[Git][noosfero/noosfero][master] 2 commits: adding block preview for environments
Leandro Nunes
gitlab at mg.gitlab.com
Fri Oct 20 19:04:21 BRST 2017
Leandro Nunes pushed to branch master at Noosfero / noosfero
Commits:
f41dd749 by Leandro Nunes dos Santos at 2017-10-20T16:49:03-03:00
adding block preview for environments
- - - - -
464f73ab by Leandro Nunes at 2017-10-20T21:04:07+00:00
Merge branch 'environment_block_preview' into 'master'
adding block preview api endpoint for environments
See merge request noosfero/noosfero!1332
- - - - -
4 changed files:
- app/api/v1/blocks.rb
- app/models/environment.rb
- test/api/blocks_test.rb
- test/unit/environment_test.rb
Changes:
=====================================
app/api/v1/blocks.rb
=====================================
--- a/app/api/v1/blocks.rb
+++ b/app/api/v1/blocks.rb
@@ -20,6 +20,31 @@ module Api
end
end
+ resource :environments do
+ segment '/:id' do
+ resource :blocks do
+ resource :preview do
+ get do
+ block_type = params[:block_type]
+ return forbidden! unless Object.const_defined?(block_type) && block_type.constantize <= Block
+
+ local_environment = nil
+ if (params[:id] == "default")
+ local_environment = Environment.default
+ elsif (params[:id] == "context")
+ local_environment = environment
+ else
+ local_environment = Environment.find(params[:id])
+ end
+ return forbidden! unless local_environment.allow_edit_design?(current_person)
+ block = block_type.constantize.new(:box => Box.new(:owner => local_environment))
+ present_partial block, :with => Entities::Block, display_api_content: true
+ end
+ end
+ end
+ end
+ end
+
resource :blocks do
get ':id' do
block = Block.find(params["id"])
=====================================
app/models/environment.rb
=====================================
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -1128,6 +1128,10 @@ class Environment < ApplicationRecord
end
end
+ def allow_edit_design?(person = nil )
+ person.kind_of?(Profile) && person.has_permission?('edit_environment_design', self)
+ end
+
private
def default_language_available
=====================================
test/api/blocks_test.rb
=====================================
--- a/test/api/blocks_test.rb
+++ b/test/api/blocks_test.rb
@@ -267,4 +267,98 @@ class BlocksTest < ActiveSupport::TestCase
assert_includes json["api_content"]['articles'].map{ |article| article['id'] }, article2.id
end
+ ['environment_id', 'default', 'context'].map do |env_id|
+
+ define_method "test_should_return_forbidden_when_block_type_is_not_a_constant_declared_on_environment_with#{env_id}" do
+ params[:block_type] = 'FakeBlock'
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal json["message"], "403 Forbidden"
+ end
+
+ define_method "test_should_return_forbidden_when_block_type_is_a_constant_declared_but_is_not_derived_from_Block_on_envinronment_with_#{env_id}" do
+ params[:block_type] = 'Article'
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal json["message"], "403 Forbidden"
+ end
+
+ define_method "test_should_unlogged_user_not_be_able_to_get_preview_of_a_environment_Block_with_#{env_id}"do
+ logout_api
+ params[:block_type] = 'RawHTMLBlock'
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_nil json["api_content"]
+ assert_equal json["message"], "403 Forbidden"
+ end
+
+ define_method "test_should_only_user_with_permission_see_the_preview_of_a_environment_Block_with_#{env_id}"do
+ params[:block_type] = 'RawHTMLBlock'
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_nil json["api_content"]
+ assert_equal json["message"], "403 Forbidden"
+ end
+
+ define_method "test_should_'only_user_with_edit_environment_design_permission_see_the_preview_of_a_environment_Block_with_#{env_id}"do
+ give_permission(person, 'edit_environment_design', environment)
+ params[:block_type] = 'RawHTMLBlock'
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_not_nil json["api_content"]
+ end
+
+ define_method "test_should_user_with_permissions_different_from_edit_environment_design_should_not_see_the_preview_of_a_environment_Block_with_#{env_id}" do
+ login_api
+
+ ['destroy_profile', 'edit_profile', 'post_content'].map do |permission|
+ give_permission(person, permission, environment)
+ end
+ params[:block_type] = 'RawHTMLBlock'
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_nil json["api_content"]
+ assert_equal json["message"], "403 Forbidden"
+ end
+
+ define_method "test_should_be_able_to_get_preview_of_CommunitiesBlock_on_environment_with_#{env_id}" do
+ community = fast_create(Community, :environment_id => environment.id)
+ environment.add_admin(person)
+ params[:block_type] = 'CommunitiesBlock'
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_includes json["api_content"]['communities'].map{ |community| community['id'] }, community.id
+ end
+
+
+ define_method "test_should_be_able_to_get_preview_of_RawHTMLBlock_on_environment_with_#{env_id}" do
+ params[:block_type] = 'RawHTMLBlock'
+ environment.add_admin(person)
+ environment_id = (env_id == 'environment_id') ? environment.id : env_id
+ get "/api/v1/environments/#{environment_id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_nil json["api_content"]['html']
+ end
+
+ define_method "test_should_be_able_to_get_preview_of_RecentDocumentsBlock_on_environment_with_#{env_id}" do
+ article1 = fast_create(Article, :profile_id => user.person.id, :name => "Article 1")
+ article2 = fast_create(Article, :profile_id => user.person.id, :name => "Article 2")
+ params[:block_type] = 'RecentDocumentsBlock'
+ environment.add_admin(person)
+ get "/api/v1/environments/#{environment.id}/blocks/preview?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equal 2, json["api_content"]["articles"].size
+ assert_includes json["api_content"]['articles'].map{ |article| article['id'] }, article1.id
+ assert_includes json["api_content"]['articles'].map{ |article| article['id'] }, article2.id
+ end
+
+ end
+
end
=====================================
test/unit/environment_test.rb
=====================================
--- a/test/unit/environment_test.rb
+++ b/test/unit/environment_test.rb
@@ -1935,4 +1935,11 @@ class EnvironmentTest < ActiveSupport::TestCase
assert_equal 500, environment.quota_for(Person)
end
+ should 'allow_edit_design be true if the user is the environment admin' do
+ environment = Environment.default
+ person = fast_create(Person)
+ environment.add_admin(person)
+ assert environment.allow_edit_design?(person)
+ end
+
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/bc2be38cf0cdb58bbad8a0e76986a6462c57c459...464f73ab9dec65afda6e34369b1bb177064653ae
---
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/bc2be38cf0cdb58bbad8a0e76986a6462c57c459...464f73ab9dec65afda6e34369b1bb177064653ae
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20171020/9acea00c/attachment-0001.html>
More information about the Noosfero-dev
mailing list