From 504116bfca001622b258db1a197b1fe3322b45e7 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Mon, 18 Feb 2013 17:24:54 +0000 Subject: [PATCH] Add login to /users/:id API for current user (#13155). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patch by Jérôme Bataille. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11437 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/views/users/show.api.rsb | 2 +- test/integration/api_test/users_test.rb | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb index ec7e5030f..de16f0681 100644 --- a/app/views/users/show.api.rsb +++ b/app/views/users/show.api.rsb @@ -1,6 +1,6 @@ api.user do api.id @user.id - api.login @user.login if User.current.admin? + api.login @user.login if User.current.admin? || (User.current == @user) api.firstname @user.firstname api.lastname @user.lastname api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb index 5726bbd22..0bbf3b9e3 100644 --- a/test/integration/api_test/users_test.rb +++ b/test/integration/api_test/users_test.rb @@ -96,6 +96,18 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base end end + test "GET /users/:id should not return login for other user" do + get '/users/3.xml', {}, credentials('jsmith') + assert_response :success + assert_no_tag 'user', :child => {:tag => 'login'} + end + + test "GET /users/:id should return login for current user" do + get '/users/2.xml', {}, credentials('jsmith') + assert_response :success + assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'} + end + context "POST /users" do context "with valid parameters" do setup do