[Git][noosfero/noosfero][master] 3 commits: expose access of articles
Leandro Nunes
gitlab at mg.gitlab.com
Wed Dec 5 20:12:38 BRST 2018
Leandro Nunes pushed to branch master at Noosfero / noosfero
Commits:
0263042b by Leandro Nunes dos Santos at 2018-12-05T19:40:09Z
expose access of articles
- - - - -
711c2a30 by Leandro Nunes dos Santos at 2018-12-05T21:25:12Z
removing deprecated endpoint
- - - - -
fd38b6f8 by Leandro Nunes at 2018-12-05T22:12:34Z
Merge branch 'expose-article-access' into 'master'
expose access of articles
See merge request noosfero/noosfero!1651
- - - - -
3 changed files:
- app/api/entities.rb
- app/api/v1/articles.rb
- test/api/articles_test.rb
Changes:
=====================================
app/api/entities.rb
=====================================
@@ -240,6 +240,7 @@ module Api
expose :type
expose :comments, using: CommentBase, :if => lambda{|comment,options| Entities.expose_optional_field?(:comments, options)}
expose :published
+ expose :access
expose :accept_comments?, as: :accept_comments
expose :mime_type
expose :size, :if => lambda { |article, options| article.kind_of?(UploadedFile)}
@@ -315,6 +316,7 @@ module Api
expose :layout_template
expose :signup_intro
expose :terms_of_use
+ expose :contact_email
expose :captcha_site_key do |environment, options|
Recaptcha.configuration.site_key
end
=====================================
app/api/v1/articles.rb
=====================================
@@ -281,19 +281,7 @@ module Api
get do
profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
- if params[:path].present?
- article = profile.articles.find_by path: params[:path]
- if article && !article.display_to?(current_person)
- article = forbidden!
- end
- article ||= []
- status Api::Status::DEPRECATED
-
- present_partial article, :with => Entities::Article, current_person: current_person
- else
-
- present_articles_for_asset(profile)
- end
+ present_articles_for_asset(profile)
end
desc "Return a article associate with a profile of type #{kind}" do
@@ -305,7 +293,15 @@ module Api
end
get '/*id' do
profile = environment.send(kind.pluralize).find(params["#{kind}_id"])
- present_article(profile)
+ key = (params[:key].present? && params[:key] == 'path') ? :path : :id
+
+ article = profile.articles.find_by(key => params[:id])
+ if article && !article.display_to?(current_person)
+ article = forbidden!
+ end
+ article ||= not_found!
+
+ present_partial article, :with => Entities::Article, current_person: current_person
end
# Example Request:
=====================================
test/api/articles_test.rb
=====================================
@@ -7,7 +7,7 @@ class ArticlesTest < ActiveSupport::TestCase
login_api
end
- expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count url)
+ expose_attributes = %w(id body abstract created_at title author profile categories image votes_for votes_against setting position hits start_date end_date tag_list parent children children_count url access)
expose_attributes.each do |attr|
should "expose article #{attr} attribute by default" do
@@ -326,7 +326,7 @@ class ArticlesTest < ActiveSupport::TestCase
end
should 'list articles with pagination' do
- Article.destroy_all
+ Article.delete_all
article_one = fast_create(Article, :profile_id => user.person.id, :name => "Another thing", :created_at => 2.days.ago)
article_two = fast_create(Article, :profile_id => user.person.id, :name => "Some thing", :created_at => 1.day.ago)
@@ -400,21 +400,22 @@ class ArticlesTest < ActiveSupport::TestCase
parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article)
- params[:path] = parent_article.slug+'/'+article.slug
- get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+ params[:key] = 'path'
+ get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.path}?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_equal article.id, json["id"]
end
- should "return an empty array if theres id no article in path of #{kind}" do
+ should "return an error if there is no article in path of #{kind}" do
profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article)
- params[:path] = 'no-path'
- get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+ params[:key] = 'path'
+ get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/no-path?#{params.to_query}"
json = JSON.parse(last_response.body)
- assert json.empty?
+ assert !json['success']
+ assert_equal Api::Status::Http::NOT_FOUND, json['code']
end
should "not return article by #{kind} and path if user has no permission to view it" do
@@ -424,21 +425,11 @@ class ArticlesTest < ActiveSupport::TestCase
assert !article.published?
- params[:path] = parent_article.slug+'/'+article.slug
- get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
+ params[:key] = 'path'
+ get "/api/v1/#{kind.pluralize}/#{profile.id}/articles/#{article.path}?#{params.to_query}"
assert_equal 403, last_response.status
end
- should "get article in #{kind} by path in articles endpoint be deprecated" do
- profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
- parent_article = Folder.create!(:profile => profile, :name => "Parent Folder")
- article = Article.create!(:profile => profile, :name => "Some thing", :parent => parent_article)
-
- params[:path] = parent_article.slug+'/'+article.slug
- get "/api/v1/#{kind.pluralize}/#{profile.id}/articles?#{params.to_query}"
- assert_equal Api::Status::DEPRECATED, last_response.status
- end
-
should "return article by #{kind} and path with key parameter" do
profile = fast_create(kind.camelcase.constantize, :environment_id => environment.id)
folder = Folder.create!(:profile => profile, :name => "Folder")
@@ -848,7 +839,7 @@ class ArticlesTest < ActiveSupport::TestCase
end
should 'return only article fields defined in parameter' do
- Article.destroy_all
+ Article.delete_all
article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
params[:fields] = {:only => ['id', 'title']}
get "/api/v1/articles/?#{params.to_query}"
@@ -857,7 +848,7 @@ class ArticlesTest < ActiveSupport::TestCase
end
should 'return all article fields except the ones defined in parameter' do
- Article.destroy_all
+ Article.delete_all
article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
params[:fields] = {:except => ['id', 'title']}
get "/api/v1/articles/?#{params.to_query}"
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/fabb5274f6c86c700d96a0052f093f9219194d2f...fd38b6f86a58e877641bab4546a83bcea0929ff3
--
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/fabb5274f6c86c700d96a0052f093f9219194d2f...fd38b6f86a58e877641bab4546a83bcea0929ff3
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20181205/7594d6cb/attachment-0001.html>
More information about the Noosfero-dev
mailing list