From 599bc450730b91769f878d38b76110ce5c8fbca7 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Mon, 20 Dec 2010 17:45:09 +0000 Subject: [PATCH] Adds support for requesting information about current user using /users/current (#7141). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4544 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/users_controller.rb | 24 ++++++++++++++---------- test/functional/users_controller_test.rb | 14 ++++++++++++++ test/integration/api_test/users_test.rb | 17 +++++++++++++++++ test/integration/routing_test.rb | 1 + 4 files changed, 46 insertions(+), 10 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 8bdc1061..2a213f5e 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -19,6 +19,7 @@ class UsersController < ApplicationController layout 'admin' before_filter :require_admin, :except => :show + before_filter :find_user, :only => [:show, :edit, :update, :edit_membership, :destroy_membership] accept_key_auth :index, :show, :create, :update helper :sort @@ -61,8 +62,6 @@ class UsersController < ApplicationController end def show - @user = User.find(params[:id]) - # show projects based on current user visibility @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current)) @@ -80,8 +79,6 @@ class UsersController < ApplicationController format.html { render :layout => 'base' } format.api end - rescue ActiveRecord::RecordNotFound - render_404 end def new @@ -130,16 +127,12 @@ class UsersController < ApplicationController end def edit - @user = User.find(params[:id]) - @auth_sources = AuthSource.find(:all) @membership ||= Member.new end verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed } def update - @user = User.find(params[:id]) - @user.admin = params[:user][:admin] if params[:user][:admin] @user.login = params[:user][:login] if params[:user][:login] if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?) @@ -185,7 +178,6 @@ class UsersController < ApplicationController end def edit_membership - @user = User.find(params[:id]) @membership = Member.edit_membership(params[:membership_id], params[:membership], @user) @membership.save if request.post? respond_to do |format| @@ -208,7 +200,6 @@ class UsersController < ApplicationController end def destroy_membership - @user = User.find(params[:id]) @membership = Member.find(params[:membership_id]) if request.post? && @membership.deletable? @membership.destroy @@ -218,4 +209,17 @@ class UsersController < ApplicationController format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} } end end + + private + + def find_user + if params[:id] == 'current' + require_login || return + @user = User.current + else + @user = User.find(params[:id]) + end + rescue ActiveRecord::RecordNotFound + render_404 + end end diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 0272e1fd..8aa311eb 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -120,6 +120,20 @@ class UsersControllerTest < ActionController::TestCase assert project_ids.include?(2) #private project admin can see end + def test_show_current_should_require_authentication + @request.session[:user_id] = nil + get :show, :id => 'current' + assert_response 302 + end + + def test_show_current + @request.session[:user_id] = 2 + get :show, :id => 'current' + assert_response :success + assert_template 'show' + assert_equal User.find(2), assigns(:user) + end + def test_new get :new diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb index b1687b7e..e1eb7a23 100644 --- a/test/integration/api_test/users_test.rb +++ b/test/integration/api_test/users_test.rb @@ -50,6 +50,23 @@ class ApiTest::UsersTest < ActionController::IntegrationTest end end end + + context "GET /users/current" do + context ".xml" do + should "require authentication" do + get '/users/current.xml' + + assert_response 401 + end + + should "return current user" do + get '/users/current.xml', {}, :authorization => credentials('jsmith') + + assert_tag :tag => 'user', + :child => {:tag => 'id', :content => '2'} + end + end + end context "POST /users" do context "with valid parameters" do diff --git a/test/integration/routing_test.rb b/test/integration/routing_test.rb index 01462a74..78512b04 100644 --- a/test/integration/routing_test.rb +++ b/test/integration/routing_test.rb @@ -286,6 +286,7 @@ class RoutingTest < ActionController::IntegrationTest context "users" do should_route :get, "/users", :controller => 'users', :action => 'index' should_route :get, "/users/44", :controller => 'users', :action => 'show', :id => '44' + should_route :get, "/users/current", :controller => 'users', :action => 'show', :id => 'current' should_route :get, "/users/new", :controller => 'users', :action => 'new' should_route :get, "/users/444/edit", :controller => 'users', :action => 'edit', :id => '444' should_route :get, "/users/222/edit/membership", :controller => 'users', :action => 'edit', :id => '222', :tab => 'membership'