jro_apps/redmine Commit - r13956:c2fca3799927

Don't use SudoMode.disable! to skip API requests (#19851)....

Jean-Philippe Lang -

r13956:c2fca3799927

parent child

Context file:

r13956:c2fca3799927

lib/redmine/sudo_mode.rb +4 -4

                   # After the request refreshes the timestamp if sudo mode was used during
                   # this request.
                   def sudo_mode
-                    if api_request?
+                    if sudo_timestamp_valid?
-                      SudoMode.disable!
-                    elsif sudo_timestamp_valid?
                       SudoMode.active!
                     end
                     yield
                   class SudoRequestFilter < Struct.new(:parameters, :request_methods)
                     def before(controller)
                       method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol)
-                      if SudoMode.possible? && method_matches
+                      if controller.api_request?
+                        true
+                      elsif SudoMode.possible? && method_matches
                         controller.require_sudo_mode( *parameters )
                       else
                         true

test/integration/sudo_mode_test.rb +15 0

@@ -143,4 +143,19 class SudoTest < Redmine::IntegrationTest
143	assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail	143	assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
144	end	144	end
145		145
		146	def test_sudo_mode_should_skip_api_requests
		147	with_settings :rest_api_enabled => '1' do
		148	assert_difference('User.count') do
		149	post '/users.json', {
		150	:user => {
		151	:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
		152	:mail => 'foo@example.net', :password => 'secret123',
		153	:mail_notification => 'only_assigned'}
		154	},
		155	credentials('admin')
		156
		157	assert_response :created
		158	end
		159	end
		160	end
146	end	161	end

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages