231789.patch

Jan from Planio www.plan.io, 2015-11-02 22:43

Download (3.16 KB)

View differences:

app/views/issues/show.api.rsb
40 40
  end if include_in_api_response?('relations') && @relations.present?
41 41

  
42 42
  api.array :changesets do
43
    @issue.changesets.each do |changeset|
43
    @changesets.each do |changeset|
44 44
      api.changeset :revision => changeset.revision do
45 45
        api.user(:id => changeset.user_id, :name => changeset.user.name) unless changeset.user.nil?
46 46
        api.comments changeset.comments
47 47
        api.committed_on changeset.committed_on
48 48
      end
49 49
    end
50
  end if include_in_api_response?('changesets') && User.current.allowed_to?(:view_changesets, @project)
50
  end if include_in_api_response?('changesets')
51 51

  
52 52
  api.array :journals do
53 53
    @journals.each do |journal|
test/fixtures/changesets.yml
102 102
  user_id: 3
103 103
  repository_id: 10
104 104
  committer: dlopper
105
changesets_011:
106
  commit_date: "2015-10-07"
107
  comments: This is an empty changeset
108
  committed_on: 2015-10-07 17:58:00
109
  revision: "1"
110
  id: 110
111
  scmid:
112
  user_id: 3
113
  repository_id: 12
114
  committer: dlopper
test/fixtures/changesets_issues.yml
1
---
2
changesets_issues_001:
3
  changeset_id: 110
4
  issue_id: 1
test/fixtures/repositories.yml
19 19
  type: Repository::Subversion
20 20
  is_default: true
21 21
  created_on: 2006-07-19 19:04:21 +02:00
22
repositories_003:
23
  project_id: 3
24
  url: svn://localhost/test
25
  id: 12
26
  root_url: svn://localhost
27
  password: ""
28
  login: ""
29
  type: Repository::Subversion
30
  is_default: true
31
  created_on: 2015-10-07 17:54:00 +02:00
test/integration/api_test/issues_test.rb
42 42
    :journals,
43 43
    :journal_details,
44 44
    :queries,
45
    :attachments
45
    :attachments,
46
    :changesets,
47
    :changesets_issues
46 48

  
47 49
  test "GET /issues.xml should contain metadata" do
48 50
    get '/issues.xml'
......
336 338
    end
337 339
  end
338 340

  
341
  test "GET /issues/:id.xml should not disclose associated changesets from projects the user has no access to" do
342
    get '/issues/1.xml?include=changesets', {}, credentials('jsmith')
343

  
344
    # the user jsmith has no permission to view the associated changeset
345
    assert_select 'issue changesets[type=array]' do
346
      assert_select 'changeset', 0
347
    end
348
  end
349

  
339 350
  test "POST /issues.xml should create an issue with the attributes" do
340 351

  
341 352
payload = <<-XML