Don't use SudoMode.disable! to skip API requests (#19851).

git-svn-id: http://svn.redmine.org/redmine/trunk@14338 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-01-24 08:07:14 +00:00 · 2015-06-19 19:51:24 +00:00 · 2015-06-19 19:51:24 +00:00 · c2fca37999
commit c2fca37999
parent fe9eec19c5
2 changed files with 19 additions and 4 deletions
--- a/lib/redmine/sudo_mode.rb
+++ b/lib/redmine/sudo_mode.rb
@ -61,9 +61,7 @@ module Redmine
      # After the request refreshes the timestamp if sudo mode was used during
      # this request.
      def sudo_mode
-        if api_request?
+        if sudo_timestamp_valid?
          SudoMode.disable!
        elsif sudo_timestamp_valid?
          SudoMode.active!
        end
        yield
@ -145,7 +143,9 @@ module Redmine
      class SudoRequestFilter < Struct.new(:parameters, :request_methods)
        def before(controller)
          method_matches = request_methods.blank? || request_methods.include?(controller.request.method_symbol)
-          if SudoMode.possible? && method_matches
+          if controller.api_request?
            true
          elsif SudoMode.possible? && method_matches
            controller.require_sudo_mode( *parameters )
          else
            true
--- a/test/integration/sudo_mode_test.rb
+++ b/test/integration/sudo_mode_test.rb
@ -143,4 +143,19 @@ class SudoTest < Redmine::IntegrationTest
    assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
  end
  def test_sudo_mode_should_skip_api_requests
    with_settings :rest_api_enabled => '1' do
      assert_difference('User.count') do
        post '/users.json', {
          :user => {
            :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname',
            :mail => 'foo@example.net', :password => 'secret123',
            :mail_notification => 'only_assigned'}
          },
          credentials('admin')
        assert_response :created
      end
    end
  end
 end