##// END OF EJS Templates
jro_apps » redmine
RSS
Add login to /users/:id API for current user (#13155)....
Jean-Philippe Lang -
r11207:504116bfca00
parent child
Show More
Side by Side Unified
Context file:
r11207:504116bfca00 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,35 +1,35
1 api.user do
1 api.user do
2 api.id @user.id
2 api.id @user.id
3 api.login @user.login if User.current.admin?
3 api.login @user.login if User.current.admin? || (User.current == @user)
4 api.firstname @user.firstname
4 api.firstname @user.firstname
5 api.lastname @user.lastname
5 api.lastname @user.lastname
6 api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail
6 api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail
7 api.created_on @user.created_on
7 api.created_on @user.created_on
8 api.last_login_on @user.last_login_on
8 api.last_login_on @user.last_login_on
9
9
10 render_api_custom_values @user.visible_custom_field_values, api
10 render_api_custom_values @user.visible_custom_field_values, api
11
11
12 api.array :groups do |groups|
12 api.array :groups do |groups|
13 @user.groups.each do |group|
13 @user.groups.each do |group|
14 api.group :id => group.id, :name => group.name
14 api.group :id => group.id, :name => group.name
15 end
15 end
16 end if User.current.admin? && include_in_api_response?('groups')
16 end if User.current.admin? && include_in_api_response?('groups')
17
17
18 api.array :memberships do
18 api.array :memberships do
19 @memberships.each do |membership|
19 @memberships.each do |membership|
20 api.membership do
20 api.membership do
21 api.id membership.id
21 api.id membership.id
22 api.project :id => membership.project.id, :name => membership.project.name
22 api.project :id => membership.project.id, :name => membership.project.name
23 api.array :roles do
23 api.array :roles do
24 membership.member_roles.each do |member_role|
24 membership.member_roles.each do |member_role|
25 if member_role.role
25 if member_role.role
26 attrs = {:id => member_role.role.id, :name => member_role.role.name}
26 attrs = {:id => member_role.role.id, :name => member_role.role.name}
27 attrs.merge!(:inherited => true) if member_role.inherited_from.present?
27 attrs.merge!(:inherited => true) if member_role.inherited_from.present?
28 api.role attrs
28 api.role attrs
29 end
29 end
30 end
30 end
31 end
31 end
32 end if membership.project
32 end if membership.project
33 end
33 end
34 end if include_in_api_response?('memberships') && @memberships
34 end if include_in_api_response?('memberships') && @memberships
35 end
35 end
Show file before | Show file after | Hide comments
@@ -1,347 +1,359
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
2 # Copyright (C) 2006-2013 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.expand_path('../../../test_helper', __FILE__)
18 require File.expand_path('../../../test_helper', __FILE__)
19
19
20 class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
20 class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
21 fixtures :users, :members, :member_roles, :roles, :projects
21 fixtures :users, :members, :member_roles, :roles, :projects
22
22
23 def setup
23 def setup
24 Setting.rest_api_enabled = '1'
24 Setting.rest_api_enabled = '1'
25 end
25 end
26
26
27 context "GET /users" do
27 context "GET /users" do
28 should_allow_api_authentication(:get, "/users.xml")
28 should_allow_api_authentication(:get, "/users.xml")
29 should_allow_api_authentication(:get, "/users.json")
29 should_allow_api_authentication(:get, "/users.json")
30 end
30 end
31
31
32 context "GET /users/2" do
32 context "GET /users/2" do
33 context ".xml" do
33 context ".xml" do
34 should "return requested user" do
34 should "return requested user" do
35 get '/users/2.xml'
35 get '/users/2.xml'
36
36
37 assert_response :success
37 assert_response :success
38 assert_tag :tag => 'user',
38 assert_tag :tag => 'user',
39 :child => {:tag => 'id', :content => '2'}
39 :child => {:tag => 'id', :content => '2'}
40 end
40 end
41
41
42 context "with include=memberships" do
42 context "with include=memberships" do
43 should "include memberships" do
43 should "include memberships" do
44 get '/users/2.xml?include=memberships'
44 get '/users/2.xml?include=memberships'
45
45
46 assert_response :success
46 assert_response :success
47 assert_tag :tag => 'memberships',
47 assert_tag :tag => 'memberships',
48 :parent => {:tag => 'user'},
48 :parent => {:tag => 'user'},
49 :children => {:count => 1}
49 :children => {:count => 1}
50 end
50 end
51 end
51 end
52 end
52 end
53
53
54 context ".json" do
54 context ".json" do
55 should "return requested user" do
55 should "return requested user" do
56 get '/users/2.json'
56 get '/users/2.json'
57
57
58 assert_response :success
58 assert_response :success
59 json = ActiveSupport::JSON.decode(response.body)
59 json = ActiveSupport::JSON.decode(response.body)
60 assert_kind_of Hash, json
60 assert_kind_of Hash, json
61 assert_kind_of Hash, json['user']
61 assert_kind_of Hash, json['user']
62 assert_equal 2, json['user']['id']
62 assert_equal 2, json['user']['id']
63 end
63 end
64
64
65 context "with include=memberships" do
65 context "with include=memberships" do
66 should "include memberships" do
66 should "include memberships" do
67 get '/users/2.json?include=memberships'
67 get '/users/2.json?include=memberships'
68
68
69 assert_response :success
69 assert_response :success
70 json = ActiveSupport::JSON.decode(response.body)
70 json = ActiveSupport::JSON.decode(response.body)
71 assert_kind_of Array, json['user']['memberships']
71 assert_kind_of Array, json['user']['memberships']
72 assert_equal [{
72 assert_equal [{
73 "id"=>1,
73 "id"=>1,
74 "project"=>{"name"=>"eCookbook", "id"=>1},
74 "project"=>{"name"=>"eCookbook", "id"=>1},
75 "roles"=>[{"name"=>"Manager", "id"=>1}]
75 "roles"=>[{"name"=>"Manager", "id"=>1}]
76 }], json['user']['memberships']
76 }], json['user']['memberships']
77 end
77 end
78 end
78 end
79 end
79 end
80 end
80 end
81
81
82 context "GET /users/current" do
82 context "GET /users/current" do
83 context ".xml" do
83 context ".xml" do
84 should "require authentication" do
84 should "require authentication" do
85 get '/users/current.xml'
85 get '/users/current.xml'
86
86
87 assert_response 401
87 assert_response 401
88 end
88 end
89
89
90 should "return current user" do
90 should "return current user" do
91 get '/users/current.xml', {}, credentials('jsmith')
91 get '/users/current.xml', {}, credentials('jsmith')
92
92
93 assert_tag :tag => 'user',
93 assert_tag :tag => 'user',
94 :child => {:tag => 'id', :content => '2'}
94 :child => {:tag => 'id', :content => '2'}
95 end
95 end
96 end
96 end
97 end
97 end
98
98
99 test "GET /users/:id should not return login for other user" do
100 get '/users/3.xml', {}, credentials('jsmith')
101 assert_response :success
102 assert_no_tag 'user', :child => {:tag => 'login'}
103 end
104
105 test "GET /users/:id should return login for current user" do
106 get '/users/2.xml', {}, credentials('jsmith')
107 assert_response :success
108 assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'}
109 end
110
99 context "POST /users" do
111 context "POST /users" do
100 context "with valid parameters" do
112 context "with valid parameters" do
101 setup do
113 setup do
102 @parameters = {
114 @parameters = {
103 :user => {
115 :user => {
104 :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
116 :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
105 :mail => 'foo@example.net', :password => 'secret123',
117 :mail => 'foo@example.net', :password => 'secret123',
106 :mail_notification => 'only_assigned'
118 :mail_notification => 'only_assigned'
107 }
119 }
108 }
120 }
109 end
121 end
110
122
111 context ".xml" do
123 context ".xml" do
112 should_allow_api_authentication(:post,
124 should_allow_api_authentication(:post,
113 '/users.xml',
125 '/users.xml',
114 {:user => {
126 {:user => {
115 :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
127 :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
116 :mail => 'foo@example.net', :password => 'secret123'
128 :mail => 'foo@example.net', :password => 'secret123'
117 }},
129 }},
118 {:success_code => :created})
130 {:success_code => :created})
119
131
120 should "create a user with the attributes" do
132 should "create a user with the attributes" do
121 assert_difference('User.count') do
133 assert_difference('User.count') do
122 post '/users.xml', @parameters, credentials('admin')
134 post '/users.xml', @parameters, credentials('admin')
123 end
135 end
124
136
125 user = User.first(:order => 'id DESC')
137 user = User.first(:order => 'id DESC')
126 assert_equal 'foo', user.login
138 assert_equal 'foo', user.login
127 assert_equal 'Firstname', user.firstname
139 assert_equal 'Firstname', user.firstname
128 assert_equal 'Lastname', user.lastname
140 assert_equal 'Lastname', user.lastname
129 assert_equal 'foo@example.net', user.mail
141 assert_equal 'foo@example.net', user.mail
130 assert_equal 'only_assigned', user.mail_notification
142 assert_equal 'only_assigned', user.mail_notification
131 assert !user.admin?
143 assert !user.admin?
132 assert user.check_password?('secret123')
144 assert user.check_password?('secret123')
133
145
134 assert_response :created
146 assert_response :created
135 assert_equal 'application/xml', @response.content_type
147 assert_equal 'application/xml', @response.content_type
136 assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s}
148 assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s}
137 end
149 end
138 end
150 end
139
151
140 context ".json" do
152 context ".json" do
141 should_allow_api_authentication(:post,
153 should_allow_api_authentication(:post,
142 '/users.json',
154 '/users.json',
143 {:user => {
155 {:user => {
144 :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
156 :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
145 :mail => 'foo@example.net'
157 :mail => 'foo@example.net'
146 }},
158 }},
147 {:success_code => :created})
159 {:success_code => :created})
148
160
149 should "create a user with the attributes" do
161 should "create a user with the attributes" do
150 assert_difference('User.count') do
162 assert_difference('User.count') do
151 post '/users.json', @parameters, credentials('admin')
163 post '/users.json', @parameters, credentials('admin')
152 end
164 end
153
165
154 user = User.first(:order => 'id DESC')
166 user = User.first(:order => 'id DESC')
155 assert_equal 'foo', user.login
167 assert_equal 'foo', user.login
156 assert_equal 'Firstname', user.firstname
168 assert_equal 'Firstname', user.firstname
157 assert_equal 'Lastname', user.lastname
169 assert_equal 'Lastname', user.lastname
158 assert_equal 'foo@example.net', user.mail
170 assert_equal 'foo@example.net', user.mail
159 assert !user.admin?
171 assert !user.admin?
160
172
161 assert_response :created
173 assert_response :created
162 assert_equal 'application/json', @response.content_type
174 assert_equal 'application/json', @response.content_type
163 json = ActiveSupport::JSON.decode(response.body)
175 json = ActiveSupport::JSON.decode(response.body)
164 assert_kind_of Hash, json
176 assert_kind_of Hash, json
165 assert_kind_of Hash, json['user']
177 assert_kind_of Hash, json['user']
166 assert_equal user.id, json['user']['id']
178 assert_equal user.id, json['user']['id']
167 end
179 end
168 end
180 end
169 end
181 end
170
182
171 context "with invalid parameters" do
183 context "with invalid parameters" do
172 setup do
184 setup do
173 @parameters = {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}
185 @parameters = {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}
174 end
186 end
175
187
176 context ".xml" do
188 context ".xml" do
177 should "return errors" do
189 should "return errors" do
178 assert_no_difference('User.count') do
190 assert_no_difference('User.count') do
179 post '/users.xml', @parameters, credentials('admin')
191 post '/users.xml', @parameters, credentials('admin')
180 end
192 end
181
193
182 assert_response :unprocessable_entity
194 assert_response :unprocessable_entity
183 assert_equal 'application/xml', @response.content_type
195 assert_equal 'application/xml', @response.content_type
184 assert_tag 'errors', :child => {
196 assert_tag 'errors', :child => {
185 :tag => 'error',
197 :tag => 'error',
186 :content => "First name can't be blank"
198 :content => "First name can't be blank"
187 }
199 }
188 end
200 end
189 end
201 end
190
202
191 context ".json" do
203 context ".json" do
192 should "return errors" do
204 should "return errors" do
193 assert_no_difference('User.count') do
205 assert_no_difference('User.count') do
194 post '/users.json', @parameters, credentials('admin')
206 post '/users.json', @parameters, credentials('admin')
195 end
207 end
196
208
197 assert_response :unprocessable_entity
209 assert_response :unprocessable_entity
198 assert_equal 'application/json', @response.content_type
210 assert_equal 'application/json', @response.content_type
199 json = ActiveSupport::JSON.decode(response.body)
211 json = ActiveSupport::JSON.decode(response.body)
200 assert_kind_of Hash, json
212 assert_kind_of Hash, json
201 assert json.has_key?('errors')
213 assert json.has_key?('errors')
202 assert_kind_of Array, json['errors']
214 assert_kind_of Array, json['errors']
203 end
215 end
204 end
216 end
205 end
217 end
206 end
218 end
207
219
208 context "PUT /users/2" do
220 context "PUT /users/2" do
209 context "with valid parameters" do
221 context "with valid parameters" do
210 setup do
222 setup do
211 @parameters = {
223 @parameters = {
212 :user => {
224 :user => {
213 :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',
225 :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',
214 :mail => 'jsmith@somenet.foo'
226 :mail => 'jsmith@somenet.foo'
215 }
227 }
216 }
228 }
217 end
229 end
218
230
219 context ".xml" do
231 context ".xml" do
220 should_allow_api_authentication(:put,
232 should_allow_api_authentication(:put,
221 '/users/2.xml',
233 '/users/2.xml',
222 {:user => {
234 {:user => {
223 :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',
235 :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',
224 :mail => 'jsmith@somenet.foo'
236 :mail => 'jsmith@somenet.foo'
225 }},
237 }},
226 {:success_code => :ok})
238 {:success_code => :ok})
227
239
228 should "update user with the attributes" do
240 should "update user with the attributes" do
229 assert_no_difference('User.count') do
241 assert_no_difference('User.count') do
230 put '/users/2.xml', @parameters, credentials('admin')
242 put '/users/2.xml', @parameters, credentials('admin')
231 end
243 end
232
244
233 user = User.find(2)
245 user = User.find(2)
234 assert_equal 'jsmith', user.login
246 assert_equal 'jsmith', user.login
235 assert_equal 'John', user.firstname
247 assert_equal 'John', user.firstname
236 assert_equal 'Renamed', user.lastname
248 assert_equal 'Renamed', user.lastname
237 assert_equal 'jsmith@somenet.foo', user.mail
249 assert_equal 'jsmith@somenet.foo', user.mail
238 assert !user.admin?
250 assert !user.admin?
239
251
240 assert_response :ok
252 assert_response :ok
241 assert_equal '', @response.body
253 assert_equal '', @response.body
242 end
254 end
243 end
255 end
244
256
245 context ".json" do
257 context ".json" do
246 should_allow_api_authentication(:put,
258 should_allow_api_authentication(:put,
247 '/users/2.json',
259 '/users/2.json',
248 {:user => {
260 {:user => {
249 :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',
261 :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed',
250 :mail => 'jsmith@somenet.foo'
262 :mail => 'jsmith@somenet.foo'
251 }},
263 }},
252 {:success_code => :ok})
264 {:success_code => :ok})
253
265
254 should "update user with the attributes" do
266 should "update user with the attributes" do
255 assert_no_difference('User.count') do
267 assert_no_difference('User.count') do
256 put '/users/2.json', @parameters, credentials('admin')
268 put '/users/2.json', @parameters, credentials('admin')
257 end
269 end
258
270
259 user = User.find(2)
271 user = User.find(2)
260 assert_equal 'jsmith', user.login
272 assert_equal 'jsmith', user.login
261 assert_equal 'John', user.firstname
273 assert_equal 'John', user.firstname
262 assert_equal 'Renamed', user.lastname
274 assert_equal 'Renamed', user.lastname
263 assert_equal 'jsmith@somenet.foo', user.mail
275 assert_equal 'jsmith@somenet.foo', user.mail
264 assert !user.admin?
276 assert !user.admin?
265
277
266 assert_response :ok
278 assert_response :ok
267 assert_equal '', @response.body
279 assert_equal '', @response.body
268 end
280 end
269 end
281 end
270 end
282 end
271
283
272 context "with invalid parameters" do
284 context "with invalid parameters" do
273 setup do
285 setup do
274 @parameters = {
286 @parameters = {
275 :user => {
287 :user => {
276 :login => 'jsmith', :firstname => '', :lastname => 'Lastname',
288 :login => 'jsmith', :firstname => '', :lastname => 'Lastname',
277 :mail => 'foo'
289 :mail => 'foo'
278 }
290 }
279 }
291 }
280 end
292 end
281
293
282 context ".xml" do
294 context ".xml" do
283 should "return errors" do
295 should "return errors" do
284 assert_no_difference('User.count') do
296 assert_no_difference('User.count') do
285 put '/users/2.xml', @parameters, credentials('admin')
297 put '/users/2.xml', @parameters, credentials('admin')
286 end
298 end
287
299
288 assert_response :unprocessable_entity
300 assert_response :unprocessable_entity
289 assert_equal 'application/xml', @response.content_type
301 assert_equal 'application/xml', @response.content_type
290 assert_tag 'errors', :child => {
302 assert_tag 'errors', :child => {
291 :tag => 'error',
303 :tag => 'error',
292 :content => "First name can't be blank"
304 :content => "First name can't be blank"
293 }
305 }
294 end
306 end
295 end
307 end
296
308
297 context ".json" do
309 context ".json" do
298 should "return errors" do
310 should "return errors" do
299 assert_no_difference('User.count') do
311 assert_no_difference('User.count') do
300 put '/users/2.json', @parameters, credentials('admin')
312 put '/users/2.json', @parameters, credentials('admin')
301 end
313 end
302
314
303 assert_response :unprocessable_entity
315 assert_response :unprocessable_entity
304 assert_equal 'application/json', @response.content_type
316 assert_equal 'application/json', @response.content_type
305 json = ActiveSupport::JSON.decode(response.body)
317 json = ActiveSupport::JSON.decode(response.body)
306 assert_kind_of Hash, json
318 assert_kind_of Hash, json
307 assert json.has_key?('errors')
319 assert json.has_key?('errors')
308 assert_kind_of Array, json['errors']
320 assert_kind_of Array, json['errors']
309 end
321 end
310 end
322 end
311 end
323 end
312 end
324 end
313
325
314 context "DELETE /users/2" do
326 context "DELETE /users/2" do
315 context ".xml" do
327 context ".xml" do
316 should_allow_api_authentication(:delete,
328 should_allow_api_authentication(:delete,
317 '/users/2.xml',
329 '/users/2.xml',
318 {},
330 {},
319 {:success_code => :ok})
331 {:success_code => :ok})
320
332
321 should "delete user" do
333 should "delete user" do
322 assert_difference('User.count', -1) do
334 assert_difference('User.count', -1) do
323 delete '/users/2.xml', {}, credentials('admin')
335 delete '/users/2.xml', {}, credentials('admin')
324 end
336 end
325
337
326 assert_response :ok
338 assert_response :ok
327 assert_equal '', @response.body
339 assert_equal '', @response.body
328 end
340 end
329 end
341 end
330
342
331 context ".json" do
343 context ".json" do
332 should_allow_api_authentication(:delete,
344 should_allow_api_authentication(:delete,
333 '/users/2.xml',
345 '/users/2.xml',
334 {},
346 {},
335 {:success_code => :ok})
347 {:success_code => :ok})
336
348
337 should "delete user" do
349 should "delete user" do
338 assert_difference('User.count', -1) do
350 assert_difference('User.count', -1) do
339 delete '/users/2.json', {}, credentials('admin')
351 delete '/users/2.json', {}, credentials('admin')
340 end
352 end
341
353
342 assert_response :ok
354 assert_response :ok
343 assert_equal '', @response.body
355 assert_equal '', @response.body
344 end
356 end
345 end
357 end
346 end
358 end
347 end
359 end
General Comments 0
You need to be logged in to leave comments. Login now