Commit 3590c1bdd9d83e9909fe72e597cccf0cc776908e
Committed by
Leandro Santos
Leandro Santos
1 parent
1ebe6924
Exists in
send_email_to_admins
and in
5 other branches
API unlocked for visitor
Showing
17 changed files
with
378 additions
and
35 deletions
Show diff stats
app/models/organization.rb
| @@ -17,6 +17,8 @@ class Organization < Profile | @@ -17,6 +17,8 @@ class Organization < Profile | ||
| 17 | # 4) The user is not a member of the organization but the organization is | 17 | # 4) The user is not a member of the organization but the organization is |
| 18 | # visible, public and enabled. | 18 | # visible, public and enabled. |
| 19 | def self.visible_for_person(person) | 19 | def self.visible_for_person(person) |
| 20 | + # Visitor if person.nil? | ||
| 21 | + person.nil? ? person_id = nil : person_id = person.id | ||
| 20 | joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" | 22 | joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" |
| 21 | AND "role_assignments"."resource_type" = \'Profile\') OR ( | 23 | AND "role_assignments"."resource_type" = \'Profile\') OR ( |
| 22 | "role_assignments"."resource_id" = "profiles"."environment_id" AND | 24 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
| @@ -28,8 +30,8 @@ class Organization < Profile | @@ -28,8 +30,8 @@ class Organization < Profile | ||
| 28 | ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | 30 | ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR |
| 29 | ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND | 31 | ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND |
| 30 | ( profiles.visible = ? ) )', | 32 | ( profiles.visible = ? ) )', |
| 31 | - 'profile_admin', 'environment_administrator', Profile.name, person.id, | ||
| 32 | - Profile.name, person.id, true, true, true] | 33 | + 'profile_admin', 'environment_administrator', Profile.name, person_id, |
| 34 | + Profile.name, person_id, true, true, true] | ||
| 33 | ).uniq | 35 | ).uniq |
| 34 | end | 36 | end |
| 35 | 37 |
app/models/person.rb
| @@ -42,6 +42,8 @@ class Person < Profile | @@ -42,6 +42,8 @@ class Person < Profile | ||
| 42 | } | 42 | } |
| 43 | 43 | ||
| 44 | scope :visible_for_person, lambda { |person| | 44 | scope :visible_for_person, lambda { |person| |
| 45 | + # Visitor if person.nil? | ||
| 46 | + person.nil? ? person_id = nil : person_id = person.id | ||
| 45 | joins('LEFT JOIN "role_assignments" ON | 47 | joins('LEFT JOIN "role_assignments" ON |
| 46 | "role_assignments"."resource_id" = "profiles"."environment_id" AND | 48 | "role_assignments"."resource_id" = "profiles"."environment_id" AND |
| 47 | "role_assignments"."resource_type" = \'Environment\'') | 49 | "role_assignments"."resource_type" = \'Environment\'') |
| @@ -49,9 +51,10 @@ class Person < Profile | @@ -49,9 +51,10 @@ class Person < Profile | ||
| 49 | .joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"') | 51 | .joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"') |
| 50 | .where( | 52 | .where( |
| 51 | ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( | 53 | ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( |
| 52 | - ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', 'environment_administrator', Profile.name, person.id, person.id, true, true] | 54 | + ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', |
| 55 | + 'environment_administrator', Profile.name, person_id, person_id, true, true] | ||
| 53 | ).uniq | 56 | ).uniq |
| 54 | - } | 57 | + } |
| 55 | 58 | ||
| 56 | def has_permission_with_admin?(permission, resource) | 59 | def has_permission_with_admin?(permission, resource) |
| 57 | return true if resource.blank? || resource.admins.include?(self) | 60 | return true if resource.blank? || resource.admins.include?(self) |
lib/noosfero/api/v1/categories.rb
lib/noosfero/api/v1/comments.rb
| @@ -4,7 +4,6 @@ module Noosfero | @@ -4,7 +4,6 @@ module Noosfero | ||
| 4 | class Comments < Grape::API | 4 | class Comments < Grape::API |
| 5 | MAX_PER_PAGE = 20 | 5 | MAX_PER_PAGE = 20 |
| 6 | 6 | ||
| 7 | - before { authenticate! } | ||
| 8 | 7 | ||
| 9 | resource :articles do | 8 | resource :articles do |
| 10 | paginate max_per_page: MAX_PER_PAGE | 9 | paginate max_per_page: MAX_PER_PAGE |
| @@ -34,6 +33,7 @@ module Noosfero | @@ -34,6 +33,7 @@ module Noosfero | ||
| 34 | # Example Request: | 33 | # Example Request: |
| 35 | # POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New | 34 | # POST api/v1/articles/12/comments?private_token=2298743290432&body=new comment&title=New |
| 36 | post ":id/comments" do | 35 | post ":id/comments" do |
| 36 | + authenticate! | ||
| 37 | article = find_article(environment.articles, params[:id]) | 37 | article = find_article(environment.articles, params[:id]) |
| 38 | options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article) | 38 | options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article) |
| 39 | begin | 39 | begin |
lib/noosfero/api/v1/communities.rb
| @@ -2,7 +2,6 @@ module Noosfero | @@ -2,7 +2,6 @@ module Noosfero | ||
| 2 | module API | 2 | module API |
| 3 | module V1 | 3 | module V1 |
| 4 | class Communities < Grape::API | 4 | class Communities < Grape::API |
| 5 | - before { authenticate! } | ||
| 6 | 5 | ||
| 7 | resource :communities do | 6 | resource :communities do |
| 8 | 7 | ||
| @@ -18,7 +17,7 @@ module Noosfero | @@ -18,7 +17,7 @@ module Noosfero | ||
| 18 | # GET /communities?reference_id=10&limit=10&oldest | 17 | # GET /communities?reference_id=10&limit=10&oldest |
| 19 | get do | 18 | get do |
| 20 | communities = select_filtered_collection_of(environment, 'communities', params) | 19 | communities = select_filtered_collection_of(environment, 'communities', params) |
| 21 | - communities = communities.visible_for_person(current_person) | 20 | + communities = communities.visible |
| 22 | communities = communities.by_location(params) # Must be the last. May return Exception obj. | 21 | communities = communities.by_location(params) # Must be the last. May return Exception obj. |
| 23 | present communities, :with => Entities::Community, :current_person => current_person | 22 | present communities, :with => Entities::Community, :current_person => current_person |
| 24 | end | 23 | end |
| @@ -28,6 +27,7 @@ module Noosfero | @@ -28,6 +27,7 @@ module Noosfero | ||
| 28 | # POST api/v1/communties?private_token=234298743290432&community[name]=some_name | 27 | # POST api/v1/communties?private_token=234298743290432&community[name]=some_name |
| 29 | # for each custom field for community, add &community[field_name]=field_value to the request | 28 | # for each custom field for community, add &community[field_name]=field_value to the request |
| 30 | post do | 29 | post do |
| 30 | + authenticate! | ||
| 31 | params[:community] ||= {} | 31 | params[:community] ||= {} |
| 32 | 32 | ||
| 33 | params[:community][:custom_values]={} | 33 | params[:community][:custom_values]={} |
lib/noosfero/api/v1/enterprises.rb
| @@ -19,7 +19,7 @@ module Noosfero | @@ -19,7 +19,7 @@ module Noosfero | ||
| 19 | # GET /enterprises?reference_id=10&limit=10&oldest | 19 | # GET /enterprises?reference_id=10&limit=10&oldest |
| 20 | get do | 20 | get do |
| 21 | enterprises = select_filtered_collection_of(environment, 'enterprises', params) | 21 | enterprises = select_filtered_collection_of(environment, 'enterprises', params) |
| 22 | - enterprises = enterprises.visible_for_person(current_person) | 22 | + enterprises = enterprises.visible |
| 23 | enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj. | 23 | enterprises = enterprises.by_location(params) # Must be the last. May return Exception obj. |
| 24 | present enterprises, :with => Entities::Enterprise, :current_person => current_person | 24 | present enterprises, :with => Entities::Enterprise, :current_person => current_person |
| 25 | end | 25 | end |
lib/noosfero/api/v1/people.rb
| @@ -35,7 +35,7 @@ module Noosfero | @@ -35,7 +35,7 @@ module Noosfero | ||
| 35 | desc "Find environment's people" | 35 | desc "Find environment's people" |
| 36 | get do | 36 | get do |
| 37 | people = select_filtered_collection_of(environment, 'people', params) | 37 | people = select_filtered_collection_of(environment, 'people', params) |
| 38 | - people = people.visible_for_person(current_person) | 38 | + people = people.visible |
| 39 | present_partial people, :with => Entities::Person, :current_person => current_person | 39 | present_partial people, :with => Entities::Person, :current_person => current_person |
| 40 | end | 40 | end |
| 41 | 41 |
lib/noosfero/api/v1/profiles.rb
| @@ -2,20 +2,19 @@ module Noosfero | @@ -2,20 +2,19 @@ module Noosfero | ||
| 2 | module API | 2 | module API |
| 3 | module V1 | 3 | module V1 |
| 4 | class Profiles < Grape::API | 4 | class Profiles < Grape::API |
| 5 | - before { authenticate! } | ||
| 6 | 5 | ||
| 7 | resource :profiles do | 6 | resource :profiles do |
| 8 | 7 | ||
| 9 | get do | 8 | get do |
| 10 | profiles = select_filtered_collection_of(environment, 'profiles', params) | 9 | profiles = select_filtered_collection_of(environment, 'profiles', params) |
| 11 | - profiles = profiles.visible_for_person(current_person) | 10 | + profiles = profiles.visible |
| 12 | profiles = profiles.by_location(params) # Must be the last. May return Exception obj. | 11 | profiles = profiles.by_location(params) # Must be the last. May return Exception obj. |
| 13 | present profiles, :with => Entities::Profile, :current_person => current_person | 12 | present profiles, :with => Entities::Profile, :current_person => current_person |
| 14 | end | 13 | end |
| 15 | 14 | ||
| 16 | get ':id' do | 15 | get ':id' do |
| 17 | profiles = environment.profiles | 16 | profiles = environment.profiles |
| 18 | - profiles = profiles.visible_for_person(current_person) | 17 | + profiles = profiles.visible |
| 19 | profile = profiles.find_by id: params[:id] | 18 | profile = profiles.find_by id: params[:id] |
| 20 | present profile, :with => Entities::Profile, :current_person => current_person | 19 | present profile, :with => Entities::Profile, :current_person => current_person |
| 21 | end | 20 | end |
test/api/categories_test.rb
| @@ -2,11 +2,9 @@ require_relative 'test_helper' | @@ -2,11 +2,9 @@ require_relative 'test_helper' | ||
| 2 | 2 | ||
| 3 | class CategoriesTest < ActiveSupport::TestCase | 3 | class CategoriesTest < ActiveSupport::TestCase |
| 4 | 4 | ||
| 5 | - def setup | ||
| 6 | - login_api | ||
| 7 | - end | ||
| 8 | 5 | ||
| 9 | should 'list categories' do | 6 | should 'list categories' do |
| 7 | + login_api | ||
| 10 | category = fast_create(Category, :environment_id => environment.id) | 8 | category = fast_create(Category, :environment_id => environment.id) |
| 11 | get "/api/v1/categories/?#{params.to_query}" | 9 | get "/api/v1/categories/?#{params.to_query}" |
| 12 | json = JSON.parse(last_response.body) | 10 | json = JSON.parse(last_response.body) |
| @@ -14,6 +12,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -14,6 +12,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
| 14 | end | 12 | end |
| 15 | 13 | ||
| 16 | should 'get category by id' do | 14 | should 'get category by id' do |
| 15 | + login_api | ||
| 17 | category = fast_create(Category, :environment_id => environment.id) | 16 | category = fast_create(Category, :environment_id => environment.id) |
| 18 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" | 17 | get "/api/v1/categories/#{category.id}/?#{params.to_query}" |
| 19 | json = JSON.parse(last_response.body) | 18 | json = JSON.parse(last_response.body) |
| @@ -21,6 +20,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -21,6 +20,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
| 21 | end | 20 | end |
| 22 | 21 | ||
| 23 | should 'list parent and children when get category by id' do | 22 | should 'list parent and children when get category by id' do |
| 23 | + login_api | ||
| 24 | parent = fast_create(Category, :environment_id => environment.id) | 24 | parent = fast_create(Category, :environment_id => environment.id) |
| 25 | child_1 = fast_create(Category, :environment_id => environment.id) | 25 | child_1 = fast_create(Category, :environment_id => environment.id) |
| 26 | child_2 = fast_create(Category, :environment_id => environment.id) | 26 | child_2 = fast_create(Category, :environment_id => environment.id) |
| @@ -38,6 +38,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -38,6 +38,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
| 38 | end | 38 | end |
| 39 | 39 | ||
| 40 | should 'include parent in categories list if params is true' do | 40 | should 'include parent in categories list if params is true' do |
| 41 | + login_api | ||
| 41 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category | 42 | parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category |
| 42 | child_1 = fast_create(Category, :environment_id => environment.id) | 43 | child_1 = fast_create(Category, :environment_id => environment.id) |
| 43 | child_2 = fast_create(Category, :environment_id => environment.id) | 44 | child_2 = fast_create(Category, :environment_id => environment.id) |
| @@ -60,6 +61,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -60,6 +61,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
| 60 | end | 61 | end |
| 61 | 62 | ||
| 62 | should 'include children in categories list if params is true' do | 63 | should 'include children in categories list if params is true' do |
| 64 | + login_api | ||
| 63 | category = fast_create(Category, :environment_id => environment.id) | 65 | category = fast_create(Category, :environment_id => environment.id) |
| 64 | child_1 = fast_create(Category, :environment_id => environment.id) | 66 | child_1 = fast_create(Category, :environment_id => environment.id) |
| 65 | child_2 = fast_create(Category, :environment_id => environment.id) | 67 | child_2 = fast_create(Category, :environment_id => environment.id) |
| @@ -87,6 +89,7 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -87,6 +89,7 @@ class CategoriesTest < ActiveSupport::TestCase | ||
| 87 | 89 | ||
| 88 | expose_attributes.each do |attr| | 90 | expose_attributes.each do |attr| |
| 89 | should "expose category #{attr} attribute by default" do | 91 | should "expose category #{attr} attribute by default" do |
| 92 | + login_api | ||
| 90 | category = fast_create(Category, :environment_id => environment.id) | 93 | category = fast_create(Category, :environment_id => environment.id) |
| 91 | get "/api/v1/categories/?#{params.to_query}" | 94 | get "/api/v1/categories/?#{params.to_query}" |
| 92 | json = JSON.parse(last_response.body) | 95 | json = JSON.parse(last_response.body) |
| @@ -94,4 +97,100 @@ class CategoriesTest < ActiveSupport::TestCase | @@ -94,4 +97,100 @@ class CategoriesTest < ActiveSupport::TestCase | ||
| 94 | end | 97 | end |
| 95 | end | 98 | end |
| 96 | 99 | ||
| 100 | + ############## Visitors' tests #######################################################################33 | ||
| 101 | + | ||
| 102 | + should 'visitor list categories' do | ||
| 103 | + visitor_setup | ||
| 104 | + category = fast_create(Category, :environment_id => environment.id) | ||
| 105 | + get "/api/v1/categories/?#{params.to_query}" | ||
| 106 | + json = JSON.parse(last_response.body) | ||
| 107 | + assert_includes json["categories"].map { |c| c["name"] }, category.name | ||
| 108 | + end | ||
| 109 | + | ||
| 110 | + should 'visitor get category by id' do | ||
| 111 | + visitor_setup | ||
| 112 | + category = fast_create(Category, :environment_id => environment.id) | ||
| 113 | + get "/api/v1/categories/#{category.id}/?#{params.to_query}" | ||
| 114 | + json = JSON.parse(last_response.body) | ||
| 115 | + assert_equal category.name, json["category"]["name"] | ||
| 116 | + end | ||
| 117 | + | ||
| 118 | + should 'visitor list parent and children when get category by id' do | ||
| 119 | + visitor_setup | ||
| 120 | + parent = fast_create(Category, :environment_id => environment.id) | ||
| 121 | + child_1 = fast_create(Category, :environment_id => environment.id) | ||
| 122 | + child_2 = fast_create(Category, :environment_id => environment.id) | ||
| 123 | + | ||
| 124 | + category = fast_create(Category, :environment_id => environment.id) | ||
| 125 | + category.parent = parent | ||
| 126 | + category.children << child_1 | ||
| 127 | + category.children << child_2 | ||
| 128 | + category.save | ||
| 129 | + | ||
| 130 | + get "/api/v1/categories/#{category.id}/?#{params.to_query}" | ||
| 131 | + json = JSON.parse(last_response.body) | ||
| 132 | + assert_equal({'id' => parent.id, 'name' => parent.name, 'slug' => parent.slug}, json['category']['parent']) | ||
| 133 | + assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } | ||
| 134 | + end | ||
| 135 | + | ||
| 136 | + should 'visitor include parent in categories list if params is true' do | ||
| 137 | + visitor_setup | ||
| 138 | + parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category | ||
| 139 | + child_1 = fast_create(Category, :environment_id => environment.id) | ||
| 140 | + child_2 = fast_create(Category, :environment_id => environment.id) | ||
| 141 | + | ||
| 142 | + parent_2 = fast_create(Category, :environment_id => environment.id) | ||
| 143 | + parent_2.parent = parent_1 | ||
| 144 | + parent_2.children << child_1 | ||
| 145 | + parent_2.children << child_2 | ||
| 146 | + parent_2.save | ||
| 147 | + | ||
| 148 | + get "/api/v1/categories/?#{params.to_query}" | ||
| 149 | + json = JSON.parse(last_response.body) | ||
| 150 | + assert_equal [nil], json['categories'].map { |c| c['parent'] }.uniq | ||
| 151 | + | ||
| 152 | + params[:include_parent] = true | ||
| 153 | + get "/api/v1/categories/?#{params.to_query}" | ||
| 154 | + json = JSON.parse(last_response.body) | ||
| 155 | + assert_equivalent [parent_1.parent, parent_2.parent.id, child_1.parent.id, child_2.parent.id], | ||
| 156 | + json["categories"].map { |c| c['parent'] && c['parent']['id'] } | ||
| 157 | + end | ||
| 158 | + | ||
| 159 | + should 'visitor include children in categories list if params is true' do | ||
| 160 | + visitor_setup | ||
| 161 | + category = fast_create(Category, :environment_id => environment.id) | ||
| 162 | + child_1 = fast_create(Category, :environment_id => environment.id) | ||
| 163 | + child_2 = fast_create(Category, :environment_id => environment.id) | ||
| 164 | + child_3 = fast_create(Category, :environment_id => environment.id) | ||
| 165 | + | ||
| 166 | + category.children << child_1 | ||
| 167 | + category.children << child_2 | ||
| 168 | + category.save | ||
| 169 | + | ||
| 170 | + child_1.children << child_3 | ||
| 171 | + child_1.save | ||
| 172 | + | ||
| 173 | + get "/api/v1/categories/?#{params.to_query}" | ||
| 174 | + json = JSON.parse(last_response.body) | ||
| 175 | + assert_equal [nil], json['categories'].map { |c| c['children'] }.uniq | ||
| 176 | + | ||
| 177 | + params[:include_children] = true | ||
| 178 | + get "/api/v1/categories/?#{params.to_query}" | ||
| 179 | + json = JSON.parse(last_response.body) | ||
| 180 | + assert_equivalent [category.children.map(&:id).sort, child_1.children.map(&:id).sort, child_2.children.map(&:id).sort, child_3.children.map(&:id).sort], | ||
| 181 | + json["categories"].map{ |c| c['children'].map{ |child| child['id'] }.sort } | ||
| 182 | + end | ||
| 183 | + | ||
| 184 | + expose_attributes.each do |attr| | ||
| 185 | + should "visitor expose category #{attr} attribute by default" do | ||
| 186 | + visitor_setup | ||
| 187 | + category = fast_create(Category, :environment_id => environment.id) | ||
| 188 | + get "/api/v1/categories/?#{params.to_query}" | ||
| 189 | + json = JSON.parse(last_response.body) | ||
| 190 | + assert json["categories"].last.has_key?(attr) | ||
| 191 | + end | ||
| 192 | + end | ||
| 193 | + | ||
| 194 | + ################################# End visitors' test #################################################################################### | ||
| 195 | + | ||
| 97 | end | 196 | end |
test/api/comments_test.rb
| @@ -2,11 +2,8 @@ require_relative 'test_helper' | @@ -2,11 +2,8 @@ require_relative 'test_helper' | ||
| 2 | 2 | ||
| 3 | class CommentsTest < ActiveSupport::TestCase | 3 | class CommentsTest < ActiveSupport::TestCase |
| 4 | 4 | ||
| 5 | - def setup | ||
| 6 | - login_api | ||
| 7 | - end | ||
| 8 | - | ||
| 9 | should 'not list comments if user has no permission to view the source article' do | 5 | should 'not list comments if user has no permission to view the source article' do |
| 6 | + login_api | ||
| 10 | person = fast_create(Person) | 7 | person = fast_create(Person) |
| 11 | article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | 8 | article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) |
| 12 | assert !article.published? | 9 | assert !article.published? |
| @@ -16,6 +13,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -16,6 +13,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
| 16 | end | 13 | end |
| 17 | 14 | ||
| 18 | should 'not return comment if user has no permission to view the source article' do | 15 | should 'not return comment if user has no permission to view the source article' do |
| 16 | + login_api | ||
| 19 | person = fast_create(Person) | 17 | person = fast_create(Person) |
| 20 | article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | 18 | article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) |
| 21 | comment = article.comments.create!(:body => "another comment", :author => user.person) | 19 | comment = article.comments.create!(:body => "another comment", :author => user.person) |
| @@ -26,6 +24,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -26,6 +24,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
| 26 | end | 24 | end |
| 27 | 25 | ||
| 28 | should 'not comment an article if user has no permission to view it' do | 26 | should 'not comment an article if user has no permission to view it' do |
| 27 | + login_api | ||
| 29 | person = fast_create(Person) | 28 | person = fast_create(Person) |
| 30 | article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | 29 | article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) |
| 31 | assert !article.published? | 30 | assert !article.published? |
| @@ -35,6 +34,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -35,6 +34,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
| 35 | end | 34 | end |
| 36 | 35 | ||
| 37 | should 'return comments of an article' do | 36 | should 'return comments of an article' do |
| 37 | + login_api | ||
| 38 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | 38 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") |
| 39 | article.comments.create!(:body => "some comment", :author => user.person) | 39 | article.comments.create!(:body => "some comment", :author => user.person) |
| 40 | article.comments.create!(:body => "another comment", :author => user.person) | 40 | article.comments.create!(:body => "another comment", :author => user.person) |
| @@ -46,6 +46,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -46,6 +46,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
| 46 | end | 46 | end |
| 47 | 47 | ||
| 48 | should 'return comment of an article' do | 48 | should 'return comment of an article' do |
| 49 | + login_api | ||
| 49 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | 50 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") |
| 50 | comment = article.comments.create!(:body => "another comment", :author => user.person) | 51 | comment = article.comments.create!(:body => "another comment", :author => user.person) |
| 51 | 52 | ||
| @@ -56,6 +57,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -56,6 +57,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
| 56 | end | 57 | end |
| 57 | 58 | ||
| 58 | should 'comment an article' do | 59 | should 'comment an article' do |
| 60 | + login_api | ||
| 59 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | 61 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") |
| 60 | body = 'My comment' | 62 | body = 'My comment' |
| 61 | params.merge!({:body => body}) | 63 | params.merge!({:body => body}) |
| @@ -76,6 +78,7 @@ class CommentsTest < ActiveSupport::TestCase | @@ -76,6 +78,7 @@ class CommentsTest < ActiveSupport::TestCase | ||
| 76 | end | 78 | end |
| 77 | 79 | ||
| 78 | should 'comment creation define the source' do | 80 | should 'comment creation define the source' do |
| 81 | + login_api | ||
| 79 | amount = Comment.count | 82 | amount = Comment.count |
| 80 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") | 83 | article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") |
| 81 | body = 'My comment' | 84 | body = 'My comment' |
| @@ -137,4 +140,53 @@ class CommentsTest < ActiveSupport::TestCase | @@ -137,4 +140,53 @@ class CommentsTest < ActiveSupport::TestCase | ||
| 137 | json = JSON.parse(last_response.body) | 140 | json = JSON.parse(last_response.body) |
| 138 | assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} | 141 | assert_equal ["comment 2"], json["comments"].map {|c| c["body"]} |
| 139 | end | 142 | end |
| 143 | + | ||
| 144 | + should 'not visitor list comments if has no permission to view the source article' do | ||
| 145 | + visitor_setup | ||
| 146 | + person = fast_create(Person) | ||
| 147 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) | ||
| 148 | + assert !article.published? | ||
| 149 | + | ||
| 150 | + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | ||
| 151 | + assert_equal 403, last_response.status | ||
| 152 | + end | ||
| 153 | + | ||
| 154 | + should 'visitor return comments of an article' do | ||
| 155 | + visitor_setup | ||
| 156 | + person = fast_create(Person) | ||
| 157 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") | ||
| 158 | + article.comments.create!(:body => "some comment", :author => person) | ||
| 159 | + article.comments.create!(:body => "another comment", :author => person) | ||
| 160 | + | ||
| 161 | + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | ||
| 162 | + json = JSON.parse(last_response.body) | ||
| 163 | + assert_equal 200, last_response.status | ||
| 164 | + assert_equal 2, json["comments"].length | ||
| 165 | + end | ||
| 166 | + | ||
| 167 | + should 'visitor return comment of an article' do | ||
| 168 | + visitor_setup | ||
| 169 | + person = fast_create(Person) | ||
| 170 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") | ||
| 171 | + comment = article.comments.create!(:body => "another comment", :author => person) | ||
| 172 | + | ||
| 173 | + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" | ||
| 174 | + json = JSON.parse(last_response.body) | ||
| 175 | + assert_equal 200, last_response.status | ||
| 176 | + assert_equal comment.id, json['comment']['id'] | ||
| 177 | + end | ||
| 178 | + | ||
| 179 | + should 'not visitor comment an article (at least so far...)' do | ||
| 180 | + visitor_setup | ||
| 181 | + person = fast_create(Person) | ||
| 182 | + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") | ||
| 183 | + body = 'My comment' | ||
| 184 | + name = "John Doe" | ||
| 185 | + email = "JohnDoe@gmail.com" | ||
| 186 | + params.merge!({:body => body, name: name, email: email}) | ||
| 187 | + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" | ||
| 188 | + json = JSON.parse(last_response.body) | ||
| 189 | + assert_equal 401, last_response.status | ||
| 190 | + end | ||
| 191 | + | ||
| 140 | end | 192 | end |
test/api/communities_test.rb
| @@ -4,10 +4,10 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -4,10 +4,10 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 4 | 4 | ||
| 5 | def setup | 5 | def setup |
| 6 | Community.delete_all | 6 | Community.delete_all |
| 7 | - login_api | ||
| 8 | end | 7 | end |
| 9 | 8 | ||
| 10 | should 'list only communities' do | 9 | should 'list only communities' do |
| 10 | + login_api | ||
| 11 | community = fast_create(Community, :environment_id => environment.id) | 11 | community = fast_create(Community, :environment_id => environment.id) |
| 12 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise | 12 | enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise |
| 13 | get "/api/v1/communities?#{params.to_query}" | 13 | get "/api/v1/communities?#{params.to_query}" |
| @@ -17,6 +17,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -17,6 +17,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 17 | end | 17 | end |
| 18 | 18 | ||
| 19 | should 'list all communities' do | 19 | should 'list all communities' do |
| 20 | + login_api | ||
| 20 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) | 21 | community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) |
| 21 | community2 = fast_create(Community, :environment_id => environment.id) | 22 | community2 = fast_create(Community, :environment_id => environment.id) |
| 22 | get "/api/v1/communities?#{params.to_query}" | 23 | get "/api/v1/communities?#{params.to_query}" |
| @@ -25,6 +26,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -25,6 +26,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 25 | end | 26 | end |
| 26 | 27 | ||
| 27 | should 'not list invisible communities' do | 28 | should 'not list invisible communities' do |
| 29 | + login_api | ||
| 28 | community1 = fast_create(Community, :environment_id => environment.id) | 30 | community1 = fast_create(Community, :environment_id => environment.id) |
| 29 | fast_create(Community, :environment_id => environment.id, :visible => false) | 31 | fast_create(Community, :environment_id => environment.id, :visible => false) |
| 30 | 32 | ||
| @@ -33,16 +35,18 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -33,16 +35,18 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 33 | assert_equal [community1.id], json['communities'].map {|c| c['id']} | 35 | assert_equal [community1.id], json['communities'].map {|c| c['id']} |
| 34 | end | 36 | end |
| 35 | 37 | ||
| 36 | - should 'not list private communities without permission' do | ||
| 37 | - community1 = fast_create(Community, :environment_id => environment.id) | ||
| 38 | - fast_create(Community, :environment_id => environment.id, :public_profile => false) | 38 | + should 'list private communities' do |
| 39 | + login_api | ||
| 40 | + community1 = fast_create(Community, :environment_id => environment.id) | ||
| 41 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
| 39 | 42 | ||
| 40 | - get "/api/v1/communities?#{params.to_query}" | ||
| 41 | - json = JSON.parse(last_response.body) | ||
| 42 | - assert_equal [community1.id], json['communities'].map {|c| c['id']} | 43 | + get "/api/v1/communities?#{params.to_query}" |
| 44 | + json = JSON.parse(last_response.body) | ||
| 45 | + assert_equal [community1.id, community2.id], json['communities'].map {|c| c['id']} | ||
| 43 | end | 46 | end |
| 44 | 47 | ||
| 45 | should 'list private community for members' do | 48 | should 'list private community for members' do |
| 49 | + login_api | ||
| 46 | c1 = fast_create(Community, :environment_id => environment.id) | 50 | c1 = fast_create(Community, :environment_id => environment.id) |
| 47 | c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | 51 | c2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) |
| 48 | c2.add_member(person) | 52 | c2.add_member(person) |
| @@ -53,6 +57,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -53,6 +57,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 53 | end | 57 | end |
| 54 | 58 | ||
| 55 | should 'create a community' do | 59 | should 'create a community' do |
| 60 | + login_api | ||
| 56 | params[:community] = {:name => 'some'} | 61 | params[:community] = {:name => 'some'} |
| 57 | post "/api/v1/communities?#{params.to_query}" | 62 | post "/api/v1/communities?#{params.to_query}" |
| 58 | json = JSON.parse(last_response.body) | 63 | json = JSON.parse(last_response.body) |
| @@ -60,12 +65,14 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -60,12 +65,14 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 60 | end | 65 | end |
| 61 | 66 | ||
| 62 | should 'return 400 status for invalid community creation' do | 67 | should 'return 400 status for invalid community creation' do |
| 68 | + login_api | ||
| 63 | post "/api/v1/communities?#{params.to_query}" | 69 | post "/api/v1/communities?#{params.to_query}" |
| 64 | json = JSON.parse(last_response.body) | 70 | json = JSON.parse(last_response.body) |
| 65 | assert_equal 400, last_response.status | 71 | assert_equal 400, last_response.status |
| 66 | end | 72 | end |
| 67 | 73 | ||
| 68 | should 'get community' do | 74 | should 'get community' do |
| 75 | + login_api | ||
| 69 | community = fast_create(Community, :environment_id => environment.id) | 76 | community = fast_create(Community, :environment_id => environment.id) |
| 70 | 77 | ||
| 71 | get "/api/v1/communities/#{community.id}?#{params.to_query}" | 78 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
| @@ -74,6 +81,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -74,6 +81,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 74 | end | 81 | end |
| 75 | 82 | ||
| 76 | should 'not get invisible community' do | 83 | should 'not get invisible community' do |
| 84 | + login_api | ||
| 77 | community = fast_create(Community, :environment_id => environment.id, :visible => false) | 85 | community = fast_create(Community, :environment_id => environment.id, :visible => false) |
| 78 | 86 | ||
| 79 | get "/api/v1/communities/#{community.id}?#{params.to_query}" | 87 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
| @@ -82,6 +90,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -82,6 +90,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 82 | end | 90 | end |
| 83 | 91 | ||
| 84 | should 'not get private communities without permission' do | 92 | should 'not get private communities without permission' do |
| 93 | + login_api | ||
| 85 | community = fast_create(Community, :environment_id => environment.id) | 94 | community = fast_create(Community, :environment_id => environment.id) |
| 86 | fast_create(Community, :environment_id => environment.id, :public_profile => false) | 95 | fast_create(Community, :environment_id => environment.id, :public_profile => false) |
| 87 | 96 | ||
| @@ -91,16 +100,17 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -91,16 +100,17 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 91 | end | 100 | end |
| 92 | 101 | ||
| 93 | should 'get private community for members' do | 102 | should 'get private community for members' do |
| 103 | + login_api | ||
| 94 | community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) | 104 | community = fast_create(Community, :environment_id => environment.id, :public_profile => false, :visible => true) |
| 95 | community.add_member(person) | 105 | community.add_member(person) |
| 96 | 106 | ||
| 97 | - | ||
| 98 | get "/api/v1/communities/#{community.id}?#{params.to_query}" | 107 | get "/api/v1/communities/#{community.id}?#{params.to_query}" |
| 99 | json = JSON.parse(last_response.body) | 108 | json = JSON.parse(last_response.body) |
| 100 | assert_equal community.id, json['community']['id'] | 109 | assert_equal community.id, json['community']['id'] |
| 101 | end | 110 | end |
| 102 | 111 | ||
| 103 | should 'list person communities' do | 112 | should 'list person communities' do |
| 113 | + login_api | ||
| 104 | community = fast_create(Community, :environment_id => environment.id) | 114 | community = fast_create(Community, :environment_id => environment.id) |
| 105 | fast_create(Community, :environment_id => environment.id) | 115 | fast_create(Community, :environment_id => environment.id) |
| 106 | community.add_member(person) | 116 | community.add_member(person) |
| @@ -111,6 +121,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -111,6 +121,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 111 | end | 121 | end |
| 112 | 122 | ||
| 113 | should 'not list person communities invisible' do | 123 | should 'not list person communities invisible' do |
| 124 | + login_api | ||
| 114 | c1 = fast_create(Community, :environment_id => environment.id) | 125 | c1 = fast_create(Community, :environment_id => environment.id) |
| 115 | c2 = fast_create(Community, :environment_id => environment.id, :visible => false) | 126 | c2 = fast_create(Community, :environment_id => environment.id, :visible => false) |
| 116 | c1.add_member(person) | 127 | c1.add_member(person) |
| @@ -122,6 +133,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -122,6 +133,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 122 | end | 133 | end |
| 123 | 134 | ||
| 124 | should 'list communities with pagination' do | 135 | should 'list communities with pagination' do |
| 136 | + login_api | ||
| 125 | community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) | 137 | community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) |
| 126 | community2 = fast_create(Community, :created_at => 2.days.ago) | 138 | community2 = fast_create(Community, :created_at => 2.days.ago) |
| 127 | 139 | ||
| @@ -144,6 +156,121 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -144,6 +156,121 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 144 | end | 156 | end |
| 145 | 157 | ||
| 146 | should 'list communities with timestamp' do | 158 | should 'list communities with timestamp' do |
| 159 | + login_api | ||
| 160 | + community1 = fast_create(Community, :public_profile => true) | ||
| 161 | + community2 = fast_create(Community) | ||
| 162 | + | ||
| 163 | + community1.updated_at = Time.now + 3.hours | ||
| 164 | + community1.save! | ||
| 165 | + | ||
| 166 | + params[:timestamp] = Time.now + 1.hours | ||
| 167 | + get "/api/v1/communities/?#{params.to_query}" | ||
| 168 | + json = JSON.parse(last_response.body) | ||
| 169 | + | ||
| 170 | + assert_includes json["communities"].map { |a| a["id"] }, community1.id | ||
| 171 | + assert_not_includes json["communities"].map { |a| a["id"] }, community2.id | ||
| 172 | + end | ||
| 173 | + | ||
| 174 | + ################### Visitor's tests ######################################3 | ||
| 175 | + | ||
| 176 | + should 'visitor list only communities' do | ||
| 177 | + visitor_setup | ||
| 178 | + community = fast_create(Community, :environment_id => environment.id) | ||
| 179 | + enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise | ||
| 180 | + get "/api/v1/communities?#{params.to_query}" | ||
| 181 | + json = JSON.parse(last_response.body) | ||
| 182 | + assert_not_includes json['communities'].map {|c| c['id']}, enterprise.id | ||
| 183 | + assert_includes json['communities'].map {|c| c['id']}, community.id | ||
| 184 | + end | ||
| 185 | + | ||
| 186 | + should 'visitor list all communities' do | ||
| 187 | + visitor_setup | ||
| 188 | + community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) | ||
| 189 | + community2 = fast_create(Community, :environment_id => environment.id) | ||
| 190 | + get "/api/v1/communities?#{params.to_query}" | ||
| 191 | + json = JSON.parse(last_response.body) | ||
| 192 | + assert_equivalent [community1.id, community2.id], json['communities'].map {|c| c['id']} | ||
| 193 | + end | ||
| 194 | + | ||
| 195 | + should 'not visitor list invisible communities' do | ||
| 196 | + visitor_setup | ||
| 197 | + community1 = fast_create(Community, :environment_id => environment.id) | ||
| 198 | + fast_create(Community, :environment_id => environment.id, :visible => false) | ||
| 199 | + | ||
| 200 | + get "/api/v1/communities?#{params.to_query}" | ||
| 201 | + json = JSON.parse(last_response.body) | ||
| 202 | + assert_equal [community1.id], json['communities'].map {|c| c['id']} | ||
| 203 | + end | ||
| 204 | + | ||
| 205 | + should 'visitor list private communities' do | ||
| 206 | + visitor_setup | ||
| 207 | + community1 = fast_create(Community, :environment_id => environment.id) | ||
| 208 | + community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
| 209 | + | ||
| 210 | + get "/api/v1/communities?#{params.to_query}" | ||
| 211 | + json = JSON.parse(last_response.body) | ||
| 212 | + assert_equal [community1.id, community2.id], json['communities'].map {|c| c['id']} | ||
| 213 | + end | ||
| 214 | + | ||
| 215 | + | ||
| 216 | + | ||
| 217 | + should 'not visitor create a community' do | ||
| 218 | + visitor_setup | ||
| 219 | + params[:community] = {:name => 'some'} | ||
| 220 | + post "/api/v1/communities?#{params.to_query}" | ||
| 221 | + json = JSON.parse(last_response.body) | ||
| 222 | + assert_equal 401, last_response.status | ||
| 223 | + end | ||
| 224 | + | ||
| 225 | + should 'visitor get community' do | ||
| 226 | + visitor_setup | ||
| 227 | + community = fast_create(Community, :environment_id => environment.id) | ||
| 228 | + get "/api/v1/communities/#{community.id}" | ||
| 229 | + json = JSON.parse(last_response.body) | ||
| 230 | + assert_equal community.id, json['community']['id'] | ||
| 231 | + end | ||
| 232 | + | ||
| 233 | + should 'not visitor get invisible community' do | ||
| 234 | + visitor_setup | ||
| 235 | + community = fast_create(Community, :environment_id => environment.id, :visible => false) | ||
| 236 | + get "/api/v1/communities/#{community.id}" | ||
| 237 | + json = JSON.parse(last_response.body) | ||
| 238 | + assert json['community'].blank? | ||
| 239 | + end | ||
| 240 | + | ||
| 241 | + should 'visitor not get private communities' do | ||
| 242 | + visitor_setup | ||
| 243 | + community = fast_create(Community, :environment_id => environment.id) | ||
| 244 | + fast_create(Community, :environment_id => environment.id, :public_profile => false) | ||
| 245 | + get "/api/v1/communities/#{community.id}" | ||
| 246 | + json = JSON.parse(last_response.body) | ||
| 247 | + assert_equal community.id, json['community']['id'] | ||
| 248 | + end | ||
| 249 | + | ||
| 250 | + should 'visitor list communities with pagination' do | ||
| 251 | + visitor_setup | ||
| 252 | + community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) | ||
| 253 | + community2 = fast_create(Community, :created_at => 2.days.ago) | ||
| 254 | + | ||
| 255 | + params[:page] = 2 | ||
| 256 | + params[:per_page] = 1 | ||
| 257 | + get "/api/v1/communities?#{params.to_query}" | ||
| 258 | + json_page_two = JSON.parse(last_response.body) | ||
| 259 | + | ||
| 260 | + params[:page] = 1 | ||
| 261 | + params[:per_page] = 1 | ||
| 262 | + get "/api/v1/communities?#{params.to_query}" | ||
| 263 | + json_page_one = JSON.parse(last_response.body) | ||
| 264 | + | ||
| 265 | + assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id | ||
| 266 | + assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id | ||
| 267 | + | ||
| 268 | + assert_includes json_page_two["communities"].map { |a| a["id"] }, community2.id | ||
| 269 | + assert_not_includes json_page_two["communities"].map { |a| a["id"] }, community1.id | ||
| 270 | + end | ||
| 271 | + | ||
| 272 | + should 'visitor list communities with timestamp' do | ||
| 273 | + visitor_setup | ||
| 147 | community1 = fast_create(Community, :public_profile => true) | 274 | community1 = fast_create(Community, :public_profile => true) |
| 148 | community2 = fast_create(Community) | 275 | community2 = fast_create(Community) |
| 149 | 276 | ||
| @@ -157,4 +284,7 @@ class CommunitiesTest < ActiveSupport::TestCase | @@ -157,4 +284,7 @@ class CommunitiesTest < ActiveSupport::TestCase | ||
| 157 | assert_includes json["communities"].map { |a| a["id"] }, community1.id | 284 | assert_includes json["communities"].map { |a| a["id"] }, community1.id |
| 158 | assert_not_includes json["communities"].map { |a| a["id"] }, community2.id | 285 | assert_not_includes json["communities"].map { |a| a["id"] }, community2.id |
| 159 | end | 286 | end |
| 287 | + | ||
| 288 | + ###################End Visitor's tests ######################################3 | ||
| 289 | + | ||
| 160 | end | 290 | end |
test/api/enterprises_test.rb
| @@ -33,13 +33,13 @@ class EnterprisesTest < ActiveSupport::TestCase | @@ -33,13 +33,13 @@ class EnterprisesTest < ActiveSupport::TestCase | ||
| 33 | assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} | 33 | assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} |
| 34 | end | 34 | end |
| 35 | 35 | ||
| 36 | - should 'not list private enterprises without permission' do | 36 | + should 'list private enterprises' do |
| 37 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) | 37 | enterprise1 = fast_create(Enterprise, :environment_id => environment.id) |
| 38 | - fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) | 38 | + enterprise2 = fast_create(Enterprise, :environment_id => environment.id, :public_profile => false) |
| 39 | 39 | ||
| 40 | get "/api/v1/enterprises?#{params.to_query}" | 40 | get "/api/v1/enterprises?#{params.to_query}" |
| 41 | json = JSON.parse(last_response.body) | 41 | json = JSON.parse(last_response.body) |
| 42 | - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} | 42 | + assert_equal [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} |
| 43 | end | 43 | end |
| 44 | 44 | ||
| 45 | should 'list private enterprise for members' do | 45 | should 'list private enterprise for members' do |
test/api/people_test.rb
| @@ -35,11 +35,11 @@ class PeopleTest < ActiveSupport::TestCase | @@ -35,11 +35,11 @@ class PeopleTest < ActiveSupport::TestCase | ||
| 35 | assert_not_includes json_response_ids(:people), invisible_person.id | 35 | assert_not_includes json_response_ids(:people), invisible_person.id |
| 36 | end | 36 | end |
| 37 | 37 | ||
| 38 | - should 'not list private people without permission' do | 38 | + should 'list private people' do |
| 39 | private_person = fast_create(Person, :public_profile => false) | 39 | private_person = fast_create(Person, :public_profile => false) |
| 40 | 40 | ||
| 41 | get "/api/v1/people?#{params.to_query}" | 41 | get "/api/v1/people?#{params.to_query}" |
| 42 | - assert_not_includes json_response_ids(:people), private_person.id | 42 | + assert_includes json_response_ids(:people), private_person.id |
| 43 | end | 43 | end |
| 44 | 44 | ||
| 45 | should 'list private person for friends' do | 45 | should 'list private person for friends' do |
test/api/profiles_test.rb
| @@ -4,10 +4,10 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -4,10 +4,10 @@ class ProfilesTest < ActiveSupport::TestCase | ||
| 4 | 4 | ||
| 5 | def setup | 5 | def setup |
| 6 | Profile.delete_all | 6 | Profile.delete_all |
| 7 | - login_api | ||
| 8 | end | 7 | end |
| 9 | 8 | ||
| 10 | should 'list all profiles' do | 9 | should 'list all profiles' do |
| 10 | + login_api | ||
| 11 | person1 = fast_create(Person) | 11 | person1 = fast_create(Person) |
| 12 | person2 = fast_create(Person) | 12 | person2 = fast_create(Person) |
| 13 | community = fast_create(Community) | 13 | community = fast_create(Community) |
| @@ -17,6 +17,7 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -17,6 +17,7 @@ class ProfilesTest < ActiveSupport::TestCase | ||
| 17 | end | 17 | end |
| 18 | 18 | ||
| 19 | should 'get person from profile id' do | 19 | should 'get person from profile id' do |
| 20 | + login_api | ||
| 20 | some_person = fast_create(Person) | 21 | some_person = fast_create(Person) |
| 21 | get "/api/v1/profiles/#{some_person.id}?#{params.to_query}" | 22 | get "/api/v1/profiles/#{some_person.id}?#{params.to_query}" |
| 22 | json = JSON.parse(last_response.body) | 23 | json = JSON.parse(last_response.body) |
| @@ -24,6 +25,7 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -24,6 +25,7 @@ class ProfilesTest < ActiveSupport::TestCase | ||
| 24 | end | 25 | end |
| 25 | 26 | ||
| 26 | should 'get community from profile id' do | 27 | should 'get community from profile id' do |
| 28 | + login_api | ||
| 27 | community = fast_create(Community) | 29 | community = fast_create(Community) |
| 28 | get "/api/v1/profiles/#{community.id}?#{params.to_query}" | 30 | get "/api/v1/profiles/#{community.id}?#{params.to_query}" |
| 29 | json = JSON.parse(last_response.body) | 31 | json = JSON.parse(last_response.body) |
| @@ -77,4 +79,28 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -77,4 +79,28 @@ class ProfilesTest < ActiveSupport::TestCase | ||
| 77 | assert_nil Profile.find_by_id profile.id | 79 | assert_nil Profile.find_by_id profile.id |
| 78 | 80 | ||
| 79 | end | 81 | end |
| 82 | + | ||
| 83 | + should 'visitor list all profiles' do | ||
| 84 | + person1 = fast_create(Person) | ||
| 85 | + person2 = fast_create(Person) | ||
| 86 | + community = fast_create(Community) | ||
| 87 | + get "/api/v1/profiles" | ||
| 88 | + json = JSON.parse(last_response.body) | ||
| 89 | + assert_equivalent [person1.id, person2.id, community.id], json.map {|p| p['id']} | ||
| 90 | + end | ||
| 91 | + | ||
| 92 | + should 'visitor get person from profile id' do | ||
| 93 | + some_person = fast_create(Person) | ||
| 94 | + get "/api/v1/profiles/#{some_person.id}" | ||
| 95 | + json = JSON.parse(last_response.body) | ||
| 96 | + assert_equal some_person.id, json['id'] | ||
| 97 | + end | ||
| 98 | + | ||
| 99 | + should 'visitor get community from profile id' do | ||
| 100 | + community = fast_create(Community) | ||
| 101 | + get "/api/v1/profiles/#{community.id}" | ||
| 102 | + json = JSON.parse(last_response.body) | ||
| 103 | + assert_equal community.id, json['id'] | ||
| 104 | + end | ||
| 105 | + | ||
| 80 | end | 106 | end |
test/api/test_helper.rb
| @@ -24,6 +24,12 @@ class ActiveSupport::TestCase | @@ -24,6 +24,12 @@ class ActiveSupport::TestCase | ||
| 24 | 24 | ||
| 25 | @params = {:private_token => @private_token} | 25 | @params = {:private_token => @private_token} |
| 26 | end | 26 | end |
| 27 | + | ||
| 28 | + def visitor_setup | ||
| 29 | + @environment = Environment.default | ||
| 30 | + @params = {} | ||
| 31 | + end | ||
| 32 | + | ||
| 27 | attr_accessor :private_token, :user, :person, :params, :environment | 33 | attr_accessor :private_token, :user, :person, :params, :environment |
| 28 | 34 | ||
| 29 | private | 35 | private |
test/unit/organization_test.rb
| @@ -437,7 +437,7 @@ class OrganizationTest < ActiveSupport::TestCase | @@ -437,7 +437,7 @@ class OrganizationTest < ActiveSupport::TestCase | ||
| 437 | c = fast_create(Organization, :name => 'my test profile', :identifier => 'mytestprofile') | 437 | c = fast_create(Organization, :name => 'my test profile', :identifier => 'mytestprofile') |
| 438 | admin = create_user('adminuser').person | 438 | admin = create_user('adminuser').person |
| 439 | c.add_admin(admin) | 439 | c.add_admin(admin) |
| 440 | - | 440 | + |
| 441 | assert c.is_admin?(admin) | 441 | assert c.is_admin?(admin) |
| 442 | end | 442 | end |
| 443 | 443 | ||
| @@ -513,4 +513,18 @@ class OrganizationTest < ActiveSupport::TestCase | @@ -513,4 +513,18 @@ class OrganizationTest < ActiveSupport::TestCase | ||
| 513 | assert_includes env_admin_orgs, o7 | 513 | assert_includes env_admin_orgs, o7 |
| 514 | end | 514 | end |
| 515 | 515 | ||
| 516 | + should 'fetch organizations there are visible for a visitor' do | ||
| 517 | + visitor = nil | ||
| 518 | + Organization.destroy_all | ||
| 519 | + o1 = fast_create(Organization, :public_profile => true , :visible => true ) | ||
| 520 | + o2 = fast_create(Organization, :public_profile => false, :visible => true ) | ||
| 521 | + o3 = fast_create(Organization, :public_profile => true , :visible => false) | ||
| 522 | + o4 = fast_create(Organization, :public_profile => false, :visible => false) | ||
| 523 | + person_orgs = Organization.visible_for_person(visitor) | ||
| 524 | + assert_includes person_orgs, o1 | ||
| 525 | + assert_not_includes person_orgs, o2 | ||
| 526 | + assert_not_includes person_orgs, o3 | ||
| 527 | + assert_not_includes person_orgs, o4 | ||
| 528 | + end | ||
| 529 | + | ||
| 516 | end | 530 | end |
test/unit/person_test.rb
| @@ -1951,4 +1951,17 @@ class PersonTest < ActiveSupport::TestCase | @@ -1951,4 +1951,17 @@ class PersonTest < ActiveSupport::TestCase | ||
| 1951 | person.save! | 1951 | person.save! |
| 1952 | end | 1952 | end |
| 1953 | 1953 | ||
| 1954 | + should 'fetch people there are visible for a visitor' do | ||
| 1955 | + person = nil | ||
| 1956 | + p1 = fast_create(Person, :public_profile => true , :visible => true) | ||
| 1957 | + p2 = fast_create(Person, :public_profile => false, :visible => true) | ||
| 1958 | + p3 = fast_create(Person, :public_profile => true , :visible => false) | ||
| 1959 | + p4 = fast_create(Person, :public_profile => false, :visible => false) | ||
| 1960 | + people_visible_by_visitor = Person.visible_for_person(person) | ||
| 1961 | + assert_includes people_visible_by_visitor, p1 | ||
| 1962 | + assert_not_includes people_visible_by_visitor, p2 | ||
| 1963 | + assert_not_includes people_visible_by_visitor, p3 | ||
| 1964 | + assert_not_includes people_visible_by_visitor, p4 | ||
| 1965 | + end | ||
| 1966 | + | ||
| 1954 | end | 1967 | end |