layout 'admin'
before_filter :require_admin, :except => :show
+ before_filter :find_user, :only => [:show, :edit, :update, :edit_membership, :destroy_membership]
accept_key_auth :index, :show, :create, :update
helper :sort
end
def show
- @user = User.find(params[:id])
-
# show projects based on current user visibility
@memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
format.html { render :layout => 'base' }
format.api
end
- rescue ActiveRecord::RecordNotFound
- render_404
end
def new
end
def edit
- @user = User.find(params[:id])
-
@auth_sources = AuthSource.find(:all)
@membership ||= Member.new
end
verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
def update
- @user = User.find(params[:id])
-
@user.admin = params[:user][:admin] if params[:user][:admin]
@user.login = params[:user][:login] if params[:user][:login]
if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
end
def edit_membership
- @user = User.find(params[:id])
@membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
@membership.save if request.post?
respond_to do |format|
end
def destroy_membership
- @user = User.find(params[:id])
@membership = Member.find(params[:membership_id])
if request.post? && @membership.deletable?
@membership.destroy
format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
end
end
+
+ private
+
+ def find_user
+ if params[:id] == 'current'
+ require_login || return
+ @user = User.current
+ else
+ @user = User.find(params[:id])
+ end
+ rescue ActiveRecord::RecordNotFound
+ render_404
+ end
end
assert project_ids.include?(2) #private project admin can see
end
+ def test_show_current_should_require_authentication
+ @request.session[:user_id] = nil
+ get :show, :id => 'current'
+ assert_response 302
+ end
+
+ def test_show_current
+ @request.session[:user_id] = 2
+ get :show, :id => 'current'
+ assert_response :success
+ assert_template 'show'
+ assert_equal User.find(2), assigns(:user)
+ end
+
def test_new
get :new
end
end
end
+
+ context "GET /users/current" do
+ context ".xml" do
+ should "require authentication" do
+ get '/users/current.xml'
+
+ assert_response 401
+ end
+
+ should "return current user" do
+ get '/users/current.xml', {}, :authorization => credentials('jsmith')
+
+ assert_tag :tag => 'user',
+ :child => {:tag => 'id', :content => '2'}
+ end
+ end
+ end
context "POST /users" do
context "with valid parameters" do
context "users" do
should_route :get, "/users", :controller => 'users', :action => 'index'
should_route :get, "/users/44", :controller => 'users', :action => 'show', :id => '44'
+ should_route :get, "/users/current", :controller => 'users', :action => 'show', :id => 'current'
should_route :get, "/users/new", :controller => 'users', :action => 'new'
should_route :get, "/users/444/edit", :controller => 'users', :action => 'edit', :id => '444'
should_route :get, "/users/222/edit/membership", :controller => 'users', :action => 'edit', :id => '222', :tab => 'membership'
projects / redmine.git / commitdiff