Create relation version redaction resource
This commit is contained in:
Anton Khorev
parent
8ccdc50313
commit
edaca6995c
5 changed files with 186 additions and 131 deletions
|
|
@ -44,7 +44,6 @@ class ApiAbility
|
|||
|
||||
can :destroy, Note if scopes.include?("write_notes")
|
||||
|
||||
can :redact, [OldRelation] if user.terms_agreed? && scopes.include?("write_redactions")
|
||||
can [:create, :destroy], :element_version_redaction if user.terms_agreed? && scopes.include?("write_redactions")
|
||||
|
||||
can :create, UserBlock if scopes.include?("write_blocks")
|
||||
|
|
|
|||
11
app/controllers/api/old_relations/redactions_controller.rb
Normal file
11
app/controllers/api/old_relations/redactions_controller.rb
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
module Api
|
||||
module OldRelations
|
||||
class RedactionsController < OldElements::RedactionsController
|
||||
private
|
||||
|
||||
def lookup_old_element
|
||||
@old_element = OldRelation.find([params[:relation_id], params[:version]])
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -29,8 +29,6 @@ OpenStreetMap::Application.routes.draw do
|
|||
post "changeset/:id/comment" => "changeset_comments#create", :as => :changeset_comment, :id => /\d+/
|
||||
post "changeset/comment/:id/hide" => "changeset_comments#destroy", :as => :changeset_comment_hide, :id => /\d+/
|
||||
post "changeset/comment/:id/unhide" => "changeset_comments#restore", :as => :changeset_comment_unhide, :id => /\d+/
|
||||
|
||||
post "relation/:relation_id/:version/redact" => "old_relations#redact", :as => :relation_version_redact, :version => /\d+/, :id => /\d+/
|
||||
end
|
||||
|
||||
namespace :api, :path => "api/0.6" do
|
||||
|
|
@ -75,9 +73,12 @@ OpenStreetMap::Application.routes.draw do
|
|||
resources :relations, :only => :index
|
||||
end
|
||||
resources :versions, :path => "history", :controller => :old_relations, :only => :index
|
||||
resources :versions, :path => "", :version => /\d+/, :param => :version, :controller => :old_relations, :only => :show
|
||||
resource :version, :path => ":version", :version => /\d+/, :controller => :old_relations, :only => :show do
|
||||
resource :redaction, :module => :old_relations, :only => [:create, :destroy]
|
||||
end
|
||||
end
|
||||
put "relation/create" => "relations#create", :as => nil
|
||||
post "relation/:relation_id/:version/redact" => "old_relations/redactions#create", :relation_id => /\d+/, :version => /\d+/, :allow_delete => true, :as => nil
|
||||
|
||||
resource :map, :only => :show
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,171 @@
|
|||
require "test_helper"
|
||||
|
||||
module Api
|
||||
module OldWays
|
||||
class RedactionsControllerTest < ActionDispatch::IntegrationTest
|
||||
##
|
||||
# test all routes which lead to this controller
|
||||
def test_routes
|
||||
assert_routing(
|
||||
{ :path => "/api/0.6/relation/1/2/redaction", :method => :post },
|
||||
{ :controller => "api/old_relations/redactions", :action => "create", :relation_id => "1", :version => "2" }
|
||||
)
|
||||
assert_routing(
|
||||
{ :path => "/api/0.6/relation/1/2/redaction", :method => :delete },
|
||||
{ :controller => "api/old_relations/redactions", :action => "destroy", :relation_id => "1", :version => "2" }
|
||||
)
|
||||
|
||||
assert_recognizes(
|
||||
{ :controller => "api/old_relations/redactions", :action => "create", :relation_id => "1", :version => "2", :allow_delete => true },
|
||||
{ :path => "/api/0.6/relation/1/2/redact", :method => :post }
|
||||
)
|
||||
end
|
||||
|
||||
##
|
||||
# test that, even as moderator, the current version of a relation
|
||||
# can't be redacted.
|
||||
def test_create_on_current_version
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 2)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header create(:moderator_user)
|
||||
|
||||
post api_relation_version_redaction_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :bad_request, "shouldn't be OK to redact current version as moderator."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_create_without_redaction_id
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
auth_header = bearer_authorization_header create(:moderator_user)
|
||||
|
||||
post api_relation_version_redaction_path(*old_relation.id), :headers => auth_header
|
||||
|
||||
assert_response :bad_request, "should need redaction ID to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the redaction of an old version of a relation, while not being
|
||||
# authorised.
|
||||
def test_create_by_unauthorised
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
|
||||
post api_relation_version_redaction_path(*old_relation.id), :params => { :redaction => redaction.id }
|
||||
|
||||
assert_response :unauthorized, "should need to be authenticated to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_create_by_normal_user_without_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header create(:user), :scopes => %w[read_prefs write_api]
|
||||
|
||||
post api_relation_version_redaction_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to be moderator to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_create_by_normal_user_with_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header create(:user), :scopes => %w[write_redactions]
|
||||
|
||||
post api_relation_version_redaction_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to be moderator to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_create_by_moderator_without_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs write_api]
|
||||
|
||||
post api_relation_version_redaction_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to have write_redactions scope to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_create_by_moderator_with_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_redactions]
|
||||
|
||||
post api_relation_version_redaction_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :success, "should be OK to redact old version as moderator with write_redactions scope."
|
||||
assert_equal redaction, old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the unredaction of an old version of a relation, while not being
|
||||
# authorised.
|
||||
def test_destroy_by_unauthorised
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
old_relation.redact!(redaction)
|
||||
|
||||
delete api_relation_version_redaction_path(*old_relation.id)
|
||||
|
||||
assert_response :unauthorized, "should need to be authenticated to unredact."
|
||||
assert_equal redaction, old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the unredaction of an old version of a relation, while being
|
||||
# authorised as a normal user.
|
||||
def test_destroy_by_normal_user
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
old_relation.redact!(redaction)
|
||||
auth_header = bearer_authorization_header
|
||||
|
||||
delete api_relation_version_redaction_path(*old_relation.id), :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to be moderator to unredact."
|
||||
assert_equal redaction, old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the unredaction of an old version of a relation, while being
|
||||
# authorised as a moderator.
|
||||
def test_destroy_by_moderator
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
old_relation.redact!(create(:redaction))
|
||||
auth_header = bearer_authorization_header create(:moderator_user)
|
||||
|
||||
delete api_relation_version_redaction_path(*old_relation.id), :headers => auth_header
|
||||
|
||||
assert_response :success, "should be OK to unredact old version as moderator."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_destroy_at_legacy_route
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
old_relation.redact!(create(:redaction))
|
||||
auth_header = bearer_authorization_header create(:moderator_user)
|
||||
|
||||
post "/api/0.6/relation/#{old_relation.relation_id}/#{old_relation.version}/redact", :headers => auth_header
|
||||
|
||||
assert_response :success, "should be OK to unredact old version as moderator."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -21,10 +21,6 @@ module Api
|
|||
{ :path => "/api/0.6/relation/1/2.json", :method => :get },
|
||||
{ :controller => "api/old_relations", :action => "show", :relation_id => "1", :version => "2", :format => "json" }
|
||||
)
|
||||
assert_routing(
|
||||
{ :path => "/api/0.6/relation/1/2/redact", :method => :post },
|
||||
{ :controller => "api/old_relations", :action => "redact", :relation_id => "1", :version => "2" }
|
||||
)
|
||||
end
|
||||
|
||||
##
|
||||
|
|
@ -183,128 +179,5 @@ module Api
|
|||
|
||||
assert_response :success, "Redacted relation should not be gone for moderator, when flag passed."
|
||||
end
|
||||
|
||||
##
|
||||
# test that, even as moderator, the current version of a relation
|
||||
# can't be redacted.
|
||||
def test_redact_relation_current_version
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 2)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header create(:moderator_user)
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :bad_request, "shouldn't be OK to redact current version as moderator."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the redaction of an old version of a relation, while not being
|
||||
# authorised.
|
||||
def test_redact_relation_unauthorised
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :params => { :redaction => redaction.id }
|
||||
|
||||
assert_response :unauthorized, "should need to be authenticated to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_redact_relation_by_regular_without_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header(create(:user), :scopes => %w[read_prefs write_api])
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to be moderator to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_redact_relation_by_regular_with_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header(create(:user), :scopes => %w[write_redactions])
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to be moderator to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_redact_relation_by_moderator_without_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header(create(:moderator_user), :scopes => %w[read_prefs write_api])
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to have write_redactions scope to redact."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
|
||||
def test_redact_relation_by_moderator_with_write_redactions_scope
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
auth_header = bearer_authorization_header(create(:moderator_user), :scopes => %w[write_redactions])
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :params => { :redaction => redaction.id }, :headers => auth_header
|
||||
|
||||
assert_response :success, "should be OK to redact old version as moderator with write_redactions scope."
|
||||
assert_equal redaction, old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the unredaction of an old version of a relation, while not being
|
||||
# authorised.
|
||||
def test_unredact_relation_unauthorised
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
old_relation.redact!(redaction)
|
||||
|
||||
post relation_version_redact_path(*old_relation.id)
|
||||
|
||||
assert_response :unauthorized, "should need to be authenticated to unredact."
|
||||
assert_equal redaction, old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the unredaction of an old version of a relation, while being
|
||||
# authorised as a normal user.
|
||||
def test_unredact_relation_normal_user
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
redaction = create(:redaction)
|
||||
old_relation.redact!(redaction)
|
||||
auth_header = bearer_authorization_header
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :headers => auth_header
|
||||
|
||||
assert_response :forbidden, "should need to be moderator to unredact."
|
||||
assert_equal redaction, old_relation.reload.redaction
|
||||
end
|
||||
|
||||
##
|
||||
# test the unredaction of an old version of a relation, while being
|
||||
# authorised as a moderator.
|
||||
def test_unredact_relation_moderator
|
||||
relation = create(:relation, :with_history, :version => 2)
|
||||
old_relation = relation.old_relations.find_by(:version => 1)
|
||||
old_relation.redact!(create(:redaction))
|
||||
auth_header = bearer_authorization_header create(:moderator_user)
|
||||
|
||||
post relation_version_redact_path(*old_relation.id), :headers => auth_header
|
||||
|
||||
assert_response :success, "should be OK to unredact old version as moderator."
|
||||
assert_nil old_relation.reload.redaction
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue