# After the request refreshes the timestamp if sudo mode was used during
# this request.
def sudo_mode
- if api_request?
- SudoMode.disable!
- elsif sudo_timestamp_valid?
+ if sudo_timestamp_valid?
SudoMode.active!
end
yield
class SudoRequestFilter < Struct.new(:parameters, :request_methods)
def before(controller)
method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol)
- if SudoMode.possible? && method_matches
+ if controller.api_request?
+ true
+ elsif SudoMode.possible? && method_matches
controller.require_sudo_mode( *parameters )
else
true
assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
end
+ def test_sudo_mode_should_skip_api_requests
+ with_settings :rest_api_enabled => '1' do
+ assert_difference('User.count') do
+ post '/users.json', {
+ :user => {
+ :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
+ :mail => 'foo@example.net', :password => 'secret123',
+ :mail_notification => 'only_assigned'}
+ },
+ credentials('admin')
+
+ assert_response :created
+ end
+ end
+ end
end
projects / redmine.git / commitdiff