##// END OF EJS Templates
jro_apps » redmine
RSS
Fixed confidentiality issue on account/show....
Jean-Philippe Lang -
r564:1a2aee84b21a
parent child
Show More
Show file before | Show file after | Hide comments
@@ -28,6 +28,11 class AccountController < ApplicationController
28 def show
28 def show
29 @user = User.find(params[:id])
29 @user = User.find(params[:id])
30 @custom_values = @user.custom_values.find(:all, :include => :custom_field)
30 @custom_values = @user.custom_values.find(:all, :include => :custom_field)
31
32 # show only public projects and private projects that the logged in user is also a member of
33 @memberships = @user.memberships.select do |membership|
34 membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project))
35 end
31 rescue ActiveRecord::RecordNotFound
36 rescue ActiveRecord::RecordNotFound
32 render_404
37 render_404
33 end
38 end
Show file before | Show file after | Hide comments
@@ -13,12 +13,12
13 </p>
13 </p>
14
14
15 <h3><%=l(:label_project_plural)%></h3>
15 <h3><%=l(:label_project_plural)%></h3>
16 <p>
16 <ul>
17 <% for membership in @user.memberships %>
17 <% for membership in @memberships %>
18 <%= membership.project.name %> (<%= membership.role.name %>, <%= format_date(membership.created_on) %>)
18 <li><%= link_to membership.project.name, :controller => 'projects', :action => 'show', :id => membership.project %>
19 <br />
19 (<%= membership.role.name %>, <%= format_date(membership.created_on) %>)</li>
20 <% end %>
20 <% end %>
21 </p>
21 </ul>
22
22
23 <h3><%=l(:label_activity)%></h3>
23 <h3><%=l(:label_activity)%></h3>
24 <p>
24 <p>
General Comments 0
You need to be logged in to leave comments. Login now