diff --git a/app/controllers/dmsf_links_controller.rb b/app/controllers/dmsf_links_controller.rb
index 6b1db1ba..d7fa6468 100644
--- a/app/controllers/dmsf_links_controller.rb
+++ b/app/controllers/dmsf_links_controller.rb
@@ -21,12 +21,18 @@
class DmsfLinksController < ApplicationController
model_object DmsfLink
+
before_action :find_model_object, :only => [:destroy, :restore]
before_action :find_link_project
before_action :authorize
before_action :permissions
+
protect_from_forgery except: :new
+ accept_api_auth :create
+
+ skip_before_action :verify_authenticity_token, if: -> { request.headers['HTTP_X_REDMINE_API_KEY'].present? }
+
def permissions
if @dmsf_link
render_403 unless DmsfFolder.permissions?(@dmsf_link.dmsf_folder)
@@ -103,7 +109,8 @@ class DmsfLinksController < ApplicationController
@dmsf_link.target_type = DmsfFolder.model_name.to_s
end
@dmsf_link.name = params[:dmsf_link][:name]
- if @dmsf_link.save
+ result = @dmsf_link.save
+ if result
flash[:notice] = l(:notice_successful_create)
else
flash[:error] = @dmsf_link.errors.full_messages.to_sentence
@@ -122,7 +129,8 @@ class DmsfLinksController < ApplicationController
@dmsf_link.target_type = DmsfFolder.model_name.to_s
end
@dmsf_link.name = params[:dmsf_link][:name]
- if @dmsf_link.save
+ result = @dmsf_link.save
+ if result
flash[:notice] = l(:notice_successful_create)
else
flash[:error] = @dmsf_link.errors.full_messages.to_sentence
@@ -140,6 +148,7 @@ class DmsfLinksController < ApplicationController
end
end
}
+ format.api { result ? render_api_ok : render_validation_errors(@dmsf_link) }
format.js
end
end
@@ -191,7 +200,6 @@ class DmsfLinksController < ApplicationController
else
pid = params[:project_id]
end
- Rails.logger.error("pid #{pid}")
@project = Project.find(pid)
end
rescue ActiveRecord::RecordNotFound
diff --git a/extra/api/api_client.sh b/extra/api/api_client.sh
index be4eb78d..8ee45845 100644
--- a/extra/api/api_client.sh
+++ b/extra/api/api_client.sh
@@ -86,8 +86,11 @@
# b) Delete permanently
# curl -v -H "Content-Type: application/xml" -X DELETE -u ${1}:${2} "http://localhost:3000/projects/2387/dmsf/delete.xml?folder_id=#{folder_id}&commit=yes"
-# 8. Delete a file
+# 9. Delete a file
# a) Move to trash only
# curl -v -H "Content-Type: application/xml" -X DELETE -u ${1}:${2} http://localhost:3000/dmsf/files/196118.xml
# b) Delete permanently
-# curl -v -H "Content-Type: application/xml" -X DELETE -u ${1}:${2} http://localhost:3000/dmsf/files/196118.xml?commit=yes"
\ No newline at end of file
+# curl -v -H "Content-Type: application/xml" -X DELETE -u ${1}:${2} http://localhost:3000/dmsf/files/196118.xml?commit=yes"
+
+# 10. Create a symbolic link
+# curl -v -H "Content-Type: application/xml" -X POST --data "@link.xml" -H "X-Redmine-API-Key: USERS_API_KEY" http://localhost:3000/dmsf_links.xml
\ No newline at end of file
diff --git a/extra/api/link.xml b/extra/api/link.xml
new file mode 100644
index 00000000..4373519c
--- /dev/null
+++ b/extra/api/link.xml
@@ -0,0 +1,11 @@
+
+
+ 2387
+ link_from
+
+ 2387
+ Documents
+ 196119
+
+ test
+
\ No newline at end of file
diff --git a/test/integration/rest_api/dmsf_link_api_test.rb b/test/integration/rest_api/dmsf_link_api_test.rb
new file mode 100644
index 00000000..3f0134a0
--- /dev/null
+++ b/test/integration/rest_api/dmsf_link_api_test.rb
@@ -0,0 +1,68 @@
+# encoding: utf-8
+#
+# Redmine plugin for Document Management System "Features"
+#
+# Copyright © 2011-18 Karel Pičman
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require File.expand_path('../../../test_helper', __FILE__)
+
+class DmsfLinkApiTest < RedmineDmsf::Test::IntegrationTest
+ include Redmine::I18n
+
+ fixtures :projects, :users, :dmsf_files, :dmsf_file_revisions, :members, :roles, :member_roles
+
+ def setup
+ @admin = User.find_by_id 1
+ @jsmith = User.find_by_id 2
+ @file1 = DmsfFile.find_by_id 1
+ Setting.rest_api_enabled = '1'
+ @role = Role.find_by_id 1
+ @project1 = Project.find_by_id 1
+ @project1.enable_module! :dmsf
+ end
+
+ def test_truth
+ assert_kind_of User, @admin
+ assert_kind_of User, @jsmith
+ assert_kind_of DmsfFile, @file1
+ assert_kind_of Role, @role
+ assert_kind_of Project, @project1
+ end
+
+ def test_create_link
+ @role.add_permission! :file_manipulation
+ token = Token.create!(:user => @jsmith, :action => 'api')
+ name = 'REST API link test'
+ # curl -v -H "Content-Type: application/xml" -X POST --data "@link.xml" -H "X-Redmine-API-Key: USERS_API_KEY" http://localhost:3000/dmsf_links.xml
+ payload = %{
+
+
+ #{@project1.id}
+ link_from
+
+ #{@project1.id}
+ Documents
+ #{@file1.id}
+
+ #{name}
+
+ }
+ post "/dmsf_links.xml?key=#{token.value}", payload, {'CONTENT_TYPE' => 'application/xml'}
+ assert_response :success
+ assert_equal 1, DmsfLink.where(:name => name, :project_id => @project1.id).count
+ end
+end
\ No newline at end of file