diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-03-20 10:02:45 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-03-20 10:02:45 +0000 |
| commit | d5093417971b389a31a0aa58afe733e045025070 (patch) | |
| tree | 92ba193f2ac941f633e25dec39886454b2904655 | |
| parent | c0c05ec41edfc8d7587eb7e5a030c86127b3cda7 (diff) | |
| download | redmine-d5093417971b389a31a0aa58afe733e045025070.tar.gz redmine-d5093417971b389a31a0aa58afe733e045025070.zip | |
API: creating an issue with an invalid project_id should return 422 instead of 403 (#19276).
git-svn-id: http://svn.redmine.org/redmine/trunk@14141 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/issues_controller.rb | 2 | ||||
| -rw-r--r-- | test/integration/api_test/issues_test.rb | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 161022635..15f26e273 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -133,7 +133,7 @@ class IssuesController < ApplicationController end def create - unless User.current.allowed_to?(:add_issues, @issue.project) + unless User.current.allowed_to?(:add_issues, @issue.project, :global => true) raise ::Unauthorized end call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue }) diff --git a/test/integration/api_test/issues_test.rb b/test/integration/api_test/issues_test.rb index bad182236..08543ab15 100644 --- a/test/integration/api_test/issues_test.rb +++ b/test/integration/api_test/issues_test.rb @@ -444,6 +444,11 @@ JSON assert json['errors'].include?("Subject cannot be blank") end + test "POST /issues.json with invalid project_id should respond with 422" do + post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith') + assert_response 422 + end + test "PUT /issues/:id.xml" do assert_difference('Journal.count') do put '/issues/6.xml', |