[Git][noosfero/noosfero][master] 2 commits: api: display activities for non logged users in public communities

[Victor Costa]

Victor Costa pushed to branch master at Noosfero / noosfero


Commits:
fa8403df by Victor Costa at 2016-05-30T10:49:17-03:00
api: display activities for non logged users in public communities

- - - - -
dffe0249 by Victor Costa at 2016-05-30T17:08:29+00:00
Merge branch 'activities-api-permission' into 'master'

api: display activities for non logged users in public communities



See merge request !946
- - - - -


4 changed files:

- app/api/v1/activities.rb
- app/models/organization.rb
- test/api/activities_test.rb
- test/unit/organization_test.rb


Changes:

=====================================
app/api/v1/activities.rb
=====================================
--- a/app/api/v1/activities.rb
+++ b/app/api/v1/activities.rb
@@ -1,7 +1,6 @@
 module Api
   module V1
     class Activities < Grape::API
-      before { authenticate! }
 
       resource :profiles do
 
@@ -9,7 +8,7 @@ module Api
           profile = Profile.find_by id: params[:id]
 
           not_found! if profile.blank? || profile.secret || !profile.visible
-          forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
+          forbidden! if !profile.display_private_info_to?(current_person)
 
           activities = profile.activities.map(&:activity)
           present activities, :with => Entities::Activity, :current_person => current_person


=====================================
app/models/organization.rb
=====================================
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@@ -234,4 +234,7 @@ class Organization < Profile
     self.admins.where(:id => user.id).exists?
   end
 
+  def display_private_info_to?(user)
+    (public_profile && visible && !secret) || super
+  end
 end


=====================================
test/api/activities_test.rb
=====================================
--- a/test/api/activities_test.rb
+++ b/test/api/activities_test.rb
@@ -27,8 +27,8 @@ class ActivitiesTest < ActiveSupport::TestCase
     assert_equal 403, last_response.status
   end
 
-  should 'not get community activities if not member' do
-    community = fast_create(Community)
+  should 'not get community activities if not member and community is private' do
+    community = fast_create(Community, public_profile: false)
     other_person = fast_create(Person)
     community.add_member(other_person) # so there is an activity in community
 
@@ -68,6 +68,15 @@ class ActivitiesTest < ActiveSupport::TestCase
     assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
   end
 
+  should 'get activities for non logged user in a public community' do
+    community = fast_create(Community)
+    create_activity(community)
+    community.add_member(person)
+    get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
+  end
+
   def create_activity(target)
     activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target
     ProfileActivity.create! profile_id: target.id, activity: activity


=====================================
test/unit/organization_test.rb
=====================================
--- a/test/unit/organization_test.rb
+++ b/test/unit/organization_test.rb
@@ -567,4 +567,24 @@ class OrganizationTest < ActiveSupport::TestCase
     assert_not_includes person_orgs,    o7
     assert_includes     env_admin_orgs, o7
   end
+
+  should 'return true at display_private_info_to? when profile is public and user is nil' do
+    organization = fast_create(Organization, public_profile: true)
+    assert organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is public and secret' do
+    organization = fast_create(Organization, public_profile: true, secret: true)
+    assert !organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is public and not visible' do
+    organization = fast_create(Organization, public_profile: true, visible: false)
+    assert !organization.display_private_info_to?(nil)
+  end
+
+  should 'return false at display_private_info_to? when profile is private and user is nil' do
+    organization = fast_create(Organization, public_profile: false)
+    assert !organization.display_private_info_to?(nil)
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/e4346d574d77347afb7c4d439726b6e9f18c4059...dffe0249dbd4df0d830596026cf6e454709a4da2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160530/f9c531a5/attachment-0001.html>