adding people endpoint

Leandro Santos · Rodrigo Souto
1 parent f49ee41c
Showing 6 changed files with 107 additions and 17 deletions Show diff stats
app/models/organization.rb
app/models/person.rb
app/models/profile.rb
lib/api/entities.rb
lib/api/v1/people.rb
test/unit/api/people_test.rb
@@ -8,6 +8,13 @@ class Organization &lt; Profile
     :display => %w[compact]
   }
  
+  scope :visible_for_person, lambda { |person|
+    joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
+    .where(
+      ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR 
+          (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id,  true, true]
+    ).uniq
+  }
  
   settings_items :closed, :type => :boolean, :default => false
   def closed?
@@ -39,6 +39,14 @@ roles] }
     { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
   }
  
+  scope :visible_for_person, lambda { |person|
+    joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"')
+    .where(
+      ['( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?)', person.id,  true, true]
+    ).uniq
+  }
+
+
   def has_permission_with_admin?(permission, resource)
     return true if resource.blank? || resource.admins.include?(self)
     return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
@@ -145,14 +145,6 @@ class Profile &lt; ActiveRecord::Base
   scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
   scope :enabled, :conditions => { :enabled => true }
  
-  scope :visible_for_person, lambda { |person|
-    joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
-    .where(
-      ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR 
-          (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id,  true, true]
-    ).uniq
-  }
-
   # Subclasses must override this method
   scope :more_popular
  
@@ -31,7 +31,9 @@ module API
       expose :image, :using => Image
     end
  
-    class Person < Profile;end;
+    class Person < Profile
+      root 'people', 'person'
+    end
     class Enterprise < Profile
       root 'enterprises', 'enterprise'
     end
@@ -17,12 +17,20 @@ module API
         #  GET /people?reference_id=10&limit=10&oldest
         get do
           people = select_filtered_collection_of(environment, 'people', params)
+          people = people.visible_for_person(current_person)
           present people, :with => Entities::Person
         end
  
         desc "Return the person information"
-        get '/:id' do
-          present environment.people.find(params[:id]), :with => Entities::Person
+        get ':id' do
+          person = environment.people.visible.find_by_id(params[:id])
+          present person, :with => Entities::Person
+        end
+
+        desc "Return the person friends"
+        get ':id/friends' do
+          friends = current_person.friends.visible
+          present friends, :with => Entities::Person
         end
  
       end
@@ -6,24 +6,97 @@ class PeopleTest &lt; ActiveSupport::TestCase
     login_api
   end
  
-  should 'list persons' do
-    person1 = fast_create(Person)
+
+  should 'list all people' do
+    person1 = fast_create(Person, :public_profile => true)
     person2 = fast_create(Person)
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'not list invisible people' do
+    person1 = fast_create(Person)
+    fast_create(Person, :visible => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'not list private people without permission' do
+    person1 = fast_create(Person)
+    fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'list private person for friends' do
+    p1 = fast_create(Person)
+    p2 = fast_create(Person, :public_profile => false)
+    person.add_friend(p2)
+    p2.add_friend(person)
  
     get "/api/v1/people?#{params.to_query}"
     json = JSON.parse(last_response.body)
+    assert_equivalent [p1.id, p2.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'get person' do
+    person = fast_create(Person)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.id, json['person']['id']
+  end
  
-    assert_includes json.map {|c| c['id']}, person1.id
-    assert_includes json.map {|c| c['id']}, person2.id
+  should 'not get invisible person' do
+    person = fast_create(Person, :visible => false)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person'].blank?
   end
  
-  should 'return one person by id' do
+  should 'not get private people without permission' do
     person = fast_create(Person)
+    fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.id, json['person']['id']
+  end
+
+  should 'get private person for friends' do
+    person = fast_create(Person, :public_profile => false)
+    person.add_friend(person)
  
     get "/api/v1/people/#{person.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
+    assert_equal person.id, json['person']['id']
+  end
+
+  should 'list person friends' do
+    p = fast_create(Person)
+    fast_create(Person)
+    person.add_friend(p)
+
+    get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [p.id], json['people'].map {|c| c['id']}
+  end
  
-    assert_equal person.id, json['id']
+  should 'not list person friends invisible' do
+    p1 = fast_create(Person)
+    p2 = fast_create(Person, :visible => false)
+    person.add_friend(p1)
+    person.add_friend(p2)
+
+    get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [p1.id], json['people'].map {|c| c['id']}
   end
  
 end
...	...	@@ -8,6 +8,13 @@ class Organization < Profile
8	8	:display => %w[compact]
9	9	}
10	10
	11	+ scope :visible_for_person, lambda { \|person\|
	12	+ joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
	13	+ .where(
	14	+ ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
	15	+ (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true]
	16	+ ).uniq
	17	+ }
11	18
12	19	settings_items :closed, :type => :boolean, :default => false
13	20	def closed?
...	...
...	...	@@ -39,6 +39,14 @@ roles] }
39	39	{ :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
40	40	}
41	41
	42	+ scope :visible_for_person, lambda { \|person\|
	43	+ joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"')
	44	+ .where(
	45	+ ['( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?)', person.id, true, true]
	46	+ ).uniq
	47	+ }
	48	+
	49	+
42	50	def has_permission_with_admin?(permission, resource)
43	51	return true if resource.blank? \|\| resource.admins.include?(self)
44	52	return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
...	...
...	...	@@ -145,14 +145,6 @@ class Profile < ActiveRecord::Base
145	145	scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
146	146	scope :enabled, :conditions => { :enabled => true }
147	147
148		- scope :visible_for_person, lambda { \|person\|
149		- joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
150		- .where(
151		- ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
152		- (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true]
153		- ).uniq
154		- }
155		-
156	148	# Subclasses must override this method
157	149	scope :more_popular
158	150
...	...
...	...	@@ -31,7 +31,9 @@ module API
31	31	expose :image, :using => Image
32	32	end
33	33
34		- class Person < Profile;end;
	34	+ class Person < Profile
	35	+ root 'people', 'person'
	36	+ end
35	37	class Enterprise < Profile
36	38	root 'enterprises', 'enterprise'
37	39	end
...	...
...	...	@@ -17,12 +17,20 @@ module API
17	17	# GET /people?reference_id=10&limit=10&oldest
18	18	get do
19	19	people = select_filtered_collection_of(environment, 'people', params)
	20	+ people = people.visible_for_person(current_person)
20	21	present people, :with => Entities::Person
21	22	end
22	23
23	24	desc "Return the person information"
24		- get '/:id' do
25		- present environment.people.find(params[:id]), :with => Entities::Person
	25	+ get ':id' do
	26	+ person = environment.people.visible.find_by_id(params[:id])
	27	+ present person, :with => Entities::Person
	28	+ end
	29	+
	30	+ desc "Return the person friends"
	31	+ get ':id/friends' do
	32	+ friends = current_person.friends.visible
	33	+ present friends, :with => Entities::Person
26	34	end
27	35
28	36	end
...	...
...	...	@@ -6,24 +6,97 @@ class PeopleTest < ActiveSupport::TestCase
6	6	login_api
7	7	end
8	8
9		- should 'list persons' do
10		- person1 = fast_create(Person)
	9	+
	10	+ should 'list all people' do
	11	+ person1 = fast_create(Person, :public_profile => true)
11	12	person2 = fast_create(Person)
	13	+ get "/api/v1/people?#{params.to_query}"
	14	+ json = JSON.parse(last_response.body)
	15	+ assert_equivalent [person1.id, person2.id, person.id], json['people'].map {\|c\| c['id']}
	16	+ end
	17	+
	18	+ should 'not list invisible people' do
	19	+ person1 = fast_create(Person)
	20	+ fast_create(Person, :visible => false)
	21	+
	22	+ get "/api/v1/people?#{params.to_query}"
	23	+ json = JSON.parse(last_response.body)
	24	+ assert_equivalent [person1.id, person.id], json['people'].map {\|c\| c['id']}
	25	+ end
	26	+
	27	+ should 'not list private people without permission' do
	28	+ person1 = fast_create(Person)
	29	+ fast_create(Person, :public_profile => false)
	30	+
	31	+ get "/api/v1/people?#{params.to_query}"
	32	+ json = JSON.parse(last_response.body)
	33	+ assert_equivalent [person1.id, person.id], json['people'].map {\|c\| c['id']}
	34	+ end
	35	+
	36	+ should 'list private person for friends' do
	37	+ p1 = fast_create(Person)
	38	+ p2 = fast_create(Person, :public_profile => false)
	39	+ person.add_friend(p2)
	40	+ p2.add_friend(person)
12	41
13	42	get "/api/v1/people?#{params.to_query}"
14	43	json = JSON.parse(last_response.body)
	44	+ assert_equivalent [p1.id, p2.id, person.id], json['people'].map {\|c\| c['id']}
	45	+ end
	46	+
	47	+ should 'get person' do
	48	+ person = fast_create(Person)
	49	+
	50	+ get "/api/v1/people/#{person.id}?#{params.to_query}"
	51	+ json = JSON.parse(last_response.body)
	52	+ assert_equal person.id, json['person']['id']
	53	+ end
15	54
16		- assert_includes json.map {\|c\| c['id']}, person1.id
17		- assert_includes json.map {\|c\| c['id']}, person2.id
	55	+ should 'not get invisible person' do
	56	+ person = fast_create(Person, :visible => false)
	57	+
	58	+ get "/api/v1/people/#{person.id}?#{params.to_query}"
	59	+ json = JSON.parse(last_response.body)
	60	+ assert json['person'].blank?
18	61	end
19	62
20		- should 'return one person by id' do
	63	+ should 'not get private people without permission' do
21	64	person = fast_create(Person)
	65	+ fast_create(Person, :public_profile => false)
	66	+
	67	+ get "/api/v1/people/#{person.id}?#{params.to_query}"
	68	+ json = JSON.parse(last_response.body)
	69	+ assert_equal person.id, json['person']['id']
	70	+ end
	71	+
	72	+ should 'get private person for friends' do
	73	+ person = fast_create(Person, :public_profile => false)
	74	+ person.add_friend(person)
22	75
23	76	get "/api/v1/people/#{person.id}?#{params.to_query}"
24	77	json = JSON.parse(last_response.body)
	78	+ assert_equal person.id, json['person']['id']
	79	+ end
	80	+
	81	+ should 'list person friends' do
	82	+ p = fast_create(Person)
	83	+ fast_create(Person)
	84	+ person.add_friend(p)
	85	+
	86	+ get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
	87	+ json = JSON.parse(last_response.body)
	88	+ assert_equivalent [p.id], json['people'].map {\|c\| c['id']}
	89	+ end
25	90
26		- assert_equal person.id, json['id']
	91	+ should 'not list person friends invisible' do
	92	+ p1 = fast_create(Person)
	93	+ p2 = fast_create(Person, :visible => false)
	94	+ person.add_friend(p1)
	95	+ person.add_friend(p2)
	96	+
	97	+ get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
	98	+ json = JSON.parse(last_response.body)
	99	+ assert_equivalent [p1.id], json['people'].map {\|c\| c['id']}
27	100	end
28	101
29	102	end
...	...