From e9775097ec5da895cece3085915865faa4a51710 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Fri, 3 Dec 2010 11:28:44 +0000 Subject: [PATCH] Adds xml/json REST API for Users (#6260). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4453 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/users_controller.rb | 15 +- app/views/users/index.apit | 19 ++ app/views/users/show.apit | 28 +++ test/integration/api_test/users_test.rb | 256 ++++++++++++++++++++++++ 4 files changed, 317 insertions(+), 1 deletion(-) create mode 100644 app/views/users/index.apit create mode 100644 app/views/users/show.apit create mode 100644 test/integration/api_test/users_test.rb diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index abb32c4f..ff118e74 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,5 +1,5 @@ # Redmine - project management software -# Copyright (C) 2006-2009 Jean-Philippe Lang +# Copyright (C) 2006-2010 Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -19,6 +19,7 @@ class UsersController < ApplicationController layout 'admin' before_filter :require_admin, :except => :show + accept_key_auth :index, :show, :create, :update helper :sort include SortHelper @@ -48,6 +49,8 @@ class UsersController < ApplicationController respond_to do |format| format.html { render :layout => !request.xhr? } + format.json { render :template => 'users/index.apit' } + format.xml { render :template => 'users/index.apit' } end end @@ -69,6 +72,8 @@ class UsersController < ApplicationController respond_to do |format| format.html { render :layout => 'base' } + format.json { render :template => 'users/show.apit' } + format.xml { render :template => 'users/show.apit' } end rescue ActiveRecord::RecordNotFound render_404 @@ -111,6 +116,8 @@ class UsersController < ApplicationController {:controller => 'users', :action => 'edit', :id => @user} ) } + format.json { render :template => 'users/show.apit', :status => :created, :location => user_url(@user) } + format.xml { render :template => 'users/show.apit', :status => :created, :location => user_url(@user) } end else @auth_sources = AuthSource.find(:all) @@ -118,6 +125,8 @@ class UsersController < ApplicationController respond_to do |format| format.html { render :action => 'new' } + format.json { render :json => {:errors => @user.errors}, :status => :unprocessable_entity, :layout => false } + format.xml { render :xml => @user.errors, :status => :unprocessable_entity, :layout => false } end end end @@ -166,6 +175,8 @@ class UsersController < ApplicationController flash[:notice] = l(:notice_successful_update) redirect_to :back } + format.json { head :ok } + format.xml { head :ok } end else @auth_sources = AuthSource.find(:all) @@ -173,6 +184,8 @@ class UsersController < ApplicationController respond_to do |format| format.html { render :action => :edit } + format.json { render :json => {:errors => @user.errors}, :status => :unprocessable_entity, :layout => false } + format.xml { render :xml => @user.errors, :status => :unprocessable_entity, :layout => false } end end rescue ::ActionController::RedirectBackError diff --git a/app/views/users/index.apit b/app/views/users/index.apit new file mode 100644 index 00000000..815abef2 --- /dev/null +++ b/app/views/users/index.apit @@ -0,0 +1,19 @@ +api.array :users do + @users.each do |user| + api.user do + api.id user.id + api.login user.login + api.firstname user.firstname + api.lastname user.lastname + api.mail user.mail + api.created_on user.created_on + api.last_login_on user.last_login_on + + api.array :custom_fields do + user.visible_custom_field_values.each do |custom_value| + api.custom_field custom_value.value, :id => custom_value.custom_field_id, :name => custom_value.custom_field.name + end + end unless user.visible_custom_field_values.empty? + end + end +end diff --git a/app/views/users/show.apit b/app/views/users/show.apit new file mode 100644 index 00000000..6c3dd901 --- /dev/null +++ b/app/views/users/show.apit @@ -0,0 +1,28 @@ +api.user do + api.id @user.id + api.login @user.login if User.current.admin? + api.firstname @user.firstname + api.lastname @user.lastname + api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail + api.created_on @user.created_on + api.last_login_on @user.last_login_on + + api.array :custom_fields do + @user.visible_custom_field_values.each do |custom_value| + api.custom_field custom_value.value, :id => custom_value.custom_field_id, :name => custom_value.custom_field.name + end + end unless @user.visible_custom_field_values.empty? + + api.array :memberships do + @memberships.each do |membership| + api.membership do + api.project :id => membership.project.id, :name => membership.project.name + api.array :roles do + membership.roles.each do |role| + api.role :id => role.id, :name => role.name + end + end + end if membership.project + end + end if @memberships.present? +end diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb new file mode 100644 index 00000000..1fc4b203 --- /dev/null +++ b/test/integration/api_test/users_test.rb @@ -0,0 +1,256 @@ +# Redmine - project management software +# Copyright (C) 2006-2010 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +require "#{File.dirname(__FILE__)}/../../test_helper" +require 'pp' +class ApiTest::UsersTest < ActionController::IntegrationTest + fixtures :users + + def setup + Setting.rest_api_enabled = '1' + end + + context "GET /users" do + should_allow_api_authentication(:get, "/users.xml") + should_allow_api_authentication(:get, "/users.json") + end + + context "GET /users/2" do + context ".xml" do + should "return requested user" do + get '/users/2.xml' + + assert_tag :tag => 'user', + :child => {:tag => 'id', :content => '2'} + end + end + + context ".json" do + should "return requested user" do + get '/users/2.json' + + json = ActiveSupport::JSON.decode(response.body) + assert_kind_of Hash, json + assert_kind_of Hash, json['user'] + assert_equal 2, json['user']['id'] + end + end + end + + context "POST /users" do + context "with valid parameters" do + setup do + @parameters = {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}} + end + + context ".xml" do + should_allow_api_authentication(:post, + '/users.xml', + {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}}, + {:success_code => :created}) + + should "create a user with the attributes" do + assert_difference('User.count') do + post '/users.xml', @parameters, :authorization => credentials('admin') + end + + user = User.first(:order => 'id DESC') + assert_equal 'foo', user.login + assert_equal 'Firstname', user.firstname + assert_equal 'Lastname', user.lastname + assert_equal 'foo@example.net', user.mail + assert !user.admin? + + assert_response :created + assert_equal 'application/xml', @response.content_type + assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s} + end + end + + context ".json" do + should_allow_api_authentication(:post, + '/users.json', + {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}}, + {:success_code => :created}) + + should "create a user with the attributes" do + assert_difference('User.count') do + post '/users.json', @parameters, :authorization => credentials('admin') + end + + user = User.first(:order => 'id DESC') + assert_equal 'foo', user.login + assert_equal 'Firstname', user.firstname + assert_equal 'Lastname', user.lastname + assert_equal 'foo@example.net', user.mail + assert !user.admin? + + assert_response :created + assert_equal 'application/json', @response.content_type + json = ActiveSupport::JSON.decode(response.body) + assert_kind_of Hash, json + assert_kind_of Hash, json['user'] + assert_equal user.id, json['user']['id'] + end + end + end + + context "with invalid parameters" do + setup do + @parameters = {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}} + end + + context ".xml" do + should "return errors" do + assert_no_difference('User.count') do + post '/users.xml', @parameters, :authorization => credentials('admin') + end + + assert_response :unprocessable_entity + assert_equal 'application/xml', @response.content_type + assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"} + end + end + + context ".json" do + should "return errors" do + assert_no_difference('User.count') do + post '/users.json', @parameters, :authorization => credentials('admin') + end + + assert_response :unprocessable_entity + assert_equal 'application/json', @response.content_type + json = ActiveSupport::JSON.decode(response.body) + assert_kind_of Hash, json + assert json.has_key?('errors') + assert_kind_of Array, json['errors'] + end + end + end + end + + context "PUT /users/2" do + context "with valid parameters" do + setup do + @parameters = {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}} + end + + context ".xml" do + should_allow_api_authentication(:put, + '/users/2.xml', + {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}}, + {:success_code => :ok}) + + should "update user with the attributes" do + assert_no_difference('User.count') do + put '/users/2.xml', @parameters, :authorization => credentials('admin') + end + + user = User.find(2) + assert_equal 'jsmith', user.login + assert_equal 'John', user.firstname + assert_equal 'Renamed', user.lastname + assert_equal 'jsmith@somenet.foo', user.mail + assert !user.admin? + + assert_response :ok + end + end + + context ".json" do + should_allow_api_authentication(:put, + '/users/2.json', + {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}}, + {:success_code => :ok}) + + should "update user with the attributes" do + assert_no_difference('User.count') do + put '/users/2.json', @parameters, :authorization => credentials('admin') + end + + user = User.find(2) + assert_equal 'jsmith', user.login + assert_equal 'John', user.firstname + assert_equal 'Renamed', user.lastname + assert_equal 'jsmith@somenet.foo', user.mail + assert !user.admin? + + assert_response :ok + end + end + end + + context "with invalid parameters" do + setup do + @parameters = {:user => {:login => 'jsmith', :firstname => '', :lastname => 'Lastname', :mail => 'foo'}} + end + + context ".xml" do + should "return errors" do + assert_no_difference('User.count') do + put '/users/2.xml', @parameters, :authorization => credentials('admin') + end + + assert_response :unprocessable_entity + assert_equal 'application/xml', @response.content_type + assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"} + end + end + + context ".json" do + should "return errors" do + assert_no_difference('User.count') do + put '/users/2.json', @parameters, :authorization => credentials('admin') + end + + assert_response :unprocessable_entity + assert_equal 'application/json', @response.content_type + json = ActiveSupport::JSON.decode(response.body) + assert_kind_of Hash, json + assert json.has_key?('errors') + assert_kind_of Array, json['errors'] + end + end + end + + context "DELETE /users/2" do + context ".xml" do + should "not be allowed" do + assert_no_difference('User.count') do + delete '/users/2.xml' + end + + assert_response :method_not_allowed + end + end + + context ".json" do + should "not be allowed" do + assert_no_difference('User.count') do + delete '/users/2.json' + end + + assert_response :method_not_allowed + end + end + end + end + + def credentials(user, password=nil) + ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user) + end +end