git-svn-id: http://svn.redmine.org/redmine/trunk@14338 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/3.1.0
@@ -61,9 +61,7 @@ module Redmine | |||
# After the request refreshes the timestamp if sudo mode was used during | |||
# this request. | |||
def sudo_mode | |||
if api_request? | |||
SudoMode.disable! | |||
elsif sudo_timestamp_valid? | |||
if sudo_timestamp_valid? | |||
SudoMode.active! | |||
end | |||
yield | |||
@@ -145,7 +143,9 @@ module Redmine | |||
class SudoRequestFilter < Struct.new(:parameters, :request_methods) | |||
def before(controller) | |||
method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol) | |||
if SudoMode.possible? && method_matches | |||
if controller.api_request? | |||
true | |||
elsif SudoMode.possible? && method_matches | |||
controller.require_sudo_mode( *parameters ) | |||
else | |||
true |
@@ -143,4 +143,19 @@ class SudoTest < Redmine::IntegrationTest | |||
assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail | |||
end | |||
def test_sudo_mode_should_skip_api_requests | |||
with_settings :rest_api_enabled => '1' do | |||
assert_difference('User.count') do | |||
post '/users.json', { | |||
:user => { | |||
:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', | |||
:mail => 'foo@example.net', :password => 'secret123', | |||
:mail_notification => 'only_assigned'} | |||
}, | |||
credentials('admin') | |||
assert_response :created | |||
end | |||
end | |||
end | |||
end |