api: put roles endpoint inside profiles resource

Victor Costa
1 parent 3c7ef3f4
Showing 2 changed files with 11 additions and 5 deletions Show diff stats
app/api/v1/roles.rb
test/api/roles_test.rb
@@ -5,14 +5,15 @@ module Api
  
       MAX_PER_PAGE = 50
  
-      resource :organizations do
-        segment "/:organization_id" do
+      resource :profiles do
+        segment "/:profile_id" do
           resource :roles do
  
             paginate max_per_page: MAX_PER_PAGE
             get do
-              organization = environment.profiles.find(params[:organization_id])
-              roles = Profile::Roles.organization_roles(organization.environment.id, organization.id)
+              profile = environment.profiles.find(params[:profile_id])
+              return forbidden! unless profile.kind_of?(Organization)
+              roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
               present_partial paginate(roles), with: Entities::Role
             end
  
@@ -16,8 +16,13 @@ class TolesTest &lt; ActiveSupport::TestCase
     role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
     role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
     profile.custom_roles << role2
-    get "/api/v1/organizations/#{profile.id}/roles?#{params.to_query}"
+    get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [role1.id, role2.id], json['roles'].map {|r| r['id']}
   end
+
+  should 'return forbidden status when profile is not an organization' do
+    get "/api/v1/profiles/#{person.id}/roles?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
 end
...	...	@@ -5,14 +5,15 @@ module Api
5	5
6	6	MAX_PER_PAGE = 50
7	7
8		- resource :organizations do
9		- segment "/:organization_id" do
	8	+ resource :profiles do
	9	+ segment "/:profile_id" do
10	10	resource :roles do
11	11
12	12	paginate max_per_page: MAX_PER_PAGE
13	13	get do
14		- organization = environment.profiles.find(params[:organization_id])
15		- roles = Profile::Roles.organization_roles(organization.environment.id, organization.id)
	14	+ profile = environment.profiles.find(params[:profile_id])
	15	+ return forbidden! unless profile.kind_of?(Organization)
	16	+ roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
16	17	present_partial paginate(roles), with: Entities::Role
17	18	end
18	19
...	...
...	...	@@ -16,8 +16,13 @@ class TolesTest < ActiveSupport::TestCase
16	16	role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
17	17	role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
18	18	profile.custom_roles << role2
19		- get "/api/v1/organizations/#{profile.id}/roles?#{params.to_query}"
	19	+ get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
20	20	json = JSON.parse(last_response.body)
21	21	assert_equivalent [role1.id, role2.id], json['roles'].map {\|r\| r['id']}
22	22	end
	23	+
	24	+ should 'return forbidden status when profile is not an organization' do
	25	+ get "/api/v1/profiles/#{person.id}/roles?#{params.to_query}"
	26	+ assert_equal 403, last_response.status
	27	+ end
23	28	end
...	...