TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow users allowed to view work packages to (un-)watch via API v3 (WIP)

Browse Source 
TODO better code style
pull/1611/head
Till Breuer 10 years ago
parent 1c36b1c5e0
commit 7ae0edd315
2 changed files with 42 additions and 12 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 12
      lib/api/v3/work_packages/watchers_api.rb
  2. 42
      spec/api/watcher_resource_spec.rb

12
lib/api/v3/work_packages/watchers_api.rb
Unescape View File

@ -10,7 +10,11 @@ module API
end end
post do post do
authorize(:add_work_package_watchers, context: @work_package.project) if current_user.id == params[:user_id].to_i
authorize(:view_work_packages, context: @work_package.project)
else
authorize(:add_work_package_watchers, context: @work_package.project)
end
user = User.find params[:user_id] user = User.find params[:user_id]
@ -32,7 +36,11 @@ module API
namespace ':user_id' do namespace ':user_id' do
delete do delete do
authorize(:delete_work_package_watchers, context: @work_package.project) if current_user.id == params[:user_id]
authorize(:view_work_packages, context: @work_package.project)
else
authorize(:delete_work_package_watchers, context: @work_package.project)
end
user = User.find_by_id params[:user_id] user = User.find_by_id params[:user_id]

42
spec/api/watcher_resource_spec.rb
Unescape View File

@ -67,14 +67,25 @@ describe 'API v3 Watcher resource' do
end end
context 'unauthorized user' do context 'unauthorized user' do
let(:current_user) { unauthorized_user } context 'when the current user is trying to assign another user as watcher' do
let(:current_user) { unauthorized_user }
it 'should respond with 403' do it 'should respond with 403' do
expect(subject.status).to eq(403) expect(subject.status).to eq(403)
end
it 'should respond with explanatory error message' do
expect(subject.body).to include_json('not_authorized'.to_json).at_path('title')
end
end end
it 'should respond with explanatory error message' do context 'when the current user tries to watch the work package her- or himself' do
expect(subject.body).to include_json('not_authorized'.to_json).at_path('title') let(:current_user) { available_watcher }
let(:new_watcher) { available_watcher }
it 'should respond with 201' do
expect(subject.status).to eq(201)
end
end end
end end
end end
@ -116,14 +127,25 @@ describe 'API v3 Watcher resource' do
end end
context 'unauthorized user' do context 'unauthorized user' do
let(:current_user) { unauthorized_user } context 'when the current user tries to deassign another user from the work package watchers' do
let(:current_user) { unauthorized_user }
it 'should respond with 403' do
expect(subject.status).to eq(403)
end
it 'should respond with 403' do it 'should respond with explanatory error message' do
expect(subject.status).to eq(403) expect(subject.body).to include_json('not_authorized'.to_json).at_path('title')
end
end end
it 'should respond with explanatory error message' do context 'when the current user tries to watch the work package her- or himself' do
expect(subject.body).to include_json('not_authorized'.to_json).at_path('title') let(:current_user) { watcher }
let(:new_watcher) { watcher }
it 'should respond with 204' do
expect(subject.status).to eq(204)
end
end end
end end

Write Preview
Loading…
Cancel
Save