[Git][noosfero/noosfero][master] 3 commits: api: add endpoint to remove comments
Leandro Nunes
gitlab at mg.gitlab.com
Thu May 19 13:24:25 BRT 2016
Leandro Nunes pushed to branch master at Noosfero / noosfero
Commits:
56e31cda by Victor Costa at 2016-05-19T11:35:22-03:00
api: add endpoint to remove comments
- - - - -
15cd9768 by Victor Costa at 2016-05-19T11:42:55-03:00
api: do not create comment when article does not accept it
- - - - -
46af34c8 by Leandro Nunes at 2016-05-19T16:23:30+00:00
Merge branch 'remove-comments-api' into 'master'
[API] Endpoit to remove comments
Also fix the post comment endpoint when article does not accept comments.
See merge request !930
- - - - -
2 changed files:
- app/api/v1/comments.rb
- test/api/comments_test.rb
Changes:
=====================================
app/api/v1/comments.rb
=====================================
--- a/app/api/v1/comments.rb
+++ b/app/api/v1/comments.rb
@@ -34,6 +34,7 @@ module Api
post ":id/comments" do
authenticate!
article = find_article(environment.articles, params[:id])
+ return forbidden! unless article.accept_comments?
options = params.select { |key,v| !['id','private_token'].include?(key) }.merge(:author => current_person, :source => article)
begin
comment = Comment.create!(options)
@@ -42,6 +43,19 @@ module Api
end
present comment, :with => Entities::Comment, :current_person => current_person
end
+
+ delete ":id/comments/:comment_id" do
+ article = find_article(environment.articles, params[:id])
+ comment = article.comments.find_by_id(params[:comment_id])
+ return not_found! if comment.nil?
+ return forbidden! unless comment.can_be_destroyed_by?(current_person)
+ begin
+ comment.destroy
+ present comment, with: Entities::Comment, :current_person => current_person
+ rescue => e
+ render_api_error!(e.message, 500)
+ end
+ end
end
end
=====================================
test/api/comments_test.rb
=====================================
--- a/test/api/comments_test.rb
+++ b/test/api/comments_test.rb
@@ -70,6 +70,16 @@ class CommentsTest < ActiveSupport::TestCase
assert_equal body, json['comment']['body']
end
+ should 'not create comment when an article does not accept comments' do
+ login_api
+ article = fast_create(Article, :profile_id => @local_person.id, :name => "Some thing", accept_comments: false)
+ body = 'My comment'
+ params.merge!({:body => body})
+ post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 403, last_response.status
+ end
+
should 'logged user not comment an archived article' do
login_api
article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :archived => true)
@@ -186,4 +196,53 @@ class CommentsTest < ActiveSupport::TestCase
assert_equal [comment1.id], json["comments"].map { |c| c['id'] }
end
+ should 'delete comment successfully' do
+ login_api
+ article = fast_create(Article, profile_id: person.id, name: "Some thing")
+ comment = article.comments.create!(body: "some comment", author: person)
+ delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 200, last_response.status
+ assert_equal comment.id, json['comment']['id']
+ assert_not_includes article.comments, comment
+ end
+
+ should 'not delete a comment when user is not logged' do
+ article = fast_create(Article, profile_id: person.id, name: "Some thing")
+ comment = article.comments.create!(body: "some comment", author: person)
+ delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 403, last_response.status
+ assert_includes article.comments, comment
+ end
+
+ should 'not delete a comment when user does not have permission' do
+ login_api
+ article = fast_create(Article, profile_id: @local_person.id, name: "Some thing")
+ comment = article.comments.create!(body: "some comment", author: @local_person)
+ delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 403, last_response.status
+ assert_includes article.comments, comment
+ end
+
+ should 'return not found when delete a inexistent comment' do
+ article = fast_create(Article, profile_id: person.id, name: "Some thing")
+ comment = article.comments.create!(body: "some comment", author: person)
+ delete "api/v1/articles/#{article.id}/comments/0?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 404, last_response.status
+ assert_includes article.comments, comment
+ end
+
+ should 'return error when failed to delete comment' do
+ login_api
+ article = fast_create(Article, profile_id: person.id, name: "Some thing")
+ comment = article.comments.create!(body: "some comment", author: person)
+ Comment.any_instance.expects(:destroy).raises(StandardError)
+ delete "api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 500, last_response.status
+ assert_includes article.comments, comment
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/b896adbeac95cf3589223ad463c31d17d4bb5b17...46af34c89aa189edb86cea304b6815208877a4c0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160519/18177799/attachment-0001.html>
More information about the Noosfero-dev
mailing list