render_api_custom_values @user.visible_custom_field_values, api
+ api.auth_source do
+ api.id @user.auth_source.id
+ api.name @user.auth_source.name
+ end if User.current.admin? && include_in_api_response?('auth_source') && @user.auth_source.present?
+
api.array :groups do |groups|
@user.groups.each do |group|
api.group :id => group.id, :name => group.name
assert_equal Time.zone.parse('2006-07-19T20:42:15Z').iso8601, json['user']['updated_on']
assert_nil json['user']['passwd_changed_on']
assert_nil json['user']['twofa_scheme']
+ assert_nil json['user']['auth_source']
end
test "GET /users/:id.xml with include=memberships should include memberships" do
}], json['user']['memberships']
end
+ test "GET /users/:id.json with include=auth_source should include auth_source for administrators" do
+ user = User.find(2)
+ user.update(:auth_source_id => 1)
+ get '/users/2.json?include=auth_source', :headers => credentials('admin')
+
+ assert_response :success
+ json = ActiveSupport::JSON.decode(response.body)
+
+ assert_equal user.auth_source.id, json['user']['auth_source']['id']
+ assert_equal user.auth_source.name, json['user']['auth_source']['name']
+ end
+
+ test "GET /users/:id.json without include=auth_source should not include auth_source" do
+ user = User.find(2)
+ user.update(:auth_source_id => 1)
+ get '/users/2.json', :headers => credentials('admin')
+
+ assert_response :success
+ json = ActiveSupport::JSON.decode(response.body)
+
+ assert_response :success
+ assert_nil json['user']['auth_source']
+ end
+
+ test "GET /users/:id.json should not include auth_source for standard user" do
+ user = User.find(2)
+ user.update(:auth_source_id => 1)
+ get '/users/2.json?include=auth_source', :headers => credentials('jsmith')
+
+ assert_response :success
+ json = ActiveSupport::JSON.decode(response.body)
+
+ assert_equal user.id, json['user']['id']
+ assert_nil json['user']['auth_source']
+ end
+
test "GET /users/current.xml should require authentication" do
get '/users/current.xml'
projects / redmine.git / commitdiff