[Git][noosfero/noosfero][master] api: put roles endpoint inside profiles resource

Fri Jul 22 13:07:33 BRT 2016

Victor Costa pushed to branch master at Noosfero / noosfero


Commits:
3e2a483a by Victor Costa at 2016-07-22T13:06:48-03:00
api: put roles endpoint inside profiles resource

- - - - -


2 changed files:

- app/api/v1/roles.rb
- test/api/roles_test.rb


Changes:

=====================================
app/api/v1/roles.rb
=====================================

--- a/app/api/v1/roles.rb
+++ b/app/api/v1/roles.rb
@@ -5,14 +5,15 @@ module Api
 
       MAX_PER_PAGE = 50
 
-      resource :organizations do
-        segment "/:organization_id" do
+      resource :profiles do
+        segment "/:profile_id" do
           resource :roles do
 
             paginate max_per_page: MAX_PER_PAGE
             get do
-              organization = environment.profiles.find(params[:organization_id])
-              roles = Profile::Roles.organization_roles(organization.environment.id, organization.id)
+              profile = environment.profiles.find(params[:profile_id])
+              return forbidden! unless profile.kind_of?(Organization)
+              roles = Profile::Roles.organization_roles(profile.environment.id, profile.id)
               present_partial paginate(roles), with: Entities::Role
             end
             


=====================================
test/api/roles_test.rb
=====================================
--- a/test/api/roles_test.rb
+++ b/test/api/roles_test.rb
@@ -16,8 +16,13 @@ class TolesTest < ActiveSupport::TestCase
     role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
     role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
     profile.custom_roles << role2
-    get "/api/v1/organizations/#{profile.id}/roles?#{params.to_query}"
+    get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
     json = JSON.parse(last_response.body)
     assert_equivalent [role1.id, role2.id], json['roles'].map {|r| r['id']}
   end
+
+  should 'return forbidden status when profile is not an organization' do
+    get "/api/v1/profiles/#{person.id}/roles?#{params.to_query}"
+    assert_equal 403, last_response.status
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/3e2a483accb48c7a76ff617ed933c46d236581be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160722/41f11bb0/attachment-0001.html>
