diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index bf05db034..f031ac292 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -314,6 +314,19 @@ class ApplicationController < ActionController::Base format.json { head @status } end end + + # Filter for actions that provide an API response + # but have no HTML representation for non admin users + def require_admin_or_api_request + return true if api_request? + if User.current.admin? + true + elsif User.current.logged? + render_error(:status => 406) + else + deny_access + end + end # Picks which layout to use based on the request # diff --git a/app/controllers/trackers_controller.rb b/app/controllers/trackers_controller.rb index 5275b32eb..2f827af2e 100644 --- a/app/controllers/trackers_controller.rb +++ b/app/controllers/trackers_controller.rb @@ -18,13 +18,22 @@ class TrackersController < ApplicationController layout 'admin' - before_filter :require_admin + before_filter :require_admin, :except => :index + before_filter :require_admin_or_api_request, :only => :index + accept_api_auth :index verify :method => :post, :only => :destroy, :redirect_to => { :action => :index } def index - @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position' - render :action => "index", :layout => false if request.xhr? + respond_to do |format| + format.html { + @tracker_pages, @trackers = paginate :trackers, :per_page => 10, :order => 'position' + render :action => "index", :layout => false if request.xhr? + } + format.api { + @trackers = Tracker.all + } + end end def new diff --git a/app/views/trackers/index.api.rsb b/app/views/trackers/index.api.rsb new file mode 100644 index 000000000..a37c552a8 --- /dev/null +++ b/app/views/trackers/index.api.rsb @@ -0,0 +1,8 @@ +api.array :trackers do + @trackers.each do |tracker| + api.tracker do + api.id tracker.id + api.name tracker.name + end + end +end diff --git a/config/routes.rb b/config/routes.rb index f5814e0ac..209db1e89 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -227,6 +227,7 @@ ActionController::Routing::Routes.draw do |map| map.resources :groups #left old routes at the bottom for backwards compat + map.connect 'trackers.:format', :controller => 'trackers', :action => 'index' map.connect 'projects/:project_id/issues/:action', :controller => 'issues' map.connect 'projects/:project_id/documents/:action', :controller => 'documents' map.connect 'projects/:project_id/boards/:action/:id', :controller => 'boards' diff --git a/test/functional/trackers_controller_test.rb b/test/functional/trackers_controller_test.rb index 63498303f..4d9b228f1 100644 --- a/test/functional/trackers_controller_test.rb +++ b/test/functional/trackers_controller_test.rb @@ -37,6 +37,18 @@ class TrackersControllerTest < ActionController::TestCase assert_response :success assert_template 'index' end + + def test_index_by_anonymous_should_redirect_to_login_form + @request.session[:user_id] = nil + get :index + assert_redirected_to '/login?back_url=http%3A%2F%2Ftest.host%2Ftrackers' + end + + def test_index_by_user_should_respond_with_406 + @request.session[:user_id] = 2 + get :index + assert_response 406 + end def test_get_new get :new diff --git a/test/integration/api_test/trackers_test.rb b/test/integration/api_test/trackers_test.rb new file mode 100644 index 000000000..9a92fcc5a --- /dev/null +++ b/test/integration/api_test/trackers_test.rb @@ -0,0 +1,51 @@ +# Redmine - project management software +# Copyright (C) 2006-2011 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +require File.expand_path('../../../test_helper', __FILE__) + +class ApiTest::TrackersTest < ActionController::IntegrationTest + fixtures :trackers + + def setup + Setting.rest_api_enabled = '1' + end + + context "/trackers" do + context "GET" do + + should "return trackers" do + get '/trackers.xml' + + assert_response :success + assert_equal 'application/xml', @response.content_type + assert_tag :tag => 'trackers', + :attributes => {:type => 'array'}, + :child => { + :tag => 'tracker', + :child => { + :tag => 'id', + :content => '2', + :sibling => { + :tag => 'name', + :content => 'Feature request' + } + } + } + end + end + end +end