From da2a11cb8c4a69c65e4185bba0d1302ed58cd9d1 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Tue, 25 Oct 2016 01:54:12 +0200 Subject: [PATCH] Added users/me resource. Fixed issue#241. --- app/controllers/users_controller.rb | 28 +++++++++++++ config/routes/user.rb | 2 + .../user_organization_controller_test.rb | 40 +++++++++++++++++++ 3 files changed, 70 insertions(+) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 5acab042a..2311e10f5 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -306,6 +306,34 @@ class UsersController < ApplicationController model_destory_render(User, params) end + # @path [GET] /users/me + # + # @summary Returns the User record of current user. + # @notes The requestor need to have a valid authentication. + # + # @parameter full [Bool] If set a Asset structure with all connected Assets gets returned. + # + # @response_message 200 [User] User record matching the requested identifier. + # @response_message 401 Invalid session. + def me + + if params[:expand] + user = current_user.attributes_with_relation_names + render json: user, status: :ok + return + end + + if params[:full] + full = User.full(current_user.id) + render json: full + return + end + + user = current_user.attributes_with_associations + user.delete('password') + render json: user + end + # @path [GET] /users/search # # @tag Search diff --git a/config/routes/user.rb b/config/routes/user.rb index 0c0da5c5d..54f8dba73 100644 --- a/config/routes/user.rb +++ b/config/routes/user.rb @@ -15,6 +15,8 @@ Zammad::Application.routes.draw do match api_path + '/users/avatar', to: 'users#avatar_destroy', via: :delete match api_path + '/users/avatar/set', to: 'users#avatar_set_default', via: :post + match api_path + '/users/me', to: 'users#me', via: :get + match api_path + '/users', to: 'users#index', via: :get match api_path + '/users/:id', to: 'users#show', via: :get match api_path + '/users/history/:id', to: 'users#history', via: :get diff --git a/test/controllers/user_organization_controller_test.rb b/test/controllers/user_organization_controller_test.rb index 9d4725b22..d7dbc3dbe 100644 --- a/test/controllers/user_organization_controller_test.rb +++ b/test/controllers/user_organization_controller_test.rb @@ -147,11 +147,23 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest assert_response(401) result = JSON.parse(@response.body) assert_equal('authentication failed', result['error']) + + # me + get '/api/v1/users/me', {}, @headers + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) end test 'auth tests - not existing user' do credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw') + # me + get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) assert_response(401) result = JSON.parse(@response.body) @@ -199,6 +211,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest # email auth credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + # me + get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-admin@example.com') + # index get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) assert_response(200) @@ -307,6 +326,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') + # me + get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-agent@example.com') + # index get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) assert_response(200) @@ -407,6 +433,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') + # me + get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-customer1@example.com') + # index get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) assert_response(200) @@ -449,6 +482,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') + # me + get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-customer2@example.com') + # index get '/api/v1/users', {}, @headers.merge('Authorization' => credentials) assert_response(200)