[Git][noosfero/noosfero][master] 2 commits: api: add and remove members from profile
Leandro Nunes
gitlab at mg.gitlab.com
Thu Jul 14 18:28:35 BRT 2016
Leandro Nunes pushed to branch master at Noosfero / noosfero
Commits:
0fbb8b5d by Victor Costa at 2016-07-14T09:48:41-03:00
api: add and remove members from profile
- - - - -
ee9a46b6 by Leandro Nunes at 2016-07-14T21:28:08+00:00
Merge branch 'join-community-api' into 'master'
api: add and remove members from profile
See merge request !977
- - - - -
4 changed files:
- app/api/v1/people.rb
- app/models/profile.rb
- test/api/people_test.rb
- test/unit/profile_test.rb
Changes:
=====================================
app/api/v1/people.rb
=====================================
--- a/app/api/v1/people.rb
+++ b/app/api/v1/people.rb
@@ -119,6 +119,20 @@ module Api
members = select_filtered_collection_of(profile, 'members', params)
present members, :with => Entities::Person, :current_person => current_person
end
+
+ post do
+ authenticate!
+ profile = environment.profiles.find_by id: params[:profile_id]
+ profile.add_member(current_person) rescue forbidden!
+ {pending: !current_person.is_member_of?(profile)}
+ end
+
+ delete do
+ authenticate!
+ profile = environment.profiles.find_by id: params[:profile_id]
+ profile.remove_member(current_person)
+ present current_person, :with => Entities::Person, :current_person => current_person
+ end
end
end
end
=====================================
app/models/profile.rb
=====================================
--- a/app/models/profile.rb
+++ b/app/models/profile.rb
@@ -758,7 +758,7 @@ private :generate_url, :url_options
# Adds a person as member of this Profile.
def add_member(person, attributes={})
- if self.has_members?
+ if self.has_members? && !self.secret
if self.closed? && members.count > 0
AddMember.create!(:person => person, :organization => self) unless self.already_request_membership?(person)
else
=====================================
test/api/people_test.rb
=====================================
--- a/test/api/people_test.rb
+++ b/test/api/people_test.rb
@@ -397,4 +397,62 @@ class PeopleTest < ActiveSupport::TestCase
assert_not_nil person.image
assert_equal person.image.filename, base64_image[:filename]
end
+
+ should 'add logged person as member of a profile' do
+ login_api
+ profile = fast_create(Community)
+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal json['pending'], false
+ assert person.is_member_of?(profile)
+ end
+
+ should 'create task when add logged person as member of a moderated profile' do
+ login_api
+ profile = fast_create(Community, public_profile: false)
+ profile.add_member(create_user.person)
+ profile.closed = true
+ profile.save!
+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal json['pending'], true
+ assert !person.is_member_of?(profile)
+ end
+
+ should 'remove logged person as member of a profile' do
+ login_api
+ profile = fast_create(Community)
+ profile.add_member(person)
+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal person.identifier, json['person']['identifier']
+ assert !person.is_member_of?(profile)
+ end
+
+ should 'forbid access to add members for non logged user' do
+ profile = fast_create(Community)
+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+ assert_equal 401, last_response.status
+ end
+
+ should 'forbid access to remove members for non logged user' do
+ profile = fast_create(Community)
+ delete "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+ assert_equal 401, last_response.status
+ end
+
+ should 'forbid to add person as member when the profile does not allow' do
+ login_api
+ profile = fast_create(Person)
+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+ assert_equal 403, last_response.status
+ end
+
+ should 'forbid to add person as member when the profile is secret' do
+ login_api
+ profile = fast_create(Community, secret: true)
+ post "/api/v1/profiles/#{profile.id}/members?#{params.to_query}"
+ assert !person.is_member_of?(profile)
+ assert_equal 403, last_response.status
+ end
end
=====================================
test/unit/profile_test.rb
=====================================
--- a/test/unit/profile_test.rb
+++ b/test/unit/profile_test.rb
@@ -2224,4 +2224,12 @@ class ProfileTest < ActiveSupport::TestCase
assert !profile.send("allow_#{permission.gsub(/_profile/,'')}?", nil)
end
end
+
+ should 'not allow to add members in secret profiles' do
+ c = fast_create(Community, secret: true)
+ p = create_user('mytestuser').person
+ assert_raise RuntimeError do
+ c.add_member(p)
+ end
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/5d45f66269eb8cef9fd058f6a80bd8af51e7d9dd...ee9a46b627f35aa99ad88a06f68f0ae7b84a48f7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160714/7236faad/attachment-0001.html>
More information about the Noosfero-dev
mailing list