Add profile permissions

lib/tentd/api/posts.rb

@@ -93,7 +93,7 @@ def action(env)
             else
               conditions[:limit] = TentD::API::PER_PAGE
             end
-            
+
             if env.params.return_count
               env.response = Model::Post.all(conditions.merge(non_public_conditions))
               env.response += Model::Post.all(conditions.merge(:public => true))
@@ -123,7 +123,7 @@ def action(env)
           data = env.params[:data].slice(*whitelisted_attributes(env))
           data.public_id = env.params.data.id if env.params.data.id
           post = Model::Post.create(data)
-          assign_permissions(post, env.params.data.permissions)
+          post.assign_permissions(env.params.data.permissions) if post.original
           env['response'] = post
           env
         end

lib/tentd/api/profile.rb

@@ -38,11 +38,9 @@ def action(env)
               Model::ProfileInfo.update_profile(type, data)
             end
           end
-          env.response = new_profile_hash
           env
         rescue JsonPatch::ObjectNotFound, JsonPatch::ObjectExists => e
           env['response.status'] = 422
-          env.response = profile_hash
           env
         end
       end
@@ -72,6 +70,7 @@ def action(env)
         b.use AuthorizeWrite
         b.use Get
         b.use Patch
+        b.use Get
         b.use Notify
       end
     end

lib/tentd/model/permissible.rb

@@ -26,6 +26,34 @@ def permissions_json(extended = false)
         end
       end
 
+      def assign_permissions(permissions)
+        return unless permissions.kind_of?(Hash)
+
+        if permissions.groups && permissions.groups.kind_of?(Array)
+          permissions.groups.each do |g|
+            next unless g.id
+            group = Model::Group.first(:public_id => g.id, :fields => [:id])
+            self.permissions.create(:group => group) if group
+          end
+        end
+
+        if permissions.entities && permissions.entities.kind_of?(Hash)
+          permissions.entities.each do |entity,visible|
+            next unless visible
+            followers = Model::Follower.all(:entity => entity, :fields => [:id])
+            followers.each do |follower|
+              self.permissions.create(:follower_access => follower)
+            end
+            followings = Model::Following.all(:entity => entity, :fields => [:id])
+            followings.each do |following|
+              self.permissions.create(:following => following)
+            end
+          end
+        end
+
+        self.public = permissions.public unless permissions.public.nil?
+      end
+
       module ClassMethods
         def query_with_permissions(current_auth, params=Hashie::Mash.new)
           query = []

lib/tentd/model/permission.rb

@@ -10,6 +10,7 @@ class Permission
       belongs_to :following, 'TentD::Model::Following', :required => false
       belongs_to :follower_visibility, 'TentD::Model::Follower', :required => false
       belongs_to :follower_access, 'TentD::Model::Follower', :required => false
+      belongs_to :profile_info, 'TentD::Model::ProfileInfo', :required => false
 
       property :id, Serial
       property :visible, Boolean, :default => true

lib/tentd/model/profile_info.rb

@@ -6,6 +6,7 @@ class ProfileInfo
       include DataMapper::Resource
       include TypeProperties
       include UserScoped
+      include Permissible
 
       TENT_PROFILE_TYPE_URI = 'https://tent.io/types/info/core/v0.1.0'
       TENT_PROFILE_TYPE = TentType.new(TENT_PROFILE_TYPE_URI)
@@ -20,6 +21,8 @@ class ProfileInfo
       property :created_at, DateTime
       property :updated_at, DateTime
 
+      has n, :permissions, 'TentD::Model::Permission'
+
 
       def self.tent_info
         User.current.profile_infos.first(:type_base => TENT_PROFILE_TYPE.base, :order => :type_version.desc)
@@ -29,9 +32,9 @@ def self.get_profile(authorized_scopes = [], current_auth = nil)
         h = if (authorized_scopes.include?(:read_profile) || authorized_scopes.include?(:write_profile)) && current_auth.respond_to?(:profile_info_types)
           current_auth.profile_info_types.include?('all') ? all : all(:type_base => current_auth.profile_info_types.map { |t| TentType.new(t).base }) + all(:public => true)
         else
-          all(:public => true)
+          fetch_with_permissions({}, current_auth)
         end.inject({}) do |memo, info|
-          memo[info.type.uri] = info.content.merge(:public => !!info.public)
+          memo[info.type.uri] = info.content.merge(:permissions => info.permissions_json(authorized_scopes.include?(:read_permissions)))
           memo
         end
         h
@@ -40,6 +43,7 @@ def self.get_profile(authorized_scopes = [], current_auth = nil)
       def self.update_profile(type, data)
         data = Hashie::Mash.new(data) unless data.kind_of?(Hashie::Mash)
         type = TentType.new(type)
+        perms = data.delete(:permissions)
         if (infos = all(:type_base => type.base)) && (info = infos.pop)
           infos.destroy
           info.type = type
@@ -49,6 +53,7 @@ def self.update_profile(type, data)
         else
           info = create(:type => type, :public => data.delete(:public), :content => data)
         end
+        info.assign_permissions(perms)
         info
       end
 
@@ -57,12 +62,12 @@ def self.create_update_post(id)
       end
 
       def create_update_post
-        post = Model::Post.create(
+        post = user.posts.create(
           :type => 'https://tent.io/types/post/profile/v0.1.0',
-          :entity => env['tent.entity'],
+          :entity => user.profile_entity,
           :content => {
             :action => 'update',
-            :types => env.notify_types,
+            :types => [self.type.uri],
           }
         )
         Permission.copy(self, post)

lib/tentd/notifications/girl_friday.rb

@@ -24,7 +24,7 @@ def self.queue_job(job, msg)
     end
 
     PROFILE_INFO_UPDATE_QUEUE = GirlFriday::WorkQueue.new(:profile_info_update) do |msg|
-      Model::ProfileInfo.created_update_post(msg[:profile_info_id])
+      Model::ProfileInfo.create_update_post(msg[:profile_info_id])
     end
   end
 end

lib/tentd/notifications/sidekiq.rb

@@ -43,7 +43,7 @@ class ProfileInfoUpdate
       include Sidekiq::Worker
 
       def perform(msg)
-        Model::ProfileInfo.created_update_post(msg['profile_info_id'])
+        Model::ProfileInfo.create_update_post(msg['profile_info_id'])
       end
     end
   end

spec/integration/api/profile_spec.rb

@@ -59,8 +59,8 @@ def create_info(type, content, options = {})
 
           json_get '/profile', params, env
           expect(last_response.body).to eq({
-            "#{ profile_infos.first.type.uri }" => profile_infos.first.content.merge(:public => profile_infos.first.public),
-            "#{ profile_infos.last.type.uri }" => profile_infos.last.content.merge(:public => profile_infos.first.public)
+            "#{ profile_infos.first.type.uri }" => profile_infos.first.content.merge(:permissions => profile_infos.first.permissions_json),
+            "#{ profile_infos.last.type.uri }" => profile_infos.last.content.merge(:permissions => profile_infos.first.permissions_json)
           }.to_json)
         end
       end
@@ -77,7 +77,7 @@ def create_info(type, content, options = {})
 
           json_get '/profile', params, env
           expect(last_response.body).to eq({
-            "#{ profile_infos.first.type.uri }" => profile_infos.first.content.merge(:public => profile_infos.first.public)
+            "#{ profile_infos.first.type.uri }" => profile_infos.first.content.merge(:permissions => profile_infos.first.permissions_json)
           }.to_json)
         end
       end
@@ -93,7 +93,7 @@ def create_info(type, content, options = {})
 
         json_get '/profile', params, env
         expect(last_response.body).to eq({
-          "#{ profile_infos.first.type.uri }" => profile_infos.first.content.merge(:public => profile_infos.first.public)
+          "#{ profile_infos.first.type.uri }" => profile_infos.first.content.merge(:permissions => profile_infos.first.permissions_json)
         }.to_json)
       end
     end