From c4505a85da6c1623eca925c0ce53b5b3a0a4ae45 Mon Sep 17 00:00:00 2001
From: Victor Costa <vfcosta@gmail.com>
Date: Mon, 6 Jun 2016 12:11:13 -0300
Subject: [PATCH] api: expose block permissions

---
 app/api/entities.rb     |  3 +++
 app/api/v1/blocks.rb    |  4 ++--
 test/api/blocks_test.rb |  9 +++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/api/entities.rb b/app/api/entities.rb
index d5c4276..e904553 100644
--- a/app/api/entities.rb
+++ b/app/api/entities.rb
@@ -88,6 +88,9 @@ module Api
       expose :id, :type, :settings, :position, :enabled
       expose :mirror, :mirror_block_id, :title
       expose :api_content, if: lambda { |object, options| options[:display_api_content] || object.display_api_content_by_default? }
+      expose :permissions do |block, options|
+        Entities.permissions_for_entity(block, options[:current_person], :allow_edit?)
+      end
     end
 
     class Box < Entity
diff --git a/app/api/v1/blocks.rb b/app/api/v1/blocks.rb
index e838a88..84c3ff7 100644
--- a/app/api/v1/blocks.rb
+++ b/app/api/v1/blocks.rb
@@ -6,14 +6,14 @@ module Api
         get ':id' do
           block = Block.find(params["id"])
           return forbidden! unless block.visible_to_user?(current_person)
-          present block, :with => Entities::Block, display_api_content: true
+          present block, :with => Entities::Block, display_api_content: true, current_person: current_person
         end
 
         post ':id' do
           block = Block.find(params["id"])
           return forbidden! unless block.allow_edit?(current_person)
           block.update_attributes!(params[:block])
-          present block, :with => Entities::Block, display_api_content: true
+          present block, :with => Entities::Block, display_api_content: true, current_person: current_person
         end
       end
     end
diff --git a/test/api/blocks_test.rb b/test/api/blocks_test.rb
index e5c62c4..12128c2 100644
--- a/test/api/blocks_test.rb
+++ b/test/api/blocks_test.rb
@@ -122,4 +122,13 @@ class BlocksTest < ActiveSupport::TestCase
     assert_equal 201, last_response.status
     assert_equal 'block content', json['block']['api_content']['html']
   end
+
+  should 'list block permissions when get a block' do
+    box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name)
+    block = fast_create(Block, box_id: box.id)
+    give_permission(person, 'edit_profile_design', profile)
+    get "/api/v1/blocks/#{block.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_includes json["block"]["permissions"], 'allow_edit'
+  end
 end
--
libgit2 0.21.2