Commit c4505a85da6c1623eca925c0ce53b5b3a0a4ae45
1 parent
2af0cb9b
Exists in
profile_api_improvements
and in
1 other branch
api: expose block permissions
Showing
3 changed files
with
14 additions
and
2 deletions
Show diff stats
app/api/entities.rb
... | ... | @@ -88,6 +88,9 @@ module Api |
88 | 88 | expose :id, :type, :settings, :position, :enabled |
89 | 89 | expose :mirror, :mirror_block_id, :title |
90 | 90 | expose :api_content, if: lambda { |object, options| options[:display_api_content] || object.display_api_content_by_default? } |
91 | + expose :permissions do |block, options| | |
92 | + Entities.permissions_for_entity(block, options[:current_person], :allow_edit?) | |
93 | + end | |
91 | 94 | end |
92 | 95 | |
93 | 96 | class Box < Entity | ... | ... |
app/api/v1/blocks.rb
... | ... | @@ -6,14 +6,14 @@ module Api |
6 | 6 | get ':id' do |
7 | 7 | block = Block.find(params["id"]) |
8 | 8 | return forbidden! unless block.visible_to_user?(current_person) |
9 | - present block, :with => Entities::Block, display_api_content: true | |
9 | + present block, :with => Entities::Block, display_api_content: true, current_person: current_person | |
10 | 10 | end |
11 | 11 | |
12 | 12 | post ':id' do |
13 | 13 | block = Block.find(params["id"]) |
14 | 14 | return forbidden! unless block.allow_edit?(current_person) |
15 | 15 | block.update_attributes!(params[:block]) |
16 | - present block, :with => Entities::Block, display_api_content: true | |
16 | + present block, :with => Entities::Block, display_api_content: true, current_person: current_person | |
17 | 17 | end |
18 | 18 | end |
19 | 19 | end | ... | ... |
test/api/blocks_test.rb
... | ... | @@ -122,4 +122,13 @@ class BlocksTest < ActiveSupport::TestCase |
122 | 122 | assert_equal 201, last_response.status |
123 | 123 | assert_equal 'block content', json['block']['api_content']['html'] |
124 | 124 | end |
125 | + | |
126 | + should 'list block permissions when get a block' do | |
127 | + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) | |
128 | + block = fast_create(Block, box_id: box.id) | |
129 | + give_permission(person, 'edit_profile_design', profile) | |
130 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | |
131 | + json = JSON.parse(last_response.body) | |
132 | + assert_includes json["block"]["permissions"], 'allow_edit' | |
133 | + end | |
125 | 134 | end | ... | ... |