[Git][noosfero/noosfero][api] api: remove users
Rodrigo Souto
gitlab at gitlab.com
Mon Jun 29 15:01:10 BRT 2015
Rodrigo Souto pushed to branch api at Noosfero / noosfero
Commits:
9969f2f8 by Rodrigo Souto at 2015-06-29T15:00:08Z
api: remove users
Move users api mountpoint to people and also deal with permissions
issues.
- - - - -
6 changed files:
- app/controllers/public/account_controller.rb
- app/models/user.rb
- lib/noosfero/api/entities.rb
- lib/noosfero/api/v1/people.rb
- − lib/noosfero/api/v1/users.rb
- test/unit/api/people_test.rb
Changes:
=====================================
app/controllers/public/account_controller.rb
=====================================
--- a/app/controllers/public/account_controller.rb
+++ b/app/controllers/public/account_controller.rb
@@ -91,11 +91,8 @@ class AccountController < ApplicationController
@block_bot = !!session[:may_be_a_bot]
@invitation_code = params[:invitation_code]
begin
- @user = User.new(params[:user])
- @user.terms_of_use = environment.terms_of_use
- @user.environment = environment
+ @user = User.build(params[:user], params[:profile_data], environment)
@terms_of_use = environment.terms_of_use
- @user.person_data = params[:profile_data]
@user.return_to = session[:return_to]
@person = Person.new(params[:profile_data])
@person.environment = @user.environment
=====================================
app/models/user.rb
=====================================
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -34,6 +34,14 @@ class User < ActiveRecord::Base
alias_method_chain :human_attribute_name, :customization
end
+ def self.build(user_data, person_data, environment)
+ user = User.new(user_data)
+ user.terms_of_use = environment.terms_of_use
+ user.environment = environment
+ user.person_data = person_data
+ user
+ end
+
before_create do |user|
if user.environment.nil?
user.environment = Environment.default
=====================================
lib/noosfero/api/entities.rb
=====================================
--- a/lib/noosfero/api/entities.rb
+++ b/lib/noosfero/api/entities.rb
@@ -36,8 +36,14 @@ module Noosfero
expose :image, :using => Image
end
+ class User < Entity
+ expose :id
+ expose :login
+ end
+
class Person < Profile
root 'people', 'person'
+ expose :user, :using => User
end
class Enterprise < Profile
root 'enterprises', 'enterprise'
@@ -95,23 +101,6 @@ module Noosfero
expose :author, :using => Profile
end
-
- class User < Entity
- root 'users', 'user'
- expose :id
- expose :login
- expose :person, :using => Profile
- expose :permissions do |user, options|
- output = {}
- user.person.role_assignments.map do |role_assigment|
- if role_assigment.resource.respond_to?(:identifier)
- output[role_assigment.resource.identifier] = role_assigment.role.permissions
- end
- end
- output
- end
- end
-
class UserLogin < User
expose :private_token
end
=====================================
lib/noosfero/api/v1/people.rb
=====================================
--- a/lib/noosfero/api/v1/people.rb
+++ b/lib/noosfero/api/v1/people.rb
@@ -36,12 +36,34 @@ module Noosfero
present people, :with => Entities::Person
end
+ desc "Return the logged user information"
+ get "/me" do
+ present current_person, :with => Entities::Person
+ end
+
desc "Return the person information"
get ':id' do
person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
present person, :with => Entities::Person
end
+ # Example Request:
+ # POST api/v1/people?person[login]=some_login&person[password]=some_password&person[name]=Jack
+ desc "Create person"
+ post do
+ user_data = {}
+ user_data[:login] = params[:person].delete(:login) || params[:person][:identifier]
+ user_data[:email] = params[:person].delete(:email)
+ user_data[:password] = params[:person].delete(:password)
+ user_data[:password_confirmation] = params[:person].delete(:password_confirmation)
+ user = User.build(user_data, params[:person], environment)
+ if !user.signup!
+ render_api_errors!(user.errors.full_messages)
+ end
+
+ present user.person, :with => Entities::Person
+ end
+
desc "Return the person friends"
get ':id/friends' do
person = environment.people.visible_for_person(current_person).find_by_id(params[:id])
@@ -49,8 +71,20 @@ module Noosfero
present friends, :with => Entities::Person
end
- end
+ desc "Return the person permissions on other profiles"
+ get ":id/permissions" do
+ person = environment.people.find(params[:id])
+ return forbidden! unless current_person == person || environment.admins.include?(current_person)
+ output = {}
+ person.role_assignments.map do |role_assigment|
+ if role_assigment.resource.respond_to?(:identifier)
+ output[role_assigment.resource.identifier] = role_assigment.role.permissions
+ end
+ end
+ present output
+ end
+ end
end
end
end
=====================================
lib/noosfero/api/v1/users.rb deleted
=====================================
--- a/lib/noosfero/api/v1/users.rb
+++ /dev/null
@@ -1,52 +0,0 @@
-module Noosfero
- module API
- module V1
- class Users < Grape::API
- before { authenticate! }
-
- resource :users do
-
- #FIXME make the pagination
- #FIXME put it on environment context
- get do
- present environment.users, :with => Entities::User
- end
-
- # Example Request:
- # POST api/v1/users?user[login]=some_login&user[password]=some
- post do
- user = User.new(params[:user])
- user.terms_of_use = environment.terms_of_use
- user.environment = environment
- if !user.save
- render_api_errors!(user.errors.full_messages)
- end
-
- present user, :with => Entities::User
- end
-
- get "/me" do
- present current_user, :with => Entities::User
- end
-
- get ":id" do
- present environment.users.find_by_id(params[:id]), :with => Entities::User
- end
-
- get ":id/permissions" do
- user = environment.users.find(params[:id])
- output = {}
- user.person.role_assignments.map do |role_assigment|
- if role_assigment.resource.respond_to?(:identifier) && role_assigment.resource.identifier == params[:profile]
- output[:permissions] = role_assigment.role.permissions
- end
- end
- present output
- end
-
- end
-
- end
- end
- end
-end
=====================================
test/unit/api/people_test.rb
=====================================
--- a/test/unit/api/people_test.rb
+++ b/test/unit/api/people_test.rb
@@ -40,9 +40,15 @@ class PeopleTest < ActiveSupport::TestCase
end
should 'get person' do
- person = fast_create(Person)
+ some_person = fast_create(Person)
- get "/api/v1/people/#{person.id}?#{params.to_query}"
+ get "/api/v1/people/#{some_person.id}?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal some_person.id, json['person']['id']
+ end
+
+ should 'get logged person' do
+ get "/api/v1/people/me?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_equal person.id, json['person']['id']
end
@@ -96,4 +102,50 @@ class PeopleTest < ActiveSupport::TestCase
assert_not_includes friends, invisible_friend.id
end
+ should 'create a person' do
+ login = 'some'
+ params[:person] = {:login => login, :password => '123456', :password_confirmation => '123456', :email => 'some at some.com'}
+ post "/api/v1/people?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal login, json['person']['identifier']
+ end
+
+ should 'return 400 status for invalid person creation' do
+ params[:person] = {:login => 'some'}
+ post "/api/v1/users?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 400, last_response.status
+ end
+
+ should 'display permissions' do
+ community = fast_create(Community)
+ community.add_member(fast_create(Person))
+ community.add_member(person)
+ permissions = Profile::Roles.member(person.environment.id).permissions
+ get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+
+ assert_equal json[community.identifier], permissions
+ end
+
+ should 'display permissions if self' do
+ get "/api/v1/people/#{person.id}/permissions?#{params.to_query}"
+ assert_equal 200, last_response.status
+ end
+
+ should 'display permissions if admin' do
+ environment = person.environment
+ environment.add_admin(person)
+ some_person = fast_create(Person)
+
+ get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
+ assert_equal 200, last_response.status
+ end
+
+ should 'not display permissions if not admin or self' do
+ some_person = create_user('some-person').person
+
+ get "/api/v1/people/#{some_person.id}/permissions?#{params.to_query}"
+ assert_equal 403, last_response.status
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/9969f2f89bb23a635aa5ad4b870d041b8ae5cf15
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150629/91c27dcc/attachment.html>
More information about the Noosfero-dev
mailing list