cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create api changeset comment visibility resource

Browse source
This commit is contained in:
Anton Khorev 2025-02-23 04:59:26 +03:00
parent 457cc99349
commit 84a0c76ab2
13 changed files with 356 additions and 299 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/abilities/api_ability.rb
View file

@ -40,7 +40,7 @@ class ApiAbility
end
if user.moderator?
can [:destroy, :restore], ChangesetComment if scopes.include?("write_changeset_comments")
can [:create, :destroy], :changeset_comment_visibility if scopes.include?("write_changeset_comments")
can :destroy, Note if scopes.include?("write_notes")

60
app/controllers/api/changeset_comments/visibilities_controller.rb Normal file
View file

@ -0,0 +1,60 @@
module Api
module ChangesetComments
class VisibilitiesController < ApiController
before_action :check_api_writable
before_action :authorize
authorize_resource :class => :changeset_comment_visibility
before_action :set_request_formats
##
# Sets visible flag on comment to true
def create
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:changeset_comment_id]
# Extract the arguments
changeset_comment_id = params[:changeset_comment_id].to_i
# Find the changeset
comment = ChangesetComment.find(changeset_comment_id)
# Unhide the comment
comment.update(:visible => true)
# Return a copy of the updated changeset
@changeset = comment.changeset
respond_to do |format|
format.xml
format.json
end
end
##
# Sets visible flag on comment to false
def destroy
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:changeset_comment_id]
# Extract the arguments
changeset_comment_id = params[:changeset_comment_id].to_i
# Find the changeset
comment = ChangesetComment.find(changeset_comment_id)
# Hide the comment
comment.update(:visible => false)
# Return a copy of the updated changeset
@changeset = comment.changeset
respond_to do |format|
format.xml
format.json
end
end
end
end
end

50
app/controllers/api/changeset_comments_controller.rb
View file

@ -59,56 +59,6 @@ module Api
end
end
##
# Sets visible flag on comment to false
def destroy
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
# Find the changeset
comment = ChangesetComment.find(id)
# Hide the comment
comment.update(:visible => false)
# Return a copy of the updated changeset
@changeset = comment.changeset
render "api/changesets/show"
respond_to do |format|
format.xml
format.json
end
end
##
# Sets visible flag on comment to true
def restore
# Check the arguments are sane
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
# Extract the arguments
id = params[:id].to_i
# Find the changeset
comment = ChangesetComment.find(id)
# Unhide the comment
comment.update(:visible => true)
# Return a copy of the updated changeset
@changeset = comment.changeset
render "api/changesets/show"
respond_to do |format|
format.xml
format.json
end
end
private
##

2
app/controllers/api/changesets_controller.rb
View file

@ -63,7 +63,7 @@ module Api
@changeset = Changeset.find(params[:id])
if params[:include_discussion].presence
@comments = @changeset.comments
@comments = @comments.unscope(:where => :visible) if params[:show_hidden_comments].presence && can?(:restore, ChangesetComment)
@comments = @comments.unscope(:where => :visible) if params[:show_hidden_comments].presence && can?(:create, :changeset_comment_visibility)
@comments = @comments.includes(:author)
end

5
app/views/api/changeset_comments/visibilities/create.json.jbuilder Normal file
View file

@ -0,0 +1,5 @@
json.partial! "api/root_attributes"
json.changeset do
json.partial! "api/changesets/changeset", :changeset => @changeset
end

5
app/views/api/changeset_comments/visibilities/create.xml.builder Normal file
View file

@ -0,0 +1,5 @@
xml.instruct! :xml, :version => "1.0"
xml.osm(OSM::API.new.xml_root_attributes) do |osm|
osm << render(:partial => "api/changesets/changeset", :object => @changeset)
end

5
app/views/api/changeset_comments/visibilities/destroy.json.jbuilder Normal file
View file

@ -0,0 +1,5 @@
json.partial! "api/root_attributes"
json.changeset do
json.partial! "api/changesets/changeset", :changeset => @changeset
end

5
app/views/api/changeset_comments/visibilities/destroy.xml.builder Normal file
View file

@ -0,0 +1,5 @@
xml.instruct! :xml, :version => "1.0"
xml.osm(OSM::API.new.xml_root_attributes) do |osm|
osm << render(:partial => "api/changesets/changeset", :object => @changeset)
end

4
app/views/changesets/show.html.erb
View file

@ -49,8 +49,8 @@
<%= tag.button t(".#{comment.visible ? 'hide' : 'unhide'}_comment"),
:class => "btn btn-sm small btn-link link-secondary p-0 align-baseline",
:data => { :method => "POST",
:url => comment.visible ? changeset_comment_hide_url(comment) : changeset_comment_unhide_url(comment) } %>
:data => { :method => comment.visible ? "DELETE" : "POST",
:url => api_changeset_comment_visibility_path(comment) } %>
<% end %>
</small>
<div class="mx-2">

8
config/routes.rb
View file

@ -21,8 +21,6 @@ OpenStreetMap::Application.routes.draw do
post "changeset/:id/subscribe" => "changesets#subscribe", :as => :api_changeset_subscribe, :id => /\d+/
post "changeset/:id/unsubscribe" => "changesets#unsubscribe", :as => :api_changeset_unsubscribe, :id => /\d+/
put "changeset/:id/close" => "changesets#close", :as => :changeset_close, :id => /\d+/
post "changeset/comment/:id/hide" => "changeset_comments#destroy", :as => :changeset_comment_hide, :id => /\d+/
post "changeset/comment/:id/unhide" => "changeset_comments#restore", :as => :changeset_comment_unhide, :id => /\d+/
end
namespace :api, :path => "api/0.6" do
@ -33,7 +31,11 @@ OpenStreetMap::Application.routes.draw do
end
put "changeset/create" => "changesets#create", :as => nil
resources :changeset_comments, :only => :index
resources :changeset_comments, :id => /\d+/, :only => :index do
resource :visibility, :module => :changeset_comments, :only => [:create, :destroy]
end
post "changeset/comment/:changeset_comment_id/unhide" => "changeset_comments/visibilities#create", :changeset_comment_id => /\d+/, :as => nil
post "changeset/comment/:changeset_comment_id/hide" => "changeset_comments/visibilities#destroy", :changeset_comment_id => /\d+/, :as => nil
resources :nodes, :only => [:index, :create]
resources :nodes, :path => "node", :id => /\d+/, :only => [:show, :update, :destroy] do

28
test/abilities/api_capability_test.rb
View file

@ -8,9 +8,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
scopes = Set.new
ability = ApiAbility.new user, scopes
[:create, :destroy, :restore].each do |action|
assert ability.cannot? action, ChangesetComment
end
assert ability.cannot? :create, ChangesetComment
assert ability.cannot? :create, :changeset_comment_visibility
assert ability.cannot? :destroy, :changeset_comment_visibility
end
test "as a normal user with write_changeset_comments scope" do
@ -18,13 +18,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
scopes = Set.new %w[write_changeset_comments]
ability = ApiAbility.new user, scopes
[:destroy, :restore].each do |action|
assert ability.cannot? action, ChangesetComment
end
[:create].each do |action|
assert ability.can? action, ChangesetComment
end
assert ability.can? :create, ChangesetComment
assert ability.cannot? :create, :changeset_comment_visibility
assert ability.cannot? :destroy, :changeset_comment_visibility
end
test "as a moderator without scopes" do
@ -32,9 +28,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
scopes = Set.new
ability = ApiAbility.new user, scopes
[:create, :destroy, :restore].each do |action|
assert ability.cannot? action, ChangesetComment
end
assert ability.cannot? :create, ChangesetComment
assert ability.cannot? :create, :changeset_comment_visibility
assert ability.cannot? :destroy, :changeset_comment_visibility
end
test "as a moderator with write_changeset_comments scope" do
@ -42,9 +38,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase
scopes = Set.new %w[write_changeset_comments]
ability = ApiAbility.new user, scopes
[:create, :destroy, :restore].each do |action|
assert ability.can? action, ChangesetComment
end
assert ability.can? :create, ChangesetComment
assert ability.can? :create, :changeset_comment_visibility
assert ability.can? :destroy, :changeset_comment_visibility
end
end

255
test/controllers/api/changeset_comments/visibilities_controller_test.rb Normal file
View file

@ -0,0 +1,255 @@
require "test_helper"
module Api
module ChangesetComments
class VisibilitiesControllerTest < ActionDispatch::IntegrationTest
##
# test all routes which lead to this controller
def test_routes
assert_routing(
{ :path => "/api/0.6/changeset_comments/1/visibility", :method => :post },
{ :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" }
)
assert_routing(
{ :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :post },
{ :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" }
)
assert_routing(
{ :path => "/api/0.6/changeset_comments/1/visibility", :method => :delete },
{ :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" }
)
assert_routing(
{ :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :delete },
{ :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" }
)
assert_recognizes(
{ :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" },
{ :path => "/api/0.6/changeset/comment/1/unhide", :method => :post }
)
assert_recognizes(
{ :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" },
{ :path => "/api/0.6/changeset/comment/1/unhide.json", :method => :post }
)
assert_recognizes(
{ :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" },
{ :path => "/api/0.6/changeset/comment/1/hide", :method => :post }
)
assert_recognizes(
{ :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" },
{ :path => "/api/0.6/changeset/comment/1/hide.json", :method => :post }
)
end
def test_create_by_unauthorized
comment = create(:changeset_comment, :visible => false)
post api_changeset_comment_visibility_path(comment)
assert_response :unauthorized
assert_not comment.reload.visible
end
def test_create_by_normal_user
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header
post api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :forbidden
assert_not comment.reload.visible
end
def test_create_on_missing_comment
auth_header = bearer_authorization_header create(:moderator_user)
post api_changeset_comment_visibility_path(999111), :headers => auth_header
assert_response :not_found
end
def test_create_without_required_scope
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
post api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :forbidden
assert_not comment.reload.visible
end
def test_create_with_write_changeset_comments_scope
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
post api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "1"
end
end
assert comment.reload.visible
end
def test_create_with_write_changeset_comments_scope_json
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 1, js["changeset"]["comments_count"]
assert comment.reload.visible
end
def test_create_with_write_api_scope
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
post api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "1"
end
end
assert comment.reload.visible
end
def test_create_with_write_api_scope_json
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
assert_response :success
js = ActiveSupport::JSON.decode(@response.body)
assert_equal "application/json", response.media_type
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 1, js["changeset"]["comments_count"]
assert comment.reload.visible
end
def test_destroy_by_unauthorized
comment = create(:changeset_comment)
delete api_changeset_comment_visibility_path(comment)
assert_response :unauthorized
assert comment.reload.visible
end
def test_destroy_by_normal_user
comment = create(:changeset_comment)
auth_header = bearer_authorization_header
delete api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :forbidden
assert comment.reload.visible
end
def test_destroy_on_missing_comment
auth_header = bearer_authorization_header create(:moderator_user)
delete api_changeset_comment_visibility_path(999111), :headers => auth_header
assert_response :not_found
end
def test_destroy_without_required_scope
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
delete api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :forbidden
assert comment.reload.visible
end
def test_destroy_with_write_changeset_comments_scope
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
delete api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "0"
end
end
assert_not comment.reload.visible
end
def test_destroy_with_write_changeset_comments_scope_json
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 0, js["changeset"]["comments_count"]
assert_not comment.reload.visible
end
def test_destroy_with_write_api_scope
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
delete api_changeset_comment_visibility_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "0"
end
end
assert_not comment.reload.visible
end
def test_destroy_with_write_api_scope_json
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 0, js["changeset"]["comments_count"]
assert_not comment.reload.visible
end
end
end
end

226
test/controllers/api/changeset_comments_controller_test.rb
View file

@ -21,22 +21,6 @@ module Api
{ :path => "/api/0.6/changeset/1/comment.json", :method => :post },
{ :controller => "api/changeset_comments", :action => "create", :changeset_id => "1", :format => "json" }
)
assert_routing(
{ :path => "/api/0.6/changeset/comment/1/hide", :method => :post },
{ :controller => "api/changeset_comments", :action => "destroy", :id => "1" }
)
assert_routing(
{ :path => "/api/0.6/changeset/comment/1/hide.json", :method => :post },
{ :controller => "api/changeset_comments", :action => "destroy", :id => "1", :format => "json" }
)
assert_routing(
{ :path => "/api/0.6/changeset/comment/1/unhide", :method => :post },
{ :controller => "api/changeset_comments", :action => "restore", :id => "1" }
)
assert_routing(
{ :path => "/api/0.6/changeset/comment/1/unhide.json", :method => :post },
{ :controller => "api/changeset_comments", :action => "restore", :id => "1", :format => "json" }
)
end
def test_index
@ -353,216 +337,6 @@ module Api
end
end
def test_hide_by_unauthorized
comment = create(:changeset_comment)
post changeset_comment_hide_path(comment)
assert_response :unauthorized
assert comment.reload.visible
end
def test_hide_by_normal_user
comment = create(:changeset_comment)
auth_header = bearer_authorization_header
post changeset_comment_hide_path(comment), :headers => auth_header
assert_response :forbidden
assert comment.reload.visible
end
def test_hide_missing_comment
auth_header = bearer_authorization_header create(:moderator_user)
post changeset_comment_hide_path(999111), :headers => auth_header
assert_response :not_found
end
def test_hide_without_required_scope
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
post changeset_comment_hide_path(comment), :headers => auth_header
assert_response :forbidden
assert comment.reload.visible
end
def test_hide_with_write_changeset_comments_scope
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
post changeset_comment_hide_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "0"
end
end
assert_not comment.reload.visible
end
def test_hide_with_write_changeset_comments_scope_json
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
post changeset_comment_hide_path(comment, :format => "json"), :headers => auth_header
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 0, js["changeset"]["comments_count"]
assert_not comment.reload.visible
end
def test_hide_with_write_api_scope
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
post changeset_comment_hide_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "0"
end
end
assert_not comment.reload.visible
end
def test_hide_with_write_api_scope_json
comment = create(:changeset_comment)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
post changeset_comment_hide_path(comment, :format => "json"), :headers => auth_header
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 0, js["changeset"]["comments_count"]
assert_not comment.reload.visible
end
def test_unhide_by_unauthorized
comment = create(:changeset_comment, :visible => false)
post changeset_comment_unhide_path(comment)
assert_response :unauthorized
assert_not comment.reload.visible
end
def test_unhide_by_normal_user
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header
post changeset_comment_unhide_path(comment), :headers => auth_header
assert_response :forbidden
assert_not comment.reload.visible
end
def test_unhide_missing_comment
auth_header = bearer_authorization_header create(:moderator_user)
post changeset_comment_unhide_path(999111), :headers => auth_header
assert_response :not_found
end
def test_unhide_without_required_scope
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
post changeset_comment_unhide_path(comment), :headers => auth_header
assert_response :forbidden
assert_not comment.reload.visible
end
def test_unhide_with_write_changeset_comments_scope
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
post changeset_comment_unhide_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "1"
end
end
assert comment.reload.visible
end
def test_unhide_with_write_changeset_comments_scope_json
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
post changeset_comment_unhide_path(comment, :format => "json"), :headers => auth_header
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 1, js["changeset"]["comments_count"]
assert comment.reload.visible
end
def test_unhide_with_write_api_scope
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
post changeset_comment_unhide_path(comment), :headers => auth_header
assert_response :success
assert_equal "application/xml", response.media_type
assert_dom "osm", 1 do
assert_dom "> changeset", 1 do
assert_dom "> @id", comment.changeset_id.to_s
assert_dom "> @comments_count", "1"
end
end
assert comment.reload.visible
end
def test_unhide_with_write_api_scope_json
comment = create(:changeset_comment, :visible => false)
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
post changeset_comment_unhide_path(comment, :format => "json"), :headers => auth_header
assert_response :success
js = ActiveSupport::JSON.decode(@response.body)
assert_equal "application/json", response.media_type
assert_not_nil js["changeset"]
assert_equal comment.changeset_id, js["changeset"]["id"]
assert_equal 1, js["changeset"]["comments_count"]
assert comment.reload.visible
end
private
##