| @@ -6,6 +6,7 api.user do | |||||
| 6 | api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail |
|
6 | api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail | |
| 7 | api.created_on @user.created_on |
|
7 | api.created_on @user.created_on | |
| 8 | api.last_login_on @user.last_login_on |
|
8 | api.last_login_on @user.last_login_on | |
|
|
9 | api.api_key @user.api_key if User.current.admin? || (User.current == @user) | |||
| 9 |
|
10 | |||
| 10 | render_api_custom_values @user.visible_custom_field_values, api |
|
11 | render_api_custom_values @user.visible_custom_field_values, api | |
| 11 |
|
12 | |||
| @@ -108,6 +108,18 class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base | |||||
| 108 | assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'} |
|
108 | assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'} | |
| 109 | end |
|
109 | end | |
| 110 |
|
110 | |||
|
|
111 | test "GET /users/:id should not return api_key for other user" do | |||
|
|
112 | get '/users/3.xml', {}, credentials('jsmith') | |||
|
|
113 | assert_response :success | |||
|
|
114 | assert_no_tag 'user', :child => {:tag => 'api_key'} | |||
|
|
115 | end | |||
|
|
116 | ||||
|
|
117 | test "GET /users/:id should return api_key for current user" do | |||
|
|
118 | get '/users/2.xml', {}, credentials('jsmith') | |||
|
|
119 | assert_response :success | |||
|
|
120 | assert_tag 'user', :child => {:tag => 'api_key', :content => User.find(2).api_key} | |||
|
|
121 | end | |||
|
|
122 | ||||
| 111 | context "POST /users" do |
|
123 | context "POST /users" do | |
| 112 | context "with valid parameters" do |
|
124 | context "with valid parameters" do | |
| 113 | setup do |
|
125 | setup do | |
General Comments 0
You need to be logged in to leave comments.
Login now