[Git][noosfero/noosfero][master] 2 commits: Adds delete endpoint to profiles API
Joenio Costa
gitlab at mg.gitlab.com
Wed Apr 27 10:51:50 BRT 2016
Joenio Costa pushed to branch master at Noosfero / noosfero
Commits:
06c36ffd by Marcos Ronaldo at 2016-04-18T15:52:13-03:00
Adds delete endpoint to profiles API
- - - - -
62abbce2 by Joenio Costa at 2016-04-27T13:51:33+00:00
Merge branch 'api_delete_profile' into 'master'
Adds delete endpoint to profiles API
Adds delete endpoint do profiles API. The endpoint checks if the logged user has permission to do so, and returns forbidden otherwise. Returns 404 if target is not found.
See merge request !860
- - - - -
2 changed files:
- lib/noosfero/api/v1/profiles.rb
- test/api/profiles_test.rb
Changes:
=====================================
lib/noosfero/api/v1/profiles.rb
=====================================
--- a/lib/noosfero/api/v1/profiles.rb
+++ b/lib/noosfero/api/v1/profiles.rb
@@ -19,6 +19,19 @@ module Noosfero
profile = profiles.find_by id: params[:id]
present profile, :with => Entities::Profile, :current_person => current_person
end
+
+ delete ':id' do
+ profiles = environment.profiles
+ profile = profiles.find_by id: params[:id]
+
+ not_found! if profile.blank?
+
+ if current_person.has_permission?(:destroy_profile, profile)
+ profile.destroy
+ else
+ forbidden!
+ end
+ end
end
end
end
=====================================
test/api/profiles_test.rb
=====================================
--- a/test/api/profiles_test.rb
+++ b/test/api/profiles_test.rb
@@ -29,4 +29,52 @@ class ProfilesTest < ActiveSupport::TestCase
json = JSON.parse(last_response.body)
assert_equal community.id, json['id']
end
+
+ group_kinds = %w(community enterprise)
+ group_kinds.each do |kind|
+ should "delete #{kind} from profile id with permission" do
+ profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+ give_permission(@person, 'destroy_profile', profile)
+ assert_not_nil Profile.find_by_id profile.id
+
+ delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+
+ assert_equal 200, last_response.status
+ assert_nil Profile.find_by_id profile.id
+ end
+
+ should "not delete #{kind} from profile id without permission" do
+ profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
+ assert_not_nil Profile.find_by_id profile.id
+
+ delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+
+ assert_equal 403, last_response.status
+ assert_not_nil Profile.find_by_id profile.id
+ end
+ end
+
+ should 'person delete itself' do
+ delete "/api/v1/profiles/#{@person.id}?#{params.to_query}"
+ assert_equal 200, last_response.status
+ assert_nil Profile.find_by_id @person.id
+ end
+
+ should 'only admin delete other people' do
+ profile = fast_create(Person, :environment_id => environment.id)
+ assert_not_nil Profile.find_by_id profile.id
+
+ delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+
+ assert_equal 403, last_response.status
+ assert_not_nil Profile.find_by_id profile.id
+
+ environment.add_admin(@person)
+
+ delete "/api/v1/profiles/#{profile.id}?#{params.to_query}"
+
+ assert_equal 200, last_response.status
+ assert_nil Profile.find_by_id profile.id
+
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/d21596841ba2bf240e52141e5a2473ff38617b29...62abbce29210aaf457bb900ff59c931b324c8261
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160427/35aad448/attachment-0001.html>
More information about the Noosfero-dev
mailing list