]> source.dussan.org Git - redmine.git/commitdiff
API: creating an issue with an invalid project_id should return 422 instead of 403...
authorJean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 20 Mar 2015 10:02:45 +0000 (10:02 +0000)
committerJean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 20 Mar 2015 10:02:45 +0000 (10:02 +0000)
git-svn-id: http://svn.redmine.org/redmine/trunk@14141 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/issues_controller.rb
test/integration/api_test/issues_test.rb

index 161022635d25423e15aa4b0ef69b553136516aa7..15f26e27331af3884db5dfd3383666c46b30f8b8 100644 (file)
@@ -133,7 +133,7 @@ class IssuesController < ApplicationController
   end
 
   def create
-    unless User.current.allowed_to?(:add_issues, @issue.project)
+    unless User.current.allowed_to?(:add_issues, @issue.project, :global => true)
       raise ::Unauthorized
     end
     call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
index bad1822361334c88999d6832503c0c673d9f8415..08543ab150f91d71e9a26daf5b796d7ea5f49231 100644 (file)
@@ -444,6 +444,11 @@ JSON
     assert json['errors'].include?("Subject cannot be blank")
   end
 
+  test "POST /issues.json with invalid project_id should respond with 422" do
+    post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith')
+    assert_response 422
+  end
+
   test "PUT /issues/:id.xml" do
     assert_difference('Journal.count') do
       put '/issues/6.xml',