From c2fca3799927112e6e4e4e1ff3a95995fd579cf7 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 19 Jun 2015 19:51:24 +0000
Subject: [PATCH] Don't use SudoMode.disable! to skip API requests (#19851).

git-svn-id: http://svn.redmine.org/redmine/trunk@14338 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/sudo_mode.rb           |  8 ++++----
 test/integration/sudo_mode_test.rb | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/redmine/sudo_mode.rb b/lib/redmine/sudo_mode.rb
index afbbba5eb..bcbdd28f2 100644
--- a/lib/redmine/sudo_mode.rb
+++ b/lib/redmine/sudo_mode.rb
@@ -61,9 +61,7 @@ module Redmine
       # After the request refreshes the timestamp if sudo mode was used during
       # this request.
       def sudo_mode
-        if api_request?
-          SudoMode.disable!
-        elsif sudo_timestamp_valid?
+        if sudo_timestamp_valid?
           SudoMode.active!
         end
         yield
@@ -145,7 +143,9 @@ module Redmine
       class SudoRequestFilter < Struct.new(:parameters, :request_methods)
         def before(controller)
           method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol)
-          if SudoMode.possible? && method_matches
+          if controller.api_request?
+            true
+          elsif SudoMode.possible? && method_matches
             controller.require_sudo_mode( *parameters )
           else
             true
diff --git a/test/integration/sudo_mode_test.rb b/test/integration/sudo_mode_test.rb
index 3bccd84a2..ce339a3a3 100644
--- a/test/integration/sudo_mode_test.rb
+++ b/test/integration/sudo_mode_test.rb
@@ -143,4 +143,19 @@ class SudoTest < Redmine::IntegrationTest
     assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
   end
 
+  def test_sudo_mode_should_skip_api_requests
+    with_settings :rest_api_enabled => '1' do
+      assert_difference('User.count') do
+        post '/users.json', {
+          :user => {
+            :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
+            :mail => 'foo@example.net', :password => 'secret123',
+            :mail_notification => 'only_assigned'}
+          },
+          credentials('admin')
+  
+        assert_response :created
+      end
+    end
+  end
 end
-- 
2.39.5