Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-09 14:56:01 +01:00
Code Issues Packages Projects Releases Activity

Include @auth_source@ in /users/:id API response if auth_source is requested (include=auth_source) and request is made by an administrator (#23307).

Browse Source 
Patch by Go MAEDA (@maeda) and Marius BĂLTEANU (@marius.balteanu).

git-svn-id: https://svn.redmine.org/redmine/trunk@22636 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Marius Balteanu
2024-01-25 16:13:08 +00:00
parent 5676499ceb
commit 479c54bf1d
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/views/users/show.api.rsb
View File

@@ -16,6 +16,11 @@ api.user do
render_api_custom_values @user.visible_custom_field_values, api render_api_custom_values @user.visible_custom_field_values, api
api.auth_source do
api.id @user.auth_source.id
api.name @user.auth_source.name
end if User.current.admin? && include_in_api_response?('auth_source') && @user.auth_source.present?
api.array :groups do |groups| api.array :groups do |groups|
@user.groups.each do |group| @user.groups.each do |group|
api.group :id => group.id, :name => group.name api.group :id => group.id, :name => group.name

37
test/integration/api_test/users_test.rb
View File

@@ -179,6 +179,7 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
assert_equal Time.zone.parse('2006-07-19T20:42:15Z').iso8601, json['user']['updated_on'] assert_equal Time.zone.parse('2006-07-19T20:42:15Z').iso8601, json['user']['updated_on']
assert_nil json['user']['passwd_changed_on'] assert_nil json['user']['passwd_changed_on']
assert_nil json['user']['twofa_scheme'] assert_nil json['user']['twofa_scheme']
assert_nil json['user']['auth_source']
end end
test "GET /users/:id.xml with include=memberships should include memberships" do test "GET /users/:id.xml with include=memberships should include memberships" do
@@ -201,6 +202,42 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
}], json['user']['memberships'] }], json['user']['memberships']
end end
test "GET /users/:id.json with include=auth_source should include auth_source for administrators" do
user = User.find(2)
user.update(:auth_source_id => 1)
get '/users/2.json?include=auth_source', :headers => credentials('admin')
assert_response :success
json = ActiveSupport::JSON.decode(response.body)
assert_equal user.auth_source.id, json['user']['auth_source']['id']
assert_equal user.auth_source.name, json['user']['auth_source']['name']
end
test "GET /users/:id.json without include=auth_source should not include auth_source" do
user = User.find(2)
user.update(:auth_source_id => 1)
get '/users/2.json', :headers => credentials('admin')
assert_response :success
json = ActiveSupport::JSON.decode(response.body)
assert_response :success
assert_nil json['user']['auth_source']
end
test "GET /users/:id.json should not include auth_source for standard user" do
user = User.find(2)
user.update(:auth_source_id => 1)
get '/users/2.json?include=auth_source', :headers => credentials('jsmith')
assert_response :success
json = ActiveSupport::JSON.decode(response.body)
assert_equal user.id, json['user']['id']
assert_nil json['user']['auth_source']
end
test "GET /users/current.xml should require authentication" do test "GET /users/current.xml should require authentication" do
get '/users/current.xml' get '/users/current.xml'