| @@ -1,6 +1,6 | |||||
| 1 | api.user do |
|
1 | api.user do | |
| 2 | api.id @user.id |
|
2 | api.id @user.id | |
| 3 | api.login @user.login if User.current.admin? |
|
3 | api.login @user.login if User.current.admin? || (User.current == @user) | |
| 4 | api.firstname @user.firstname |
|
4 | api.firstname @user.firstname | |
| 5 | api.lastname @user.lastname |
|
5 | api.lastname @user.lastname | |
| 6 | api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail |
|
6 | api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail | |
| @@ -96,6 +96,18 class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base | |||||
| 96 | end |
|
96 | end | |
| 97 | end |
|
97 | end | |
| 98 |
|
98 | |||
|
|
99 | test "GET /users/:id should not return login for other user" do | |||
|
|
100 | get '/users/3.xml', {}, credentials('jsmith') | |||
|
|
101 | assert_response :success | |||
|
|
102 | assert_no_tag 'user', :child => {:tag => 'login'} | |||
|
|
103 | end | |||
|
|
104 | ||||
|
|
105 | test "GET /users/:id should return login for current user" do | |||
|
|
106 | get '/users/2.xml', {}, credentials('jsmith') | |||
|
|
107 | assert_response :success | |||
|
|
108 | assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'} | |||
|
|
109 | end | |||
|
|
110 | ||||
| 99 | context "POST /users" do |
|
111 | context "POST /users" do | |
| 100 | context "with valid parameters" do |
|
112 | context "with valid parameters" do | |
| 101 | setup do |
|
113 | setup do | |
General Comments 0
You need to be logged in to leave comments.
Login now