diff --git a/app/api/entities.rb b/app/api/entities.rb index 8e095e3..97567af 100644 --- a/app/api/entities.rb +++ b/app/api/entities.rb @@ -93,7 +93,9 @@ module Api class Box < Entity root 'boxes', 'box' expose :id, :position - expose :blocks, :using => Block + expose :blocks, :using => Block do |box, options| + box.blocks.select {|block| block.visible_to_user?(options[:current_person]) } + end end class Profile < Entity diff --git a/test/api/boxes_test.rb b/test/api/boxes_test.rb index 713a40d..5526f9b 100644 --- a/test/api/boxes_test.rb +++ b/test/api/boxes_test.rb @@ -47,4 +47,26 @@ class BoxesTest < ActiveSupport::TestCase json = JSON.parse(last_response.body) assert !json["boxes"].first["blocks"].first.key?('api_content') end + + should 'get blocks from boxes' do + Environment.delete_all + environment = fast_create(Environment, :is_default => true) + box = fast_create(Box, :owner_id => environment.id, :owner_type => 'Environment') + block = fast_create(Block, box_id: box.id) + get "/api/v1/environments/default/boxes?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [block.id], json["boxes"].first["blocks"].map {|b| b['id']} + end + + should 'not list a block for not logged users' do + logout_api + profile = fast_create(Profile) + box = fast_create(Box, :owner_id => profile.id, :owner_type => Profile.name) + block = fast_create(Block, box_id: box.id) + block.display = 'never' + block.save! + get "/api/v1/profiles/#{profile.id}/boxes?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal [], json["boxes"].first["blocks"].map {|b| b['id']} + end end -- libgit2 0.21.2