Browse Source
API: creating an issue with an invalid project_id should return 422 instead of 403 (#19276).
git-svn-id: http://svn.redmine.org/redmine/trunk@14141 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/3.1.0
Jean-Philippe Lang
9 years ago
2 changed files with 6 additions and 1 deletions
+ 1
- 1
app/controllers/issues_controller.rb
View File
| @@ -133,7 +133,7 @@ class IssuesController < ApplicationController | |||
| end | |||
| def create | |||
| unless User.current.allowed_to?(:add_issues, @issue.project) | |||
| unless User.current.allowed_to?(:add_issues, @issue.project, :global => true) | |||
| raise ::Unauthorized | |||
| end | |||
| call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue }) | |||
+ 5
- 0
test/integration/api_test/issues_test.rb
View File
| @@ -444,6 +444,11 @@ JSON | |||
| assert json['errors'].include?("Subject cannot be blank") | |||
| end | |||
| test "POST /issues.json with invalid project_id should respond with 422" do | |||
| post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith') | |||
| assert_response 422 | |||
| end | |||
| test "PUT /issues/:id.xml" do | |||
| assert_difference('Journal.count') do | |||
| put '/issues/6.xml', | |||
Loading…