Added users/me resource. Fixed issue#241.

app/controllers/users_controller.rb

@@ -306,6 +306,34 @@ class UsersController < ApplicationController
     model_destory_render(User, params)
   end
 
+  # @path       [GET] /users/me
+  #
+  # @summary          Returns the User record of current user.
+  # @notes            The requestor need to have a valid authentication.
+  #
+  # @parameter        full         [Bool]    If set a Asset structure with all connected Assets gets returned.
+  #
+  # @response_message 200 [User] User record matching the requested identifier.
+  # @response_message 401        Invalid session.
+  def me
+
+    if params[:expand]
+      user = current_user.attributes_with_relation_names
+      render json: user, status: :ok
+      return
+    end
+
+    if params[:full]
+      full = User.full(current_user.id)
+      render json: full
+      return
+    end
+
+    user = current_user.attributes_with_associations
+    user.delete('password')
+    render json: user
+  end
+
   # @path       [GET] /users/search
   #
   # @tag Search

config/routes/user.rb

@@ -15,6 +15,8 @@ Zammad::Application.routes.draw do
   match api_path + '/users/avatar',                to: 'users#avatar_destroy',        via: :delete
   match api_path + '/users/avatar/set',            to: 'users#avatar_set_default',    via: :post
 
+  match api_path + '/users/me',                    to: 'users#me',                    via: :get
+
   match api_path + '/users',                       to: 'users#index',                 via: :get
   match api_path + '/users/:id',                   to: 'users#show',                  via: :get
   match api_path + '/users/history/:id',           to: 'users#history',               via: :get

test/controllers/user_organization_controller_test.rb

@@ -147,11 +147,23 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     assert_response(401)
     result = JSON.parse(@response.body)
     assert_equal('authentication failed', result['error'])
+
+    # me
+    get '/api/v1/users/me', {}, @headers
+    assert_response(401)
+    result = JSON.parse(@response.body)
+    assert_equal('authentication failed', result['error'])
   end
 
   test 'auth tests - not existing user' do
     credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
 
+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(401)
+    result = JSON.parse(@response.body)
+    assert_equal('authentication failed', result['error'])
+
     get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
     assert_response(401)
     result = JSON.parse(@response.body)
@@ -199,6 +211,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     # email auth
     credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
 
+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-admin@example.com')
+
     # index
     get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
     assert_response(200)
@@ -307,6 +326,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
 
     credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
 
+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-agent@example.com')
+
     # index
     get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
     assert_response(200)
@@ -407,6 +433,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
 
     credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
 
+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-customer1@example.com')
+
     # index
     get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
     assert_response(200)
@@ -449,6 +482,13 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
 
     credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
 
+    # me
+    get '/api/v1/users/me', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert(result)
+    assert_equal(result['email'], 'rest-customer2@example.com')
+
     # index
     get '/api/v1/users', {}, @headers.merge('Authorization' => credentials)
     assert_response(200)