| @@ -6,6 +6,7 api.user do | |||
|
|
6 | 6 | api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail |
|
|
7 | 7 | api.created_on @user.created_on |
|
|
8 | 8 | api.last_login_on @user.last_login_on |
|
|
9 | api.api_key @user.api_key if User.current.admin? || (User.current == @user) | |
|
|
9 | 10 | |
|
|
10 | 11 | render_api_custom_values @user.visible_custom_field_values, api |
|
|
11 | 12 | |
| @@ -108,6 +108,18 class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base | |||
|
|
108 | 108 | assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'} |
|
|
109 | 109 | end |
|
|
110 | 110 | |
|
|
111 | test "GET /users/:id should not return api_key for other user" do | |
|
|
112 | get '/users/3.xml', {}, credentials('jsmith') | |
|
|
113 | assert_response :success | |
|
|
114 | assert_no_tag 'user', :child => {:tag => 'api_key'} | |
|
|
115 | end | |
|
|
116 | ||
|
|
117 | test "GET /users/:id should return api_key for current user" do | |
|
|
118 | get '/users/2.xml', {}, credentials('jsmith') | |
|
|
119 | assert_response :success | |
|
|
120 | assert_tag 'user', :child => {:tag => 'api_key', :content => User.find(2).api_key} | |
|
|
121 | end | |
|
|
122 | ||
|
|
111 | 123 | context "POST /users" do |
|
|
112 | 124 | context "with valid parameters" do |
|
|
113 | 125 | setup do |
General Comments 0
You need to be logged in to leave comments.
Login now