Commit f80df4d26ee4368a1329da228d7ee2453f64afa1
Committed by
Tallys Martins
Tallys Martins
1 parent
e43a8ebd
Exists in
stable-spb-1.5
Adds delete endpoint to profiles API
(cherry picked from commit 06c36ffd7e9d48f97ed49570201029a1c7beabad)
Showing
2 changed files
with
61 additions
and
0 deletions
Show diff stats
lib/noosfero/api/v1/profiles.rb
| @@ -19,6 +19,19 @@ module Noosfero | @@ -19,6 +19,19 @@ module Noosfero | ||
| 19 | profile = profiles.find_by_id(params[:id]) | 19 | profile = profiles.find_by_id(params[:id]) |
| 20 | present profile, :with => Entities::Profile, :current_person => current_person | 20 | present profile, :with => Entities::Profile, :current_person => current_person |
| 21 | end | 21 | end |
| 22 | + | ||
| 23 | + delete ':id' do | ||
| 24 | + profiles = environment.profiles | ||
| 25 | + profile = profiles.find_by id: params[:id] | ||
| 26 | + | ||
| 27 | + not_found! if profile.blank? | ||
| 28 | + | ||
| 29 | + if current_person.has_permission?(:destroy_profile, profile) | ||
| 30 | + profile.destroy | ||
| 31 | + else | ||
| 32 | + forbidden! | ||
| 33 | + end | ||
| 34 | + end | ||
| 22 | end | 35 | end |
| 23 | end | 36 | end |
| 24 | end | 37 | end |
test/unit/api/profiles_test.rb
| @@ -29,4 +29,52 @@ class ProfilesTest < ActiveSupport::TestCase | @@ -29,4 +29,52 @@ class ProfilesTest < ActiveSupport::TestCase | ||
| 29 | json = JSON.parse(last_response.body) | 29 | json = JSON.parse(last_response.body) |
| 30 | assert_equal community.id, json['id'] | 30 | assert_equal community.id, json['id'] |
| 31 | end | 31 | end |
| 32 | + | ||
| 33 | + group_kinds = %w(community enterprise) | ||
| 34 | + group_kinds.each do |kind| | ||
| 35 | + should "delete #{kind} from profile id with permission" do | ||
| 36 | + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) | ||
| 37 | + give_permission(@person, 'destroy_profile', profile) | ||
| 38 | + assert_not_nil Profile.find_by_id profile.id | ||
| 39 | + | ||
| 40 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 41 | + | ||
| 42 | + assert_equal 200, last_response.status | ||
| 43 | + assert_nil Profile.find_by_id profile.id | ||
| 44 | + end | ||
| 45 | + | ||
| 46 | + should "not delete #{kind} from profile id without permission" do | ||
| 47 | + profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id) | ||
| 48 | + assert_not_nil Profile.find_by_id profile.id | ||
| 49 | + | ||
| 50 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 51 | + | ||
| 52 | + assert_equal 403, last_response.status | ||
| 53 | + assert_not_nil Profile.find_by_id profile.id | ||
| 54 | + end | ||
| 55 | + end | ||
| 56 | + | ||
| 57 | + should 'person delete itself' do | ||
| 58 | + delete "/api/v1/profiles/#{@person.id}?#{params.to_query}" | ||
| 59 | + assert_equal 200, last_response.status | ||
| 60 | + assert_nil Profile.find_by_id @person.id | ||
| 61 | + end | ||
| 62 | + | ||
| 63 | + should 'only admin delete other people' do | ||
| 64 | + profile = fast_create(Person, :environment_id => environment.id) | ||
| 65 | + assert_not_nil Profile.find_by_id profile.id | ||
| 66 | + | ||
| 67 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 68 | + | ||
| 69 | + assert_equal 403, last_response.status | ||
| 70 | + assert_not_nil Profile.find_by_id profile.id | ||
| 71 | + | ||
| 72 | + environment.add_admin(@person) | ||
| 73 | + | ||
| 74 | + delete "/api/v1/profiles/#{profile.id}?#{params.to_query}" | ||
| 75 | + | ||
| 76 | + assert_equal 200, last_response.status | ||
| 77 | + assert_nil Profile.find_by_id profile.id | ||
| 78 | + | ||
| 79 | + end | ||
| 32 | end | 80 | end |