diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-06-19 19:51:24 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-06-19 19:51:24 +0000 |
| commit | c2fca3799927112e6e4e4e1ff3a95995fd579cf7 (patch) | |
| tree | f07b29673996fb40b59a2882e065f1ed60a3092a | |
| parent | fe9eec19c536652fc9722ac521cfe3547f82b7c3 (diff) | |
| download | redmine-c2fca3799927112e6e4e4e1ff3a95995fd579cf7.tar.gz redmine-c2fca3799927112e6e4e4e1ff3a95995fd579cf7.zip | |
Don't use SudoMode.disable! to skip API requests (#19851).
git-svn-id: http://svn.redmine.org/redmine/trunk@14338 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | lib/redmine/sudo_mode.rb | 8 | ||||
| -rw-r--r-- | test/integration/sudo_mode_test.rb | 15 |
2 files changed, 19 insertions, 4 deletions
diff --git a/lib/redmine/sudo_mode.rb b/lib/redmine/sudo_mode.rb index afbbba5eb..bcbdd28f2 100644 --- a/lib/redmine/sudo_mode.rb +++ b/lib/redmine/sudo_mode.rb @@ -61,9 +61,7 @@ module Redmine # After the request refreshes the timestamp if sudo mode was used during # this request. def sudo_mode - if api_request? - SudoMode.disable! - elsif sudo_timestamp_valid? + if sudo_timestamp_valid? SudoMode.active! end yield @@ -145,7 +143,9 @@ module Redmine class SudoRequestFilter < Struct.new(:parameters, :request_methods) def before(controller) method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol) - if SudoMode.possible? && method_matches + if controller.api_request? + true + elsif SudoMode.possible? && method_matches controller.require_sudo_mode( *parameters ) else true diff --git a/test/integration/sudo_mode_test.rb b/test/integration/sudo_mode_test.rb index 3bccd84a2..ce339a3a3 100644 --- a/test/integration/sudo_mode_test.rb +++ b/test/integration/sudo_mode_test.rb @@ -143,4 +143,19 @@ class SudoTest < Redmine::IntegrationTest assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail end + def test_sudo_mode_should_skip_api_requests + with_settings :rest_api_enabled => '1' do + assert_difference('User.count') do + post '/users.json', { + :user => { + :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', + :mail => 'foo@example.net', :password => 'secret123', + :mail_notification => 'only_assigned'} + }, + credentials('admin') + + assert_response :created + end + end + end end |