Adds JSONP support to the API (#11469).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10088 e93f8b46-1217-0410-a6f0-8f06a7374b81

6 files changed, 78 insertions, 8 deletions

diff --git a/lib/redmine/views/api_template_handler.rb b/lib/redmine/views/api_template_handler.rb
index fea212884..7d9442add 100644
--- a/lib/redmine/views/api_template_handler.rb
+++ b/lib/redmine/views/api_template_handler.rb
@@ -19,7 +19,7 @@ module Redmine
   module Views
     class ApiTemplateHandler
       def self.call(template)
-        "Redmine::Views::Builders.for(params[:format]) do |api|; #{template.source}; self.output_buffer = api.output; end"
+        "Redmine::Views::Builders.for(params[:format], request, response) do |api|; #{template.source}; self.output_buffer = api.output; end"
       end
     end
   end
diff --git a/lib/redmine/views/builders.rb b/lib/redmine/views/builders.rb
index bd91fa175..d966befac 100644
--- a/lib/redmine/views/builders.rb
+++ b/lib/redmine/views/builders.rb
@@ -18,10 +18,10 @@
 module Redmine
   module Views
     module Builders
-      def self.for(format, &block)
+      def self.for(format, request, response, &block)
         builder = case format
-          when 'xml',  :xml;  Builders::Xml.new
-          when 'json', :json; Builders::Json.new
+          when 'xml',  :xml;  Builders::Xml.new(request, response)
+          when 'json', :json; Builders::Json.new(request, response)
           else; raise "No builder for format #{format}"
         end
         if block
diff --git a/lib/redmine/views/builders/json.rb b/lib/redmine/views/builders/json.rb
index db285ffbb..9ab8f6bfa 100644
--- a/lib/redmine/views/builders/json.rb
+++ b/lib/redmine/views/builders/json.rb
@@ -21,8 +21,20 @@ module Redmine
   module Views
     module Builders
       class Json < Structure
+        attr_accessor :jsonp
+
+        def initialize(request, response)
+          super
+          self.jsonp = (request.params[:callback] || request.params[:jsonp]).to_s.gsub(/[^a-zA-Z0-9_]/, '')
+        end
+
         def output
-          @struct.first.to_json
+          json = @struct.first.to_json
+          if jsonp.present?
+            json = "#{jsonp}(#{json})"
+            response.content_type = 'application/javascript'
+          end
+          json
         end
       end
     end
diff --git a/lib/redmine/views/builders/structure.rb b/lib/redmine/views/builders/structure.rb
index a73898373..568055124 100644
--- a/lib/redmine/views/builders/structure.rb
+++ b/lib/redmine/views/builders/structure.rb
@@ -21,8 +21,12 @@ module Redmine
   module Views
     module Builders
       class Structure < BlankSlate
-        def initialize
+        attr_accessor :request, :response
+
+        def initialize(request, response)
           @struct = [{}]
+          self.request = request
+          self.response = response
         end
 
         def array(tag, options={}, &block)
diff --git a/lib/redmine/views/builders/xml.rb b/lib/redmine/views/builders/xml.rb
index d8be4d7c8..7046ddf73 100644
--- a/lib/redmine/views/builders/xml.rb
+++ b/lib/redmine/views/builders/xml.rb
@@ -21,8 +21,8 @@ module Redmine
   module Views
     module Builders
       class Xml < ::Builder::XmlMarkup
-        def initialize
-          super
+        def initialize(request, response)
+          super()
           instruct!
         end
 
diff --git a/test/integration/api_test/jsonp_test.rb b/test/integration/api_test/jsonp_test.rb
new file mode 100644
index 000000000..ca7373fca
--- /dev/null
+++ b/test/integration/api_test/jsonp_test.rb
@@ -0,0 +1,54 @@
+# Redmine - project management software
+# Copyright (C) 2006-2012  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+require File.expand_path('../../../test_helper', __FILE__)
+
+class ApiTest::JsonpTest < ActionController::IntegrationTest
+  fixtures :trackers
+
+  def test_jsonp_should_accept_callback_param
+    get '/trackers.json?callback=handler'
+
+    assert_response :success
+    assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body
+    assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type']
+  end
+
+  def test_jsonp_should_accept_jsonp_param
+    get '/trackers.json?jsonp=handler'
+
+    assert_response :success
+    assert_match %r{^handler\(\{"trackers":.+\}\)$}, response.body
+    assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type']
+  end
+
+  def test_jsonp_should_strip_invalid_characters_from_callback
+    get '/trackers.json?callback=+-aA$1_'
+
+    assert_response :success
+    assert_match %r{^aA1_\(\{"trackers":.+\}\)$}, response.body
+    assert_equal 'application/javascript; charset=utf-8', response.headers['Content-Type']
+  end
+
+  def test_jsonp_without_callback_should_return_json
+    get '/trackers.json?callback='
+
+    assert_response :success
+    assert_match %r{^\{"trackers":.+\}$}, response.body
+    assert_equal 'application/json; charset=utf-8', response.headers['Content-Type']
+  end
+end