[Git][noosfero/noosfero][master] 2 commits: api: display activities for non logged users in public communities
Victor Costa
gitlab at mg.gitlab.com
Mon May 30 14:08:49 BRT 2016
Victor Costa pushed to branch master at Noosfero / noosfero
Commits:
fa8403df by Victor Costa at 2016-05-30T10:49:17-03:00
api: display activities for non logged users in public communities
- - - - -
dffe0249 by Victor Costa at 2016-05-30T17:08:29+00:00
Merge branch 'activities-api-permission' into 'master'
api: display activities for non logged users in public communities
See merge request !946
- - - - -
4 changed files:
- app/api/v1/activities.rb
- app/models/organization.rb
- test/api/activities_test.rb
- test/unit/organization_test.rb
Changes:
=====================================
app/api/v1/activities.rb
=====================================
--- a/app/api/v1/activities.rb
+++ b/app/api/v1/activities.rb
@@ -1,7 +1,6 @@
module Api
module V1
class Activities < Grape::API
- before { authenticate! }
resource :profiles do
@@ -9,7 +8,7 @@ module Api
profile = Profile.find_by id: params[:id]
not_found! if profile.blank? || profile.secret || !profile.visible
- forbidden! if !profile.secret && profile.visible && !profile.display_private_info_to?(current_person)
+ forbidden! if !profile.display_private_info_to?(current_person)
activities = profile.activities.map(&:activity)
present activities, :with => Entities::Activity, :current_person => current_person
=====================================
app/models/organization.rb
=====================================
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@@ -234,4 +234,7 @@ class Organization < Profile
self.admins.where(:id => user.id).exists?
end
+ def display_private_info_to?(user)
+ (public_profile && visible && !secret) || super
+ end
end
=====================================
test/api/activities_test.rb
=====================================
--- a/test/api/activities_test.rb
+++ b/test/api/activities_test.rb
@@ -27,8 +27,8 @@ class ActivitiesTest < ActiveSupport::TestCase
assert_equal 403, last_response.status
end
- should 'not get community activities if not member' do
- community = fast_create(Community)
+ should 'not get community activities if not member and community is private' do
+ community = fast_create(Community, public_profile: false)
other_person = fast_create(Person)
community.add_member(other_person) # so there is an activity in community
@@ -68,6 +68,15 @@ class ActivitiesTest < ActiveSupport::TestCase
assert_equivalent other_person.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
end
+ should 'get activities for non logged user in a public community' do
+ community = fast_create(Community)
+ create_activity(community)
+ community.add_member(person)
+ get "/api/v1/profiles/#{community.id}/activities?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equivalent community.activities.map(&:activity).map(&:id), json["activities"].map{|c| c["id"]}
+ end
+
def create_activity(target)
activity = ActionTracker::Record.create! :verb => :leave_scrap, :user => person, :target => target
ProfileActivity.create! profile_id: target.id, activity: activity
=====================================
test/unit/organization_test.rb
=====================================
--- a/test/unit/organization_test.rb
+++ b/test/unit/organization_test.rb
@@ -567,4 +567,24 @@ class OrganizationTest < ActiveSupport::TestCase
assert_not_includes person_orgs, o7
assert_includes env_admin_orgs, o7
end
+
+ should 'return true at display_private_info_to? when profile is public and user is nil' do
+ organization = fast_create(Organization, public_profile: true)
+ assert organization.display_private_info_to?(nil)
+ end
+
+ should 'return false at display_private_info_to? when profile is public and secret' do
+ organization = fast_create(Organization, public_profile: true, secret: true)
+ assert !organization.display_private_info_to?(nil)
+ end
+
+ should 'return false at display_private_info_to? when profile is public and not visible' do
+ organization = fast_create(Organization, public_profile: true, visible: false)
+ assert !organization.display_private_info_to?(nil)
+ end
+
+ should 'return false at display_private_info_to? when profile is private and user is nil' do
+ organization = fast_create(Organization, public_profile: false)
+ assert !organization.display_private_info_to?(nil)
+ end
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/e4346d574d77347afb7c4d439726b6e9f18c4059...dffe0249dbd4df0d830596026cf6e454709a4da2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160530/f9c531a5/attachment-0001.html>
More information about the Noosfero-dev
mailing list