Project

General

Profile

Patch #31399 » 0001-enables-API-access-to-my-account-for-updating-user-a.patch

Jens Krämer, 2019-05-20 05:34

View differences:

app/controllers/my_controller.rb
23 23
  # let user change user's password when user has to
24 24
  skip_before_action :check_password_change, :only => :password
25 25

  
26
  accept_api_auth :account
27

  
26 28
  require_sudo_mode :account, only: :post
27 29
  require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
28 30

  
......
49 51
  def account
50 52
    @user = User.current
51 53
    @pref = @user.pref
52
    if request.post?
54
    if request.post? || request.put?
53 55
      @user.safe_attributes = params[:user]
54 56
      @user.pref.safe_attributes = params[:pref]
55 57
      if @user.save
56 58
        @user.pref.save
57 59
        set_language_if_valid @user.language
58
        flash[:notice] = l(:notice_account_updated)
59
        redirect_to my_account_path
60
        respond_to do |format|
61
          format.html {
62
            flash[:notice] = l(:notice_account_updated)
63
            redirect_to my_account_path
64
          }
65
          format.api  { render_api_ok }
66
        end
60 67
        return
68
      else
69
        respond_to do |format|
70
          format.html { render :action => :account }
71
          format.api  { render_validation_errors(@user) }
72
        end
61 73
      end
62 74
    end
63 75
  end
app/views/my/account.api.rsb
1
api.user do
2
  api.id         @user.id
3
  api.login      @user.login
4
  api.admin      @user.admin?
5
  api.firstname  @user.firstname
6
  api.lastname   @user.lastname
7
  api.mail       @user.mail
8
  api.created_on @user.created_on
9
  api.last_login_on @user.last_login_on
10
  api.api_key    @user.api_key
11

  
12
  render_api_custom_values @user.visible_custom_field_values, api
13
end
config/routes.rb
72 72
  match '/imports/:id/mapping', :to => 'imports#mapping', :via => [:get, :post], :as => 'import_mapping'
73 73
  match '/imports/:id/run', :to => 'imports#run', :via => [:get, :post], :as => 'import_run'
74 74

  
75
  match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :post]
75
  match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :post, :put]
76 76
  match 'my/account/destroy', :controller => 'my', :action => 'destroy', :via => [:get, :post]
77 77
  match 'my/page', :controller => 'my', :action => 'page', :via => :get
78 78
  post 'my/page', :to => 'my#update_page'
test/integration/api_test/my_test.rb
1
# frozen_string_literal: true
2

  
3
# Redmine - project management software
4
# Copyright (C) 2006-2017  Jean-Philippe Lang
5
#
6
# This program is free software; you can redistribute it and/or
7
# modify it under the terms of the GNU General Public License
8
# as published by the Free Software Foundation; either version 2
9
# of the License, or (at your option) any later version.
10
#
11
# This program is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
# GNU General Public License for more details.
15
#
16
# You should have received a copy of the GNU General Public License
17
# along with this program; if not, write to the Free Software
18
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19

  
20
require File.expand_path('../../../test_helper', __FILE__)
21

  
22
class Redmine::ApiTest::MyTest < Redmine::ApiTest::Base
23
  fixtures :users, :email_addresses, :members, :member_roles, :roles, :projects
24

  
25
  test "GET /my/account.json should return user" do
26
    assert Setting.rest_api_enabled?
27
    get '/my/account.json', :headers => credentials('dlopper', 'foo')
28

  
29
    assert_response :success
30
    assert_equal 'application/json', response.content_type
31
    json = ActiveSupport::JSON.decode(response.body)
32
    assert json.key?('user')
33
    assert_equal 'dlopper', json['user']['login']
34
  end
35

  
36
  test "PUT /my/account.xml with valid parameters should update the user" do
37
    put '/my/account.xml',
38
      :params => {
39
        :user => {
40
          :firstname => 'Dave', :lastname => 'Renamed',
41
          :mail => 'dave@somenet.foo'
42
        }
43
      },
44
      :headers => credentials('dlopper', 'foo')
45
    assert_response :no_content
46
    assert_equal '', @response.body
47

  
48
    assert user = User.find_by_lastname('Renamed')
49
    assert_equal 'Dave', user.firstname
50
    assert_equal 'Renamed', user.lastname
51
    assert_equal 'dave@somenet.foo', user.mail
52
    refute user.admin?
53
  end
54

  
55
  test "PUT /my/account.json with valid parameters should update the user" do
56
    put '/my/account.xml',
57
      :params => {
58
        :user => {
59
          :firstname => 'Dave', :lastname => 'Renamed',
60
          :mail => 'dave@somenet.foo'
61
        }
62
      },
63
      :headers => credentials('dlopper', 'foo')
64
    assert_response :no_content
65
    assert_equal '', @response.body
66

  
67
    assert user = User.find_by_lastname('Renamed')
68
    assert_equal 'Dave', user.firstname
69
    assert_equal 'Renamed', user.lastname
70
    assert_equal 'dave@somenet.foo', user.mail
71
    refute user.admin?
72

  
73
  end
74

  
75
  test "PUT /my/account.xml with invalid parameters" do
76
    put '/my/account.xml',
77
      :params => {
78
        :user => {
79
          :login => 'dlopper', :firstname => '', :lastname => 'Lastname'
80
        }
81
      },
82
      :headers => credentials('dlopper', 'foo')
83

  
84
    assert_response :unprocessable_entity
85
    assert_equal 'application/xml', @response.content_type
86
    assert_select 'errors error', :text => "First name cannot be blank"
87
  end
88

  
89
  test "PUT /my/account.json with invalid parameters" do
90
    put '/my/account.json',
91
      :params => {
92
        :user => {
93
          :login => 'dlopper', :firstname => '', :lastname => 'Lastname'
94
        }
95
      },
96
      :headers => credentials('dlopper', 'foo')
97

  
98
    assert_response :unprocessable_entity
99
    assert_equal 'application/json', @response.content_type
100
    json = ActiveSupport::JSON.decode(response.body)
101
    assert_kind_of Hash, json
102
    assert json.has_key?('errors')
103
    assert_kind_of Array, json['errors']
104
  end
105
end
106

  
(1-1/3)