Commit 52a0efb067dcd141039ea7b199aca15f484b3032
Committed by
Leandro Santos
Leandro Santos
1 parent
669be165
Exists in
send_email_to_admins
and in
5 other branches
Added tests to filter anonymous access and removed some api restrictions
Showing
7 changed files
with
126 additions
and
9 deletions
Show diff stats
lib/noosfero/api/v1/enterprises.rb
lib/noosfero/api/v1/users.rb
| ... | ... | @@ -2,7 +2,6 @@ module Noosfero |
| 2 | 2 | module API |
| 3 | 3 | module V1 |
| 4 | 4 | class Users < Grape::API |
| 5 | - before { authenticate! } | |
| 6 | 5 | |
| 7 | 6 | resource :users do |
| 8 | 7 | |
| ... | ... | @@ -13,6 +12,7 @@ module Noosfero |
| 13 | 12 | end |
| 14 | 13 | |
| 15 | 14 | get "/me" do |
| 15 | + authenticate! | |
| 16 | 16 | present current_user, :with => Entities::User, :current_person => current_person |
| 17 | 17 | end |
| 18 | 18 | |
| ... | ... | @@ -25,6 +25,7 @@ module Noosfero |
| 25 | 25 | end |
| 26 | 26 | |
| 27 | 27 | get ":id/permissions" do |
| 28 | + authenticate! | |
| 28 | 29 | user = environment.users.find(params[:id]) |
| 29 | 30 | output = {} |
| 30 | 31 | user.person.role_assignments.map do |role_assigment| | ... | ... |
test/api/communities_test.rb
| ... | ... | @@ -283,4 +283,30 @@ class CommunitiesTest < ActiveSupport::TestCase |
| 283 | 283 | assert_not_includes json["communities"].map { |a| a["id"] }, community2.id |
| 284 | 284 | end |
| 285 | 285 | |
| 286 | + should 'display public custom fields to anonymous' do | |
| 287 | + anonymous_setup | |
| 288 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) | |
| 289 | + some_community = fast_create(Community) | |
| 290 | + some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | |
| 291 | + some_community.save! | |
| 292 | + | |
| 293 | + get "/api/v1/communities/#{some_community.id}?#{params.to_query}" | |
| 294 | + json = JSON.parse(last_response.body) | |
| 295 | + assert json['community']['additional_data'].has_key?('Rating') | |
| 296 | + assert_equal "Five stars", json['community']['additional_data']['Rating'] | |
| 297 | + end | |
| 298 | + | |
| 299 | + should 'not display private custom fields to anonymous' do | |
| 300 | + anonymous_setup | |
| 301 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) | |
| 302 | + some_community = fast_create(Community) | |
| 303 | + some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | |
| 304 | + some_community.save! | |
| 305 | + | |
| 306 | + get "/api/v1/communities/#{some_community.id}?#{params.to_query}" | |
| 307 | + json = JSON.parse(last_response.body) | |
| 308 | + refute json['community']['additional_data'].has_key?('Rating') | |
| 309 | + end | |
| 310 | + | |
| 311 | + | |
| 286 | 312 | end | ... | ... |
test/api/enterprises_test.rb
| ... | ... | @@ -107,4 +107,29 @@ class EnterprisesTest < ActiveSupport::TestCase |
| 107 | 107 | assert_equivalent [c1.id], json['enterprises'].map {|c| c['id']} |
| 108 | 108 | end |
| 109 | 109 | |
| 110 | + should 'display public custom fields to anonymous' do | |
| 111 | + anonymous_setup | |
| 112 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) | |
| 113 | + some_enterprise = fast_create(Enterprise) | |
| 114 | + some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | |
| 115 | + some_enterprise.save! | |
| 116 | + | |
| 117 | + get "/api/v1/enterprises/#{some_enterprise.id}?#{params.to_query}" | |
| 118 | + json = JSON.parse(last_response.body) | |
| 119 | + assert json['enterprise']['additional_data'].has_key?('Rating') | |
| 120 | + assert_equal "Five stars", json['enterprise']['additional_data']['Rating'] | |
| 121 | + end | |
| 122 | + | |
| 123 | + should 'not display public custom fields to anonymous' do | |
| 124 | + anonymous_setup | |
| 125 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Enterprise", :active => true, :environment => Environment.default) | |
| 126 | + some_enterprise = fast_create(Enterprise) | |
| 127 | + some_enterprise.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | |
| 128 | + some_enterprise.save! | |
| 129 | + | |
| 130 | + get "/api/v1/enterprises/#{some_enterprise.id}?#{params.to_query}" | |
| 131 | + json = JSON.parse(last_response.body) | |
| 132 | + refute json['enterprise']['additional_data'].has_key?('Rating') | |
| 133 | + end | |
| 134 | + | |
| 110 | 135 | end | ... | ... |
test/api/people_test.rb
| ... | ... | @@ -348,6 +348,17 @@ class PeopleTest < ActiveSupport::TestCase |
| 348 | 348 | assert_equal json['person']['additional_data'], {} |
| 349 | 349 | end |
| 350 | 350 | |
| 351 | + should 'hide private fields to anonymous' do | |
| 352 | + anonymous_setup | |
| 353 | + target_person = create_user('some-user').person | |
| 354 | + target_person.save! | |
| 355 | + | |
| 356 | + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
| 357 | + json = JSON.parse(last_response.body) | |
| 358 | + refute json["user"].has_key?("permissions") | |
| 359 | + refute json["user"].has_key?("activated") | |
| 360 | + end | |
| 361 | + | |
| 351 | 362 | should 'display non-public custom fields to friend' do |
| 352 | 363 | login_api |
| 353 | 364 | CustomField.create!(:name => "Custom Blog", :format => "string", :customized_type => "Person", :active => true, :environment => Environment.default) | ... | ... |
test/api/profiles_test.rb
| ... | ... | @@ -103,4 +103,30 @@ class ProfilesTest < ActiveSupport::TestCase |
| 103 | 103 | assert_equal community.id, json['id'] |
| 104 | 104 | end |
| 105 | 105 | |
| 106 | + should 'display public custom fields to anonymous' do | |
| 107 | + anonymous_setup | |
| 108 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) | |
| 109 | + some_profile = fast_create(Profile) | |
| 110 | + some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } | |
| 111 | + some_profile.save! | |
| 112 | + | |
| 113 | + get "/api/v1/profiles/#{some_profile.id}?#{params.to_query}" | |
| 114 | + json = JSON.parse(last_response.body) | |
| 115 | + assert json['additional_data'].has_key?('Rating') | |
| 116 | + assert_equal "Five stars", json['additional_data']['Rating'] | |
| 117 | + end | |
| 118 | + | |
| 119 | + should 'not display private custom fields to anonymous' do | |
| 120 | + anonymous_setup | |
| 121 | + CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) | |
| 122 | + some_profile = fast_create(Profile) | |
| 123 | + some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } | |
| 124 | + some_profile.save! | |
| 125 | + | |
| 126 | + get "/api/v1/profiles/#{some_profile.id}?#{params.to_query}" | |
| 127 | + json = JSON.parse(last_response.body) | |
| 128 | + refute json.has_key?('Rating') | |
| 129 | + end | |
| 130 | + | |
| 131 | + | |
| 106 | 132 | end | ... | ... |
test/api/users_test.rb
| ... | ... | @@ -3,23 +3,22 @@ require_relative 'test_helper' |
| 3 | 3 | |
| 4 | 4 | class UsersTest < ActiveSupport::TestCase |
| 5 | 5 | |
| 6 | - def setup | |
| 6 | + should 'logger user list users' do | |
| 7 | 7 | login_api |
| 8 | - end | |
| 9 | - | |
| 10 | - should 'list users' do | |
| 11 | 8 | get "/api/v1/users/?#{params.to_query}" |
| 12 | 9 | json = JSON.parse(last_response.body) |
| 13 | 10 | assert_includes json["users"].map { |a| a["login"] }, user.login |
| 14 | 11 | end |
| 15 | 12 | |
| 16 | - should 'get user' do | |
| 13 | + should 'logger user get user info' do | |
| 14 | + login_api | |
| 17 | 15 | get "/api/v1/users/#{user.id}?#{params.to_query}" |
| 18 | 16 | json = JSON.parse(last_response.body) |
| 19 | 17 | assert_equal user.id, json['user']['id'] |
| 20 | 18 | end |
| 21 | 19 | |
| 22 | - should 'list user permissions' do | |
| 20 | + should 'logger user list user permissions' do | |
| 21 | + login_api | |
| 23 | 22 | community = fast_create(Community) |
| 24 | 23 | community.add_admin(person) |
| 25 | 24 | get "/api/v1/users/#{user.id}/?#{params.to_query}" |
| ... | ... | @@ -28,25 +27,29 @@ class UsersTest < ActiveSupport::TestCase |
| 28 | 27 | end |
| 29 | 28 | |
| 30 | 29 | should 'get logged user' do |
| 30 | + login_api | |
| 31 | 31 | get "/api/v1/users/me?#{params.to_query}" |
| 32 | 32 | json = JSON.parse(last_response.body) |
| 33 | 33 | assert_equal user.id, json['user']['id'] |
| 34 | 34 | end |
| 35 | 35 | |
| 36 | 36 | should 'not show permissions to logged user' do |
| 37 | + login_api | |
| 37 | 38 | target_person = create_user('some-user').person |
| 38 | 39 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
| 39 | 40 | json = JSON.parse(last_response.body) |
| 40 | 41 | refute json["user"].has_key?("permissions") |
| 41 | 42 | end |
| 42 | 43 | |
| 43 | - should 'show permissions to self' do | |
| 44 | + should 'logger user show permissions to self' do | |
| 45 | + login_api | |
| 44 | 46 | get "/api/v1/users/#{user.id}/?#{params.to_query}" |
| 45 | 47 | json = JSON.parse(last_response.body) |
| 46 | 48 | assert json["user"].has_key?("permissions") |
| 47 | 49 | end |
| 48 | 50 | |
| 49 | 51 | should 'not show permissions to friend' do |
| 52 | + login_api | |
| 50 | 53 | target_person = create_user('some-user').person |
| 51 | 54 | |
| 52 | 55 | f = Friendship.new |
| ... | ... | @@ -60,6 +63,7 @@ class UsersTest < ActiveSupport::TestCase |
| 60 | 63 | end |
| 61 | 64 | |
| 62 | 65 | should 'not show private attribute to logged user' do |
| 66 | + login_api | |
| 63 | 67 | target_person = create_user('some-user').person |
| 64 | 68 | get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" |
| 65 | 69 | json = JSON.parse(last_response.body) |
| ... | ... | @@ -67,6 +71,7 @@ class UsersTest < ActiveSupport::TestCase |
| 67 | 71 | end |
| 68 | 72 | |
| 69 | 73 | should 'show private attr to friend' do |
| 74 | + login_api | |
| 70 | 75 | target_person = create_user('some-user').person |
| 71 | 76 | f = Friendship.new |
| 72 | 77 | f.friend = target_person |
| ... | ... | @@ -79,6 +84,7 @@ class UsersTest < ActiveSupport::TestCase |
| 79 | 84 | end |
| 80 | 85 | |
| 81 | 86 | should 'show public attribute to logged user' do |
| 87 | + login_api | |
| 82 | 88 | target_person = create_user('some-user').person |
| 83 | 89 | target_person.fields_privacy={:email=> 'public'} |
| 84 | 90 | target_person.save! |
| ... | ... | @@ -89,6 +95,7 @@ class UsersTest < ActiveSupport::TestCase |
| 89 | 95 | end |
| 90 | 96 | |
| 91 | 97 | should 'show public and private field to admin' do |
| 98 | + login_api | |
| 92 | 99 | Environment.default.add_admin(person) |
| 93 | 100 | |
| 94 | 101 | target_person = create_user('some-user').person |
| ... | ... | @@ -102,4 +109,26 @@ class UsersTest < ActiveSupport::TestCase |
| 102 | 109 | assert json["user"].has_key?("activated") |
| 103 | 110 | end |
| 104 | 111 | |
| 112 | + should 'show public fields to anonymous' do | |
| 113 | + anonymous_setup | |
| 114 | + target_person = create_user('some-user').person | |
| 115 | + target_person.fields_privacy={:email=> 'public'} | |
| 116 | + target_person.save! | |
| 117 | + | |
| 118 | + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
| 119 | + json = JSON.parse(last_response.body) | |
| 120 | + assert json["user"].has_key?("email") | |
| 121 | + end | |
| 122 | + | |
| 123 | + should 'hide private fields to anonymous' do | |
| 124 | + anonymous_setup | |
| 125 | + target_person = create_user('some-user').person | |
| 126 | + target_person.save! | |
| 127 | + | |
| 128 | + get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}" | |
| 129 | + json = JSON.parse(last_response.body) | |
| 130 | + refute json["user"].has_key?("permissions") | |
| 131 | + refute json["user"].has_key?("activated") | |
| 132 | + end | |
| 133 | + | |
| 105 | 134 | end | ... | ... |