Accept key auth for ProjectsController#show (#6841).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4444 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 9a4a35b..f97f6c3 100644 (file)
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -24,7 +24,7 @@ class ProjectsController < ApplicationController
   before_filter :authorize, :except => [ :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
   before_filter :authorize_global, :only => [:new, :create]
   before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
-  accept_key_auth :index, :create, :update, :destroy
+  accept_key_auth :index, :show, :create, :update, :destroy
 
   after_filter :only => [:create, :edit, :update, :archive, :unarchive, :destroy] do |controller|
     if controller.request.post?

diff --git a/test/integration/api_test/projects_test.rb b/test/integration/api_test/projects_test.rb
index cdac77e..a8c997f 100644 (file)
--- a/test/integration/api_test/projects_test.rb
+++ b/test/integration/api_test/projects_test.rb
@@ -32,6 +32,12 @@ class ApiTest::ProjectsTest < ActionController::IntegrationTest
     assert_equal 'application/xml', @response.content_type
   end
   
+  context "GET /projects/2.xml" do
+    # TODO: A private project is needed because should_allow_api_authentication
+    # actually tests that authentication is *required*, not just allowed
+    should_allow_api_authentication(:get, "/projects/2.xml")
+  end
+  
   def test_show
     get '/projects/1.xml'
     assert_response :success