diff options
Diffstat (limited to 'test/integration/api_test/users_test.rb')
-rw-r--r-- | test/integration/api_test/users_test.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb index 0bbf3b9e3..7f72872a2 100644 --- a/test/integration/api_test/users_test.rb +++ b/test/integration/api_test/users_test.rb @@ -108,6 +108,18 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'} end + test "GET /users/:id should not return api_key for other user" do + get '/users/3.xml', {}, credentials('jsmith') + assert_response :success + assert_no_tag 'user', :child => {:tag => 'api_key'} + end + + test "GET /users/:id should return api_key for current user" do + get '/users/2.xml', {}, credentials('jsmith') + assert_response :success + assert_tag 'user', :child => {:tag => 'api_key', :content => User.find(2).api_key} + end + context "POST /users" do context "with valid parameters" do setup do |