Added users/me resource. Fixed issue#241.

2016-10-25 01:54:12 +02:00 · 2016-10-25 01:54:12 +02:00 · da2a11cb8c
parent 1ddbb5d59e
commit da2a11cb8c
3 changed files with 70 additions and 0 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -306,6 +306,34 @@ class UsersController < ApplicationController
    model_destory_render(User, params)
  end

+  # @path       [GET] /users/me
+  #
+  # @summary          Returns the User record of current user.
+  # @notes            The requestor need to have a valid authentication.
+  #
+  # @parameter        full         [Bool]    If set a Asset structure with all connected Assets gets returned.
+  #
+  # @response_message 200 [User] User record matching the requested identifier.
+  # @response_message 401        Invalid session.
+  def me
+
+    if params[:expand]
+      user = current_user.attributes_with_relation_names
+      render json: user, status: :ok
+      return
+    end
+
+    if params[:full]
+      full = User.full(current_user.id)
+      render json: full
+      return
+    end
+
+    user = current_user.attributes_with_associations
+    user.delete('password')
+    render json: user
+  end
+
  # @path       [GET] /users/search
  #
  # @tag Search
--- a/config/routes/user.rb
+++ b/config/routes/user.rb
@ -15,6 +15,8 @@ Zammad::Application.routes.draw do
  match api_path + '/users/avatar',                to: 'users#avatar_destroy',        via: :delete
  match api_path + '/users/avatar/set',            to: 'users#avatar_set_default',    via: :post

+  match api_path + '/users/me',                    to: 'users#me',                    via: :get
+
  match api_path + '/users',                       to: 'users#index',                 via: :get
  match api_path + '/users/:id',                   to: 'users#show',                  via: :get
  match api_path + '/users/history/:id',           to: 'users#history',               via: :get
--- a/test/controllers/user_organization_controller_test.rb
+++ b/test/controllers/user_organization_controller_test.rb
@ -147,11 +147,23 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
    assert_response(401)
    result = JSON.parse(@response.body)
    assert_equal('authentication failed', result['error'])
+
+    # me
+    get '/api/v1/users/me', {}, @headers
+    assert_response(401)
+    result = JSON.parse(@response.body)
+    assert_equal('authentication failed', result['error'])
  end

  test 'auth tests - not existing user' do
    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')

+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(401)
+    result = JSON.parse(@response.body)
+    assert_equal('authentication failed', result['error'])
+
    get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
    assert_response(401)
    result = JSON.parse(@response.body)
@ -199,6 +211,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
    # email auth
    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')

+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-admin@example.com')
+
    # index
    get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
    assert_response(200)
@ -307,6 +326,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest

    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')

+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-agent@example.com')
+
    # index
    get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
    assert_response(200)
@ -407,6 +433,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest

    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')

+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-customer1@example.com')
+
    # index
    get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
    assert_response(200)
@ -449,6 +482,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest

    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')

+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-customer2@example.com')
+
    # index
    get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
    assert_response(200)