Add /api/users test for admin role. Updated CHANGELOG

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Add /api/users test for admin role. Updated CHANGELOG
47d6f705 · Dmitriy Zaporozhets · 8ff171f6 · 47d6f705 · 47d6f705
Unverified Commit 47d6f705 authored Jun 13, 2014 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

CHANGELOG CHANGELOG +1 -0

users_spec.rb spec/requests/api/users_spec.rb +11 -0

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -35,6 +35,7 @@ v 7.0.0
  - Be more selective when killing stray Sidekiqs
  - Check LDAP user filter during sign-in
  - Remove wall feature (no data loss - you can take it from database)
+  - Dont expose user emails via API unless you are admin 

 v 6.9.2
  - Revert the commit that broke the LDAP user filter

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -23,6 +23,17 @@ describe API::API, api: true  do
        json_response.first['username'].should == user.username
      end
    end
+
+    context "when admin" do
+      it "should return an array of users" do
+        get api("/users", admin)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.first.keys.should include 'email'
+        json_response.first.keys.should include 'extern_uid'
+        json_response.first.keys.should include 'can_create_project'
+      end
+    end
  end

  describe "GET /users/:id" do