From c49c0f4dadd80e7057c25546ea2cf11006fc94f9 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Wed, 11 May 2016 17:00:40 -0300 Subject: [PATCH] api: add endpoint to return blocks --- lib/noosfero/api/api.rb | 1 + lib/noosfero/api/v1/blocks.rb | 19 +++++++++++++++++++ test/api/blocks_test.rb | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/api/test_helper.rb | 4 ++++ 4 files changed, 89 insertions(+), 0 deletions(-) create mode 100644 lib/noosfero/api/v1/blocks.rb create mode 100644 test/api/blocks_test.rb diff --git a/lib/noosfero/api/api.rb b/lib/noosfero/api/api.rb index 6af42de..78e07d7 100644 --- a/lib/noosfero/api/api.rb +++ b/lib/noosfero/api/api.rb @@ -53,6 +53,7 @@ module Noosfero mount V1::Search mount V1::Contacts mount V1::Boxes + mount V1::Blocks mount V1::Profiles mount V1::Activities diff --git a/lib/noosfero/api/v1/blocks.rb b/lib/noosfero/api/v1/blocks.rb new file mode 100644 index 0000000..ad7490e --- /dev/null +++ b/lib/noosfero/api/v1/blocks.rb @@ -0,0 +1,19 @@ +module Noosfero + module API + module V1 + + class Blocks < Grape::API + resource :blocks do + get ':id' do + block = Block.find(params["id"]) + if block.owner.kind_of?(Profile) + return forbidden! unless block.owner.display_info_to?(current_person) + end + present block, :with => Entities::Block + end + end + end + + end + end +end diff --git a/test/api/blocks_test.rb b/test/api/blocks_test.rb new file mode 100644 index 0000000..57a0d46 --- /dev/null +++ b/test/api/blocks_test.rb @@ -0,0 +1,65 @@ +require_relative 'test_helper' + +class BlocksTest < ActiveSupport::TestCase + + def setup + create_and_activate_user + login_api + @environment = Environment.default + @profile = fast_create(Profile) + end + + attr_accessor :environment, :profile + + should 'get an environment block' do + box = fast_create(Box, :owner_id => environment.id, :owner_type => Environment.name) + block = fast_create(Block, box_id: box.id) + get "/api/v1/blocks/#{block.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal block.id, json["block"]["id"] + end + + should 'get a profile block' do + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) + block = fast_create(Block, box_id: box.id) + get "/api/v1/blocks/#{block.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal block.id, json["block"]["id"] + end + + should 'get a profile block for a not logged in user' do + logout_api + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) + block = fast_create(Block, box_id: box.id) + get "/api/v1/blocks/#{block.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal block.id, json["block"]["id"] + end + + should 'not get a profile block for a not logged in user' do + logout_api + profile = fast_create(Profile, public_profile: false) + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) + block = fast_create(Block, box_id: box.id) + get "/api/v1/blocks/#{block.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not get a profile block for an user without permission' do + profile = fast_create(Profile, public_profile: false) + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) + block = fast_create(Block, box_id: box.id) + get "/api/v1/blocks/#{block.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'get a block for an user with permission in a private profile' do + profile = fast_create(Profile, public_profile: false) + profile.add_admin(person) + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) + block = fast_create(Block, box_id: box.id) + get "/api/v1/blocks/#{block.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal block.id, json["block"]["id"] + end +end diff --git a/test/api/test_helper.rb b/test/api/test_helper.rb index baa51df..e7a539e 100644 --- a/test/api/test_helper.rb +++ b/test/api/test_helper.rb @@ -31,6 +31,10 @@ class ActiveSupport::TestCase @params[:private_token] = @private_token end + def logout_api + @params.delete(:private_token) + end + attr_accessor :private_token, :user, :person, :params, :environment private -- libgit2 0.21.2