[Git][noosfero/noosfero][master] 2 commits: make the roles of a profile endpoint public

Wed Oct 25 16:19:45 BRST 2017

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
bd12e671 by Leandro Nunes dos Santos at 2017-10-25T13:50:33-03:00
make the roles of a profile endpoint public

- - - - -
e0dccd43 by Leandro Nunes at 2017-10-25T18:19:32+00:00
Merge branch 'make-profile-roles-public' into 'master'

make the roles of a profile endpoint public

See merge request noosfero/noosfero!1336
- - - - -


3 changed files:

- app/api/helpers.rb
- app/api/v1/roles.rb
- test/api/roles_test.rb


Changes:

=====================================
app/api/helpers.rb
=====================================

--- a/app/api/helpers.rb
+++ b/app/api/helpers.rb
@@ -413,10 +413,14 @@ module Api
     end
 
     def render_api_error!(user_message, status = Api::Status::Http::BAD_REQUEST)
-      message_hash = {'message' => user_message}
       log_message = "#{status}, User message: #{user_message}"
       logger.error log_message unless Rails.env.test?
-      error!(message_hash, status)
+      msg = {
+        :success => false,
+        :message => user_message,
+        :code => status
+      }
+      error!(msg, status)
     end
 
     def render_model_errors!(active_record_errors)


=====================================
app/api/v1/roles.rb
=====================================
--- a/app/api/v1/roles.rb
+++ b/app/api/v1/roles.rb
@@ -1,7 +1,6 @@
 module Api
   module V1
     class Roles < Grape::API
-      before { authenticate! }
 
       MAX_PER_PAGE = 50
 
@@ -24,6 +23,7 @@ module Api
 
             resource :assign do
               post do
+                authenticate!
                 profile = environment.profiles.find(params[:id])
                 return forbidden! unless profile.kind_of?(Organization)
 


=====================================
test/api/roles_test.rb
=====================================
--- a/test/api/roles_test.rb
+++ b/test/api/roles_test.rb
@@ -52,4 +52,31 @@ class TolesTest < ActiveSupport::TestCase
     json = JSON.parse(last_response.body)
     assert_equal ['profile_moderator'], json.map { |r| r['key'] }
   end
+
+  should 'only logged user assign roles to a person into an organization' do
+    logout_api
+    environment.roles.delete_all
+    role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
+    role2 = Role.create!(key: 'profile_moderator', name: 'moderator', environment: environment)
+    role3 = Role.create!(key: 'member', name: 'member', environment: environment)
+    profile.affiliate(person, [role3])
+    params[:person_id] = person.id
+    params[:role_ids] = [role2.id]
+    params[:remove_role_ids] = [role3.id]
+    post "/api/v1/profiles/#{profile.id}/roles/assign?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert !json['success'] 
+  end
+
+  should 'list organization roles even unlogged' do
+    logout_api
+    environment.roles.delete_all
+    role1 = Role.create!(key: 'profile_administrator', name: 'admin', environment: environment)
+    role2 = Role.new(key: 'profile_moderator', name: 'moderator', environment: environment)
+    profile.custom_roles << role2
+    get "/api/v1/profiles/#{profile.id}/roles?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert_equivalent [role1.id, role2.id], json.map {|r| r['id']}
+  end
+
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/c40c1968616fd470476215123a2e87cfefbc5567...e0dccd436fc7e0937c6af5a7fb1f25a246c558ad

---
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/c40c1968616fd470476215123a2e87cfefbc5567...e0dccd436fc7e0937c6af5a7fb1f25a246c558ad
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20171025/148ccb10/attachment-0001.html>
