Merge branch 'all_pending_tasks_api' into 'master'

api: list all pending tasks for the current person See merge request !979

Merge branch 'all_pending_tasks_api' into 'master'
api: list all pending tasks for the current person See merge request !979
Victor Costa
2 parents 98f67e15 742a886d
Showing 8 changed files with 357 additions and 195 deletions Show diff stats
app/api/entities.rb
app/api/helpers.rb
app/api/v1/tasks.rb
app/controllers/my_profile/tasks_controller.rb
app/models/task.rb
test/api/task_test.rb
test/unit/person_test.rb
test/unit/task_test.rb
@@ -263,6 +263,14 @@ module Api
       root 'tasks', 'task'
       expose :id
       expose :type
+      expose :requestor, using: Profile
+      expose :status
+      expose :created_at
+      expose :data
+      expose :target do |task, options|
+        type_map = {Profile => ::Profile, Environment => ::Environment}.find {|h| task.target.kind_of?(h.last)}
+        type_map.first.represent(task.target) unless type_map.nil?
+      end
     end
     class Environment < Entity
@@ -4,7 +4,7 @@ require &#39;tempfile&#39;
 module Api
   module Helpers
     PRIVATE_TOKEN_PARAM = :private_token
-    DEFAULT_ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived]
+    ALLOWED_PARAMETERS = [:parent_id, :from, :until, :content_type, :author_id, :identifier, :archived, :status]
     include SanitizeParams
     include Noosfero::Plugin::HotSpot
@@ -124,8 +124,8 @@ module Api
       present_partial article, with: Entities::Article, params: params, current_person: current_person
     end
-    def present_articles_for_asset(asset, method = 'articles')
-      articles = find_articles(asset, method)
+    def present_articles_for_asset(asset, method_or_relation = 'articles')
+      articles = find_articles(asset, method_or_relation)
       present_articles(articles)
     end
@@ -133,8 +133,8 @@ module Api
       present_partial paginate(articles), :with => Entities::Article, :params => params, current_person: current_person
     end
-    def find_articles(asset, method = 'articles')
-      articles = select_filtered_collection_of(asset, method, params)
+    def find_articles(asset, method_or_relation = 'articles')
+      articles = select_filtered_collection_of(asset, method_or_relation, params)
       if current_person.present?
         articles = articles.display_filter(current_person, nil)
       else
@@ -143,8 +143,9 @@ module Api
       articles
     end
-    def find_task(asset, id)
-      task = asset.tasks.find_by(id: id)
+    def find_task(asset, method_or_relation, id)
+      task = is_a_relation?(method_or_relation) ? method_or_relation : asset.send(method_or_relation)
+      task = task.find_by_id(id)
       not_found! if task.blank?
       current_person.has_permission?(task.permission, asset) ? task : forbidden!
     end
@@ -152,6 +153,7 @@ module Api
     def post_task(asset, params)
       klass_type= params[:content_type].nil? ? 'Task' : params[:content_type]
       return forbidden! unless klass_type.constantize <= Task
+      return forbidden! if !current_person.has_permission?(:perform_task, asset)
       task = klass_type.constantize.new(params[:task])
       task.requestor_id = current_person.id
@@ -164,15 +166,24 @@ module Api
       present_partial task, :with => Entities::Task
     end
-    def present_task(asset)
-      task = find_task(asset, params[:id])
+    def find_tasks(asset, method_or_relation = 'tasks')
+      return forbidden! if !current_person.has_permission?(:perform_task, asset)
+      tasks = select_filtered_collection_of(asset, method_or_relation, params)
+      tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
+      tasks
+    end
+
+    def present_task(asset, method_or_relation = 'tasks')
+      task = find_task(asset, method_or_relation, params[:id])
       present_partial task, :with => Entities::Task
     end
-    def present_tasks(asset)
-      tasks = select_filtered_collection_of(asset, 'tasks', params)
-      tasks = tasks.select {|t| current_person.has_permission?(t.permission, asset)}
-      return forbidden! if tasks.empty? && !current_person.has_permission?(:perform_task, asset)
+    def present_tasks_for_asset(asset, method_or_relation = 'tasks')
+      tasks = find_tasks(asset, method_or_relation)
+      present_tasks(tasks)
+    end
+
+    def present_tasks(tasks)
       present_partial tasks, :with => Entities::Task
     end
@@ -181,7 +192,6 @@ module Api
       conditions = {}
       from_date = DateTime.parse(parsed_params.delete(:from)) if parsed_params[:from]
       until_date = DateTime.parse(parsed_params.delete(:until)) if parsed_params[:until]
-
       conditions[:type] = parse_content_type(parsed_params.delete(:content_type)) unless parsed_params[:content_type].nil?
       conditions[:created_at] = period(from_date, until_date) if from_date || until_date
@@ -191,7 +201,7 @@ module Api
     end
     # changing make_order_with_parameters to avoid sql injection
-    def make_order_with_parameters(object, method, params)
+    def make_order_with_parameters(object, method_or_relation, params)
       order = "created_at DESC"
       unless params[:order].blank?
         if params[:order].include? '\'' or params[:order].include? '"'
@@ -200,9 +210,9 @@ module Api
           order = 'RANDOM()'
         else
           field_name, direction = params[:order].split(' ')
-          assoc = object.class.reflect_on_association(method.to_sym)
-          if !field_name.blank? and assoc
-            if assoc.klass.attribute_names.include? field_name
+          assoc_class = extract_associated_classname(method_or_relation)
+          if !field_name.blank? and assoc_class
+            if assoc_class.attribute_names.include? field_name
               if direction.present? and ['ASC','DESC'].include? direction.upcase
                 order = "#{field_name} #{direction.upcase}"
               end
@@ -213,12 +223,14 @@ module Api
       return order
     end
-    def make_timestamp_with_parameters_and_method(params, method)
+    def make_timestamp_with_parameters_and_method(params, method_or_relation)
       timestamp = nil
       if params[:timestamp]
         datetime = DateTime.parse(params[:timestamp])
-        table_name = method.to_s.singularize.camelize.constantize.table_name
-        timestamp = "#{table_name}.updated_at >= '#{datetime}'"
+        table_name = extract_associated_tablename(method_or_relation)
+        assoc_class = extract_associated_classname(method_or_relation)
+        date_atrr = assoc_class.attribute_names.include?('updated_at') ? 'updated_at' : 'created_at'
+        timestamp = "#{table_name}.#{date_atrr} >= '#{datetime}'"
       end
       timestamp
@@ -243,12 +255,12 @@ module Api
       end
     end
-    def select_filtered_collection_of(object, method, params)
+    def select_filtered_collection_of(object, method_or_relation, params)
       conditions = make_conditions_with_parameter(params)
-      order = make_order_with_parameters(object,method,params)
-      timestamp = make_timestamp_with_parameters_and_method(params, method)
+      order = make_order_with_parameters(object,method_or_relation,params)
+      timestamp = make_timestamp_with_parameters_and_method(params, method_or_relation)
-      objects = object.send(method)
+      objects = is_a_relation?(method_or_relation) ? method_or_relation : object.send(method_or_relation)
       objects = by_reference(objects, params)
       objects = by_categories(objects, params)
@@ -394,10 +406,27 @@ module Api
     end
     private
+    def extract_associated_tablename(method_or_relation)
+      extract_associated_classname(method_or_relation).table_name
+    end
+
+    def extract_associated_classname(method_or_relation)
+      if is_a_relation?(method_or_relation)
+        method_or_relation.blank? ? '' : method_or_relation.first.class
+      else
+        method_or_relation.to_s.singularize.camelize.constantize
+      end
+    end
+
+    def is_a_relation?(method_or_relation)
+      method_or_relation.kind_of?(ActiveRecord::Relation)
+    end
+  
+
     def parser_params(params)
       parsed_params = {}
       params.map do |k,v|
-        parsed_params[k.to_sym] = v if DEFAULT_ALLOWED_PARAMETERS.include?(k.to_sym)
+        parsed_params[k.to_sym] = v if ALLOWED_PARAMETERS.include?(k.to_sym)
       end
       parsed_params
     end
@@ -3,9 +3,12 @@ module Api
     class Tasks < Grape::API
       before { authenticate! }
+      MAX_PER_PAGE = 50
+
       resource :tasks do
-        # Collect tasks
+        paginate max_per_page: MAX_PER_PAGE
+        # Collect all tasks that current person has permission
         #
         # Parameters:
         #   from             - date where the search will begin. If nothing is passed the default date will be the date of the first article created
@@ -15,20 +18,19 @@ module Api
         # Example Request:
         #  GET host/api/v1/tasks?from=2013-04-04-14:41:43&until=2015-04-04-14:41:43&limit=10&private_token=e96fff37c2238fdab074d1dcea8e6317
         get do
-          present_tasks(environment)
+          tasks = Task.to(current_person)
+          present_tasks_for_asset(current_person, tasks)
         end
         desc "Return the task id"
         get ':id' do
-          task = find_task(environment, params[:id])
-          present_partial task, :with => Entities::Task
+          present_task(current_person, Task.to(current_person))
         end
         %w[finish cancel].each do |action|
           desc "#{action.capitalize} a task"
           put ":id/#{action}" do
-            authenticate!
-            task = find_task(current_person, params[:id])
+            task = find_task(current_person, Task.to(current_person), params[:id])
             task.send(action, current_person) if (task.status == Task::Status::ACTIVE)
             present_partial task, :with => Entities::Task
           end
@@ -42,7 +44,8 @@ module Api
             resource :tasks do
               get do
                 profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
-                present_tasks(profile)
+                tasks = Task.to(profile)
+                present_tasks_for_asset(profile, tasks)
               end
               get ':id' do
@@ -14,7 +14,7 @@ class TasksController &lt; MyProfileController
     @filter_text = params[:filter_text].presence
     @filter_responsible = params[:filter_responsible]
     @task_types = Task.pending_types_for(profile)
-    @tasks = Task.pending_all(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
+    @tasks = Task.pending_all_by_filter(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
     @tasks = @tasks.where(:responsible_id => @filter_responsible.to_i != -1 ? @filter_responsible : nil) if @filter_responsible.present?
     @tasks = @tasks.paginate(:per_page => Task.per_page, :page => params[:page])
     @failed = params ? params[:failed] : {}
@@ -101,7 +101,7 @@ class TasksController &lt; MyProfileController
   def search_tasks
     filter_type = params[:filter_type].presence
     filter_text = params[:filter_text].presence
-    result = Task.pending_all(profile,filter_type, filter_text)
+    result = Task.pending_all_by_filter(profile,filter_type, filter_text)
     render :json => result.map { |task| {:label => task.data[:name], :value => task.data[:name]} }
   end
@@ -314,7 +314,7 @@ class Task &lt; ApplicationRecord
         where "LOWER(#{field}) LIKE ?", "%#{value.downcase}%"
       end
   }
-  scope :pending_all, -> profile, filter_type, filter_text {
+  scope :pending_all_by_filter, -> profile, filter_type, filter_text {
     self.to(profile).without_spam.pending.of(filter_type).like('data', filter_text)
   }
@@ -323,10 +323,17 @@ class Task &lt; ApplicationRecord
     if profile.person?
       envs_ids = Environment.all.select{ |env| profile.is_admin?(env) }.map{ |env| "target_id = #{env.id}"}.join(' OR ')
       environment_condition = envs_ids.blank? ? nil : "(target_type = 'Environment' AND (#{envs_ids}))"
+
+      organizations = profile.memberships.all.select do |organization| 
+        profile.has_permission?(:perform_task, organization) 
+      end
+      organization_ids = organizations.map{ |organization| "target_id = #{organization.id}"}.join(' OR ')
+
+      organization_conditions = organization_ids.blank? ? nil : "(target_type = 'Profile' AND (#{organization_ids}))"
     end
     profile_condition = "(target_type = 'Profile' AND target_id = #{profile.id})"
-    where [environment_condition, profile_condition].compact.join(' OR ')
+    where [environment_condition, organization_conditions, profile_condition].compact.join(' OR ')
   }
   scope :from_closed_date, -> closed_from {
@@ -11,7 +11,7 @@ class TasksTest &lt; ActiveSupport::TestCase
   attr_accessor :person, :community, :environment
-  should 'list tasks of environment' do
+  should 'list environment tasks for admin user' do
     environment.add_admin(person)
     task = create(Task, :requestor => person, :target => environment)
     get "/api/v1/tasks?#{params.to_query}"
@@ -50,144 +50,117 @@ class TasksTest &lt; ActiveSupport::TestCase
     task = create(Task, :requestor => person, :target => environment)
     get "/api/v1/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
+    assert_equal 404, last_response.status
   end
- #############################
- #     Community Tasks    #
- #############################
+  should 'find the current user task even it is finished' do
+    t3 = create(Task, :requestor => person, :target => person)
+    t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
-  should 'return task by community' do
-    community = fast_create(Community)
-    community.add_admin(person)
-
-    task = create(Task, :requestor => person, :target => community)
-    assert person.is_member_of?(community)
-
-    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    get "/api/v1/tasks/#{t4.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
-    assert_equal task.id, json["task"]["id"]
+    assert_equal t4.id, json["task"]["id"]
   end
-  should 'not return task by community for unlogged users' do
-    logout_api
+  should 'find the current user task even it is for community' do
     community = fast_create(Community)
     community.add_admin(person)
+    t2 = create(Task, :requestor => person, :target => community)
-    task = create(Task, :requestor => person, :target => community)
-    assert person.is_member_of?(community)
+    t3 = create(Task, :requestor => person, :target => person)
-    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
+    get "/api/v1/tasks/#{t2.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
-    assert_equal 401, last_response.status
+    assert_equal t2.id, json["task"]["id"]
   end
-  should 'not return task by community if user has no permission to view it' do
-    community = fast_create(Community)
-    task = create(Task, :requestor => person, :target => community)
-    assert !person.is_member_of?(community)
+  should 'find the current user task even it is for environment' do
+    environment.add_admin(person)
+    t1 = create(Task, :requestor => person, :target => environment)
-    get "/api/v1/communities/#{community.id}/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
+    t3 = create(Task, :requestor => person, :target => person)
-  should 'create task in a community' do
-    community = fast_create(Community)
-    give_permission(person, 'perform_task', community)
-    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
+    get "/api/v1/tasks/#{t1.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
-    assert_not_nil json["task"]["id"]
+    assert_equal t1.id, json["task"]["id"]
   end
-  should 'not create task in a community for unlogged users' do
-    logout_api
-    community = fast_create(Community)
-    give_permission(person, 'perform_task', community)
-    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 401, last_response.status
-  end
-  should 'create task defining the requestor as current profile logged in' do
+  should 'list all tasks of user' do
+    environment.add_admin(person)
+    t1 = create(Task, :requestor => person, :target => environment)
+
     community = fast_create(Community)
-    community.add_member(person)
+    community.add_admin(person)
+    t2 = create(Task, :requestor => person, :target => community)
-    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
+    t3 = create(Task, :requestor => person, :target => person)
+    t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
-    assert_equal person, Task.last.requestor
+    get "/api/v1/tasks?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [t1.id, t2.id, t3.id, t4.id], json["tasks"].map { |a| a["id"] }
   end
-  should 'create task defining the target as the community' do
+  should 'list all pending tasks of user' do
+    environment.add_admin(person)
+    t1 = create(Task, :requestor => person, :target => environment, :status => Task::Status::ACTIVE)
+
     community = fast_create(Community)
-    community.add_member(person)
+    community.add_admin(person)
+    t2 = create(Task, :requestor => person, :target => community, :status => Task::Status::ACTIVE)
-    post "/api/v1/communities/#{community.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
+    t3 = create(Task, :requestor => person, :target => person, :status => Task::Status::ACTIVE)
+    t4 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
-    assert_equal community, Task.last.target
+    get "/api/v1/tasks?#{params.merge(:status => Task::Status::ACTIVE).to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [t1.id, t2.id, t3.id], json["tasks"].map { |a| a["id"] }
   end
- #############################
- #        Person Tasks       #
- #############################
-  should 'return task by person' do
-    task = create(Task, :requestor => person, :target => person)
-    get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal task.id, json["task"]["id"]
-  end
+  should 'list tasks with pagination' do
+    Task.destroy_all
+    t1 = create(Task, :requestor => person, :target => person)
+    t2 = create(Task, :requestor => person, :target => person)
-  should 'not return task by person for unlogged users' do
-    logout_api
-    task = create(Task, :requestor => person, :target => person)
-    get "/api/v1/people/#{person.id}/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 401, last_response.status
-  end
+    params[:page] = 1
+    params[:per_page] = 1
+    get "/api/v1/tasks/?#{params.to_query}"
+    json_page_one = JSON.parse(last_response.body)
-  should 'not return task by person if user has no permission to view it' do
-    some_person = fast_create(Person)
-    task = create(Task, :requestor => person, :target => some_person)
+    params[:page] = 2
+    params[:per_page] = 1
+    get "/api/v1/tasks/?#{params.to_query}"
+    json_page_two = JSON.parse(last_response.body)
-    get "/api/v1/people/#{some_person.id}/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
+    assert_includes json_page_one["tasks"].map { |a| a["id"] }, t2.id
+    assert_not_includes json_page_one["tasks"].map { |a| a["id"] }, t1.id
-  should 'create task for person' do
-    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_nil json["task"]["id"]
+    assert_includes json_page_two["tasks"].map { |a| a["id"] }, t1.id
+    assert_not_includes json_page_two["tasks"].map { |a| a["id"] }, t2.id
   end
-  should 'not create task in person for unlogged users' do
-    logout_api
-    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 401, last_response.status
-  end
+  should 'list tasks with timestamp' do
+    t1 = create(Task, :requestor => person, :target => person)
+    t2 = create(Task, :requestor => person, :target => person, :created_at => Time.zone.now)
-  should 'create task for another person' do
-    some_person = fast_create(Person)
-    post "/api/v1/people/#{some_person.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
+    t1.created_at = Time.zone.now + 3.hours
+    t1.save!
-    assert_equal some_person, Task.last.target
-  end
-  should 'create task defining the target as a person' do
-    post "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
+    params[:timestamp] = Time.zone.now + 1.hours
+    get "/api/v1/tasks/?#{params.to_query}"
     json = JSON.parse(last_response.body)
-    assert_equal person, Task.last.target
+    assert_includes json["tasks"].map { |a| a["id"] }, t1.id
+    assert_not_includes json["tasks"].map { |a| a["id"] }, t2.id
   end
   task_actions=%w[finish cancel]
   task_actions_state={"finish"=>"FINISHED","cancel"=>"CANCELLED"}
   task_actions.each do |action|
     should "person be able to #{action} his own task" do
-      login_api
       person1 = fast_create(Person)
       task = create(Task, :requestor => person1, :target => person)
       put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
@@ -195,8 +168,35 @@ class TasksTest &lt; ActiveSupport::TestCase
       assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
     end
+    should "person be able to #{action} environment task if it's admin user" do
+      environment = Environment.default
+      environment.add_admin(person)
+      task = create(Task, :requestor => person, :target => environment)
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal person.reload.id, task.reload.closed_by_id
+      assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
+    end
+
+    should "person be able to #{action} community task if it has permission on it" do
+      community = fast_create(Community)
+      community.add_member(person)
+      give_permission(person, 'perform_task', community)
+      task = create(Task, :requestor => person, :target => community)
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal person.reload.id, task.reload.closed_by_id
+      assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
+    end
+
+    should "person not be able to #{action} community task if it has no permission on it" do
+      community = fast_create(Community)
+      community.add_member(person)
+      task = create(Task, :requestor => person, :target => community)
+      put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}"
+      assert_equal person.reload.id, task.reload.closed_by_id
+      assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status
+    end
+
     should "person not be able to #{action} other person's task" do
-      login_api
       user = fast_create(User)
       person1 = fast_create(Person, :user_id => user)
       task = create(Task, :requestor => person, :target => person1)
@@ -206,69 +206,120 @@ class TasksTest &lt; ActiveSupport::TestCase
     end
   end
- #############################
- #      Enterprise Tasks     #
- #############################
+  #################################################
+  #     Person, Community and Enterprise Tasks    #
+  #################################################
-  should 'return task by enterprise' do
-    enterprise = fast_create(Enterprise)
-    enterprise.add_admin(person)
+  [Person, Community, Enterprise].map do |profile_class|
+    define_method "test_should_return_task_by_#{profile_class.name.underscore}" do
+      target = profile_class == Person ? person : fast_create(profile_class)
+      target.add_admin(person) if target.respond_to?('add_admin')
-    task = create(Task, :requestor => person, :target => enterprise)
-    assert person.is_member_of?(enterprise)
+      task = create(Task, :requestor => person, :target => target)
+      get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal task.id, json["task"]["id"]
+    end
-    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal task.id, json["task"]["id"]
-  end
+    define_method "test_should_not_return_task_ by#{profile_class.name.underscore}_for_unlogged_users" do
+      logout_api
+      target = profile_class == Person ? person : fast_create(profile_class)
+      target.add_admin(person) if target.respond_to?('add_admin')
-  should 'not return task by enterprise for unlogged users' do
-    logout_api
-    enterprise = fast_create(Enterprise)
-    enterprise.add_admin(person)
+      task = create(Task, :requestor => person, :target => target)
+      get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal 401, last_response.status
+    end
-    task = create(Task, :requestor => person, :target => enterprise)
-    assert person.is_member_of?(enterprise)
+    define_method "test_should_not_return_task_by_#{profile_class.name.underscore}_if_user_has_no_permission_to_view_it" do
+      target = fast_create(profile_class)
+      task = create(Task, :requestor => person, :target => target)
+  
+      get "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks/#{task.id}?#{params.to_query}"
+      assert_equal 403, last_response.status
+    end
-    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equal 401, last_response.status
-  end
+    define_method "test_should_create_task_for_#{profile_class.name.underscore}" do
+      target = profile_class == Person ? person : fast_create(profile_class)
+      Person.any_instance.expects(:has_permission?).with(:perform_task, target).returns(true)
-  should 'not return task by enterprise if user has no permission to view it' do
-    enterprise = fast_create(Enterprise)
-    task = create(Task, :requestor => person, :target => enterprise)
-    assert !person.is_member_of?(enterprise)
+      post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_not_nil json["task"]["id"]
+    end
-    get "/api/v1/enterprises/#{enterprise.id}/tasks/#{task.id}?#{params.to_query}"
-    assert_equal 403, last_response.status
-  end
+    define_method "test_should_not_create_task_for_#{profile_class.name.underscore}_person_has_no_permission" do
+      target = fast_create(profile_class)
-  should 'create task in a enterprise' do
-    enterprise = fast_create(Enterprise)
-    give_permission(person, 'perform_task', enterprise)
-    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_not_nil json["task"]["id"]
+      post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+      assert_equal 403, last_response.status
+    end
+
+    define_method "test_should_not_create_task_in_#{profile_class.name.underscore}_for_unlogged_users" do
+      logout_api
+      target = profile_class == Person ? person : fast_create(profile_class)
+      Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true)
+
+      post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
+
+      json = JSON.parse(last_response.body)
+      assert_equal 401, last_response.status
+    end
+
+    define_method "test_should_create_task_defining_the_target_as_a_#{profile_class.name.underscore}" do
+      target = profile_class == Person ? person : fast_create(profile_class)
+      Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true)
+
+      post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+  
+      assert_equal target, Task.last.target
+    end
+
+    define_method "test_should_create_task_on_#{profile_class.name.underscore}_defining_the_requestor_as_current_profile_logged_in" do
+      target = profile_class == Person ? person : fast_create(profile_class)
+      Person.any_instance.stubs(:has_permission?).with(:perform_task, target).returns(true)
+  
+      post "/api/v1/#{profile_class.name.underscore.pluralize}/#{target.id}/tasks?#{params.to_query}"
+      json = JSON.parse(last_response.body)
+  
+      assert_equal person, Task.last.requestor
+    end
   end
-  should 'not create task in a enterprise for unlogged users' do
-    logout_api
-    enterprise = fast_create(Enterprise)
-    give_permission(person, 'perform_task', enterprise)
-    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
+  should 'list all tasks of user in people context' do
+    environment.add_admin(person)
+    t1 = create(Task, :requestor => person, :target => environment)
+
+    community = fast_create(Community)
+    community.add_admin(person)
+    t2 = create(Task, :requestor => person, :target => community)
+
+    t3 = create(Task, :requestor => person, :target => person)
+
+    get "/api/v1/people/#{person.id}/tasks?#{params.to_query}"
     json = JSON.parse(last_response.body)
-    assert_equal 401, last_response.status
+    assert_equivalent [t1.id, t2.id, t3.id], json["tasks"].map { |a| a["id"] }
   end
-  should 'create task defining the target as the enterprise' do
-    enterprise = fast_create(Enterprise)
-    enterprise.add_member(person)
+  should 'list all pending tasks of user in people context' do
+    environment.add_admin(person)
+    t1 = create(Task, :requestor => person, :target => environment)
+    t2 = create(Task, :requestor => person, :target => environment, :status => Task::Status::FINISHED )
-    post "/api/v1/enterprises/#{enterprise.id}/tasks?#{params.to_query}"
-    json = JSON.parse(last_response.body)
+    community = fast_create(Community)
+    community.add_admin(person)
+    t3 = create(Task, :requestor => person, :target => community)
+    t4 = create(Task, :requestor => person, :target => community, :status => Task::Status::FINISHED)
-    assert_equal enterprise, Task.last.target
+    t5 = create(Task, :requestor => person, :target => person)
+    t6 = create(Task, :requestor => person, :target => person, :status => Task::Status::FINISHED)
+
+    get "/api/v1/people/#{person.id}/tasks?#{params.merge(:status => Task::Status::ACTIVE).to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [t1.id, t3.id, t5.id], json["tasks"].map { |a| a["id"] }
   end
 end
@@ -2005,4 +2005,5 @@ class PersonTest &lt; ActiveSupport::TestCase
     person.remove_profile_from_circle(community, circle)
     assert_equivalent [circle2], ProfileFollower.with_profile(community).with_follower(person).map(&:circle)
   end
+
 end
@@ -324,24 +324,6 @@ class TaskTest &lt; ActiveSupport::TestCase
     task.activate
   end
-  should 'filter tasks to a profile' do
-    requestor = fast_create(Person)
-    person = fast_create(Person)
-    another_person = fast_create(Person)
-    environment = Environment.default
-    environment.add_admin(person)
-    t1 = create(Task, :requestor => requestor, :target => person)
-    t2 = create(Task, :requestor => requestor, :target => person)
-    t3 = create(Task, :requestor => requestor, :target => environment)
-    t4 = create(Task, :requestor => requestor, :target => another_person)
-
-    assert_includes Task.to(person), t1
-    assert_includes Task.to(person), t2
-    assert_includes Task.to(person), t3
-    assert_not_includes Task.to(person), t4
-    assert_includes Task.to(another_person), t4
-  end
-
   should 'filter tasks by type with scope' do
     class CleanHouse < Task; end
     class FeedDog < Task; end
@@ -479,6 +461,87 @@ class TaskTest &lt; ActiveSupport::TestCase
     assert_equal person, t.reload.closed_by
   end
+  should 'named scope to get tasks of a profile' do
+    requestor = fast_create(Person)
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+    t1 = create(Task, :requestor => requestor, :target => person)
+    t2 = create(Task, :requestor => requestor, :target => another_person)
+    t3 = create(Task, :requestor => requestor, :target => person)
+
+    assert_equivalent [t1,t3], Task.to(person)
+  end
+
+  should 'named scope to get environment tasks if passed profile is environment admin' do
+    requestor = fast_create(Person)
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+    environment = Environment.default
+    environment.add_admin(person)
+    t1 = create(Task, :requestor => requestor, :target => person)
+    t2 = create(Task, :requestor => requestor, :target => another_person)
+    t3 = create(Task, :requestor => requestor, :target => environment)
+
+    assert_equivalent [t1,t3], Task.to(person)
+  end
+
+  should 'named scope to not get environment tasks if passed profile is not environment admin' do
+    requestor = fast_create(Person)
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+    environment = Environment.default
+    t1 = create(Task, :requestor => requestor, :target => person)
+    t2 = create(Task, :requestor => requestor, :target => another_person)
+    t3 = create(Task, :requestor => requestor, :target => environment)
+
+    assert_equivalent [t1], Task.to(person)
+  end
+
+  should 'named scope to get communities tasks if passed profile has perform_task permission' do
+    requestor = fast_create(Person)
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+    community = fast_create(Community)
+    community.add_member(person)
+    person.expects(:has_permission?).with(:perform_task, community).returns(true)
+    t1 = create(Task, :requestor => requestor, :target => person)
+    t2 = create(Task, :requestor => requestor, :target => another_person)
+    t3 = create(Task, :requestor => requestor, :target => community)
+
+    assert_equivalent [t1, t3], Task.to(person)
+  end
+
+
+  should 'named scope to not get communities tasks if passed profile has no perform_task permission in community' do
+    requestor = fast_create(Person)
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+    community = fast_create(Community)
+    community.add_member(person)
+    person.expects(:has_permission?).with(:perform_task, community).returns(false)
+    t1 = create(Task, :requestor => requestor, :target => person)
+    t2 = create(Task, :requestor => requestor, :target => another_person)
+    t3 = create(Task, :requestor => requestor, :target => community)
+
+    assert_equivalent [t1], Task.to(person)
+  end
+
+  should 'named scope to return environment, person and communities tasks if user has permission' do
+    requestor = fast_create(Person)
+    person = fast_create(Person)
+    another_person = fast_create(Person)
+    community = fast_create(Community)
+    community.add_member(person)
+    person.expects(:has_permission?).with(:perform_task, community).returns(true)
+    environment = Environment.default
+    environment.add_admin(person)
+    t1 = create(Task, :requestor => requestor, :target => person)
+    t2 = create(Task, :requestor => requestor, :target => another_person)
+    t3 = create(Task, :requestor => requestor, :target => community)
+    t4 = create(Task, :requestor => requestor, :target => environment)
+    assert_equivalent [t1,t3,t4], Task.to(person)
+  end
+
   protected
   def sample_user
	@@ -263,6 +263,14 @@ module Api		@@ -263,6 +263,14 @@ module Api
263	root 'tasks', 'task'	263	root 'tasks', 'task'
264	expose :id	264	expose :id
265	expose :type	265	expose :type
		266	+ expose :requestor, using: Profile
		267	+ expose :status
		268	+ expose :created_at
		269	+ expose :data
		270	+ expose :target do \|task, options\|
		271	+ type_map = {Profile => ::Profile, Environment => ::Environment}.find {\|h\| task.target.kind_of?(h.last)}
		272	+ type_map.first.represent(task.target) unless type_map.nil?
		273	+ end
266	end	274	end
267		275
268	class Environment < Entity	276	class Environment < Entity
	@@ -14,7 +14,7 @@ class TasksController < MyProfileController		@@ -14,7 +14,7 @@ class TasksController < MyProfileController
14	@filter_text = params[:filter_text].presence	14	@filter_text = params[:filter_text].presence
15	@filter_responsible = params[:filter_responsible]	15	@filter_responsible = params[:filter_responsible]
16	@task_types = Task.pending_types_for(profile)	16	@task_types = Task.pending_types_for(profile)
17	- @tasks = Task.pending_all(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])	17	+ @tasks = Task.pending_all_by_filter(profile, @filter_type, @filter_text).order_by('created_at', 'asc').paginate(:per_page => Task.per_page, :page => params[:page])
18	@tasks = @tasks.where(:responsible_id => @filter_responsible.to_i != -1 ? @filter_responsible : nil) if @filter_responsible.present?	18	@tasks = @tasks.where(:responsible_id => @filter_responsible.to_i != -1 ? @filter_responsible : nil) if @filter_responsible.present?
19	@tasks = @tasks.paginate(:per_page => Task.per_page, :page => params[:page])	19	@tasks = @tasks.paginate(:per_page => Task.per_page, :page => params[:page])
20	@failed = params ? params[:failed] : {}	20	@failed = params ? params[:failed] : {}
	@@ -101,7 +101,7 @@ class TasksController < MyProfileController		@@ -101,7 +101,7 @@ class TasksController < MyProfileController
101	def search_tasks	101	def search_tasks
102	filter_type = params[:filter_type].presence	102	filter_type = params[:filter_type].presence
103	filter_text = params[:filter_text].presence	103	filter_text = params[:filter_text].presence
104	- result = Task.pending_all(profile,filter_type, filter_text)	104	+ result = Task.pending_all_by_filter(profile,filter_type, filter_text)
105		105
106	render :json => result.map { \|task\| {:label => task.data[:name], :value => task.data[:name]} }	106	render :json => result.map { \|task\| {:label => task.data[:name], :value => task.data[:name]} }
107	end	107	end
	@@ -2005,4 +2005,5 @@ class PersonTest < ActiveSupport::TestCase		@@ -2005,4 +2005,5 @@ class PersonTest < ActiveSupport::TestCase
2005	person.remove_profile_from_circle(community, circle)	2005	person.remove_profile_from_circle(community, circle)
2006	assert_equivalent [circle2], ProfileFollower.with_profile(community).with_follower(person).map(&:circle)	2006	assert_equivalent [circle2], ProfileFollower.with_profile(community).with_follower(person).map(&:circle)
2007	end	2007	end
		2008	+
2008	end	2009	end
	@@ -324,24 +324,6 @@ class TaskTest < ActiveSupport::TestCase		@@ -324,24 +324,6 @@ class TaskTest < ActiveSupport::TestCase
324	task.activate	324	task.activate
325	end	325	end
326		326
327	- should 'filter tasks to a profile' do
328	- requestor = fast_create(Person)
329	- person = fast_create(Person)
330	- another_person = fast_create(Person)
331	- environment = Environment.default
332	- environment.add_admin(person)
333	- t1 = create(Task, :requestor => requestor, :target => person)
334	- t2 = create(Task, :requestor => requestor, :target => person)
335	- t3 = create(Task, :requestor => requestor, :target => environment)
336	- t4 = create(Task, :requestor => requestor, :target => another_person)
337	-
338	- assert_includes Task.to(person), t1
339	- assert_includes Task.to(person), t2
340	- assert_includes Task.to(person), t3
341	- assert_not_includes Task.to(person), t4
342	- assert_includes Task.to(another_person), t4
343	- end
344	-
345	should 'filter tasks by type with scope' do	327	should 'filter tasks by type with scope' do
346	class CleanHouse < Task; end	328	class CleanHouse < Task; end
347	class FeedDog < Task; end	329	class FeedDog < Task; end
	@@ -479,6 +461,87 @@ class TaskTest < ActiveSupport::TestCase		@@ -479,6 +461,87 @@ class TaskTest < ActiveSupport::TestCase
479	assert_equal person, t.reload.closed_by	461	assert_equal person, t.reload.closed_by
480	end	462	end
481		463
		464	+ should 'named scope to get tasks of a profile' do
		465	+ requestor = fast_create(Person)
		466	+ person = fast_create(Person)
		467	+ another_person = fast_create(Person)
		468	+ t1 = create(Task, :requestor => requestor, :target => person)
		469	+ t2 = create(Task, :requestor => requestor, :target => another_person)
		470	+ t3 = create(Task, :requestor => requestor, :target => person)
		471	+
		472	+ assert_equivalent [t1,t3], Task.to(person)
		473	+ end
		474	+
		475	+ should 'named scope to get environment tasks if passed profile is environment admin' do
		476	+ requestor = fast_create(Person)
		477	+ person = fast_create(Person)
		478	+ another_person = fast_create(Person)
		479	+ environment = Environment.default
		480	+ environment.add_admin(person)
		481	+ t1 = create(Task, :requestor => requestor, :target => person)
		482	+ t2 = create(Task, :requestor => requestor, :target => another_person)
		483	+ t3 = create(Task, :requestor => requestor, :target => environment)
		484	+
		485	+ assert_equivalent [t1,t3], Task.to(person)
		486	+ end
		487	+
		488	+ should 'named scope to not get environment tasks if passed profile is not environment admin' do
		489	+ requestor = fast_create(Person)
		490	+ person = fast_create(Person)
		491	+ another_person = fast_create(Person)
		492	+ environment = Environment.default
		493	+ t1 = create(Task, :requestor => requestor, :target => person)
		494	+ t2 = create(Task, :requestor => requestor, :target => another_person)
		495	+ t3 = create(Task, :requestor => requestor, :target => environment)
		496	+
		497	+ assert_equivalent [t1], Task.to(person)
		498	+ end
		499	+
		500	+ should 'named scope to get communities tasks if passed profile has perform_task permission' do
		501	+ requestor = fast_create(Person)
		502	+ person = fast_create(Person)
		503	+ another_person = fast_create(Person)
		504	+ community = fast_create(Community)
		505	+ community.add_member(person)
		506	+ person.expects(:has_permission?).with(:perform_task, community).returns(true)
		507	+ t1 = create(Task, :requestor => requestor, :target => person)
		508	+ t2 = create(Task, :requestor => requestor, :target => another_person)
		509	+ t3 = create(Task, :requestor => requestor, :target => community)
		510	+
		511	+ assert_equivalent [t1, t3], Task.to(person)
		512	+ end
		513	+
		514	+
		515	+ should 'named scope to not get communities tasks if passed profile has no perform_task permission in community' do
		516	+ requestor = fast_create(Person)
		517	+ person = fast_create(Person)
		518	+ another_person = fast_create(Person)
		519	+ community = fast_create(Community)
		520	+ community.add_member(person)
		521	+ person.expects(:has_permission?).with(:perform_task, community).returns(false)
		522	+ t1 = create(Task, :requestor => requestor, :target => person)
		523	+ t2 = create(Task, :requestor => requestor, :target => another_person)
		524	+ t3 = create(Task, :requestor => requestor, :target => community)
		525	+
		526	+ assert_equivalent [t1], Task.to(person)
		527	+ end
		528	+
		529	+ should 'named scope to return environment, person and communities tasks if user has permission' do
		530	+ requestor = fast_create(Person)
		531	+ person = fast_create(Person)
		532	+ another_person = fast_create(Person)
		533	+ community = fast_create(Community)
		534	+ community.add_member(person)
		535	+ person.expects(:has_permission?).with(:perform_task, community).returns(true)
		536	+ environment = Environment.default
		537	+ environment.add_admin(person)
		538	+ t1 = create(Task, :requestor => requestor, :target => person)
		539	+ t2 = create(Task, :requestor => requestor, :target => another_person)
		540	+ t3 = create(Task, :requestor => requestor, :target => community)
		541	+ t4 = create(Task, :requestor => requestor, :target => environment)
		542	+ assert_equivalent [t1,t3,t4], Task.to(person)
		543	+ end
		544	+
482	protected	545	protected
483		546
484	def sample_user	547	def sample_user