Don't use SudoMode.disable! to skip API requests (#19851).

git-svn-id: http://svn.redmine.org/redmine/trunk@14338 e93f8b46-1217-0410-a6f0-8f06a7374b81

lib/redmine/sudo_mode.rb

@@ -61,9 +61,7 @@ module Redmine
       # After the request refreshes the timestamp if sudo mode was used during
       # this request.
       def sudo_mode
-        if api_request?
-          SudoMode.disable!
-        elsif sudo_timestamp_valid?
+        if sudo_timestamp_valid?
           SudoMode.active!
         end
         yield
@@ -145,7 +143,9 @@ module Redmine
       class SudoRequestFilter < Struct.new(:parameters, :request_methods)
         def before(controller)
           method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol)
-          if SudoMode.possible? && method_matches
+          if controller.api_request?
+            true
+          elsif SudoMode.possible? && method_matches
             controller.require_sudo_mode( *parameters )
           else
             true

test/integration/sudo_mode_test.rb

@@ -143,4 +143,19 @@ class SudoTest < Redmine::IntegrationTest
     assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
   end
 
+  def test_sudo_mode_should_skip_api_requests
+    with_settings :rest_api_enabled => '1' do
+      assert_difference('User.count') do
+        post '/users.json', {
+          :user => {
+            :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
+            :mail => 'foo@example.net', :password => 'secret123',
+            :mail_notification => 'only_assigned'}
+          },
+          credentials('admin')
+  
+        assert_response :created
+      end
+    end
+  end
 end