Project

General

Profile

Actions
Copy link

Defect #12472

closed

Roles REST API does not accept API authentication

Added by Vincent Caron almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
REST API
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

While using the Roles REST API, I encountered a bogus issue with authentication while the global setting "Authentication required" was on : I could not fetch /roles.{json|xml}, I always got a 401 whatever auth I tried (cookie, plain, header).

The following patch against SVN trunk should fix it, at least it works correctly now for me :

Index: app/controllers/roles_controller.rb
===================================================================
--- app/controllers/roles_controller.rb (revision 10851)
+++ app/controllers/roles_controller.rb (working copy)
@@ -19,8 +19,8 @@
   layout 'admin'

   before_filter :require_admin, :except => [:index, :show]
-  before_filter :require_admin_or_api_request, :only => [:index, :show]
   before_filter :find_role, :only => [:show, :edit, :update, :destroy]
+  accept_api_auth :index, :show

   def index
     respond_to do |format|

Related issues

Related to Redmine - Feature #11502: Expose roles details via REST APIClosedJean-Philippe Lang

Actions
Actions
Copy link
 #1

Updated by Jean-Philippe Lang almost 12 years ago

  • Subject changed from Roles REST API auth incorrect to Roles REST API does not accept API authentication
  • Category changed from Accounts / authentication to REST API
  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 2.1.5

Fixed in r10893.

Actions
Copy link
 #2

Updated by Jean-Philippe Lang almost 12 years ago

  • Tracker changed from Patch to Defect
  • Status changed from Resolved to Closed
  • Resolution set to Fixed

Merged.

Actions
Copy link
 #3

Updated by Toshi MARUYAMA almost 12 years ago

  • Status changed from Closed to Reopened

In 2.1-stable and 1.4-stable, "accept_api_auth" is duplicates.
Is it correct?
source:branches/2.1-stable/app/controllers/roles_controller.rb@10895#L24

  accept_api_auth :index
  accept_api_auth :index, :show
Actions
Copy link
 #4

Updated by Toshi MARUYAMA almost 12 years ago

RolesController#show added at trunk r10620.
1.4-stable and 2.1-stable don't have RolesController#show.

Actions
Copy link
 #5

Updated by Jean-Philippe Lang almost 12 years ago

  • Status changed from Reopened to Closed
  • Target version changed from 2.1.5 to 2.2.0
  • Affected version (unused) set to devel

You're right. Reverted in stable branches.

Actions
Copy link
 #6

Updated by Toshi MARUYAMA almost 12 years ago

  • Target version deleted (2.2.0)
Actions
Copy link

Also available in: Atom PDF