Download as
Browse Code »

Commit dc740341ee0956038e2366d315bf4cebc352174c

Authored by Rodrigo Souto
1 parent c71d67d7
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

api: review people mountpoint

Showing 3 changed files with 38 additions and 33 deletions   Show diff stats
lib/noosfero/api/v1/people.rb
  Diff comments   View file @dc74034
@@ -38,13 +38,14 @@ module Noosfero @@ -38,13 +38,14 @@ module Noosfero
38 38
39 desc "Return the person information" 39 desc "Return the person information"
40 get ':id' do 40 get ':id' do
41 - person = environment.people.visible.find_by_id(params[:id]) 41 + person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
42 present person, :with => Entities::Person 42 present person, :with => Entities::Person
43 end 43 end
44 44
45 desc "Return the person friends" 45 desc "Return the person friends"
46 get ':id/friends' do 46 get ':id/friends' do
47 - friends = current_person.friends.visible 47 + person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
  48 + friends = person.friends.visible
48 present friends, :with => Entities::Person 49 present friends, :with => Entities::Person
49 end 50 end
50 51
test/unit/api/people_test.rb
  Diff comments   View file @dc74034
@@ -16,21 +16,17 @@ class PeopleTest < ActiveSupport::TestCase @@ -16,21 +16,17 @@ class PeopleTest < ActiveSupport::TestCase
16 end 16 end
17 17
18 should 'not list invisible people' do 18 should 'not list invisible people' do
19 - person1 = fast_create(Person)  
20 - fast_create(Person, :visible => false) 19 + invisible_person = fast_create(Person, :visible => false)
21 20
22 get "/api/v1/people?#{params.to_query}" 21 get "/api/v1/people?#{params.to_query}"
23 - json = JSON.parse(last_response.body)  
24 - assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']} 22 + assert_not_includes json_response_ids(:people), invisible_person.id
25 end 23 end
26 24
27 should 'not list private people without permission' do 25 should 'not list private people without permission' do
28 - person1 = fast_create(Person)  
29 - fast_create(Person, :public_profile => false) 26 + private_person = fast_create(Person, :public_profile => false)
30 27
31 get "/api/v1/people?#{params.to_query}" 28 get "/api/v1/people?#{params.to_query}"
32 - json = JSON.parse(last_response.body)  
33 - assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']} 29 + assert_not_includes json_response_ids(:people), private_person.id
34 end 30 end
35 31
36 should 'list private person for friends' do 32 should 'list private person for friends' do
@@ -40,8 +36,7 @@ class PeopleTest < ActiveSupport::TestCase @@ -40,8 +36,7 @@ class PeopleTest < ActiveSupport::TestCase
40 p2.add_friend(person) 36 p2.add_friend(person)
41 37
42 get "/api/v1/people?#{params.to_query}" 38 get "/api/v1/people?#{params.to_query}"
43 - json = JSON.parse(last_response.body)  
44 - assert_equivalent [p1.id, p2.id, person.id], json['people'].map {|c| c['id']} 39 + assert_includes json_response_ids(:people), p2.id
45 end 40 end
46 41
47 should 'get person' do 42 should 'get person' do
@@ -61,42 +56,44 @@ class PeopleTest < ActiveSupport::TestCase @@ -61,42 +56,44 @@ class PeopleTest < ActiveSupport::TestCase
61 end 56 end
62 57
63 should 'not get private people without permission' do 58 should 'not get private people without permission' do
64 - person = fast_create(Person)  
65 - fast_create(Person, :public_profile => false) 59 + private_person = fast_create(Person, :public_profile => false)
66 60
67 - get "/api/v1/people/#{person.id}?#{params.to_query}" 61 + get "/api/v1/people/#{private_person.id}?#{params.to_query}"
68 json = JSON.parse(last_response.body) 62 json = JSON.parse(last_response.body)
69 - assert_equal person.id, json['person']['id'] 63 + assert json['person'].blank?
70 end 64 end
71 65
72 should 'get private person for friends' do 66 should 'get private person for friends' do
73 - person = fast_create(Person, :public_profile => false)  
74 - person.add_friend(person) 67 + private_person = fast_create(Person, :public_profile => false)
  68 + person.add_friend(private_person)
  69 + private_person.add_friend(person)
75 70
76 - get "/api/v1/people/#{person.id}?#{params.to_query}" 71 + get "/api/v1/people/#{private_person.id}?#{params.to_query}"
77 json = JSON.parse(last_response.body) 72 json = JSON.parse(last_response.body)
78 - assert_equal person.id, json['person']['id'] 73 + assert_equal private_person.id, json['person']['id']
79 end 74 end
80 75
81 should 'list person friends' do 76 should 'list person friends' do
82 - p = fast_create(Person)  
83 - fast_create(Person)  
84 - person.add_friend(p) 77 + friend = fast_create(Person)
  78 + person.add_friend(friend)
  79 + friend.add_friend(person)
85 80
86 - get "/api/v1/people/#{person.id}/friends?#{params.to_query}"  
87 - json = JSON.parse(last_response.body)  
88 - assert_equivalent [p.id], json['people'].map {|c| c['id']} 81 + get "/api/v1/people/#{friend.id}/friends?#{params.to_query}"
  82 + assert_includes json_response_ids(:people), person.id
89 end 83 end
90 84
91 - should 'not list person friends invisible' do  
92 - p1 = fast_create(Person)  
93 - p2 = fast_create(Person, :visible => false)  
94 - person.add_friend(p1)  
95 - person.add_friend(p2) 85 + should 'not list person invisible friends' do
  86 + friend = fast_create(Person)
  87 + invisible_friend = fast_create(Person, :visible => false)
  88 + person.add_friend(friend)
  89 + person.add_friend(invisible_friend)
  90 + friend.add_friend(person)
  91 + invisible_friend.add_friend(person)
96 92
97 get "/api/v1/people/#{person.id}/friends?#{params.to_query}" 93 get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
98 - json = JSON.parse(last_response.body)  
99 - assert_equivalent [p1.id], json['people'].map {|c| c['id']} 94 + friends = json_response_ids(:people)
  95 + assert_includes friends, friend.id
  96 + assert_not_includes friends, invisible_friend.id
100 end 97 end
101 98
102 end 99 end
test/unit/api/test_helper.rb
  Diff comments   View file @dc74034
@@ -20,4 +20,11 @@ class ActiveSupport::TestCase @@ -20,4 +20,11 @@ class ActiveSupport::TestCase
20 end 20 end
21 attr_accessor :private_token, :user, :person, :params 21 attr_accessor :private_token, :user, :person, :params
22 22
  23 + private
  24 +
  25 + def json_response_ids(kind)
  26 + json = JSON.parse(last_response.body)
  27 + json[kind.to_s].map {|c| c['id']}
  28 + end
  29 +
23 end 30 end