From d6d98372d6f771cef8ce67e2d8960641a9d57041 Mon Sep 17 00:00:00 2001 From: Evandro Junior Date: Mon, 4 Apr 2016 18:12:04 -0300 Subject: [PATCH] API unlocked for visitor --- app/models/organization.rb | 6 ++---- app/models/person.rb | 4 +--- test/api/categories_test.rb | 29 ++++++++++------------------- test/api/comments_test.rb | 29 ++++++++++++++--------------- test/api/communities_test.rb | 14 -------------- test/api/enterprises_test.rb | 4 ++-- test/api/people_test.rb | 4 ---- test/api/profiles_test.rb | 2 -- test/api/test_helper.rb | 5 ----- 9 files changed, 29 insertions(+), 68 deletions(-) diff --git a/app/models/organization.rb b/app/models/organization.rb index b064ffe..220b30d 100644 --- a/app/models/organization.rb +++ b/app/models/organization.rb @@ -17,8 +17,6 @@ class Organization < Profile # 4) The user is not a member of the organization but the organization is # visible, public and enabled. def self.visible_for_person(person) - # Visitor if person.nil? - person_id = person.nil? ? nil : person.id joins('LEFT JOIN "role_assignments" ON ("role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\') OR ( "role_assignments"."resource_id" = "profiles"."environment_id" AND @@ -30,8 +28,8 @@ class Organization < Profile ( ( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( profiles.public_profile = ? AND profiles.enabled = ? ) ) AND ( profiles.visible = ? ) )', - 'profile_admin', 'environment_administrator', Profile.name, person_id, - Profile.name, person_id, true, true, true] + 'profile_admin', 'environment_administrator', Profile.name, person.id, + Profile.name, person.id, true, true, true] ).uniq end diff --git a/app/models/person.rb b/app/models/person.rb index 560138e..18015ba 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -42,8 +42,6 @@ class Person < Profile } scope :visible_for_person, lambda { |person| - # Visitor if person.nil? - person_id = person.nil? ? nil : person.id joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."environment_id" AND "role_assignments"."resource_type" = \'Environment\'') @@ -52,7 +50,7 @@ class Person < Profile .where( ['( roles.key = ? AND role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR ( ( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?) )', - 'environment_administrator', Profile.name, person_id, person_id, true, true] + 'environment_administrator', Profile.name, person.id, person.id, true, true] ).uniq } diff --git a/test/api/categories_test.rb b/test/api/categories_test.rb index e7133a0..f356dd7 100644 --- a/test/api/categories_test.rb +++ b/test/api/categories_test.rb @@ -2,8 +2,7 @@ require_relative 'test_helper' class CategoriesTest < ActiveSupport::TestCase - - should 'logged user list categories' do + should 'list categories to logged user' do login_api category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/?#{params.to_query}" @@ -11,7 +10,7 @@ class CategoriesTest < ActiveSupport::TestCase assert_includes json["categories"].map { |c| c["name"] }, category.name end - should 'logged user get category by id' do + should 'get category by id to logged user' do login_api category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/#{category.id}/?#{params.to_query}" @@ -19,7 +18,7 @@ class CategoriesTest < ActiveSupport::TestCase assert_equal category.name, json["category"]["name"] end - should 'logged user list parent and children when get category by id' do + should 'list parent and children when get category by id to logged user' do login_api parent = fast_create(Category, :environment_id => environment.id) child_1 = fast_create(Category, :environment_id => environment.id) @@ -37,7 +36,7 @@ class CategoriesTest < ActiveSupport::TestCase assert_equivalent [child_1.id, child_2.id], json['category']['children'].map { |c| c['id'] } end - should 'logged user include parent in categories list if params is true' do + should 'include parent in categories list if params is true to logged_user' do login_api parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category child_1 = fast_create(Category, :environment_id => environment.id) @@ -60,7 +59,7 @@ class CategoriesTest < ActiveSupport::TestCase json["categories"].map { |c| c['parent'] && c['parent']['id'] } end - should 'logged user include children in categories list if params is true' do + should 'include children in categories list if params is true to logged user' do login_api category = fast_create(Category, :environment_id => environment.id) child_1 = fast_create(Category, :environment_id => environment.id) @@ -88,7 +87,7 @@ class CategoriesTest < ActiveSupport::TestCase expose_attributes = %w(id name full_name image display_color) expose_attributes.each do |attr| - should "logged user expose category #{attr} attribute by default" do + should "expose category #{attr} attribute by default to logged user" do login_api category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/?#{params.to_query}" @@ -97,24 +96,21 @@ class CategoriesTest < ActiveSupport::TestCase end end - should 'anonymous list categories' do - anonymous_setup + should 'list categories to anonymous' do category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/?#{params.to_query}" json = JSON.parse(last_response.body) assert_includes json["categories"].map { |c| c["name"] }, category.name end - should 'anonymous get category by id' do - anonymous_setup + should 'get category by id to anonymous' do category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/#{category.id}/?#{params.to_query}" json = JSON.parse(last_response.body) assert_equal category.name, json["category"]["name"] end - should 'anonymous list parent and children when get category by id' do - anonymous_setup + should 'list parent and children when get category by id to anonymous' do parent = fast_create(Category, :environment_id => environment.id) child_1 = fast_create(Category, :environment_id => environment.id) child_2 = fast_create(Category, :environment_id => environment.id) @@ -132,7 +128,6 @@ class CategoriesTest < ActiveSupport::TestCase end should 'anonymous include parent in categories list if params is true' do - anonymous_setup parent_1 = fast_create(Category, :environment_id => environment.id) # parent_1 has no parent category child_1 = fast_create(Category, :environment_id => environment.id) child_2 = fast_create(Category, :environment_id => environment.id) @@ -155,7 +150,6 @@ class CategoriesTest < ActiveSupport::TestCase end should 'anonymous include children in categories list if params is true' do - anonymous_setup category = fast_create(Category, :environment_id => environment.id) child_1 = fast_create(Category, :environment_id => environment.id) child_2 = fast_create(Category, :environment_id => environment.id) @@ -180,8 +174,7 @@ class CategoriesTest < ActiveSupport::TestCase end expose_attributes.each do |attr| - should "anonymous expose category #{attr} attribute by default" do - anonymous_setup + should "expose category #{attr} attribute by default to anonymous" do category = fast_create(Category, :environment_id => environment.id) get "/api/v1/categories/?#{params.to_query}" json = JSON.parse(last_response.body) @@ -189,6 +182,4 @@ class CategoriesTest < ActiveSupport::TestCase end end - - end diff --git a/test/api/comments_test.rb b/test/api/comments_test.rb index d1e0e73..d5a4b55 100644 --- a/test/api/comments_test.rb +++ b/test/api/comments_test.rb @@ -4,7 +4,6 @@ class CommentsTest < ActiveSupport::TestCase def setup @local_person = fast_create(Person) - anonymous_setup end attr_reader :local_person @@ -82,16 +81,16 @@ class CommentsTest < ActiveSupport::TestCase end should 'logged user comment creation define the source' do - login_api - amount = Comment.count - article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") - body = 'My comment' - params.merge!({:body => body}) + login_api + amount = Comment.count + article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") + body = 'My comment' + params.merge!({:body => body}) - post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" - assert_equal amount + 1, Comment.count - comment = Comment.last - assert_not_nil comment.source + post "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + assert_equal amount + 1, Comment.count + comment = Comment.last + assert_not_nil comment.source end should 'call plugin hotspot to filter unavailable comments' do @@ -124,26 +123,26 @@ class CommentsTest < ActiveSupport::TestCase should 'not, anonymous list comments if has no permission to view the source article' do article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing", :published => false) assert !article.published? - + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" assert_equal 403, last_response.status end - + should 'anonymous return comments of an article' do article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") article.comments.create!(:body => "some comment", :author => local_person) article.comments.create!(:body => "another comment", :author => local_person) - + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" json = JSON.parse(last_response.body) assert_equal 200, last_response.status assert_equal 2, json["comments"].length end - + should 'anonymous return comment of an article' do article = fast_create(Article, :profile_id => local_person.id, :name => "Some thing") comment = article.comments.create!(:body => "another comment", :author => local_person) - + get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}" json = JSON.parse(last_response.body) assert_equal 200, last_response.status diff --git a/test/api/communities_test.rb b/test/api/communities_test.rb index dfe6bf5..61b8100 100644 --- a/test/api/communities_test.rb +++ b/test/api/communities_test.rb @@ -147,7 +147,6 @@ class CommunitiesTest < ActiveSupport::TestCase get "/api/v1/communities?#{params.to_query}" json_page_one = JSON.parse(last_response.body) - assert_includes json_page_one["communities"].map { |a| a["id"] }, community1.id assert_not_includes json_page_one["communities"].map { |a| a["id"] }, community2.id @@ -172,7 +171,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'anonymous list only communities' do - anonymous_setup community = fast_create(Community, :environment_id => environment.id) enterprise = fast_create(Enterprise, :environment_id => environment.id) # should not list this enterprise get "/api/v1/communities?#{params.to_query}" @@ -182,7 +180,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'anonymous list all communities' do - anonymous_setup community1 = fast_create(Community, :environment_id => environment.id, :public_profile => true) community2 = fast_create(Community, :environment_id => environment.id) get "/api/v1/communities?#{params.to_query}" @@ -191,7 +188,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not, anonymous list invisible communities' do - anonymous_setup community1 = fast_create(Community, :environment_id => environment.id) fast_create(Community, :environment_id => environment.id, :visible => false) @@ -201,7 +197,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'anonymous list private communities' do - anonymous_setup community1 = fast_create(Community, :environment_id => environment.id) community2 = fast_create(Community, :environment_id => environment.id, :public_profile => false) @@ -211,7 +206,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not, anonymous create a community' do - anonymous_setup params[:community] = {:name => 'some'} post "/api/v1/communities?#{params.to_query}" json = JSON.parse(last_response.body) @@ -219,7 +213,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'anonymous get community' do - anonymous_setup community = fast_create(Community, :environment_id => environment.id) get "/api/v1/communities/#{community.id}" json = JSON.parse(last_response.body) @@ -227,7 +220,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not, anonymous get invisible community' do - anonymous_setup community = fast_create(Community, :environment_id => environment.id, :visible => false) get "/api/v1/communities/#{community.id}" json = JSON.parse(last_response.body) @@ -235,7 +227,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not, anonymous get private communities' do - anonymous_setup community = fast_create(Community, :environment_id => environment.id) fast_create(Community, :environment_id => environment.id, :public_profile => false) get "/api/v1/communities/#{community.id}" @@ -244,7 +235,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'anonymous list communities with pagination' do - anonymous_setup community1 = fast_create(Community, :public_profile => true, :created_at => 1.day.ago) community2 = fast_create(Community, :created_at => 2.days.ago) @@ -266,7 +256,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'anonymous list communities with timestamp' do - anonymous_setup community1 = fast_create(Community, :public_profile => true) community2 = fast_create(Community) @@ -282,7 +271,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'display public custom fields to anonymous' do - anonymous_setup CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) some_community = fast_create(Community) some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } @@ -295,7 +283,6 @@ class CommunitiesTest < ActiveSupport::TestCase end should 'not display private custom fields to anonymous' do - anonymous_setup CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Community", :active => true, :environment => Environment.default) some_community = fast_create(Community) some_community.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } @@ -306,5 +293,4 @@ class CommunitiesTest < ActiveSupport::TestCase refute json['community']['additional_data'].has_key?('Rating') end - end diff --git a/test/api/enterprises_test.rb b/test/api/enterprises_test.rb index fe261e9..f6b8ab4 100644 --- a/test/api/enterprises_test.rb +++ b/test/api/enterprises_test.rb @@ -64,14 +64,14 @@ class EnterprisesTest < ActiveSupport::TestCase assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} end - should 'not, logger user list invisible enterprises' do + should 'not, logged user list invisible enterprises' do login_api enterprise1 = fast_create(Enterprise, :environment_id => environment.id) fast_create(Enterprise, :visible => false) get "/api/v1/enterprises?#{params.to_query}" json = JSON.parse(last_response.body) - assert_equal [enterprise1.id], json['enterprises'].map {|c| c['id']} + assert_equal [enterprise1.id, enterprise2.id], json['enterprises'].map {|c| c['id']} end should 'anonymous list private enterprises' do diff --git a/test/api/people_test.rb b/test/api/people_test.rb index cb70e23..34e52ae 100644 --- a/test/api/people_test.rb +++ b/test/api/people_test.rb @@ -61,7 +61,6 @@ class PeopleTest < ActiveSupport::TestCase end should 'annoymous not list invisible people' do - anonymous_setup invisible_person = fast_create(Person, :visible => false) get "/api/v1/people?#{params.to_query}" @@ -105,7 +104,6 @@ class PeopleTest < ActiveSupport::TestCase end should 'anonymous get person' do - anonymous_setup some_person = fast_create(Person) get "/api/v1/people/#{some_person.id}?#{params.to_query}" @@ -113,7 +111,6 @@ class PeopleTest < ActiveSupport::TestCase assert_equal some_person.id, json['person']['id'] end - should 'people endpoint filter by fields parameter for logged user' do login_api get "/api/v1/people?#{params.to_query}&fields=name" @@ -156,7 +153,6 @@ class PeopleTest < ActiveSupport::TestCase end should 'anonymous not get invisible person' do - anonymous_setup person = fast_create(Person, :visible => false) get "/api/v1/people/#{person.id}?#{params.to_query}" diff --git a/test/api/profiles_test.rb b/test/api/profiles_test.rb index 904dfd7..0b0c06b 100644 --- a/test/api/profiles_test.rb +++ b/test/api/profiles_test.rb @@ -117,7 +117,6 @@ class ProfilesTest < ActiveSupport::TestCase end should 'display public custom fields to anonymous' do - anonymous_setup CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) some_profile = fast_create(Profile) some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "true"} } @@ -130,7 +129,6 @@ class ProfilesTest < ActiveSupport::TestCase end should 'not display private custom fields to anonymous' do - anonymous_setup CustomField.create!(:name => "Rating", :format => "string", :customized_type => "Profile", :active => true, :environment => Environment.default) some_profile = fast_create(Profile) some_profile.custom_values = { "Rating" => { "value" => "Five stars", "public" => "false"} } diff --git a/test/api/test_helper.rb b/test/api/test_helper.rb index c98e9af..be6fca6 100644 --- a/test/api/test_helper.rb +++ b/test/api/test_helper.rb @@ -25,11 +25,6 @@ class ActiveSupport::TestCase @params = {:private_token => @private_token} end - def anonymous_setup - @environment = Environment.default - @params = {} - end - attr_accessor :private_token, :user, :person, :params, :environment private -- libgit2 0.21.2