Include @auth_source@ in /users/:id API response if auth_source is requested (include=auth_source) and request is made by an administrator (#23307).

Patch by Go MAEDA (@maeda) and Marius BĂLTEANU (@marius.balteanu).

git-svn-id: https://svn.redmine.org/redmine/trunk@22636 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/views/users/show.api.rsb

@@ -16,6 +16,11 @@ api.user do
 
   render_api_custom_values @user.visible_custom_field_values, api
 
+  api.auth_source do
+    api.id @user.auth_source.id
+    api.name @user.auth_source.name
+  end if User.current.admin? && include_in_api_response?('auth_source') && @user.auth_source.present?
+
   api.array :groups do |groups|
     @user.groups.each do |group|
       api.group :id => group.id, :name => group.name

test/integration/api_test/users_test.rb

@@ -179,6 +179,7 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
     assert_equal Time.zone.parse('2006-07-19T20:42:15Z').iso8601, json['user']['updated_on']
     assert_nil json['user']['passwd_changed_on']
     assert_nil json['user']['twofa_scheme']
+    assert_nil json['user']['auth_source']
   end
 
   test "GET /users/:id.xml with include=memberships should include memberships" do
@@ -201,6 +202,42 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
     }], json['user']['memberships']
   end
 
+  test "GET /users/:id.json with include=auth_source should include auth_source for administrators" do
+    user = User.find(2)
+    user.update(:auth_source_id => 1)
+    get '/users/2.json?include=auth_source', :headers => credentials('admin')
+
+    assert_response :success
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_equal user.auth_source.id, json['user']['auth_source']['id']
+    assert_equal user.auth_source.name, json['user']['auth_source']['name']
+  end
+
+  test "GET /users/:id.json without include=auth_source should not include auth_source" do
+    user = User.find(2)
+    user.update(:auth_source_id => 1)
+    get '/users/2.json', :headers => credentials('admin')
+
+    assert_response :success
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_response :success
+    assert_nil json['user']['auth_source']
+  end
+
+  test "GET /users/:id.json should not include auth_source for standard user" do
+    user = User.find(2)
+    user.update(:auth_source_id => 1)
+    get '/users/2.json?include=auth_source', :headers => credentials('jsmith')
+
+    assert_response :success
+    json = ActiveSupport::JSON.decode(response.body)
+
+    assert_equal user.id, json['user']['id']
+    assert_nil json['user']['auth_source']
+  end
+
   test "GET /users/current.xml should require authentication" do
     get '/users/current.xml'