Commit c49c0f4dadd80e7057c25546ea2cf11006fc94f9
1 parent
b4b7ad92
Exists in
ratings_minor_fixes
and in
4 other branches
api: add endpoint to return blocks
Showing
4 changed files
with
89 additions
and
0 deletions
Show diff stats
lib/noosfero/api/api.rb
| ... | ... | @@ -0,0 +1,19 @@ |
| 1 | +module Noosfero | |
| 2 | + module API | |
| 3 | + module V1 | |
| 4 | + | |
| 5 | + class Blocks < Grape::API | |
| 6 | + resource :blocks do | |
| 7 | + get ':id' do | |
| 8 | + block = Block.find(params["id"]) | |
| 9 | + if block.owner.kind_of?(Profile) | |
| 10 | + return forbidden! unless block.owner.display_info_to?(current_person) | |
| 11 | + end | |
| 12 | + present block, :with => Entities::Block | |
| 13 | + end | |
| 14 | + end | |
| 15 | + end | |
| 16 | + | |
| 17 | + end | |
| 18 | + end | |
| 19 | +end | ... | ... |
| ... | ... | @@ -0,0 +1,65 @@ |
| 1 | +require_relative 'test_helper' | |
| 2 | + | |
| 3 | +class BlocksTest < ActiveSupport::TestCase | |
| 4 | + | |
| 5 | + def setup | |
| 6 | + create_and_activate_user | |
| 7 | + login_api | |
| 8 | + @environment = Environment.default | |
| 9 | + @profile = fast_create(Profile) | |
| 10 | + end | |
| 11 | + | |
| 12 | + attr_accessor :environment, :profile | |
| 13 | + | |
| 14 | + should 'get an environment block' do | |
| 15 | + box = fast_create(Box, :owner_id => environment.id, :owner_type => Environment.name) | |
| 16 | + block = fast_create(Block, box_id: box.id) | |
| 17 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | |
| 18 | + json = JSON.parse(last_response.body) | |
| 19 | + assert_equal block.id, json["block"]["id"] | |
| 20 | + end | |
| 21 | + | |
| 22 | + should 'get a profile block' do | |
| 23 | + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) | |
| 24 | + block = fast_create(Block, box_id: box.id) | |
| 25 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | |
| 26 | + json = JSON.parse(last_response.body) | |
| 27 | + assert_equal block.id, json["block"]["id"] | |
| 28 | + end | |
| 29 | + | |
| 30 | + should 'get a profile block for a not logged in user' do | |
| 31 | + logout_api | |
| 32 | + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) | |
| 33 | + block = fast_create(Block, box_id: box.id) | |
| 34 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | |
| 35 | + json = JSON.parse(last_response.body) | |
| 36 | + assert_equal block.id, json["block"]["id"] | |
| 37 | + end | |
| 38 | + | |
| 39 | + should 'not get a profile block for a not logged in user' do | |
| 40 | + logout_api | |
| 41 | + profile = fast_create(Profile, public_profile: false) | |
| 42 | + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) | |
| 43 | + block = fast_create(Block, box_id: box.id) | |
| 44 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | |
| 45 | + assert_equal 403, last_response.status | |
| 46 | + end | |
| 47 | + | |
| 48 | + should 'not get a profile block for an user without permission' do | |
| 49 | + profile = fast_create(Profile, public_profile: false) | |
| 50 | + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) | |
| 51 | + block = fast_create(Block, box_id: box.id) | |
| 52 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | |
| 53 | + assert_equal 403, last_response.status | |
| 54 | + end | |
| 55 | + | |
| 56 | + should 'get a block for an user with permission in a private profile' do | |
| 57 | + profile = fast_create(Profile, public_profile: false) | |
| 58 | + profile.add_admin(person) | |
| 59 | + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) | |
| 60 | + block = fast_create(Block, box_id: box.id) | |
| 61 | + get "/api/v1/blocks/#{block.id}?#{params.to_query}" | |
| 62 | + json = JSON.parse(last_response.body) | |
| 63 | + assert_equal block.id, json["block"]["id"] | |
| 64 | + end | |
| 65 | +end | ... | ... |
test/api/test_helper.rb