Expose the Admin flag on the users api to admin users (#29459).

author Go MAEDA <maeda@farend.jp>

Thu, 20 Sep 2018 14:54:38 +0000 (14:54 +0000)

committer Go MAEDA <maeda@farend.jp>

Thu, 20 Sep 2018 14:54:38 +0000 (14:54 +0000)
author Go MAEDA <maeda@farend.jp>
Thu, 20 Sep 2018 14:54:38 +0000 (14:54 +0000)
committer Go MAEDA <maeda@farend.jp>
Thu, 20 Sep 2018 14:54:38 +0000 (14:54 +0000)
diff --git a/app/views/users/index.api.rsb b/app/views/users/index.api.rsb

index 4265a4be416eaa0ae24b5ac3bcc669407740500f..23e38398ef8aeaae146e0ce50d223df2d16d7c4e 100644 (file)
--- a/app/views/users/index.api.rsb
+++ b/app/views/users/index.api.rsb
@@ -3,6 +3,7 @@ api.array :users, api_meta(:total_count => @user_count, :offset => @offset, :lim
      api.user do
        api.id         user.id
        api.login      user.login
+      api.admin      user.admin?
        api.firstname  user.firstname
        api.lastname   user.lastname
        api.mail       user.mail
diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb

index e4c49f9b87e256521f22032aed94d34fdee21f48..d83ad22f6be6aa92833ec02e507d8b4705b92abe 100644 (file)
--- a/app/views/users/show.api.rsb
+++ b/app/views/users/show.api.rsb
@@ -1,6 +1,7 @@
  api.user do
    api.id         @user.id
    api.login      @user.login if User.current.admin? || (User.current == @user)
+  api.admin      @user.admin? if User.current.admin? || (User.current == @user)
    api.firstname  @user.firstname
    api.lastname   @user.lastname
    api.mail       @user.mail if User.current.admin? || !@user.pref.hide_mail
diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb

index 1925578085849990a929f1997dfda18997a96a5a..80f237b25b039b5f3c3c8539413277b1aa85056d 100644 (file)
--- a/test/integration/api_test/users_test.rb
+++ b/test/integration/api_test/users_test.rb
@@ -125,6 +125,18 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
      assert_select 'user status', :text => User.find(1).status.to_s
    end
  
+  test "GET /users/:id should return admin status for current user" do
+    get '/users/2.xml', :headers => credentials('jsmith')
+    assert_response :success
+    assert_select 'user admin', :text => 'false'
+  end
+
+  test "GET /users/:id should not return admin status for other user" do
+    get '/users/3.xml', :headers => credentials('jsmith')
+    assert_response :success
+    assert_select 'user admin', 0
+  end
+
    test "POST /users.xml with valid parameters should create the user" do
      assert_difference('User.count') do
        post '/users.xml',
author	Go MAEDA <maeda@farend.jp>
	Thu, 20 Sep 2018 14:54:38 +0000 (14:54 +0000)
committer	Go MAEDA <maeda@farend.jp>
	Thu, 20 Sep 2018 14:54:38 +0000 (14:54 +0000)
app/views/users/index.api.rsb		patch \| blob \| history
app/views/users/show.api.rsb		patch \| blob \| history
test/integration/api_test/users_test.rb		patch \| blob \| history