From 221a09d3bd314353b985dc051d79ad8d279335bd Mon Sep 17 00:00:00 2001
From: Holger Just <holger@plan.io>
Date: Wed, 29 Aug 2018 16:12:13 +0200
Subject: [PATCH] Expose the Admin flag on the users api to admin users

---
 app/views/users/index.api.rsb           |  1 +
 app/views/users/show.api.rsb            |  1 +
 test/integration/api_test/users_test.rb | 12 ++++++++++++
 3 files changed, 14 insertions(+)

diff --git a/app/views/users/index.api.rsb b/app/views/users/index.api.rsb
index 4265a4be41..23e38398ef 100644
--- a/app/views/users/index.api.rsb
+++ b/app/views/users/index.api.rsb
@@ -3,6 +3,7 @@ api.array :users, api_meta(:total_count => @user_count, :offset => @offset, :lim
     api.user do
       api.id         user.id
       api.login      user.login
+      api.admin      user.admin?
       api.firstname  user.firstname
       api.lastname   user.lastname
       api.mail       user.mail
diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb
index e4c49f9b87..d83ad22f6b 100644
--- a/app/views/users/show.api.rsb
+++ b/app/views/users/show.api.rsb
@@ -1,6 +1,7 @@
 api.user do
   api.id         @user.id
   api.login      @user.login if User.current.admin? || (User.current == @user)
+  api.admin      @user.admin? if User.current.admin? || (User.current == @user)
   api.firstname  @user.firstname
   api.lastname   @user.lastname
   api.mail       @user.mail if User.current.admin? || !@user.pref.hide_mail
diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb
index 1925578085..80f237b25b 100644
--- a/test/integration/api_test/users_test.rb
+++ b/test/integration/api_test/users_test.rb
@@ -125,6 +125,18 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
     assert_select 'user status', :text => User.find(1).status.to_s
   end
 
+  test "GET /users/:id should return admin status for current user" do
+    get '/users/2.xml', :headers => credentials('jsmith')
+    assert_response :success
+    assert_select 'user admin', :text => 'false'
+  end
+
+  test "GET /users/:id should not return admin status for other user" do
+    get '/users/3.xml', :headers => credentials('jsmith')
+    assert_response :success
+    assert_select 'user admin', 0
+  end
+
   test "POST /users.xml with valid parameters should create the user" do
     assert_difference('User.count') do
       post '/users.xml',
-- 
2.18.0