Include @auth_source@ in /users/:id API response if auth_source is requested (include=auth_source) and request is made by an administrator (#23307).

Patch by Go MAEDA (@maeda) and Marius BĂLTEANU (@marius.balteanu). git-svn-id: https://svn.redmine.org/redmine/trunk@22636 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-08 14:26:04 +01:00 · 2024-01-25 16:13:08 +00:00
parent 5676499ceb
commit 479c54bf1d
2 changed files with 42 additions and 0 deletions
--- a/test/integration/api_test/users_test.rb
+++ b/test/integration/api_test/users_test.rb
@@ -179,6 +179,7 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
    assert_equal Time.zone.parse('2006-07-19T20:42:15Z').iso8601, json['user']['updated_on']
    assert_nil json['user']['passwd_changed_on']
    assert_nil json['user']['twofa_scheme']
+    assert_nil json['user']['auth_source']
  end

  test "GET /users/:id.xml with include=memberships should include memberships" do
@@ -201,6 +202,42 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
    }], json['user']['memberships']
  end

+  test "GET /users/:id.json with include=auth_source should include auth_source for administrators" do
+    user = User.find(2)
+    user.update(:auth_source_id => 1)
+    get '/users/2.json?include=auth_source', :headers => credentials('admin')
+
+    assert_response :success
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_equal user.auth_source.id, json['user']['auth_source']['id']
+    assert_equal user.auth_source.name, json['user']['auth_source']['name']
+  end
+
+  test "GET /users/:id.json without include=auth_source should not include auth_source" do
+    user = User.find(2)
+    user.update(:auth_source_id => 1)
+    get '/users/2.json', :headers => credentials('admin')
+
+    assert_response :success
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_response :success
+    assert_nil json['user']['auth_source']
+  end
+
+  test "GET /users/:id.json should not include auth_source for standard user" do
+    user = User.find(2)
+    user.update(:auth_source_id => 1)
+    get '/users/2.json?include=auth_source', :headers => credentials('jsmith')
+
+    assert_response :success
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_equal user.id, json['user']['id']
+    assert_nil json['user']['auth_source']
+  end
+
  test "GET /users/current.xml should require authentication" do
    get '/users/current.xml'