adding people endpoint

Leandro Santos · Rodrigo Souto
1 parent f49ee41c
Showing 6 changed files with 107 additions and 17 deletions Show diff stats
app/models/organization.rb
app/models/person.rb
app/models/profile.rb
lib/api/entities.rb
lib/api/v1/people.rb
test/unit/api/people_test.rb
@@ -8,6 +8,13 @@ class Organization &lt; Profile
     :display => %w[compact]
   }
+  scope :visible_for_person, lambda { |person|
+    joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
+    .where(
+      ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR 
+          (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id,  true, true]
+    ).uniq
+  }
   settings_items :closed, :type => :boolean, :default => false
   def closed?
@@ -39,6 +39,14 @@ roles] }
     { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
   }
+  scope :visible_for_person, lambda { |person|
+    joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"')
+    .where(
+      ['( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?)', person.id,  true, true]
+    ).uniq
+  }
+
+
   def has_permission_with_admin?(permission, resource)
     return true if resource.blank? || resource.admins.include?(self)
     return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
@@ -145,14 +145,6 @@ class Profile &lt; ActiveRecord::Base
   scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
   scope :enabled, :conditions => { :enabled => true }
-  scope :visible_for_person, lambda { |person|
-    joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
-    .where(
-      ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR 
-          (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id,  true, true]
-    ).uniq
-  }
-
   # Subclasses must override this method
   scope :more_popular
@@ -31,7 +31,9 @@ module API
       expose :image, :using => Image
     end
-    class Person < Profile;end;
+    class Person < Profile
+      root 'people', 'person'
+    end
     class Enterprise < Profile
       root 'enterprises', 'enterprise'
     end
@@ -17,12 +17,20 @@ module API
         #  GET /people?reference_id=10&limit=10&oldest
         get do
           people = select_filtered_collection_of(environment, 'people', params)
+          people = people.visible_for_person(current_person)
           present people, :with => Entities::Person
         end
         desc "Return the person information"
-        get '/:id' do
-          present environment.people.find(params[:id]), :with => Entities::Person
+        get ':id' do
+          person = environment.people.visible.find_by_id(params[:id])
+          present person, :with => Entities::Person
+        end
+
+        desc "Return the person friends"
+        get ':id/friends' do
+          friends = current_person.friends.visible
+          present friends, :with => Entities::Person
         end
       end
@@ -6,24 +6,97 @@ class PeopleTest &lt; ActiveSupport::TestCase
     login_api
   end
-  should 'list persons' do
-    person1 = fast_create(Person)
+
+  should 'list all people' do
+    person1 = fast_create(Person, :public_profile => true)
     person2 = fast_create(Person)
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'not list invisible people' do
+    person1 = fast_create(Person)
+    fast_create(Person, :visible => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'not list private people without permission' do
+    person1 = fast_create(Person)
+    fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'list private person for friends' do
+    p1 = fast_create(Person)
+    p2 = fast_create(Person, :public_profile => false)
+    person.add_friend(p2)
+    p2.add_friend(person)
     get "/api/v1/people?#{params.to_query}"
     json = JSON.parse(last_response.body)
+    assert_equivalent [p1.id, p2.id, person.id], json['people'].map {|c| c['id']}
+  end
+
+  should 'get person' do
+    person = fast_create(Person)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.id, json['person']['id']
+  end
-    assert_includes json.map {|c| c['id']}, person1.id
-    assert_includes json.map {|c| c['id']}, person2.id
+  should 'not get invisible person' do
+    person = fast_create(Person, :visible => false)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json['person'].blank?
   end
-  should 'return one person by id' do
+  should 'not get private people without permission' do
     person = fast_create(Person)
+    fast_create(Person, :public_profile => false)
+
+    get "/api/v1/people/#{person.id}?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.id, json['person']['id']
+  end
+
+  should 'get private person for friends' do
+    person = fast_create(Person, :public_profile => false)
+    person.add_friend(person)
     get "/api/v1/people/#{person.id}?#{params.to_query}"
     json = JSON.parse(last_response.body)
+    assert_equal person.id, json['person']['id']
+  end
+
+  should 'list person friends' do
+    p = fast_create(Person)
+    fast_create(Person)
+    person.add_friend(p)
+
+    get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [p.id], json['people'].map {|c| c['id']}
+  end
-    assert_equal person.id, json['id']
+  should 'not list person friends invisible' do
+    p1 = fast_create(Person)
+    p2 = fast_create(Person, :visible => false)
+    person.add_friend(p1)
+    person.add_friend(p2)
+
+    get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [p1.id], json['people'].map {|c| c['id']}
   end
 end
	@@ -8,6 +8,13 @@ class Organization < Profile		@@ -8,6 +8,13 @@ class Organization < Profile
8	:display => %w[compact]	8	:display => %w[compact]
9	}	9	}
10		10
		11	+ scope :visible_for_person, lambda { \|person\|
		12	+ joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
		13	+ .where(
		14	+ ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
		15	+ (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true]
		16	+ ).uniq
		17	+ }
11		18
12	settings_items :closed, :type => :boolean, :default => false	19	settings_items :closed, :type => :boolean, :default => false
13	def closed?	20	def closed?
	@@ -39,6 +39,14 @@ roles] }		@@ -39,6 +39,14 @@ roles] }
39	{ :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }	39	{ :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] }
40	}	40	}
41		41
		42	+ scope :visible_for_person, lambda { \|person\|
		43	+ joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"')
		44	+ .where(
		45	+ ['( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?)', person.id, true, true]
		46	+ ).uniq
		47	+ }
		48	+
		49	+
42	def has_permission_with_admin?(permission, resource)	50	def has_permission_with_admin?(permission, resource)
43	return true if resource.blank? \|\| resource.admins.include?(self)	51	return true if resource.blank? \|\| resource.admins.include?(self)
44	return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)	52	return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self)
	@@ -145,14 +145,6 @@ class Profile < ActiveRecord::Base		@@ -145,14 +145,6 @@ class Profile < ActiveRecord::Base
145	scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }	145	scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false }
146	scope :enabled, :conditions => { :enabled => true }	146	scope :enabled, :conditions => { :enabled => true }
147		147
148	- scope :visible_for_person, lambda { \|person\|
149	- joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'')
150	- .where(
151	- ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR
152	- (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true]
153	- ).uniq
154	- }
155	-
156	# Subclasses must override this method	148	# Subclasses must override this method
157	scope :more_popular	149	scope :more_popular
158		150
	@@ -6,24 +6,97 @@ class PeopleTest < ActiveSupport::TestCase		@@ -6,24 +6,97 @@ class PeopleTest < ActiveSupport::TestCase
6	login_api	6	login_api
7	end	7	end
8		8
9	- should 'list persons' do
10	- person1 = fast_create(Person)	9	+
		10	+ should 'list all people' do
		11	+ person1 = fast_create(Person, :public_profile => true)
11	person2 = fast_create(Person)	12	person2 = fast_create(Person)
		13	+ get "/api/v1/people?#{params.to_query}"
		14	+ json = JSON.parse(last_response.body)
		15	+ assert_equivalent [person1.id, person2.id, person.id], json['people'].map {\|c\| c['id']}
		16	+ end
		17	+
		18	+ should 'not list invisible people' do
		19	+ person1 = fast_create(Person)
		20	+ fast_create(Person, :visible => false)
		21	+
		22	+ get "/api/v1/people?#{params.to_query}"
		23	+ json = JSON.parse(last_response.body)
		24	+ assert_equivalent [person1.id, person.id], json['people'].map {\|c\| c['id']}
		25	+ end
		26	+
		27	+ should 'not list private people without permission' do
		28	+ person1 = fast_create(Person)
		29	+ fast_create(Person, :public_profile => false)
		30	+
		31	+ get "/api/v1/people?#{params.to_query}"
		32	+ json = JSON.parse(last_response.body)
		33	+ assert_equivalent [person1.id, person.id], json['people'].map {\|c\| c['id']}
		34	+ end
		35	+
		36	+ should 'list private person for friends' do
		37	+ p1 = fast_create(Person)
		38	+ p2 = fast_create(Person, :public_profile => false)
		39	+ person.add_friend(p2)
		40	+ p2.add_friend(person)
12		41
13	get "/api/v1/people?#{params.to_query}"	42	get "/api/v1/people?#{params.to_query}"
14	json = JSON.parse(last_response.body)	43	json = JSON.parse(last_response.body)
		44	+ assert_equivalent [p1.id, p2.id, person.id], json['people'].map {\|c\| c['id']}
		45	+ end
		46	+
		47	+ should 'get person' do
		48	+ person = fast_create(Person)
		49	+
		50	+ get "/api/v1/people/#{person.id}?#{params.to_query}"
		51	+ json = JSON.parse(last_response.body)
		52	+ assert_equal person.id, json['person']['id']
		53	+ end
15		54
16	- assert_includes json.map {\|c\| c['id']}, person1.id
17	- assert_includes json.map {\|c\| c['id']}, person2.id	55	+ should 'not get invisible person' do
		56	+ person = fast_create(Person, :visible => false)
		57	+
		58	+ get "/api/v1/people/#{person.id}?#{params.to_query}"
		59	+ json = JSON.parse(last_response.body)
		60	+ assert json['person'].blank?
18	end	61	end
19		62
20	- should 'return one person by id' do	63	+ should 'not get private people without permission' do
21	person = fast_create(Person)	64	person = fast_create(Person)
		65	+ fast_create(Person, :public_profile => false)
		66	+
		67	+ get "/api/v1/people/#{person.id}?#{params.to_query}"
		68	+ json = JSON.parse(last_response.body)
		69	+ assert_equal person.id, json['person']['id']
		70	+ end
		71	+
		72	+ should 'get private person for friends' do
		73	+ person = fast_create(Person, :public_profile => false)
		74	+ person.add_friend(person)
22		75
23	get "/api/v1/people/#{person.id}?#{params.to_query}"	76	get "/api/v1/people/#{person.id}?#{params.to_query}"
24	json = JSON.parse(last_response.body)	77	json = JSON.parse(last_response.body)
		78	+ assert_equal person.id, json['person']['id']
		79	+ end
		80	+
		81	+ should 'list person friends' do
		82	+ p = fast_create(Person)
		83	+ fast_create(Person)
		84	+ person.add_friend(p)
		85	+
		86	+ get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
		87	+ json = JSON.parse(last_response.body)
		88	+ assert_equivalent [p.id], json['people'].map {\|c\| c['id']}
		89	+ end
25		90
26	- assert_equal person.id, json['id']	91	+ should 'not list person friends invisible' do
		92	+ p1 = fast_create(Person)
		93	+ p2 = fast_create(Person, :visible => false)
		94	+ person.add_friend(p1)
		95	+ person.add_friend(p2)
		96	+
		97	+ get "/api/v1/people/#{person.id}/friends?#{params.to_query}"
		98	+ json = JSON.parse(last_response.body)
		99	+ assert_equivalent [p1.id], json['people'].map {\|c\| c['id']}
27	end	100	end
28		101
29	end	102	end