jro_apps/redmine Commit - r13759:d5093417971b

API: creating an issue with an invalid project_id should return 422 instead of 403 (#19276)....

Jean-Philippe Lang -

r13759:d5093417971b

parent child

Context file:

r13759:d5093417971b

app/controllers/issues_controller.rb +1 -1

               end
               def create
-                unless User.current.allowed_to?(:add_issues, @issue.project)
+                unless User.current.allowed_to?(:add_issues, @issue.project, :global => true)
                   raise ::Unauthorized
                 end
                 call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })

test/integration/api_test/issues_test.rb +5 0

                 assert json['errors'].include?("Subject cannot be blank")
               end
+              test "POST /issues.json with invalid project_id should respond with 422" do
+                post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith')
+                assert_response 422
+              end
               test "PUT /issues/:id.xml" do
                 assert_difference('Journal.count') do
                   put '/issues/6.xml',

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages