diff options
| -rw-r--r-- | app/controllers/projects_controller.rb | 2 | ||||
| -rw-r--r-- | test/integration/api_test/projects_test.rb | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 9a4a35b06..f97f6c30f 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -24,7 +24,7 @@ class ProjectsController < ApplicationController before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy] before_filter :authorize_global, :only => [:new, :create] before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ] - accept_key_auth :index, :create, :update, :destroy + accept_key_auth :index, :show, :create, :update, :destroy after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller| if controller.request.post? diff --git a/test/integration/api_test/projects_test.rb b/test/integration/api_test/projects_test.rb index cdac77ef9..a8c997f87 100644 --- a/test/integration/api_test/projects_test.rb +++ b/test/integration/api_test/projects_test.rb @@ -32,6 +32,12 @@ class ApiTest::ProjectsTest < ActionController::IntegrationTest assert_equal 'application/xml', @response.content_type end + context "GET /projects/2.xml" do + # TODO: A private project is needed because should_allow_api_authentication + # actually tests that authentication is *required*, not just allowed + should_allow_api_authentication(:get, "/projects/2.xml") + end + def test_show get '/projects/1.xml' assert_response :success |