Commit fa8403dfc7b79237a40e17eb10e559a35141b406
1 parent
9f79ead3
Exists in
ratings_minor_fixes
and in
3 other branches
api: display activities for non logged users in public communities
Showing
4 changed files
with
35 additions
and
4 deletions
Show diff stats
app/api/v1/activities.rb
| 1 | module Api | 1 | module Api |
| 2 | module V1 | 2 | module V1 |
| 3 | class Activities < Grape::API | 3 | class Activities < Grape::API |
| 4 | - before { authenticate! } | ||
| 5 | 4 | ||
| 6 | resource :profiles do | 5 | resource :profiles do |
| 7 | 6 | ||
| @@ -9,7 +8,7 @@ module Api | @@ -9,7 +8,7 @@ module Api | ||
| 9 | profile = Profile.find_by id: params[:id] | 8 | profile = Profile.find_by id: params[:id] |
| 10 | 9 | ||
| 11 | not_found! if profile.blank? || profile.secret || !profile.visible | 10 | not_found! if profile.blank? || profile.secret || !profile.visible |
| 12 | - forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person) | 11 | + forbidden! if !profile.display_private_info_to?(current_person) |
| 13 | 12 | ||
| 14 | activities = profile.activities.map(&:activity) | 13 | activities = profile.activities.map(&:activity) |
| 15 | present activities, :with => Entities::Activity, :current_person => current_person | 14 | present activities, :with => Entities::Activity, :current_person => current_person |
app/models/organization.rb
| @@ -234,4 +234,7 @@ class Organization < Profile | @@ -234,4 +234,7 @@ class Organization < Profile | ||
| 234 | self.admins.where(:id => user.id).exists? | 234 | self.admins.where(:id => user.id).exists? |
| 235 | end | 235 | end |
| 236 | 236 | ||
| 237 | + def display_private_info_to?(user) | ||
| 238 | + (public_profile && visible && !secret) || super | ||
| 239 | + end | ||
| 237 | end | 240 | end |
test/api/activities_test.rb
| @@ -27,8 +27,8 @@ class ActivitiesTest < ActiveSupport::TestCase | @@ -27,8 +27,8 @@ class ActivitiesTest < ActiveSupport::TestCase | ||
| 27 | assert_equal 403, last_response.status | 27 | assert_equal 403, last_response.status |
| 28 | end | 28 | end |
| 29 | 29 | ||
| 30 | - should 'not get community activities if not member' do | ||
| 31 | - community = fast_create(Community) | 30 | + should 'not get community activities if not member and community is private' do |
| 31 | + community = fast_create(Community, public_profile: false) | ||
| 32 | other_person = fast_create(Person) | 32 | other_person = fast_create(Person) |
| 33 | community.add_member(other_person) # so there is an activity in community | 33 | community.add_member(other_person) # so there is an activity in community |
| 34 | 34 | ||
| @@ -68,6 +68,15 @@ class ActivitiesTest < ActiveSupport::TestCase | @@ -68,6 +68,15 @@ class ActivitiesTest < ActiveSupport::TestCase | ||
| 68 | assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | 68 | assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} |
| 69 | end | 69 | end |
| 70 | 70 | ||
| 71 | + should 'get activities for non logged user in a public community' do | ||
| 72 | + community = fast_create(Community) | ||
| 73 | + create_activity(community) | ||
| 74 | + community.add_member(person) | ||
| 75 | + get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}" | ||
| 76 | + json = JSON.parse(last_response.body) | ||
| 77 | + assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]} | ||
| 78 | + end | ||
| 79 | + | ||
| 71 | def create_activity(target) | 80 | def create_activity(target) |
| 72 | activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target | 81 | activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target |
| 73 | ProfileActivity.create! profile_id: target.id, activity: activity | 82 | ProfileActivity.create! profile_id: target.id, activity: activity |
test/unit/organization_test.rb
| @@ -567,4 +567,24 @@ class OrganizationTest < ActiveSupport::TestCase | @@ -567,4 +567,24 @@ class OrganizationTest < ActiveSupport::TestCase | ||
| 567 | assert_not_includes person_orgs, o7 | 567 | assert_not_includes person_orgs, o7 |
| 568 | assert_includes env_admin_orgs, o7 | 568 | assert_includes env_admin_orgs, o7 |
| 569 | end | 569 | end |
| 570 | + | ||
| 571 | + should 'return true at display_private_info_to? when profile is public and user is nil' do | ||
| 572 | + organization = fast_create(Organization, public_profile: true) | ||
| 573 | + assert organization.display_private_info_to?(nil) | ||
| 574 | + end | ||
| 575 | + | ||
| 576 | + should 'return false at display_private_info_to? when profile is public and secret' do | ||
| 577 | + organization = fast_create(Organization, public_profile: true, secret: true) | ||
| 578 | + assert !organization.display_private_info_to?(nil) | ||
| 579 | + end | ||
| 580 | + | ||
| 581 | + should 'return false at display_private_info_to? when profile is public and not visible' do | ||
| 582 | + organization = fast_create(Organization, public_profile: true, visible: false) | ||
| 583 | + assert !organization.display_private_info_to?(nil) | ||
| 584 | + end | ||
| 585 | + | ||
| 586 | + should 'return false at display_private_info_to? when profile is private and user is nil' do | ||
| 587 | + organization = fast_create(Organization, public_profile: false) | ||
| 588 | + assert !organization.display_private_info_to?(nil) | ||
| 589 | + end | ||
| 570 | end | 590 | end |