[Git][noosfero/noosfero][master] 2 commits: make the roles of a profile endpoint public
Leandro Nunes
gitlab at mg.gitlab.com
Wed Oct 25 16:19:45 BRST 2017
Leandro Nunes pushed to branch master at Noosfero / noosfero
Commits:
bd12e671 by Leandro Nunes dos Santos at 2017-10-25T13:50:33-03:00
make the roles of a profile endpoint public
- - - - -
e0dccd43 by Leandro Nunes at 2017-10-25T18:19:32+00:00
Merge branch 'make-profile-roles-public' into 'master'
make the roles of a profile endpoint public
See merge request noosfero/noosfero!1336
- - - - -
3 changed files:
- app/api/helpers.rb
- app/api/v1/roles.rb
- test/api/roles_test.rb
Changes:
=====================================
app/api/helpers.rb
=====================================
--- a/app/api/helpers.rb
+++ b/app/api/helpers.rb
@@ -413,10 +413,14 @@ module Api
end
def render_api_error!(user_message, status = Api::Status::Http::BAD_REQUEST)
- message_hash = {'message' => user_message}
log_message = "#{status}, User message: #{user_message}"
logger.error log_message unless Rails.env.test?
- error!(message_hash, status)
+ msg = {
+ :success => false,
+ :message => user_message,
+ :code => status
+ }
+ error!(msg, status)
end
def render_model_errors!(active_record_errors)
=====================================
app/api/v1/roles.rb
=====================================
--- a/app/api/v1/roles.rb
+++ b/app/api/v1/roles.rb
@@ -1,7 +1,6 @@
module Api
module V1
class Roles < Grape::API
- before { authenticate! }
MAX_PER_PAGE = 50
@@ -24,6 +23,7 @@ module Api
resource :assign do
post do
+ authenticate!
profile = environment.profiles.find(params[:id])
return forbidden! unless profile.kind_of?(Organization)
=====================================
test/api/roles_test.rb
=====================================
--- a/test/api/roles_test.rb
+++ b/test/api/roles_test.rb
@@ -52,4 +52,31 @@ class TolesTest < ActiveSupport::TestCase
json = JSON.parse(last_response.body)
assert_equal ['profile_moderator'], json.map { |r| r['key'] }
end
+
+ should 'only logged user assign roles to a person into an organization' do
+ logout_api
+ environment.roles.delete_all
+ role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
+ role2 = Role.create!(key: 'profile_moderator', name: 'moderator', environment: environment)
+ role3 = Role.create!(key: 'member', name: 'member', environment: environment)
+ profile.affiliate(person, [role3])
+ params[:person_id] = person.id
+ params[:role_ids] = [role2.id]
+ params[:remove_role_ids] = [role3.id]
+ post "/api/v1/profiles/#{profile.id}/roles/assign?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert !json['success']
+ end
+
+ should 'list organization roles even unlogged' do
+ logout_api
+ environment.roles.delete_all
+ role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
+ role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
+ profile.custom_roles << role2
+ get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
+ json = JSON.parse(last_response.body)
+ assert_equivalent [role1.id, role2.id], json.map {|r| r['id']}
+ end
+
end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/c40c1968616fd470476215123a2e87cfefbc5567...e0dccd436fc7e0937c6af5a7fb1f25a246c558ad
---
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/c40c1968616fd470476215123a2e87cfefbc5567...e0dccd436fc7e0937c6af5a7fb1f25a246c558ad
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20171025/148ccb10/attachment-0001.html>
More information about the Noosfero-dev
mailing list