Add /api/users test for admin role. Updated CHANGELOG

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-06-13 19:42:17 +03:00 · 2014-06-13 19:42:17 +03:00 · 47d6f70528
parent 8ff171f628
commit 47d6f70528
2 changed files with 12 additions and 0 deletions
--- a/1
+++ b/1
@ -35,6 +35,7 @@ v 7.0.0
  - Be more selective when killing stray Sidekiqs
  - Check LDAP user filter during sign-in
  - Remove wall feature (no data loss - you can take it from database)
+  - Dont expose user emails via API unless you are admin 

 v 6.9.2
  - Revert the commit that broke the LDAP user filter
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@ -23,6 +23,17 @@ describe API::API, api: true  do
        json_response.first['username'].should == user.username
      end
    end
+
+    context "when admin" do
+      it "should return an array of users" do
+        get api("/users", admin)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.first.keys.should include 'email'
+        json_response.first.keys.should include 'extern_uid'
+        json_response.first.keys.should include 'can_create_project'
+      end
+    end
  end

  describe "GET /users/:id" do