can [:read, :update, :destroy], Message if scopes.include?("consume_messages")
can :create, Message if scopes.include?("send_messages")
+ can :read, :active_user_blocks_list if scopes.include?("read_prefs")
+
if user.terms_agreed?
can [:create, :update, :upload, :close, :subscribe, :unsubscribe], Changeset if scopes.include?("write_map")
can :create, ChangesetComment if scopes.include?("write_changeset_comments")
--- /dev/null
+module Api
+ module UserBlocks
+ class ActiveListsController < ApiController
+ before_action -> { authorize(:skip_blocks => true) }
+
+ authorize_resource :class => :active_user_blocks_list
+
+ before_action :set_request_formats
+
+ def show
+ @user_blocks = current_user.blocks.active.order(:id => :desc)
+ @skip_reason = true
+ end
+ end
+ end
+end
end
end
- def authorize(errormessage: "Couldn't authenticate you", skip_terms: false)
+ def authorize(errormessage: "Couldn't authenticate you", skip_blocks: false, skip_terms: false)
# make the current_user object from any auth sources we have
- setup_user_auth(:skip_terms => skip_terms)
+ setup_user_auth(:skip_blocks => skip_blocks, :skip_terms => skip_terms)
# handle authenticate pass/fail
unless current_user
# sets up the current_user for use by other methods. this is mostly called
# from the authorize method, but can be called elsewhere if authorisation
# is optional.
- def setup_user_auth(skip_terms: false)
+ def setup_user_auth(skip_blocks: false, skip_terms: false)
logger.info " setup_user_auth"
# try and setup using OAuth
self.current_user = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token&.accessible?
# have we identified the user?
if current_user
# check if the user has been banned
- user_block = current_user.blocks.active.take
- unless user_block.nil?
- set_locale
- if user_block.zero_hour?
- report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
- else
- report_error t("application.setup_user_auth.blocked"), :forbidden
+ unless skip_blocks
+ user_block = current_user.blocks.active.take
+ unless user_block.nil?
+ set_locale
+ if user_block.zero_hour?
+ report_error t("application.setup_user_auth.blocked_zero_hour"), :forbidden
+ else
+ report_error t("application.setup_user_auth.blocked"), :forbidden
+ end
end
end
-json.user_block do
- json.id user_block.id
- json.created_at user_block.created_at.xmlschema
- json.updated_at user_block.updated_at.xmlschema
- json.ends_at user_block.ends_at.xmlschema
- json.needs_view user_block.needs_view
+json.id user_block.id
+json.created_at user_block.created_at.xmlschema
+json.updated_at user_block.updated_at.xmlschema
+json.ends_at user_block.ends_at.xmlschema
+json.needs_view user_block.needs_view
- json.user :uid => user_block.user_id, :user => user_block.user.display_name
- json.creator :uid => user_block.creator_id, :user => user_block.creator.display_name
- json.revoker :uid => user_block.revoker_id, :user => user_block.revoker.display_name if user_block.revoker
+json.user :uid => user_block.user_id, :user => user_block.user.display_name
+json.creator :uid => user_block.creator_id, :user => user_block.creator.display_name
+json.revoker :uid => user_block.revoker_id, :user => user_block.revoker.display_name if user_block.revoker
- json.reason user_block.reason
-end
+json.reason user_block.reason unless @skip_reason
xml.user :uid => user_block.user_id, :user => user_block.user.display_name
xml.creator :uid => user_block.creator_id, :user => user_block.creator.display_name
xml.revoker :uid => user_block.revoker_id, :user => user_block.revoker.display_name if user_block.revoker
- xml.reason user_block.reason
+
+ xml.reason user_block.reason unless @skip_reason
end
--- /dev/null
+json.partial! "api/root_attributes"
+
+json.user_blocks do
+ json.array! @user_blocks, :partial => "api/user_blocks/user_block", :as => :user_block
+end
--- /dev/null
+xml.instruct!
+
+xml.osm(OSM::API.new.xml_root_attributes) do |osm|
+ osm << (render(:partial => "api/user_blocks/user_block", :collection => @user_blocks) || "")
+end
json.partial! "api/root_attributes"
-json.partial! @user_block
+json.user_block do
+ json.partial! @user_block
+end
end
resources :user_blocks, :only => :show, :id => /\d+/, :controller => "user_blocks"
+ namespace :user_blocks, :path => "user/blocks" do
+ resource :active_list, :path => "active", :only => :show
+ end
end
# Data browsing
--- /dev/null
+require "test_helper"
+
+module Api
+ module UserBlocks
+ class ActiveListsControllerTest < ActionDispatch::IntegrationTest
+ ##
+ # test all routes which lead to this controller
+ def test_routes
+ assert_routing(
+ { :path => "/api/0.6/user/blocks/active", :method => :get },
+ { :controller => "api/user_blocks/active_lists", :action => "show" }
+ )
+ assert_routing(
+ { :path => "/api/0.6/user/blocks/active.json", :method => :get },
+ { :controller => "api/user_blocks/active_lists", :action => "show", :format => "json" }
+ )
+ end
+
+ def test_show_no_auth_header
+ get api_user_blocks_active_list_path
+ assert_response :unauthorized
+ end
+
+ def test_show_no_permission
+ user = create(:user)
+ user_auth_header = bearer_authorization_header(user, :scopes => %w[])
+
+ get api_user_blocks_active_list_path, :headers => user_auth_header
+ assert_response :forbidden
+ end
+
+ def test_show_empty
+ user = create(:user)
+ user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs])
+ create(:user_block, :expired, :user => user)
+
+ get api_user_blocks_active_list_path, :headers => user_auth_header
+ assert_response :success
+ assert_dom "user_block", :count => 0
+ end
+
+ def test_show
+ user = create(:moderator_user)
+ user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs])
+ create(:user_block, :expired, :user => user)
+ block0 = create(:user_block, :user => user)
+ block1 = create(:user_block, :user => user)
+ create(:user_block)
+ create(:user_block, :creator => user)
+
+ get api_user_blocks_active_list_path, :headers => user_auth_header
+ assert_response :success
+ assert_dom "user_block", :count => 2 do |dom_blocks|
+ assert_dom dom_blocks[0], "> @id", block1.id.to_s
+ assert_dom dom_blocks[1], "> @id", block0.id.to_s
+ end
+ end
+
+ def test_show_json
+ user = create(:moderator_user)
+ user_auth_header = bearer_authorization_header(user, :scopes => %w[read_prefs])
+ create(:user_block, :expired, :user => user)
+ block0 = create(:user_block, :user => user)
+ block1 = create(:user_block, :user => user)
+ create(:user_block)
+ create(:user_block, :creator => user)
+
+ get api_user_blocks_active_list_path(:format => "json"), :headers => user_auth_header
+ assert_response :success
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+ assert_equal 2, js["user_blocks"].count
+ assert_equal block1.id, js["user_blocks"][0]["id"]
+ assert_equal block0.id, js["user_blocks"][1]["id"]
+ end
+ end
+ end
+end
projects / rails.git / commitdiff