Patch #31399 » 0001-enables-API-access-to-my-account-for-updating-user-a.patch
| app/controllers/my_controller.rb | ||
|---|---|---|
| 23 | 23 |
# let user change user's password when user has to |
| 24 | 24 |
skip_before_action :check_password_change, :only => :password |
| 25 | 25 | |
| 26 |
accept_api_auth :account |
|
| 27 | ||
| 26 | 28 |
require_sudo_mode :account, only: :post |
| 27 | 29 |
require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy |
| 28 | 30 | |
| ... | ... | |
| 49 | 51 |
def account |
| 50 | 52 |
@user = User.current |
| 51 | 53 |
@pref = @user.pref |
| 52 |
if request.post? |
|
| 54 |
if request.post? || request.put?
|
|
| 53 | 55 |
@user.safe_attributes = params[:user] |
| 54 | 56 |
@user.pref.safe_attributes = params[:pref] |
| 55 | 57 |
if @user.save |
| 56 | 58 |
@user.pref.save |
| 57 | 59 |
set_language_if_valid @user.language |
| 58 |
flash[:notice] = l(:notice_account_updated) |
|
| 59 |
redirect_to my_account_path |
|
| 60 |
respond_to do |format| |
|
| 61 |
format.html {
|
|
| 62 |
flash[:notice] = l(:notice_account_updated) |
|
| 63 |
redirect_to my_account_path |
|
| 64 |
} |
|
| 65 |
format.api { render_api_ok }
|
|
| 66 |
end |
|
| 60 | 67 |
return |
| 68 |
else |
|
| 69 |
respond_to do |format| |
|
| 70 |
format.html { render :action => :account }
|
|
| 71 |
format.api { render_validation_errors(@user) }
|
|
| 72 |
end |
|
| 61 | 73 |
end |
| 62 | 74 |
end |
| 63 | 75 |
end |
| app/views/my/account.api.rsb | ||
|---|---|---|
| 1 |
api.user do |
|
| 2 |
api.id @user.id |
|
| 3 |
api.login @user.login |
|
| 4 |
api.admin @user.admin? |
|
| 5 |
api.firstname @user.firstname |
|
| 6 |
api.lastname @user.lastname |
|
| 7 |
api.mail @user.mail |
|
| 8 |
api.created_on @user.created_on |
|
| 9 |
api.last_login_on @user.last_login_on |
|
| 10 |
api.api_key @user.api_key |
|
| 11 | ||
| 12 |
render_api_custom_values @user.visible_custom_field_values, api |
|
| 13 |
end |
|
| config/routes.rb | ||
|---|---|---|
| 72 | 72 |
match '/imports/:id/mapping', :to => 'imports#mapping', :via => [:get, :post], :as => 'import_mapping' |
| 73 | 73 |
match '/imports/:id/run', :to => 'imports#run', :via => [:get, :post], :as => 'import_run' |
| 74 | 74 | |
| 75 |
match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :post] |
|
| 75 |
match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :post, :put]
|
|
| 76 | 76 |
match 'my/account/destroy', :controller => 'my', :action => 'destroy', :via => [:get, :post] |
| 77 | 77 |
match 'my/page', :controller => 'my', :action => 'page', :via => :get |
| 78 | 78 |
post 'my/page', :to => 'my#update_page' |
| test/integration/api_test/my_test.rb | ||
|---|---|---|
| 1 |
# frozen_string_literal: true |
|
| 2 | ||
| 3 |
# Redmine - project management software |
|
| 4 |
# Copyright (C) 2006-2017 Jean-Philippe Lang |
|
| 5 |
# |
|
| 6 |
# This program is free software; you can redistribute it and/or |
|
| 7 |
# modify it under the terms of the GNU General Public License |
|
| 8 |
# as published by the Free Software Foundation; either version 2 |
|
| 9 |
# of the License, or (at your option) any later version. |
|
| 10 |
# |
|
| 11 |
# This program is distributed in the hope that it will be useful, |
|
| 12 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 13 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 14 |
# GNU General Public License for more details. |
|
| 15 |
# |
|
| 16 |
# You should have received a copy of the GNU General Public License |
|
| 17 |
# along with this program; if not, write to the Free Software |
|
| 18 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
| 19 | ||
| 20 |
require File.expand_path('../../../test_helper', __FILE__)
|
|
| 21 | ||
| 22 |
class Redmine::ApiTest::MyTest < Redmine::ApiTest::Base |
|
| 23 |
fixtures :users, :email_addresses, :members, :member_roles, :roles, :projects |
|
| 24 | ||
| 25 |
test "GET /my/account.json should return user" do |
|
| 26 |
assert Setting.rest_api_enabled? |
|
| 27 |
get '/my/account.json', :headers => credentials('dlopper', 'foo')
|
|
| 28 | ||
| 29 |
assert_response :success |
|
| 30 |
assert_equal 'application/json', response.content_type |
|
| 31 |
json = ActiveSupport::JSON.decode(response.body) |
|
| 32 |
assert json.key?('user')
|
|
| 33 |
assert_equal 'dlopper', json['user']['login'] |
|
| 34 |
end |
|
| 35 | ||
| 36 |
test "PUT /my/account.xml with valid parameters should update the user" do |
|
| 37 |
put '/my/account.xml', |
|
| 38 |
:params => {
|
|
| 39 |
:user => {
|
|
| 40 |
:firstname => 'Dave', :lastname => 'Renamed', |
|
| 41 |
:mail => 'dave@somenet.foo' |
|
| 42 |
} |
|
| 43 |
}, |
|
| 44 |
:headers => credentials('dlopper', 'foo')
|
|
| 45 |
assert_response :no_content |
|
| 46 |
assert_equal '', @response.body |
|
| 47 | ||
| 48 |
assert user = User.find_by_lastname('Renamed')
|
|
| 49 |
assert_equal 'Dave', user.firstname |
|
| 50 |
assert_equal 'Renamed', user.lastname |
|
| 51 |
assert_equal 'dave@somenet.foo', user.mail |
|
| 52 |
refute user.admin? |
|
| 53 |
end |
|
| 54 | ||
| 55 |
test "PUT /my/account.json with valid parameters should update the user" do |
|
| 56 |
put '/my/account.xml', |
|
| 57 |
:params => {
|
|
| 58 |
:user => {
|
|
| 59 |
:firstname => 'Dave', :lastname => 'Renamed', |
|
| 60 |
:mail => 'dave@somenet.foo' |
|
| 61 |
} |
|
| 62 |
}, |
|
| 63 |
:headers => credentials('dlopper', 'foo')
|
|
| 64 |
assert_response :no_content |
|
| 65 |
assert_equal '', @response.body |
|
| 66 | ||
| 67 |
assert user = User.find_by_lastname('Renamed')
|
|
| 68 |
assert_equal 'Dave', user.firstname |
|
| 69 |
assert_equal 'Renamed', user.lastname |
|
| 70 |
assert_equal 'dave@somenet.foo', user.mail |
|
| 71 |
refute user.admin? |
|
| 72 | ||
| 73 |
end |
|
| 74 | ||
| 75 |
test "PUT /my/account.xml with invalid parameters" do |
|
| 76 |
put '/my/account.xml', |
|
| 77 |
:params => {
|
|
| 78 |
:user => {
|
|
| 79 |
:login => 'dlopper', :firstname => '', :lastname => 'Lastname' |
|
| 80 |
} |
|
| 81 |
}, |
|
| 82 |
:headers => credentials('dlopper', 'foo')
|
|
| 83 | ||
| 84 |
assert_response :unprocessable_entity |
|
| 85 |
assert_equal 'application/xml', @response.content_type |
|
| 86 |
assert_select 'errors error', :text => "First name cannot be blank" |
|
| 87 |
end |
|
| 88 | ||
| 89 |
test "PUT /my/account.json with invalid parameters" do |
|
| 90 |
put '/my/account.json', |
|
| 91 |
:params => {
|
|
| 92 |
:user => {
|
|
| 93 |
:login => 'dlopper', :firstname => '', :lastname => 'Lastname' |
|
| 94 |
} |
|
| 95 |
}, |
|
| 96 |
:headers => credentials('dlopper', 'foo')
|
|
| 97 | ||
| 98 |
assert_response :unprocessable_entity |
|
| 99 |
assert_equal 'application/json', @response.content_type |
|
| 100 |
json = ActiveSupport::JSON.decode(response.body) |
|
| 101 |
assert_kind_of Hash, json |
|
| 102 |
assert json.has_key?('errors')
|
|
| 103 |
assert_kind_of Array, json['errors'] |
|
| 104 |
end |
|
| 105 |
end |
|
| 106 | ||