jro_apps/redmine Commit - r13759:d5093417971b

API: creating an issue with an invalid project_id should return 422 instead of 403 (#19276)....

Jean-Philippe Lang -

r13759:d5093417971b

parent child

Context file:

r13759:d5093417971b

app/controllers/issues_controller.rb +1 -1

                end
                def create
-                 unless User.current.allowed_to?(:add_issues, @issue.project)
+                 unless User.current.allowed_to?(:add_issues, @issue.project, :global => true)
                    raise ::Unauthorized
                  end
                  call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })

test/integration/api_test/issues_test.rb +5 0

                  assert json['errors'].include?("Subject cannot be blank")
                end
+               test "POST /issues.json with invalid project_id should respond with 422" do
+                 post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith')
+                 assert_response 422
+               end
                test "PUT /issues/:id.xml" do
                  assert_difference('Journal.count') do
                    put '/issues/6.xml',

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages