[Git][noosfero/noosfero][master] 2 commits: api: add and remove members from profile

Thu Jul 14 18:28:35 BRT 2016

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
0fbb8b5d by Victor Costa at 2016-07-14T09:48:41-03:00
api: add and remove members from profile

- - - - -
ee9a46b6 by Leandro Nunes at 2016-07-14T21:28:08+00:00
Merge branch 'join-community-api' into 'master'

api: add and remove members from profile



See merge request !977
- - - - -


4 changed files:

- app/api/v1/people.rb
- app/models/profile.rb
- test/api/people_test.rb
- test/unit/profile_test.rb


Changes:

=====================================
app/api/v1/people.rb
=====================================

--- a/app/api/v1/people.rb
+++ b/app/api/v1/people.rb
@@ -119,6 +119,20 @@ module Api
               members = select_filtered_collection_of(profile, 'members', params)
               present members, :with => Entities::Person, :current_person => current_person
             end
+
+            post do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.add_member(current_person) rescue forbidden!
+              {pending: !current_person.is_member_of?(profile)}
+            end
+
+            delete do
+              authenticate!
+              profile = environment.profiles.find_by id: params[:profile_id]
+              profile.remove_member(current_person)
+              present current_person, :with => Entities::Person, :current_person => current_person
+            end
           end
         end
       end


=====================================
app/models/profile.rb
=====================================
--- a/app/models/profile.rb
+++ b/app/models/profile.rb
@@ -758,7 +758,7 @@ private :generate_url, :url_options
 
   # Adds a person as member of this Profile.
   def add_member(person, attributes={})
-    if self.has_members?
+    if self.has_members? && !self.secret
       if self.closed? && members.count > 0
         AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
       else


=====================================
test/api/people_test.rb
=====================================
--- a/test/api/people_test.rb
+++ b/test/api/people_test.rb
@@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase
     assert_not_nil person.image
     assert_equal person.image.filename, base64_image[:filename]
   end
+
+  should 'add logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], false
+    assert person.is_member_of?(profile)
+  end
+
+  should 'create task when add logged person as member of a moderated profile' do
+    login_api
+    profile = fast_create(Community, public_profile: false)
+    profile.add_member(create_user.person)
+    profile.closed = true
+    profile.save!
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal json['pending'], true
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'remove logged person as member of a profile' do
+    login_api
+    profile = fast_create(Community)
+    profile.add_member(person)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal person.identifier, json['person']['identifier']
+    assert !person.is_member_of?(profile)
+  end
+
+  should 'forbid access to add members for non logged user' do
+    profile = fast_create(Community)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid access to remove members for non logged user' do
+    profile = fast_create(Community)
+    delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 401, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile does not allow' do
+    login_api
+    profile = fast_create(Person)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
+
+  should 'forbid to add person as member when the profile is secret' do
+    login_api
+    profile = fast_create(Community, secret: true)
+    post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+    assert !person.is_member_of?(profile)
+    assert_equal 403, last_response.status
+  end
 end


=====================================
test/unit/profile_test.rb
=====================================
--- a/test/unit/profile_test.rb
+++ b/test/unit/profile_test.rb
@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase
       assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
     end
   end
+
+  should 'not allow to add members in secret profiles' do
+    c = fast_create(Community, secret: true)
+    p = create_user('mytestuser').person
+    assert_raise RuntimeError do
+      c.add_member(p)
+    end
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/5d45f66269eb8cef9fd058f6a80bd8af51e7d9dd...ee9a46b627f35aa99ad88a06f68f0ae7b84a48f7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160714/7236faad/attachment-0001.html>
