Commit c4505a85da6c1623eca925c0ce53b5b3a0a4ae45
1 parent
2af0cb9b
Exists in
profile_api_improvements
and in
1 other branch
api: expose block permissions
Showing
3 changed files
with
14 additions
and
2 deletions
Show diff stats
app/api/entities.rb
| @@ -88,6 +88,9 @@ module Api | @@ -88,6 +88,9 @@ module Api | ||
| 88 | expose :id, :type, :settings, :position, :enabled | 88 | expose :id, :type, :settings, :position, :enabled |
| 89 | expose :mirror, :mirror_block_id, :title | 89 | expose :mirror, :mirror_block_id, :title |
| 90 | expose :api_content, if: lambda { |object, options| options[:display_api_content] || object.display_api_content_by_default? } | 90 | expose :api_content, if: lambda { |object, options| options[:display_api_content] || object.display_api_content_by_default? } |
| 91 | + expose :permissions do |block, options| | ||
| 92 | + Entities.permissions_for_entity(block, options[:current_person], :allow_edit?) | ||
| 93 | + end | ||
| 91 | end | 94 | end |
| 92 | 95 | ||
| 93 | class Box < Entity | 96 | class Box < Entity |
app/api/v1/blocks.rb
| @@ -6,14 +6,14 @@ module Api | @@ -6,14 +6,14 @@ module Api | ||
| 6 | get ':id' do | 6 | get ':id' do |
| 7 | block = Block.find(params["id"]) | 7 | block = Block.find(params["id"]) |
| 8 | return forbidden! unless block.visible_to_user?(current_person) | 8 | return forbidden! unless block.visible_to_user?(current_person) |
| 9 | - present block, :with => Entities::Block, display_api_content: true | 9 | + present block, :with => Entities::Block, display_api_content: true, current_person: current_person |
| 10 | end | 10 | end |
| 11 | 11 | ||
| 12 | post ':id' do | 12 | post ':id' do |
| 13 | block = Block.find(params["id"]) | 13 | block = Block.find(params["id"]) |
| 14 | return forbidden! unless block.allow_edit?(current_person) | 14 | return forbidden! unless block.allow_edit?(current_person) |
| 15 | block.update_attributes!(params[:block]) | 15 | block.update_attributes!(params[:block]) |
| 16 | - present block, :with => Entities::Block, display_api_content: true | 16 | + present block, :with => Entities::Block, display_api_content: true, current_person: current_person |
| 17 | end | 17 | end |
| 18 | end | 18 | end |
| 19 | end | 19 | end |
test/api/blocks_test.rb
| @@ -122,4 +122,13 @@ class BlocksTest < ActiveSupport::TestCase | @@ -122,4 +122,13 @@ class BlocksTest < ActiveSupport::TestCase | ||
| 122 | assert_equal 201, last_response.status | 122 | assert_equal 201, last_response.status |
| 123 | assert_equal 'block content', json['block']['api_content']['html'] | 123 | assert_equal 'block content', json['block']['api_content']['html'] |
| 124 | end | 124 | end |
| 125 | + | ||
| 126 | + should 'list block permissions when get a block' do | ||
| 127 | + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) | ||
| 128 | + block = fast_create(Block, box_id: box.id) | ||
| 129 | + give_permission(person, 'edit_profile_design', profile) | ||
| 130 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | ||
| 131 | + json = JSON.parse(last_response.body) | ||
| 132 | + assert_includes json["block"]["permissions"], 'allow_edit' | ||
| 133 | + end | ||
| 125 | end | 134 | end |