| @@ -0,0 +1,10 | |||
|
|
1 | api.array :queries, api_meta(:total_count => @query_count, :offset => @offset, :limit => @limit) do | |
|
|
2 | @queries.each do |query| | |
|
|
3 | api.query do | |
|
|
4 | api.id query.id | |
|
|
5 | api.name query.name | |
|
|
6 | api.is_public query.is_public | |
|
|
7 | api.project_id query.project_id | |
|
|
8 | end | |
|
|
9 | end | |
|
|
10 | end | |
| @@ -0,0 +1,55 | |||
|
|
1 | # Redmine - project management software | |
|
|
2 | # Copyright (C) 2006-2011 Jean-Philippe Lang | |
|
|
3 | # | |
|
|
4 | # This program is free software; you can redistribute it and/or | |
|
|
5 | # modify it under the terms of the GNU General Public License | |
|
|
6 | # as published by the Free Software Foundation; either version 2 | |
|
|
7 | # of the License, or (at your option) any later version. | |
|
|
8 | # | |
|
|
9 | # This program is distributed in the hope that it will be useful, | |
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
|
|
12 | # GNU General Public License for more details. | |
|
|
13 | # | |
|
|
14 | # You should have received a copy of the GNU General Public License | |
|
|
15 | # along with this program; if not, write to the Free Software | |
|
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
|
|
17 | ||
|
|
18 | require File.expand_path('../../../test_helper', __FILE__) | |
|
|
19 | ||
|
|
20 | class ApiTest::QueriesTest < ActionController::IntegrationTest | |
|
|
21 | fixtures :all | |
|
|
22 | ||
|
|
23 | def setup | |
|
|
24 | Setting.rest_api_enabled = '1' | |
|
|
25 | end | |
|
|
26 | ||
|
|
27 | context "/queries" do | |
|
|
28 | context "GET" do | |
|
|
29 | ||
|
|
30 | should "return queries" do | |
|
|
31 | get '/queries.xml' | |
|
|
32 | ||
|
|
33 | assert_response :success | |
|
|
34 | assert_equal 'application/xml', @response.content_type | |
|
|
35 | assert_tag :tag => 'queries', | |
|
|
36 | :attributes => {:type => 'array'}, | |
|
|
37 | :child => { | |
|
|
38 | :tag => 'query', | |
|
|
39 | :child => { | |
|
|
40 | :tag => 'id', | |
|
|
41 | :content => '4', | |
|
|
42 | :sibling => { | |
|
|
43 | :tag => 'name', | |
|
|
44 | :content => 'Public query for all projects' | |
|
|
45 | } | |
|
|
46 | } | |
|
|
47 | } | |
|
|
48 | end | |
|
|
49 | end | |
|
|
50 | end | |
|
|
51 | ||
|
|
52 | def credentials(user, password=nil) | |
|
|
53 | ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user) | |
|
|
54 | end | |
|
|
55 | end | |
| @@ -1,5 +1,5 | |||
|
|
1 |
# |
|
|
|
2 |
# Copyright (C) 2006-20 |
|
|
|
1 | # Redmine - project management software | |
|
|
2 | # Copyright (C) 2006-2011 Jean-Philippe Lang | |
|
|
3 | 3 | # |
|
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
|
5 | 5 | # modify it under the terms of the GNU General Public License |
| @@ -17,9 +17,29 | |||
|
|
17 | 17 | |
|
|
18 | 18 | class QueriesController < ApplicationController |
|
|
19 | 19 | menu_item :issues |
|
|
20 | before_filter :find_query, :except => :new | |
|
|
20 | before_filter :find_query, :except => [:new, :index] | |
|
|
21 | 21 | before_filter :find_optional_project, :only => :new |
|
|
22 | 22 | |
|
|
23 | accept_key_auth :index | |
|
|
24 | ||
|
|
25 | def index | |
|
|
26 | case params[:format] | |
|
|
27 | when 'xml', 'json' | |
|
|
28 | @offset, @limit = api_offset_and_limit | |
|
|
29 | else | |
|
|
30 | @limit = per_page_option | |
|
|
31 | end | |
|
|
32 | ||
|
|
33 | @query_count = Query.visible.count | |
|
|
34 | @query_pages = Paginator.new self, @query_count, @limit, params['page'] | |
|
|
35 | @queries = Query.visible.all(:limit => @limit, :offset => @offset, :order => "#{Query.table_name}.name") | |
|
|
36 | ||
|
|
37 | respond_to do |format| | |
|
|
38 | format.html { render :nothing => true } | |
|
|
39 | format.api | |
|
|
40 | end | |
|
|
41 | end | |
|
|
42 | ||
|
|
23 | 43 | def new |
|
|
24 | 44 | @query = Query.new(params[:query]) |
|
|
25 | 45 | @query.project = params[:query_is_for_all] ? nil : @project |
| @@ -146,6 +146,16 class Query < ActiveRecord::Base | |||
|
|
146 | 146 | ] |
|
|
147 | 147 | cattr_reader :available_columns |
|
|
148 | 148 | |
|
|
149 | named_scope :visible, lambda {|*args| | |
|
|
150 | user = args.shift || User.current | |
|
|
151 | base = Project.allowed_to_condition(user, :view_issues, *args) | |
|
|
152 | user_id = user.logged? ? user.id : 0 | |
|
|
153 | { | |
|
|
154 | :conditions => ["(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id], | |
|
|
155 | :include => :project | |
|
|
156 | } | |
|
|
157 | } | |
|
|
158 | ||
|
|
149 | 159 | def initialize(attributes = nil) |
|
|
150 | 160 | super attributes |
|
|
151 | 161 | self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} } |
| @@ -168,7 +178,7 class Query < ActiveRecord::Base | |||
|
|
168 | 178 | |
|
|
169 | 179 | # Returns true if the query is visible to +user+ or the current user. |
|
|
170 | 180 | def visible?(user=User.current) |
|
|
171 | self.is_public? || self.user_id == user.id | |
|
|
181 | (project.nil? || user.allowed_to?(:view_issues, project)) && (self.is_public? || self.user_id == user.id) | |
|
|
172 | 182 | end |
|
|
173 | 183 | |
|
|
174 | 184 | def editable_by?(user) |
| @@ -77,6 +77,7 ActionController::Routing::Routes.draw do |map| | |||
|
|
77 | 77 | end |
|
|
78 | 78 | |
|
|
79 | 79 | map.resources :issue_moves, :only => [:new, :create], :path_prefix => '/issues', :as => 'move' |
|
|
80 | map.resources :queries, :only => [:index] | |
|
|
80 | 81 | |
|
|
81 | 82 | # Misc issue routes. TODO: move into resources |
|
|
82 | 83 | map.auto_complete_issues '/issues/auto_complete', :controller => 'auto_completes', :action => 'issues' |
| @@ -210,6 +210,9 class RoutingTest < ActionController::IntegrationTest | |||
|
|
210 | 210 | end |
|
|
211 | 211 | |
|
|
212 | 212 | context "queries" do |
|
|
213 | should_route :get, "/queries.xml", :controller => 'queries', :action => 'index', :format => 'xml' | |
|
|
214 | should_route :get, "/queries.json", :controller => 'queries', :action => 'index', :format => 'json' | |
|
|
215 | ||
|
|
213 | 216 | should_route :get, "/queries/new", :controller => 'queries', :action => 'new' |
|
|
214 | 217 | should_route :get, "/projects/redmine/queries/new", :controller => 'queries', :action => 'new', :project_id => 'redmine' |
|
|
215 | 218 | |
| @@ -417,6 +417,16 class QueryTest < ActiveSupport::TestCase | |||
|
|
417 | 417 | assert !q.editable_by?(manager) |
|
|
418 | 418 | assert !q.editable_by?(developer) |
|
|
419 | 419 | end |
|
|
420 | ||
|
|
421 | def test_visible_scope | |
|
|
422 | query_ids = Query.visible(User.anonymous).map(&:id) | |
|
|
423 | ||
|
|
424 | assert query_ids.include?(1), 'public query on public project was not visible' | |
|
|
425 | assert query_ids.include?(4), 'public query for all projects was not visible' | |
|
|
426 | assert !query_ids.include?(2), 'private query on public project was visible' | |
|
|
427 | assert !query_ids.include?(3), 'private query for all projects was visible' | |
|
|
428 | assert !query_ids.include?(7), 'public query on private project was visible' | |
|
|
429 | end | |
|
|
420 | 430 | |
|
|
421 | 431 | context "#available_filters" do |
|
|
422 | 432 | setup do |
General Comments 0
You need to be logged in to leave comments.
Login now