diff --git a/app/models/organization.rb b/app/models/organization.rb index 220b30d..2695ce4 100644 --- a/app/models/organization.rb +++ b/app/models/organization.rb @@ -17,6 +17,8 @@ class Organization < Profile # 4) The user is not a member of the organization but the organization is # visible, public and enabled. def self.visible_for_person(person) + # Visitor if person.nil? + person.nil? ? person_id = nil : person_id = person.id joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\') OR ( "role_assignments"."resource_id" = "profiles"."environment_id" AND @@ -28,8 +30,8 @@ class Organization < Profile ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND ( profiles.visible = ? ) )', - 'profile_admin', 'environment_administrator', Profile.name, person.id, - Profile.name, person.id, true, true, true] + 'profile_admin', 'environment_administrator', Profile.name, person_id, + Profile.name, person_id, true, true, true] ).uniq end diff --git a/app/models/person.rb b/app/models/person.rb index f463aa7..65a9ef6 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -42,6 +42,8 @@ class Person < Profile } scope :visible_for_person, lambda { |person| + # Visitor if person.nil? + person.nil? ? person_id = nil : person_id = person.id joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."environment_id" AND "role_assignments"."resource_type" = \'Environment\'') @@ -49,9 +51,10 @@ class Person < Profile .joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"') .where( ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( - ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', 'environment_administrator', Profile.name, person.id, person.id, true, true] + ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', + 'environment_administrator', Profile.name, person_id, person_id, true, true] ).uniq - } + } def has_permission_with_admin?(permission, resource) return true if resource.blank? || resource.admins.include?(self) diff --git a/lib/noosfero/api/v1/categories.rb b/lib/noosfero/api/v1/categories.rb index fb90f73..c8bd914 100644 --- a/lib/noosfero/api/v1/categories.rb +++ b/lib/noosfero/api/v1/categories.rb @@ -2,7 +2,6 @@ module Noosfero module API module V1 class Categories < Grape::API - before { authenticate! } resource :categories do diff --git a/lib/noosfero/api/v1/comments.rb b/lib/noosfero/api/v1/comments.rb index 84a264a..ea1b4ef 100644 --- a/lib/noosfero/api/v1/comments.rb +++ b/lib/noosfero/api/v1/comments.rb @@ -4,7 +4,6 @@ module Noosfero class Comments < Grape::API MAX_PER_PAGE = 20 - before { authenticate! } resource :articles do paginate max_per_page: MAX_PER_PAGE @@ -34,6 +33,7 @@ module Noosfero # Example Request: # POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New post ":id/comments" do + authenticate! article = find_article(environment.articles, params[:id]) options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article) begin diff --git a/lib/noosfero/api/v1/communities.rb b/lib/noosfero/api/v1/communities.rb index 68ad55c..e3f74ff 100644 --- a/lib/noosfero/api/v1/communities.rb +++ b/lib/noosfero/api/v1/communities.rb @@ -2,7 +2,6 @@ module Noosfero module API module V1 class Communities < Grape::API - before { authenticate! } resource :communities do @@ -18,7 +17,7 @@ module Noosfero # GET /communities?reference_id=10&limit=10&oldest get do communities = select_filtered_collection_of(environment, 'communities', params) - communities = communities.visible_for_person(current_person) + communities = communities.visible communities = communities.by_location(params) # Must be the last. May return Exception obj. present communities, :with => Entities::Community, :current_person => current_person end @@ -28,6 +27,7 @@ module Noosfero # POST api/v1/communties?private_token=234298743290432&community[name]=some_name # for each custom field for community, add &community[field_name]=field_value to the request post do + authenticate! params[:community] ||= {} params[:community][:custom_values]={} diff --git a/lib/noosfero/api/v1/enterprises.rb b/lib/noosfero/api/v1/enterprises.rb index 345ca82..25932f0 100644 --- a/lib/noosfero/api/v1/enterprises.rb +++ b/lib/noosfero/api/v1/enterprises.rb @@ -19,7 +19,7 @@ module Noosfero # GET /enterprises?reference_id=10&limit=10&oldest get do enterprises = select_filtered_collection_of(environment, 'enterprises', params) - enterprises = enterprises.visible_for_person(current_person) + enterprises = enterprises.visible enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj. present enterprises, :with => Entities::Enterprise, :current_person => current_person end diff --git a/lib/noosfero/api/v1/people.rb b/lib/noosfero/api/v1/people.rb index 8b4950f..0b52ec1 100644 --- a/lib/noosfero/api/v1/people.rb +++ b/lib/noosfero/api/v1/people.rb @@ -35,7 +35,7 @@ module Noosfero desc "Find environment's people" get do people = select_filtered_collection_of(environment, 'people', params) - people = people.visible_for_person(current_person) + people = people.visible present_partial people, :with => Entities::Person, :current_person => current_person end diff --git a/lib/noosfero/api/v1/profiles.rb b/lib/noosfero/api/v1/profiles.rb index 535c11d..72813eb 100644 --- a/lib/noosfero/api/v1/profiles.rb +++ b/lib/noosfero/api/v1/profiles.rb @@ -2,20 +2,19 @@ module Noosfero module API module V1 class Profiles < Grape::API - before { authenticate! } resource :profiles do get do profiles = select_filtered_collection_of(environment, 'profiles', params) - profiles = profiles.visible_for_person(current_person) + profiles = profiles.visible profiles = profiles.by_location(params) # Must be the last. May return Exception obj. present profiles, :with => Entities::Profile, :current_person => current_person end get ':id' do profiles = environment.profiles - profiles = profiles.visible_for_person(current_person) + profiles = profiles.visible profile = profiles.find_by id: params[:id] present profile, :with => Entities::Profile, :current_person => current_person end diff --git a/test/api/categories_test.rb b/test/api/categories_test.rb index f4db3d1..d5a8bb8 100644 --- a/test/api/categories_test.rb +++ b/test/api/categories_test.rb @@ -2,11 +2,9 @@ require_relative 'test_helper' class CategoriesTest < ActiveSupport::TestCase - def setup - login_api - end should 'list categories' do + login_api category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/?#{params.to_query}" json = JSON.parse(last_response.body) @@ -14,6 +12,7 @@ class CategoriesTest < ActiveSupport::TestCase end should 'get category by id' do + login_api category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/#{category.id}/?#{params.to_query}" json = JSON.parse(last_response.body) @@ -21,6 +20,7 @@ class CategoriesTest < ActiveSupport::TestCase end should 'list parent and children when get category by id' do + login_api parent = fast_create(Category, :environment_id => environment.id) child_1 = fast_create(Category, :environment_id => environment.id) child_2 = fast_create(Category, :environment_id => environment.id) @@ -38,6 +38,7 @@ class CategoriesTest < ActiveSupport::TestCase end should 'include parent in categories list if params is true' do + login_api parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category child_1 = fast_create(Category, :environment_id => environment.id) child_2 = fast_create(Category, :environment_id => environment.id) @@ -60,6 +61,7 @@ class CategoriesTest < ActiveSupport::TestCase end should 'include children in categories list if params is true' do + login_api category = fast_create(Category, :environment_id => environment.id) child_1 = fast_create(Category, :environment_id => environment.id) child_2 = fast_create(Category, :environment_id => environment.id) @@ -87,6 +89,7 @@ class CategoriesTest < ActiveSupport::TestCase expose_attributes.each do |attr| should "expose category #{attr} attribute by default" do + login_api category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/?#{params.to_query}" json = JSON.parse(last_response.body) @@ -94,4 +97,100 @@ class CategoriesTest < ActiveSupport::TestCase end end + ############## Visitors' tests #######################################################################33 + + should 'visitor list categories' do + visitor_setup + category = fast_create(Category, :environment_id => environment.id) + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["categories"].map { |c| c["name"] }, category.name + end + + should 'visitor get category by id' do + visitor_setup + category = fast_create(Category, :environment_id => environment.id) + get "/api/v1/categories/#{category.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal category.name, json["category"]["name"] + end + + should 'visitor list parent and children when get category by id' do + visitor_setup + parent = fast_create(Category, :environment_id => environment.id) + child_1 = fast_create(Category, :environment_id => environment.id) + child_2 = fast_create(Category, :environment_id => environment.id) + + category = fast_create(Category, :environment_id => environment.id) + category.parent = parent + category.children << child_1 + category.children << child_2 + category.save + + get "/api/v1/categories/#{category.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) + assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } + end + + should 'visitor include parent in categories list if params is true' do + visitor_setup + parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category + child_1 = fast_create(Category, :environment_id => environment.id) + child_2 = fast_create(Category, :environment_id => environment.id) + + parent_2 = fast_create(Category, :environment_id => environment.id) + parent_2.parent = parent_1 + parent_2.children << child_1 + parent_2.children << child_2 + parent_2.save + + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq + + params[:include_parent] = true + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id], + json["categories"].map { |c| c['parent'] && c['parent']['id'] } + end + + should 'visitor include children in categories list if params is true' do + visitor_setup + category = fast_create(Category, :environment_id => environment.id) + child_1 = fast_create(Category, :environment_id => environment.id) + child_2 = fast_create(Category, :environment_id => environment.id) + child_3 = fast_create(Category, :environment_id => environment.id) + + category.children << child_1 + category.children << child_2 + category.save + + child_1.children << child_3 + child_1.save + + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq + + params[:include_children] = true + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort], + json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort } + end + + expose_attributes.each do |attr| + should "visitor expose category #{attr} attribute by default" do + visitor_setup + category = fast_create(Category, :environment_id => environment.id) + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert json["categories"].last.has_key?(attr) + end + end + + ################################# End visitors' test #################################################################################### + end diff --git a/test/api/comments_test.rb b/test/api/comments_test.rb index 4e61138..bb13faf 100644 --- a/test/api/comments_test.rb +++ b/test/api/comments_test.rb @@ -2,11 +2,8 @@ require_relative 'test_helper' class CommentsTest < ActiveSupport::TestCase - def setup - login_api - end - should 'not list comments if user has no permission to view the source article' do + login_api person = fast_create(Person) article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) assert !article.published? @@ -16,6 +13,7 @@ class CommentsTest < ActiveSupport::TestCase end should 'not return comment if user has no permission to view the source article' do + login_api person = fast_create(Person) article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) comment = article.comments.create!(:body => "another comment", :author => user.person) @@ -26,6 +24,7 @@ class CommentsTest < ActiveSupport::TestCase end should 'not comment an article if user has no permission to view it' do + login_api person = fast_create(Person) article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) assert !article.published? @@ -35,6 +34,7 @@ class CommentsTest < ActiveSupport::TestCase end should 'return comments of an article' do + login_api article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") article.comments.create!(:body => "some comment", :author => user.person) article.comments.create!(:body => "another comment", :author => user.person) @@ -46,6 +46,7 @@ class CommentsTest < ActiveSupport::TestCase end should 'return comment of an article' do + login_api article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") comment = article.comments.create!(:body => "another comment", :author => user.person) @@ -56,6 +57,7 @@ class CommentsTest < ActiveSupport::TestCase end should 'comment an article' do + login_api article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") body = 'My comment' params.merge!({:body => body}) @@ -76,6 +78,7 @@ class CommentsTest < ActiveSupport::TestCase end should 'comment creation define the source' do + login_api amount = Comment.count article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") body = 'My comment' @@ -137,4 +140,53 @@ class CommentsTest < ActiveSupport::TestCase json = JSON.parse(last_response.body) assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} end + + should 'not visitor list comments if has no permission to view the source article' do + visitor_setup + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'visitor return comments of an article' do + visitor_setup + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") + article.comments.create!(:body => "some comment", :author => person) + article.comments.create!(:body => "another comment", :author => person) + + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 200, last_response.status + assert_equal 2, json["comments"].length + end + + should 'visitor return comment of an article' do + visitor_setup + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") + comment = article.comments.create!(:body => "another comment", :author => person) + + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 200, last_response.status + assert_equal comment.id, json['comment']['id'] + end + + should 'not visitor comment an article (at least so far...)' do + visitor_setup + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") + body = 'My comment' + name = "John Doe" + email = "JohnDoe@gmail.com" + params.merge!({:body => body, name: name, email: email}) + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 401, last_response.status + end + end diff --git a/test/api/communities_test.rb b/test/api/communities_test.rb index df59c18..8f93f76 100644 --- a/test/api/communities_test.rb +++ b/test/api/communities_test.rb @@ -4,10 +4,10 @@ class CommunitiesTest < ActiveSupport::TestCase def setup Community.delete_all - login_api end should 'list only communities' do + login_api community = fast_create(Community, :environment_id => environment.id) enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise get "/api/v1/communities?#{params.to_query}" @@ -17,6 +17,7 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'list all communities' do + login_api community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) community2 = fast_create(Community, :environment_id => environment.id) get "/api/v1/communities?#{params.to_query}" @@ -25,6 +26,7 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not list invisible communities' do + login_api community1 = fast_create(Community, :environment_id => environment.id) fast_create(Community, :environment_id => environment.id, :visible => false) @@ -33,16 +35,18 @@ class CommunitiesTest < ActiveSupport::TestCase assert_equal [community1.id], json['communities'].map {|c| c['id']} end - should 'not list private communities without permission' do - community1 = fast_create(Community, :environment_id => environment.id) - fast_create(Community, :environment_id => environment.id, :public_profile => false) + should 'list private communities' do + login_api + community1 = fast_create(Community, :environment_id => environment.id) + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) - get "/api/v1/communities?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal [community1.id], json['communities'].map {|c| c['id']} + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [community1.id, community2.id], json['communities'].map {|c| c['id']} end should 'list private community for members' do + login_api c1 = fast_create(Community, :environment_id => environment.id) c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) c2.add_member(person) @@ -53,6 +57,7 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'create a community' do + login_api params[:community] = {:name => 'some'} post "/api/v1/communities?#{params.to_query}" json = JSON.parse(last_response.body) @@ -60,12 +65,14 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'return 400 status for invalid community creation' do + login_api post "/api/v1/communities?#{params.to_query}" json = JSON.parse(last_response.body) assert_equal 400, last_response.status end should 'get community' do + login_api community = fast_create(Community, :environment_id => environment.id) get "/api/v1/communities/#{community.id}?#{params.to_query}" @@ -74,6 +81,7 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not get invisible community' do + login_api community = fast_create(Community, :environment_id => environment.id, :visible => false) get "/api/v1/communities/#{community.id}?#{params.to_query}" @@ -82,6 +90,7 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not get private communities without permission' do + login_api community = fast_create(Community, :environment_id => environment.id) fast_create(Community, :environment_id => environment.id, :public_profile => false) @@ -91,16 +100,17 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'get private community for members' do + login_api community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) community.add_member(person) - get "/api/v1/communities/#{community.id}?#{params.to_query}" json = JSON.parse(last_response.body) assert_equal community.id, json['community']['id'] end should 'list person communities' do + login_api community = fast_create(Community, :environment_id => environment.id) fast_create(Community, :environment_id => environment.id) community.add_member(person) @@ -111,6 +121,7 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not list person communities invisible' do + login_api c1 = fast_create(Community, :environment_id => environment.id) c2 = fast_create(Community, :environment_id => environment.id, :visible => false) c1.add_member(person) @@ -122,6 +133,7 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'list communities with pagination' do + login_api community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) community2 = fast_create(Community, :created_at => 2.days.ago) @@ -144,6 +156,121 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'list communities with timestamp' do + login_api + community1 = fast_create(Community, :public_profile => true) + community2 = fast_create(Community) + + community1.updated_at = Time.now + 3.hours + community1.save! + + params[:timestamp] = Time.now + 1.hours + get "/api/v1/communities/?#{params.to_query}" + json = JSON.parse(last_response.body) + + assert_includes json["communities"].map { |a| a["id"] }, community1.id + assert_not_includes json["communities"].map { |a| a["id"] }, community2.id + end + + ################### Visitor's tests ######################################3 + + should 'visitor list only communities' do + visitor_setup + community = fast_create(Community, :environment_id => environment.id) + enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id + assert_includes json['communities'].map {|c| c['id']}, community.id + end + + should 'visitor list all communities' do + visitor_setup + community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) + community2 = fast_create(Community, :environment_id => environment.id) + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} + end + + should 'not visitor list invisible communities' do + visitor_setup + community1 = fast_create(Community, :environment_id => environment.id) + fast_create(Community, :environment_id => environment.id, :visible => false) + + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [community1.id], json['communities'].map {|c| c['id']} + end + + should 'visitor list private communities' do + visitor_setup + community1 = fast_create(Community, :environment_id => environment.id) + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) + + get "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [community1.id, community2.id], json['communities'].map {|c| c['id']} + end + + + + should 'not visitor create a community' do + visitor_setup + params[:community] = {:name => 'some'} + post "/api/v1/communities?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 401, last_response.status + end + + should 'visitor get community' do + visitor_setup + community = fast_create(Community, :environment_id => environment.id) + get "/api/v1/communities/#{community.id}" + json = JSON.parse(last_response.body) + assert_equal community.id, json['community']['id'] + end + + should 'not visitor get invisible community' do + visitor_setup + community = fast_create(Community, :environment_id => environment.id, :visible => false) + get "/api/v1/communities/#{community.id}" + json = JSON.parse(last_response.body) + assert json['community'].blank? + end + + should 'visitor not get private communities' do + visitor_setup + community = fast_create(Community, :environment_id => environment.id) + fast_create(Community, :environment_id => environment.id, :public_profile => false) + get "/api/v1/communities/#{community.id}" + json = JSON.parse(last_response.body) + assert_equal community.id, json['community']['id'] + end + + should 'visitor list communities with pagination' do + visitor_setup + community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) + community2 = fast_create(Community, :created_at => 2.days.ago) + + params[:page] = 2 + params[:per_page] = 1 + get "/api/v1/communities?#{params.to_query}" + json_page_two = JSON.parse(last_response.body) + + params[:page] = 1 + params[:per_page] = 1 + get "/api/v1/communities?#{params.to_query}" + json_page_one = JSON.parse(last_response.body) + + assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id + assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id + + assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id + assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id + end + + should 'visitor list communities with timestamp' do + visitor_setup community1 = fast_create(Community, :public_profile => true) community2 = fast_create(Community) @@ -157,4 +284,7 @@ class CommunitiesTest < ActiveSupport::TestCase assert_includes json["communities"].map { |a| a["id"] }, community1.id assert_not_includes json["communities"].map { |a| a["id"] }, community2.id end + + ###################End Visitor's tests ######################################3 + end diff --git a/test/api/enterprises_test.rb b/test/api/enterprises_test.rb index 1ec04ee..681d3ae 100644 --- a/test/api/enterprises_test.rb +++ b/test/api/enterprises_test.rb @@ -33,13 +33,13 @@ class EnterprisesTest < ActiveSupport::TestCase assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} end - should 'not list private enterprises without permission' do + should 'list private enterprises' do enterprise1 = fast_create(Enterprise, :environment_id => environment.id) - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) + enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) get "/api/v1/enterprises?#{params.to_query}" json = JSON.parse(last_response.body) - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} + assert_equal [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} end should 'list private enterprise for members' do diff --git a/test/api/people_test.rb b/test/api/people_test.rb index a5d9476..ab51742 100644 --- a/test/api/people_test.rb +++ b/test/api/people_test.rb @@ -35,11 +35,11 @@ class PeopleTest < ActiveSupport::TestCase assert_not_includes json_response_ids(:people), invisible_person.id end - should 'not list private people without permission' do + should 'list private people' do private_person = fast_create(Person, :public_profile => false) get "/api/v1/people?#{params.to_query}" - assert_not_includes json_response_ids(:people), private_person.id + assert_includes json_response_ids(:people), private_person.id end should 'list private person for friends' do diff --git a/test/api/profiles_test.rb b/test/api/profiles_test.rb index 3d8c7e7..b59f1da 100644 --- a/test/api/profiles_test.rb +++ b/test/api/profiles_test.rb @@ -4,10 +4,10 @@ class ProfilesTest < ActiveSupport::TestCase def setup Profile.delete_all - login_api end should 'list all profiles' do + login_api person1 = fast_create(Person) person2 = fast_create(Person) community = fast_create(Community) @@ -17,6 +17,7 @@ class ProfilesTest < ActiveSupport::TestCase end should 'get person from profile id' do + login_api some_person = fast_create(Person) get "/api/v1/profiles/#{some_person.id}?#{params.to_query}" json = JSON.parse(last_response.body) @@ -24,6 +25,7 @@ class ProfilesTest < ActiveSupport::TestCase end should 'get community from profile id' do + login_api community = fast_create(Community) get "/api/v1/profiles/#{community.id}?#{params.to_query}" json = JSON.parse(last_response.body) @@ -77,4 +79,28 @@ class ProfilesTest < ActiveSupport::TestCase assert_nil Profile.find_by_id profile.id end + + should 'visitor list all profiles' do + person1 = fast_create(Person) + person2 = fast_create(Person) + community = fast_create(Community) + get "/api/v1/profiles" + json = JSON.parse(last_response.body) + assert_equivalent [person1.id, person2.id, community.id], json.map {|p| p['id']} + end + + should 'visitor get person from profile id' do + some_person = fast_create(Person) + get "/api/v1/profiles/#{some_person.id}" + json = JSON.parse(last_response.body) + assert_equal some_person.id, json['id'] + end + + should 'visitor get community from profile id' do + community = fast_create(Community) + get "/api/v1/profiles/#{community.id}" + json = JSON.parse(last_response.body) + assert_equal community.id, json['id'] + end + end diff --git a/test/api/test_helper.rb b/test/api/test_helper.rb index fb6cbb8..ff78f53 100644 --- a/test/api/test_helper.rb +++ b/test/api/test_helper.rb @@ -24,6 +24,12 @@ class ActiveSupport::TestCase @params = {:private_token => @private_token} end + + def visitor_setup + @environment = Environment.default + @params = {} + end + attr_accessor :private_token, :user, :person, :params, :environment private diff --git a/test/unit/organization_test.rb b/test/unit/organization_test.rb index b885398..96d69c0 100644 --- a/test/unit/organization_test.rb +++ b/test/unit/organization_test.rb @@ -437,7 +437,7 @@ class OrganizationTest < ActiveSupport::TestCase c = fast_create(Organization, :name => 'my test profile', :identifier => 'mytestprofile') admin = create_user('adminuser').person c.add_admin(admin) - + assert c.is_admin?(admin) end @@ -513,4 +513,18 @@ class OrganizationTest < ActiveSupport::TestCase assert_includes env_admin_orgs, o7 end + should 'fetch organizations there are visible for a visitor' do + visitor = nil + Organization.destroy_all + o1 = fast_create(Organization, :public_profile => true , :visible => true ) + o2 = fast_create(Organization, :public_profile => false, :visible => true ) + o3 = fast_create(Organization, :public_profile => true , :visible => false) + o4 = fast_create(Organization, :public_profile => false, :visible => false) + person_orgs = Organization.visible_for_person(visitor) + assert_includes person_orgs, o1 + assert_not_includes person_orgs, o2 + assert_not_includes person_orgs, o3 + assert_not_includes person_orgs, o4 + end + end diff --git a/test/unit/person_test.rb b/test/unit/person_test.rb index 440a8f6..9e69b60 100644 --- a/test/unit/person_test.rb +++ b/test/unit/person_test.rb @@ -1951,4 +1951,17 @@ class PersonTest < ActiveSupport::TestCase person.save! end + should 'fetch people there are visible for a visitor' do + person = nil + p1 = fast_create(Person, :public_profile => true , :visible => true) + p2 = fast_create(Person, :public_profile => false, :visible => true) + p3 = fast_create(Person, :public_profile => true , :visible => false) + p4 = fast_create(Person, :public_profile => false, :visible => false) + people_visible_by_visitor = Person.visible_for_person(person) + assert_includes people_visible_by_visitor, p1 + assert_not_includes people_visible_by_visitor, p2 + assert_not_includes people_visible_by_visitor, p3 + assert_not_includes people_visible_by_visitor, p4 + end + end -- libgit2 0.21.2