Adds xml/json REST API for Users (#6260).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4453 e93f8b46-1217-0410-a6f0-8f06a7374b81

Adds xml/json REST API for Users (#6260).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4453 e93f8b46-1217-0410-a6f0-8f06a7374b81
e9775097 · Jean-Philippe Lang · 96ce0f01 · e9775097 · e9775097 · e9775097
Commit e9775097 authored Dec 03, 2010 by Jean-Philippe Lang
Showing with 317 additions and 1 deletion

users_controller.rb app/controllers/users_controller.rb +14 -1

index.apit app/views/users/index.apit +19 -0

show.apit app/views/users/show.apit +28 -0

users_test.rb test/integration/api_test/users_test.rb +256 -0

No files found.
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
 # Redmine - project management software
-# Copyright (C) 2006-2009  Jean-Philippe Lang
+# Copyright (C) 2006-2010  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -19,6 +19,7 @@ class UsersController < ApplicationController
  layout 'admin'
  
  before_filter :require_admin, :except => :show
+  accept_key_auth :index, :show, :create, :update

  helper :sort
  include SortHelper
@@ -48,6 +49,8 @@ class UsersController < ApplicationController

 		respond_to do |format|
 		  format.html { render :layout => !request.xhr? }
+      format.json { render :template => 'users/index.apit' }
+		  format.xml  { render :template => 'users/index.apit' }
 		end	
  end
  
@@ -69,6 +72,8 @@ class UsersController < ApplicationController
    
    respond_to do |format|
      format.html { render :layout => 'base' }
+      format.json { render :template => 'users/show.apit' }
+      format.xml  { render :template => 'users/show.apit' }
    end
  rescue ActiveRecord::RecordNotFound
    render_404
@@ -111,6 +116,8 @@ class UsersController < ApplicationController
            {:controller => 'users', :action => 'edit', :id => @user}
          )
        }
+        format.json { render :template => 'users/show.apit', :status => :created, :location => user_url(@user) }
+        format.xml  { render :template => 'users/show.apit', :status => :created, :location => user_url(@user) }
      end
    else
      @auth_sources = AuthSource.find(:all)
@@ -118,6 +125,8 @@ class UsersController < ApplicationController

      respond_to do |format|
        format.html { render :action => 'new' }
+        format.json { render :json => {:errors => @user.errors}, :status => :unprocessable_entity, :layout => false }
+        format.xml  { render :xml  => @user.errors, :status => :unprocessable_entity, :layout => false }
      end
    end
  end
@@ -166,6 +175,8 @@ class UsersController < ApplicationController
          flash[:notice] = l(:notice_successful_update)
          redirect_to :back
        }
+        format.json { head :ok }
+        format.xml  { head :ok }
      end
    else
      @auth_sources = AuthSource.find(:all)
@@ -173,6 +184,8 @@ class UsersController < ApplicationController

      respond_to do |format|
        format.html { render :action => :edit }
+        format.json { render :json => {:errors => @user.errors}, :status => :unprocessable_entity, :layout => false }
+        format.xml  { render :xml  => @user.errors, :status => :unprocessable_entity, :layout => false }
      end
    end
  rescue ::ActionController::RedirectBackError

--- a/app/views/users/index.apit
+++ b/app/views/users/index.apit
+api.array :users do
+  @users.each do |user|
+    api.user do
+      api.id         user.id
+      api.login      user.login
+      api.firstname  user.firstname
+      api.lastname   user.lastname
+      api.mail       user.mail
+      api.created_on user.created_on
+      api.last_login_on user.last_login_on
+
+      api.array :custom_fields do
+        user.visible_custom_field_values.each do |custom_value|
+          api.custom_field custom_value.value, :id => custom_value.custom_field_id, :name => custom_value.custom_field.name
+        end
+      end unless user.visible_custom_field_values.empty?
+    end
+  end
+end
--- a/app/views/users/show.apit
+++ b/app/views/users/show.apit
+api.user do
+  api.id         @user.id
+  api.login      @user.login if User.current.admin?
+  api.firstname  @user.firstname
+  api.lastname   @user.lastname
+  api.mail       @user.mail if User.current.admin? || !@user.pref.hide_mail
+  api.created_on @user.created_on
+  api.last_login_on @user.last_login_on
+  
+  api.array :custom_fields do
+    @user.visible_custom_field_values.each do |custom_value|
+      api.custom_field custom_value.value, :id => custom_value.custom_field_id, :name => custom_value.custom_field.name
+    end
+  end unless @user.visible_custom_field_values.empty?
+  
+  api.array :memberships do
+    @memberships.each do |membership|
+      api.membership do
+        api.project :id => membership.project.id, :name => membership.project.name
+        api.array :roles do
+          membership.roles.each do |role|
+            api.role :id => role.id, :name => role.name
+          end
+        end
+      end if membership.project
+    end
+  end if @memberships.present?
+end
--- a/test/integration/api_test/users_test.rb
+++ b/test/integration/api_test/users_test.rb
+# Redmine - project management software
+# Copyright (C) 2006-2010  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+require "#{File.dirname(__FILE__)}/../../test_helper"
+require 'pp'
+class ApiTest::UsersTest < ActionController::IntegrationTest
+  fixtures :users
+
+  def setup
+    Setting.rest_api_enabled = '1'
+  end
+
+  context "GET /users" do
+    should_allow_api_authentication(:get, "/users.xml")
+    should_allow_api_authentication(:get, "/users.json")
+  end
+
+  context "GET /users/2" do
+    context ".xml" do
+      should "return requested user" do
+        get '/users/2.xml'
+        
+        assert_tag :tag => 'user',
+          :child => {:tag => 'id', :content => '2'}
+      end
+    end
+
+    context ".json" do
+      should "return requested user" do
+        get '/users/2.json'
+        
+        json = ActiveSupport::JSON.decode(response.body)
+        assert_kind_of Hash, json
+        assert_kind_of Hash, json['user']
+        assert_equal 2, json['user']['id']
+      end
+    end
+  end
+
+  context "POST /users" do
+    context "with valid parameters" do
+      setup do
+        @parameters = {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}}
+      end
+      
+      context ".xml" do
+        should_allow_api_authentication(:post,
+          '/users.xml',
+          {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}},
+          {:success_code => :created})
+        
+        should "create a user with the attributes" do
+          assert_difference('User.count') do
+            post '/users.xml', @parameters, :authorization => credentials('admin')
+          end
+          
+          user = User.first(:order => 'id DESC')
+          assert_equal 'foo', user.login
+          assert_equal 'Firstname', user.firstname
+          assert_equal 'Lastname', user.lastname
+          assert_equal 'foo@example.net', user.mail
+          assert !user.admin?
+          
+          assert_response :created
+          assert_equal 'application/xml', @response.content_type
+          assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s}
+        end
+      end
+      
+      context ".json" do
+        should_allow_api_authentication(:post,
+          '/users.json',
+          {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}},
+          {:success_code => :created})
+        
+        should "create a user with the attributes" do
+          assert_difference('User.count') do
+            post '/users.json', @parameters, :authorization => credentials('admin')
+          end
+          
+          user = User.first(:order => 'id DESC')
+          assert_equal 'foo', user.login
+          assert_equal 'Firstname', user.firstname
+          assert_equal 'Lastname', user.lastname
+          assert_equal 'foo@example.net', user.mail
+          assert !user.admin?
+          
+          assert_response :created
+          assert_equal 'application/json', @response.content_type
+          json = ActiveSupport::JSON.decode(response.body)
+          assert_kind_of Hash, json
+          assert_kind_of Hash, json['user']
+          assert_equal user.id, json['user']['id']
+        end
+      end
+    end
+    
+    context "with invalid parameters" do
+      setup do
+        @parameters = {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}
+      end
+      
+      context ".xml" do
+        should "return errors" do
+          assert_no_difference('User.count') do
+            post '/users.xml', @parameters, :authorization => credentials('admin')
+          end
+            
+          assert_response :unprocessable_entity
+          assert_equal 'application/xml', @response.content_type
+          assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"}
+        end
+      end
+      
+      context ".json" do
+        should "return errors" do
+          assert_no_difference('User.count') do
+            post '/users.json', @parameters, :authorization => credentials('admin')
+          end
+            
+          assert_response :unprocessable_entity
+          assert_equal 'application/json', @response.content_type
+          json = ActiveSupport::JSON.decode(response.body)
+          assert_kind_of Hash, json
+          assert json.has_key?('errors')
+          assert_kind_of Array, json['errors']
+        end
+      end
+    end
+  end
+
+  context "PUT /users/2" do
+    context "with valid parameters" do
+      setup do
+        @parameters = {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}}
+      end
+      
+      context ".xml" do
+        should_allow_api_authentication(:put,
+          '/users/2.xml',
+          {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
+          {:success_code => :ok})
+        
+        should "update user with the attributes" do
+          assert_no_difference('User.count') do
+            put '/users/2.xml', @parameters, :authorization => credentials('admin')
+          end
+          
+          user = User.find(2)
+          assert_equal 'jsmith', user.login
+          assert_equal 'John', user.firstname
+          assert_equal 'Renamed', user.lastname
+          assert_equal 'jsmith@somenet.foo', user.mail
+          assert !user.admin?
+          
+          assert_response :ok
+        end
+      end
+      
+      context ".json" do
+        should_allow_api_authentication(:put,
+          '/users/2.json',
+          {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
+          {:success_code => :ok})
+        
+        should "update user with the attributes" do
+          assert_no_difference('User.count') do
+            put '/users/2.json', @parameters, :authorization => credentials('admin')
+          end
+          
+          user = User.find(2)
+          assert_equal 'jsmith', user.login
+          assert_equal 'John', user.firstname
+          assert_equal 'Renamed', user.lastname
+          assert_equal 'jsmith@somenet.foo', user.mail
+          assert !user.admin?
+          
+          assert_response :ok
+        end
+      end
+    end
+    
+    context "with invalid parameters" do
+      setup do
+        @parameters = {:user => {:login => 'jsmith', :firstname => '', :lastname => 'Lastname', :mail => 'foo'}}
+      end
+      
+      context ".xml" do
+        should "return errors" do
+          assert_no_difference('User.count') do
+            put '/users/2.xml', @parameters, :authorization => credentials('admin')
+          end
+            
+          assert_response :unprocessable_entity
+          assert_equal 'application/xml', @response.content_type
+          assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"}
+        end
+      end
+      
+      context ".json" do
+        should "return errors" do
+          assert_no_difference('User.count') do
+            put '/users/2.json', @parameters, :authorization => credentials('admin')
+          end
+            
+          assert_response :unprocessable_entity
+          assert_equal 'application/json', @response.content_type
+          json = ActiveSupport::JSON.decode(response.body)
+          assert_kind_of Hash, json
+          assert json.has_key?('errors')
+          assert_kind_of Array, json['errors']
+        end
+      end
+    end
+    
+    context "DELETE /users/2" do
+      context ".xml" do
+        should "not be allowed" do
+          assert_no_difference('User.count') do
+            delete '/users/2.xml'
+          end
+          
+          assert_response :method_not_allowed
+        end
+      end
+      
+      context ".json" do
+        should "not be allowed" do
+          assert_no_difference('User.count') do
+            delete '/users/2.json'
+          end
+          
+          assert_response :method_not_allowed
+        end
+      end
+    end
+  end
+  
+  def credentials(user, password=nil)
+    ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
+  end
+end