[Git][noosfero/noosfero][master] api: put roles endpoint inside profiles resource
Victor Costa
gitlab at mg.gitlab.com
Fri Jul 22 13:07:33 BRT 2016
Victor Costa pushed to branch master at Noosfero / noosfero
Commits:
3e2a483a by Victor Costa at 2016-07-22T13:06:48-03:00
api: put roles endpoint inside profiles resource
- - - - -
2 changed files:
- app/api/v1/roles.rb
- test/api/roles_test.rb
Changes:
=====================================
app/api/v1/roles.rb
=====================================
--- a/app/api/v1/roles.rb
+++ b/app/api/v1/roles.rb
@@ -5,14 +5,15 @@ module Api
MAX_PER_PAGE = 50
- resource :organizations do
- segment "/:organization_id" do
+ resource :profiles do
+ segment "/:profile_id" do
resource :roles do
paginate max_per_page: MAX_PER_PAGE
get do
- organization = environment.profiles.find(params[:organization_id])
- roles = Profile::Roles.organization_roles(organization.environment.id, organization.id)
+ profile = environment.profiles.find(params[:profile_id])
+ return forbidden! unless profile.kind_of?(Organization)
+ roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
present_partial paginate(roles), with: Entities::Role
end
=====================================
test/api/roles_test.rb
=====================================
--- a/test/api/roles_test.rb
+++ b/test/api/roles_test.rb
@@ -16,8 +16,13 @@ class TolesTest < ActiveSupport::TestCase
role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
profile.custom_roles << role2
- get "/api/v1/organizations/#{profile.id}/roles?#{params.to_query}"
+ get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_equivalent [role1.id, role2.id], json['roles'].map {|r| r['id']}
end
+
+ should 'return forbidden status when profile is not an organization' do
+ get "/api/v1/profiles/#{person.id}/roles?#{params.to_query}"
+ assert_equal 403, last_response.status
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/3e2a483accb48c7a76ff617ed933c46d236581be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160722/41f11bb0/attachment-0001.html>
More information about the Noosfero-dev
mailing list