From 9969f2f89bb23a635aa5ad4b870d041b8ae5cf15 Mon Sep 17 00:00:00 2001
From: Rodrigo Souto <rodrigo@colivre.coop.br>
Date: Mon, 29 Jun 2015 15:00:08 -0300
Subject: [PATCH] api: remove users

---
 app/controllers/public/account_controller.rb |  5 +----
 app/models/user.rb                           |  8 ++++++++
 lib/noosfero/api/entities.rb                 | 23 ++++++-----------------
 lib/noosfero/api/v1/people.rb                | 36 +++++++++++++++++++++++++++++++++++-
 lib/noosfero/api/v1/users.rb                 | 52 ----------------------------------------------------
 test/unit/api/people_test.rb                 | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 6 files changed, 104 insertions(+), 76 deletions(-)
 delete mode 100644 lib/noosfero/api/v1/users.rb

diff --git a/app/controllers/public/account_controller.rb b/app/controllers/public/account_controller.rb
index 18f6419..3a9a8e0 100644
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -91,11 +91,8 @@ class AccountController < ApplicationController
     @block_bot = !!session[:may_be_a_bot]
     @invitation_code = params[:invitation_code]
     begin
-      @user = User.new(params[:user])
-      @user.terms_of_use = environment.terms_of_use
-      @user.environment = environment
+      @user = User.build(params[:user], params[:profile_data], environment)
       @terms_of_use = environment.terms_of_use
-      @user.person_data = params[:profile_data]
       @user.return_to = session[:return_to]
       @person = Person.new(params[:profile_data])
       @person.environment = @user.environment
diff --git a/app/models/user.rb b/app/models/user.rb
index 5a88a92..7cdf523 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -34,6 +34,14 @@ class User < ActiveRecord::Base
     alias_method_chain :human_attribute_name, :customization
   end
 
+  def self.build(user_data, person_data, environment)
+    user = User.new(user_data)
+    user.terms_of_use = environment.terms_of_use
+    user.environment = environment
+    user.person_data = person_data
+    user
+  end
+
   before_create do |user|
     if user.environment.nil?
       user.environment = Environment.default
diff --git a/lib/noosfero/api/entities.rb b/lib/noosfero/api/entities.rb
index 506724e..8070bf1 100644
--- a/lib/noosfero/api/entities.rb
+++ b/lib/noosfero/api/entities.rb
@@ -36,8 +36,14 @@ module Noosfero
         expose :image, :using => Image
       end
 
+      class User < Entity
+        expose :id
+        expose :login
+      end
+
       class Person < Profile
         root 'people', 'person'
+        expose :user, :using => User
       end
       class Enterprise < Profile
         root 'enterprises', 'enterprise'
@@ -95,23 +101,6 @@ module Noosfero
         expose :author, :using => Profile
       end
 
-
-      class User < Entity
-        root 'users', 'user'
-        expose :id
-        expose :login
-        expose :person, :using => Profile
-        expose :permissions do |user, options|
-          output = {}
-          user.person.role_assignments.map do |role_assigment|
-            if role_assigment.resource.respond_to?(:identifier)
-              output[role_assigment.resource.identifier] = role_assigment.role.permissions
-            end
-          end
-          output
-        end
-      end
-
       class UserLogin < User
         expose :private_token
       end
diff --git a/lib/noosfero/api/v1/people.rb b/lib/noosfero/api/v1/people.rb
index bcbb3a0..adfb593 100644
--- a/lib/noosfero/api/v1/people.rb
+++ b/lib/noosfero/api/v1/people.rb
@@ -36,12 +36,34 @@ module Noosfero
             present people, :with => Entities::Person
           end
 
+          desc "Return the logged user information"
+          get "/me" do
+            present current_person, :with => Entities::Person
+          end
+
           desc "Return the person information"
           get ':id' do
             person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
             present person, :with => Entities::Person
           end
 
+          # Example Request:
+          #  POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack
+          desc "Create person"
+          post do
+            user_data = {}
+            user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
+            user_data[:email] = params[:person].delete(:email)
+            user_data[:password] = params[:person].delete(:password)
+            user_data[:password_confirmation] = params[:person].delete(:password_confirmation)
+            user = User.build(user_data, params[:person], environment)
+            if !user.signup!
+              render_api_errors!(user.errors.full_messages)
+            end
+
+            present user.person, :with => Entities::Person
+          end
+
           desc "Return the person friends"
           get ':id/friends' do
             person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
@@ -49,8 +71,20 @@ module Noosfero
             present friends, :with => Entities::Person
           end
 
-        end
+          desc "Return the person permissions on other profiles"
+          get ":id/permissions" do
+            person = environment.people.find(params[:id])
+            return forbidden! unless current_person == person || environment.admins.include?(current_person)
 
+            output = {}
+            person.role_assignments.map do |role_assigment|
+              if role_assigment.resource.respond_to?(:identifier)
+                output[role_assigment.resource.identifier] = role_assigment.role.permissions
+              end
+            end
+            present output
+          end
+        end
       end
     end
   end
diff --git a/lib/noosfero/api/v1/users.rb b/lib/noosfero/api/v1/users.rb
deleted file mode 100644
index c96e9f6..0000000
--- a/lib/noosfero/api/v1/users.rb
+++ /dev/null
@@ -1,52 +0,0 @@
-module Noosfero
-  module API
-    module V1
-      class Users < Grape::API
-        before { authenticate! }
-
-        resource :users do
-
-          #FIXME make the pagination
-          #FIXME put it on environment context
-          get do
-            present environment.users, :with => Entities::User
-          end
-
-          # Example Request:
-          #  POST api/v1/users?user[login]=some_login&user[password]=some
-          post do
-            user = User.new(params[:user])
-            user.terms_of_use = environment.terms_of_use
-            user.environment = environment
-            if !user.save
-              render_api_errors!(user.errors.full_messages)
-            end
-
-            present user, :with => Entities::User
-          end
-
-          get "/me" do
-            present current_user, :with => Entities::User
-          end
-
-          get ":id" do
-            present environment.users.find_by_id(params[:id]), :with => Entities::User
-          end
-
-          get ":id/permissions" do
-            user = environment.users.find(params[:id])
-            output = {}
-            user.person.role_assignments.map do |role_assigment|
-              if role_assigment.resource.respond_to?(:identifier) && role_assigment.resource.identifier == params[:profile]
-                output[:permissions] = role_assigment.role.permissions
-              end
-            end
-            present output
-          end
-
-        end
-
-      end
-    end
-  end
-end
diff --git a/test/unit/api/people_test.rb b/test/unit/api/people_test.rb
index b826a38..236bc8c 100644
--- a/test/unit/api/people_test.rb
+++ b/test/unit/api/people_test.rb
@@ -40,9 +40,15 @@ class PeopleTest < ActiveSupport::TestCase
   end
 
   should 'get person' do
-    person = fast_create(Person)
+    some_person = fast_create(Person)
 
-    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal some_person.id, json['person']['id']
+  end
+
+  should 'get logged person' do
+    get "/api/v1/people/me?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equal person.id, json['person']['id']
   end
@@ -96,4 +102,50 @@ class PeopleTest < ActiveSupport::TestCase
     assert_not_includes friends, invisible_friend.id
   end
 
+  should 'create a person' do
+    login = 'some'
+    params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some@some.com'}
+    post "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal login, json['person']['identifier']
+  end
+
+  should 'return 400 status for invalid person creation' do
+    params[:person] = {:login => 'some'}
+    post "/api/v1/users?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal 400, last_response.status
+  end
+
+  should 'display permissions' do
+    community = fast_create(Community)
+    community.add_member(fast_create(Person))
+    community.add_member(person)
+    permissions = Profile::Roles.member(person.environment.id).permissions
+    get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+
+    assert_equal json[community.identifier], permissions
+  end
+
+  should 'display permissions if self' do
+    get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
+    assert_equal 200, last_response.status
+  end
+
+  should 'display permissions if admin' do
+    environment = person.environment
+    environment.add_admin(person)
+    some_person = fast_create(Person)
+
+    get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
+    assert_equal 200, last_response.status
+  end
+
+  should 'not display permissions if not admin or self' do
+    some_person = create_user('some-person').person
+
+    get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
 end
--
libgit2 0.21.2