| 188 | + profile = fast_create(Person) | ||
| 189 | + params[:profile] = {} | ||
| 190 | + params[:profile][:custom_header] = "Another Header" | ||
| 191 | + post "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 192 | + assert_equal 403, last_response.status | ||
| 193 | + end | ||
| 149 | end | 194 | end |