Merge pull request #1573 from opf/feature/api-users-show-permissions

API authentication now respects application wide login_required setting
pull/1582/head
manwithtwowatches 10 years ago
commit 1f7fbd7c56
  1. 2
      lib/api/root.rb
  2. 4
      spec/api/work_package_resource_spec.rb
  3. 0
      tmp/test/empty

@ -45,7 +45,7 @@ module API
end
def authenticate
raise API::Errors::Unauthenticated.new if current_user.nil? || current_user.anonymous?
raise API::Errors::Unauthenticated.new if current_user.nil? || current_user.anonymous? if Setting.login_required?
end
def authorize(api, endpoint, context: nil, global: false, user: current_user, allow: true)

@ -108,12 +108,12 @@ describe 'API v3 Work package resource' do
end
it 'should respond with 401' do
last_response.status.should eq(401)
last_response.status.should eq(403)
end
it 'should respond with explanatory error message' do
parsed_errors = JSON.parse(last_response.body)['errors']
parsed_errors.should eq([{ 'key' => 'not_authenticated', 'messages' => ['You need to be authenticated to access this resource']}])
parsed_errors.should eq([{ 'key' => 'not_authorized', 'messages' => ['You are not authorize to access this resource']}])
end
end

Loading…
Cancel
Save