api: review people mountpoint

Rodrigo Souto
1 parent c71d67d7
Showing 3 changed files with 38 additions and 33 deletions Show diff stats
lib/noosfero/api/v1/people.rb
test/unit/api/people_test.rb
test/unit/api/test_helper.rb
@@ -38,13 +38,14 @@ module Noosfero
  
           desc "Return the person information"
           get ':id' do
-            person = environment.people.visible.find_by_id(params[:id])
+            person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
             present person, :with => Entities::Person
           end
  
           desc "Return the person friends"
           get ':id/friends' do
-            friends = current_person.friends.visible
+            person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
+            friends = person.friends.visible
             present friends, :with => Entities::Person
           end
  
@@ -16,21 +16,17 @@ class PeopleTest &lt; ActiveSupport::TestCase
   end
  
   should 'not list invisible people' do
-    person1 = fast_create(Person)
-    fast_create(Person, :visible => false)
+    invisible_person = fast_create(Person, :visible => false)
  
     get "/api/v1/people?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
+    assert_not_includes json_response_ids(:people), invisible_person.id
   end
  
   should 'not list private people without permission' do
-    person1 = fast_create(Person)
-    fast_create(Person, :public_profile => false)
+    private_person = fast_create(Person, :public_profile => false)
  
     get "/api/v1/people?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
+    assert_not_includes json_response_ids(:people), private_person.id
   end
  
   should 'list private person for friends' do
@@ -40,8 +36,7 @@ class PeopleTest &lt; ActiveSupport::TestCase
     p2.add_friend(person)
  
     get "/api/v1/people?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [p1.id, p2.id, person.id], json['people'].map {|c| c['id']}
+    assert_includes json_response_ids(:people), p2.id
   end
  
   should 'get person' do
@@ -61,42 +56,44 @@ class PeopleTest &lt; ActiveSupport::TestCase
   end
  
   should 'not get private people without permission' do
-    person = fast_create(Person)
-    fast_create(Person, :public_profile => false)
+    private_person = fast_create(Person, :public_profile => false)
  
-    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    get "/api/v1/people/#{private_person.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
-    assert_equal person.id, json['person']['id']
+    assert json['person'].blank?
   end
  
   should 'get private person for friends' do
-    person = fast_create(Person, :public_profile => false)
-    person.add_friend(person)
+    private_person = fast_create(Person, :public_profile => false)
+    person.add_friend(private_person)
+    private_person.add_friend(person)
  
-    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    get "/api/v1/people/#{private_person.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
-    assert_equal person.id, json['person']['id']
+    assert_equal private_person.id, json['person']['id']
   end
  
   should 'list person friends' do
-    p = fast_create(Person)
-    fast_create(Person)
-    person.add_friend(p)
+    friend = fast_create(Person)
+    person.add_friend(friend)
+    friend.add_friend(person)
  
-    get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [p.id], json['people'].map {|c| c['id']}
+    get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
+    assert_includes json_response_ids(:people), person.id
   end
  
-  should 'not list person friends invisible' do
-    p1 = fast_create(Person)
-    p2 = fast_create(Person, :visible => false)
-    person.add_friend(p1)
-    person.add_friend(p2)
+  should 'not list person invisible friends' do
+    friend = fast_create(Person)
+    invisible_friend = fast_create(Person, :visible => false)
+    person.add_friend(friend)
+    person.add_friend(invisible_friend)
+    friend.add_friend(person)
+    invisible_friend.add_friend(person)
  
     get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
-    json = JSON.parse(last_response.body)
-    assert_equivalent [p1.id], json['people'].map {|c| c['id']}
+    friends = json_response_ids(:people)
+    assert_includes friends, friend.id
+    assert_not_includes friends, invisible_friend.id
   end
  
 end
@@ -20,4 +20,11 @@ class ActiveSupport::TestCase
   end
   attr_accessor :private_token, :user, :person, :params
  
+  private
+
+  def json_response_ids(kind)
+    json = JSON.parse(last_response.body)
+    json[kind.to_s].map {|c| c['id']}
+  end
+
 end
...	...	@@ -38,13 +38,14 @@ module Noosfero
38	38
39	39	desc "Return the person information"
40	40	get ':id' do
41		- person = environment.people.visible.find_by_id(params[:id])
	41	+ person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
42	42	present person, :with => Entities::Person
43	43	end
44	44
45	45	desc "Return the person friends"
46	46	get ':id/friends' do
47		- friends = current_person.friends.visible
	47	+ person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
	48	+ friends = person.friends.visible
48	49	present friends, :with => Entities::Person
49	50	end
50	51
...	...
...	...	@@ -16,21 +16,17 @@ class PeopleTest < ActiveSupport::TestCase
16	16	end
17	17
18	18	should 'not list invisible people' do
19		- person1 = fast_create(Person)
20		- fast_create(Person, :visible => false)
	19	+ invisible_person = fast_create(Person, :visible => false)
21	20
22	21	get "/api/v1/people?#{params.to_query}"
23		- json = JSON.parse(last_response.body)
24		- assert_equivalent [person1.id, person.id], json['people'].map {\|c\| c['id']}
	22	+ assert_not_includes json_response_ids(:people), invisible_person.id
25	23	end
26	24
27	25	should 'not list private people without permission' do
28		- person1 = fast_create(Person)
29		- fast_create(Person, :public_profile => false)
	26	+ private_person = fast_create(Person, :public_profile => false)
30	27
31	28	get "/api/v1/people?#{params.to_query}"
32		- json = JSON.parse(last_response.body)
33		- assert_equivalent [person1.id, person.id], json['people'].map {\|c\| c['id']}
	29	+ assert_not_includes json_response_ids(:people), private_person.id
34	30	end
35	31
36	32	should 'list private person for friends' do
...	...	@@ -40,8 +36,7 @@ class PeopleTest < ActiveSupport::TestCase
40	36	p2.add_friend(person)
41	37
42	38	get "/api/v1/people?#{params.to_query}"
43		- json = JSON.parse(last_response.body)
44		- assert_equivalent [p1.id, p2.id, person.id], json['people'].map {\|c\| c['id']}
	39	+ assert_includes json_response_ids(:people), p2.id
45	40	end
46	41
47	42	should 'get person' do
...	...	@@ -61,42 +56,44 @@ class PeopleTest < ActiveSupport::TestCase
61	56	end
62	57
63	58	should 'not get private people without permission' do
64		- person = fast_create(Person)
65		- fast_create(Person, :public_profile => false)
	59	+ private_person = fast_create(Person, :public_profile => false)
66	60
67		- get "/api/v1/people/#{person.id}?#{params.to_query}"
	61	+ get "/api/v1/people/#{private_person.id}?#{params.to_query}"
68	62	json = JSON.parse(last_response.body)
69		- assert_equal person.id, json['person']['id']
	63	+ assert json['person'].blank?
70	64	end
71	65
72	66	should 'get private person for friends' do
73		- person = fast_create(Person, :public_profile => false)
74		- person.add_friend(person)
	67	+ private_person = fast_create(Person, :public_profile => false)
	68	+ person.add_friend(private_person)
	69	+ private_person.add_friend(person)
75	70
76		- get "/api/v1/people/#{person.id}?#{params.to_query}"
	71	+ get "/api/v1/people/#{private_person.id}?#{params.to_query}"
77	72	json = JSON.parse(last_response.body)
78		- assert_equal person.id, json['person']['id']
	73	+ assert_equal private_person.id, json['person']['id']
79	74	end
80	75
81	76	should 'list person friends' do
82		- p = fast_create(Person)
83		- fast_create(Person)
84		- person.add_friend(p)
	77	+ friend = fast_create(Person)
	78	+ person.add_friend(friend)
	79	+ friend.add_friend(person)
85	80
86		- get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
87		- json = JSON.parse(last_response.body)
88		- assert_equivalent [p.id], json['people'].map {\|c\| c['id']}
	81	+ get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
	82	+ assert_includes json_response_ids(:people), person.id
89	83	end
90	84
91		- should 'not list person friends invisible' do
92		- p1 = fast_create(Person)
93		- p2 = fast_create(Person, :visible => false)
94		- person.add_friend(p1)
95		- person.add_friend(p2)
	85	+ should 'not list person invisible friends' do
	86	+ friend = fast_create(Person)
	87	+ invisible_friend = fast_create(Person, :visible => false)
	88	+ person.add_friend(friend)
	89	+ person.add_friend(invisible_friend)
	90	+ friend.add_friend(person)
	91	+ invisible_friend.add_friend(person)
96	92
97	93	get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
98		- json = JSON.parse(last_response.body)
99		- assert_equivalent [p1.id], json['people'].map {\|c\| c['id']}
	94	+ friends = json_response_ids(:people)
	95	+ assert_includes friends, friend.id
	96	+ assert_not_includes friends, invisible_friend.id
100	97	end
101	98
102	99	end
...	...
...	...	@@ -20,4 +20,11 @@ class ActiveSupport::TestCase
20	20	end
21	21	attr_accessor :private_token, :user, :person, :params
22	22
	23	+ private
	24	+
	25	+ def json_response_ids(kind)
	26	+ json = JSON.parse(last_response.body)
	27	+ json[kind.to_s].map {\|c\| c['id']}
	28	+ end
	29	+
23	30	end
...	...