[Git][noosfero/noosfero][master] 2 commits: add regexp check for profile id in endpoints

Victor Costa gitlab at mg.gitlab.com
Mon May 15 13:27:28 BRT 2017 

Victor Costa pushed to branch master at Noosfero / noosfero


Commits:
c04a01e5 by Marcelo Júnior at 2017-05-15T12:46:08-03:00
add regexp check for profile id in endpoints

- - - - -
83c9f8f2 by Victor Costa at 2017-05-15T16:27:14+00:00
Merge branch 'fix-access-to-profile-with-dot' into 'master'

api: add regexp check for profile id in endpoints

See merge request !1210
- - - - -


2 changed files:

- app/api/v1/profiles.rb
- test/api/profiles_test.rb


Changes:

=====================================
app/api/v1/profiles.rb
=====================================
--- a/app/api/v1/profiles.rb
+++ b/app/api/v1/profiles.rb
@@ -11,7 +11,7 @@ module Api
           present profiles, :with => Entities::Profile, :current_person => current_person
         end
 
-        get ':id' do
+        get ':id', requirements: { id: /#{Noosfero.identifier_format}/ } do
           profiles = environment.profiles
           profiles = profiles.visible
           key = params[:key].to_s == "identifier" ? :identifier : :id


=====================================
test/api/profiles_test.rb
=====================================
--- a/test/api/profiles_test.rb
+++ b/test/api/profiles_test.rb
@@ -406,4 +406,11 @@ class ProfilesTest < ActiveSupport::TestCase
     assert_equal ({"name" => [{"error"=>"blank", "full_message"=>"Name can't be blank"}]}), json["errors"]
   end
 
+  should 'get profile from identifier with dot' do
+    some_person = fast_create(Person, identifier: 'profile.test')
+    params[:key] = :identifier
+    get "/api/v1/profiles/profile.test?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equal some_person.id, json['id']
+  end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/8855f3943c23b495ee51eaf52e5da06536e1003e...83c9f8f2996ec9c28ae6f829a50bd53b52569eb0

---
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/8855f3943c23b495ee51eaf52e5da06536e1003e...83c9f8f2996ec9c28ae6f829a50bd53b52569eb0
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20170515/7ff241b9/attachment-0001.html>

More information about the Noosfero-dev mailing list