Commit 9c330a8cb441712a12f7cd021b7fd9f2aacb7a68
Committed by
Rodrigo Souto
1 parent
f49ee41c
Exists in
api_tasks
and in
4 other branches
adding people endpoint
Showing
6 changed files
with
107 additions
and
17 deletions
Show diff stats
app/models/organization.rb
@@ -8,6 +8,13 @@ class Organization < Profile | @@ -8,6 +8,13 @@ class Organization < Profile | ||
8 | :display => %w[compact] | 8 | :display => %w[compact] |
9 | } | 9 | } |
10 | 10 | ||
11 | + scope :visible_for_person, lambda { |person| | ||
12 | + joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'') | ||
13 | + .where( | ||
14 | + ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | ||
15 | + (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true] | ||
16 | + ).uniq | ||
17 | + } | ||
11 | 18 | ||
12 | settings_items :closed, :type => :boolean, :default => false | 19 | settings_items :closed, :type => :boolean, :default => false |
13 | def closed? | 20 | def closed? |
app/models/person.rb
@@ -39,6 +39,14 @@ roles] } | @@ -39,6 +39,14 @@ roles] } | ||
39 | { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] } | 39 | { :select => 'DISTINCT profiles.*', :conditions => ['"profiles"."id" NOT IN (SELECT DISTINCT profiles.id FROM "profiles" INNER JOIN "friendships" ON "friendships"."person_id" = "profiles"."id" WHERE "friendships"."friend_id" IN (%s))' % resources.map(&:id)] } |
40 | } | 40 | } |
41 | 41 | ||
42 | + scope :visible_for_person, lambda { |person| | ||
43 | + joins('LEFT JOIN "friendships" ON "friendships"."friend_id" = "profiles"."id"') | ||
44 | + .where( | ||
45 | + ['( ( friendships.person_id = ? ) OR (profiles.public_profile = ?)) AND (profiles.visible = ?)', person.id, true, true] | ||
46 | + ).uniq | ||
47 | + } | ||
48 | + | ||
49 | + | ||
42 | def has_permission_with_admin?(permission, resource) | 50 | def has_permission_with_admin?(permission, resource) |
43 | return true if resource.blank? || resource.admins.include?(self) | 51 | return true if resource.blank? || resource.admins.include?(self) |
44 | return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self) | 52 | return true if resource.kind_of?(Profile) && resource.environment.admins.include?(self) |
app/models/profile.rb
@@ -145,14 +145,6 @@ class Profile < ActiveRecord::Base | @@ -145,14 +145,6 @@ class Profile < ActiveRecord::Base | ||
145 | scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false } | 145 | scope :public, :conditions => { :visible => true, :public_profile => true, :secret => false } |
146 | scope :enabled, :conditions => { :enabled => true } | 146 | scope :enabled, :conditions => { :enabled => true } |
147 | 147 | ||
148 | - scope :visible_for_person, lambda { |person| | ||
149 | - joins('LEFT JOIN "role_assignments" ON "role_assignments"."resource_id" = "profiles"."id" AND "role_assignments"."resource_type" = \'Profile\'') | ||
150 | - .where( | ||
151 | - ['( ( role_assignments.accessor_type = ? AND role_assignments.accessor_id = ? ) OR | ||
152 | - (profiles.public_profile = ?)) AND (profiles.visible = ?)', Profile.name, person.id, true, true] | ||
153 | - ).uniq | ||
154 | - } | ||
155 | - | ||
156 | # Subclasses must override this method | 148 | # Subclasses must override this method |
157 | scope :more_popular | 149 | scope :more_popular |
158 | 150 |
lib/api/entities.rb
@@ -31,7 +31,9 @@ module API | @@ -31,7 +31,9 @@ module API | ||
31 | expose :image, :using => Image | 31 | expose :image, :using => Image |
32 | end | 32 | end |
33 | 33 | ||
34 | - class Person < Profile;end; | 34 | + class Person < Profile |
35 | + root 'people', 'person' | ||
36 | + end | ||
35 | class Enterprise < Profile | 37 | class Enterprise < Profile |
36 | root 'enterprises', 'enterprise' | 38 | root 'enterprises', 'enterprise' |
37 | end | 39 | end |
lib/api/v1/people.rb
@@ -17,12 +17,20 @@ module API | @@ -17,12 +17,20 @@ module API | ||
17 | # GET /people?reference_id=10&limit=10&oldest | 17 | # GET /people?reference_id=10&limit=10&oldest |
18 | get do | 18 | get do |
19 | people = select_filtered_collection_of(environment, 'people', params) | 19 | people = select_filtered_collection_of(environment, 'people', params) |
20 | + people = people.visible_for_person(current_person) | ||
20 | present people, :with => Entities::Person | 21 | present people, :with => Entities::Person |
21 | end | 22 | end |
22 | 23 | ||
23 | desc "Return the person information" | 24 | desc "Return the person information" |
24 | - get '/:id' do | ||
25 | - present environment.people.find(params[:id]), :with => Entities::Person | 25 | + get ':id' do |
26 | + person = environment.people.visible.find_by_id(params[:id]) | ||
27 | + present person, :with => Entities::Person | ||
28 | + end | ||
29 | + | ||
30 | + desc "Return the person friends" | ||
31 | + get ':id/friends' do | ||
32 | + friends = current_person.friends.visible | ||
33 | + present friends, :with => Entities::Person | ||
26 | end | 34 | end |
27 | 35 | ||
28 | end | 36 | end |
test/unit/api/people_test.rb
@@ -6,24 +6,97 @@ class PeopleTest < ActiveSupport::TestCase | @@ -6,24 +6,97 @@ class PeopleTest < ActiveSupport::TestCase | ||
6 | login_api | 6 | login_api |
7 | end | 7 | end |
8 | 8 | ||
9 | - should 'list persons' do | ||
10 | - person1 = fast_create(Person) | 9 | + |
10 | + should 'list all people' do | ||
11 | + person1 = fast_create(Person, :public_profile => true) | ||
11 | person2 = fast_create(Person) | 12 | person2 = fast_create(Person) |
13 | + get "/api/v1/people?#{params.to_query}" | ||
14 | + json = JSON.parse(last_response.body) | ||
15 | + assert_equivalent [person1.id, person2.id, person.id], json['people'].map {|c| c['id']} | ||
16 | + end | ||
17 | + | ||
18 | + should 'not list invisible people' do | ||
19 | + person1 = fast_create(Person) | ||
20 | + fast_create(Person, :visible => false) | ||
21 | + | ||
22 | + get "/api/v1/people?#{params.to_query}" | ||
23 | + json = JSON.parse(last_response.body) | ||
24 | + assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']} | ||
25 | + end | ||
26 | + | ||
27 | + should 'not list private people without permission' do | ||
28 | + person1 = fast_create(Person) | ||
29 | + fast_create(Person, :public_profile => false) | ||
30 | + | ||
31 | + get "/api/v1/people?#{params.to_query}" | ||
32 | + json = JSON.parse(last_response.body) | ||
33 | + assert_equivalent [person1.id, person.id], json['people'].map {|c| c['id']} | ||
34 | + end | ||
35 | + | ||
36 | + should 'list private person for friends' do | ||
37 | + p1 = fast_create(Person) | ||
38 | + p2 = fast_create(Person, :public_profile => false) | ||
39 | + person.add_friend(p2) | ||
40 | + p2.add_friend(person) | ||
12 | 41 | ||
13 | get "/api/v1/people?#{params.to_query}" | 42 | get "/api/v1/people?#{params.to_query}" |
14 | json = JSON.parse(last_response.body) | 43 | json = JSON.parse(last_response.body) |
44 | + assert_equivalent [p1.id, p2.id, person.id], json['people'].map {|c| c['id']} | ||
45 | + end | ||
46 | + | ||
47 | + should 'get person' do | ||
48 | + person = fast_create(Person) | ||
49 | + | ||
50 | + get "/api/v1/people/#{person.id}?#{params.to_query}" | ||
51 | + json = JSON.parse(last_response.body) | ||
52 | + assert_equal person.id, json['person']['id'] | ||
53 | + end | ||
15 | 54 | ||
16 | - assert_includes json.map {|c| c['id']}, person1.id | ||
17 | - assert_includes json.map {|c| c['id']}, person2.id | 55 | + should 'not get invisible person' do |
56 | + person = fast_create(Person, :visible => false) | ||
57 | + | ||
58 | + get "/api/v1/people/#{person.id}?#{params.to_query}" | ||
59 | + json = JSON.parse(last_response.body) | ||
60 | + assert json['person'].blank? | ||
18 | end | 61 | end |
19 | 62 | ||
20 | - should 'return one person by id' do | 63 | + should 'not get private people without permission' do |
21 | person = fast_create(Person) | 64 | person = fast_create(Person) |
65 | + fast_create(Person, :public_profile => false) | ||
66 | + | ||
67 | + get "/api/v1/people/#{person.id}?#{params.to_query}" | ||
68 | + json = JSON.parse(last_response.body) | ||
69 | + assert_equal person.id, json['person']['id'] | ||
70 | + end | ||
71 | + | ||
72 | + should 'get private person for friends' do | ||
73 | + person = fast_create(Person, :public_profile => false) | ||
74 | + person.add_friend(person) | ||
22 | 75 | ||
23 | get "/api/v1/people/#{person.id}?#{params.to_query}" | 76 | get "/api/v1/people/#{person.id}?#{params.to_query}" |
24 | json = JSON.parse(last_response.body) | 77 | json = JSON.parse(last_response.body) |
78 | + assert_equal person.id, json['person']['id'] | ||
79 | + end | ||
80 | + | ||
81 | + should 'list person friends' do | ||
82 | + p = fast_create(Person) | ||
83 | + fast_create(Person) | ||
84 | + person.add_friend(p) | ||
85 | + | ||
86 | + get "/api/v1/people/#{person.id}/friends?#{params.to_query}" | ||
87 | + json = JSON.parse(last_response.body) | ||
88 | + assert_equivalent [p.id], json['people'].map {|c| c['id']} | ||
89 | + end | ||
25 | 90 | ||
26 | - assert_equal person.id, json['id'] | 91 | + should 'not list person friends invisible' do |
92 | + p1 = fast_create(Person) | ||
93 | + p2 = fast_create(Person, :visible => false) | ||
94 | + person.add_friend(p1) | ||
95 | + person.add_friend(p2) | ||
96 | + | ||
97 | + get "/api/v1/people/#{person.id}/friends?#{params.to_query}" | ||
98 | + json = JSON.parse(last_response.body) | ||
99 | + assert_equivalent [p1.id], json['people'].map {|c| c['id']} | ||
27 | end | 100 | end |
28 | 101 | ||
29 | end | 102 | end |