From bac64c9ab423f36f0e6e192a5118ee42f029d82a Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 27 Nov 2010 16:45:07 +0000
Subject: [PATCH] Backported r4441 to r4444 from trunk.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.0-stable@4445 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/projects_controller.rb     |  2 +-
 test/integration/api_test/projects_test.rb | 82 ++++++++++++++--------
 2 files changed, 54 insertions(+), 30 deletions(-)

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index a6a5c9e5f..f97f6c30f 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -24,7 +24,7 @@ class ProjectsController < ApplicationController
   before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
   before_filter :authorize_global, :only => [:new, :create]
   before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
-  accept_key_auth :index
+  accept_key_auth :index, :show, :create, :update, :destroy
 
   after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
     if controller.request.post?
diff --git a/test/integration/api_test/projects_test.rb b/test/integration/api_test/projects_test.rb
index 7c090a925..87c1d8311 100644
--- a/test/integration/api_test/projects_test.rb
+++ b/test/integration/api_test/projects_test.rb
@@ -31,23 +31,37 @@ class ApiTest::ProjectsTest < ActionController::IntegrationTest
     assert_response :success
     assert_equal 'application/xml', @response.content_type
   end
-    
+  
+  context "GET /projects/2.xml" do
+    # TODO: A private project is needed because should_allow_api_authentication
+    # actually tests that authentication is *required*, not just allowed
+    should_allow_api_authentication(:get, "/projects/2.xml")
+  end
+  
   def test_show
     get '/projects/1.xml'
     assert_response :success
     assert_equal 'application/xml', @response.content_type
   end
-    
-  def test_create
-    attributes = {:name => 'API test', :identifier => 'api-test'}
-    assert_difference 'Project.count' do
-      post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
-    end
-    assert_response :created
-    assert_equal 'application/xml', @response.content_type
-    project = Project.first(:order => 'id DESC')
-    attributes.each do |attribute, value|
-      assert_equal value, project.send(attribute)
+  
+  context "POST /projects.xml" do
+    should_allow_api_authentication(:post,
+                                    '/projects.xml',
+                                    {:project => {:name => 'API test', :identifier => 'api-test'}},
+                                    {:success_code => :created})
+
+    should "create a project with the attributes" do
+      assert_difference('Project.count') do
+        post '/projects.xml', {:project => {:name => 'API test', :identifier => 'api-test'}}, :authorization => credentials('admin')
+      end
+  
+      project = Project.first(:order => 'id DESC')
+      assert_equal 'API test', project.name
+      assert_equal 'api-test', project.identifier
+  
+      assert_response :created
+      assert_equal 'application/xml', @response.content_type
+      assert_tag 'project', :child => {:tag => 'id', :content => project.id.to_s}
     end
   end
   
@@ -61,16 +75,20 @@ class ApiTest::ProjectsTest < ActionController::IntegrationTest
     assert_tag :errors, :child => {:tag => 'error', :content => "Identifier can't be blank"}
   end
     
-  def test_update
-    attributes = {:name => 'API update'}
-    assert_no_difference 'Project.count' do
-      put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
-    end
-    assert_response :ok
-    assert_equal 'application/xml', @response.content_type
-    project = Project.find(1)
-    attributes.each do |attribute, value|
-      assert_equal value, project.send(attribute)
+  context "PUT /projects/2.xml" do
+    should_allow_api_authentication(:put,
+                                    '/projects/2.xml',
+                                    {:project => {:name => 'API test'}},
+                                    {:success_code => :ok})
+    
+    should "update the project" do
+      assert_no_difference 'Project.count' do
+        put '/projects/2.xml', {:project => {:name => 'API update'}}, :authorization => credentials('jsmith')
+      end
+      assert_response :ok
+      assert_equal 'application/xml', @response.content_type
+      project = Project.find(2)
+      assert_equal 'API update', project.name
     end
   end
   
@@ -83,14 +101,20 @@ class ApiTest::ProjectsTest < ActionController::IntegrationTest
     assert_equal 'application/xml', @response.content_type
     assert_tag :errors, :child => {:tag => 'error', :content => "Name can't be blank"}
   end
-    
-  def test_destroy
-    assert_difference 'Project.count', -1 do
-      delete '/projects/2.xml', {}, :authorization => credentials('admin')
+  
+  context "DELETE /projects/2.xml" do
+    should_allow_api_authentication(:delete,
+                                    '/projects/2.xml',
+                                    {},
+                                    {:success_code => :ok})
+
+    should "delete the project" do
+      assert_difference('Project.count',-1) do
+        delete '/projects/2.xml', {}, :authorization => credentials('admin')
+      end
+      assert_response :ok
+      assert_nil Project.find_by_id(2)
     end
-    assert_response :ok
-    assert_equal 'application/xml', @response.content_type
-    assert_nil Project.find_by_id(2)
   end
   
   def credentials(user, password=nil)
-- 
2.39.5