api: put roles endpoint inside profiles resource

Victor Costa
1 parent 3c7ef3f4
Showing 2 changed files with 11 additions and 5 deletions Show diff stats
app/api/v1/roles.rb
test/api/roles_test.rb
@@ -5,14 +5,15 @@ module Api
       MAX_PER_PAGE = 50
-      resource :organizations do
-        segment "/:organization_id" do
+      resource :profiles do
+        segment "/:profile_id" do
           resource :roles do
             paginate max_per_page: MAX_PER_PAGE
             get do
-              organization = environment.profiles.find(params[:organization_id])
-              roles = Profile::Roles.organization_roles(organization.environment.id, organization.id)
+              profile = environment.profiles.find(params[:profile_id])
+              return forbidden! unless profile.kind_of?(Organization)
+              roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
               present_partial paginate(roles), with: Entities::Role
             end
@@ -16,8 +16,13 @@ class TolesTest &lt; ActiveSupport::TestCase
     role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
     role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
     profile.custom_roles << role2
-    get "/api/v1/organizations/#{profile.id}/roles?#{params.to_query}"
+    get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [role1.id, role2.id], json['roles'].map {|r| r['id']}
   end
+
+  should 'return forbidden status when profile is not an organization' do
+    get "/api/v1/profiles/#{person.id}/roles?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
 end