| @@ -1,153 +1,155 | |||
|
|
1 | 1 | # Redmine - project management software |
|
|
2 | 2 | # Copyright (C) 2006-2009 Jean-Philippe Lang |
|
|
3 | 3 | # |
|
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
|
7 | 7 | # of the License, or (at your option) any later version. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | class UsersController < ApplicationController |
|
|
19 | 19 | layout 'admin' |
|
|
20 | 20 | |
|
|
21 | 21 | before_filter :require_admin, :except => :show |
|
|
22 | 22 | |
|
|
23 | 23 | helper :sort |
|
|
24 | 24 | include SortHelper |
|
|
25 | 25 | helper :custom_fields |
|
|
26 | 26 | include CustomFieldsHelper |
|
|
27 | 27 | |
|
|
28 | 28 | def index |
|
|
29 | 29 | sort_init 'login', 'asc' |
|
|
30 | 30 | sort_update %w(login firstname lastname mail admin created_on last_login_on) |
|
|
31 | 31 | |
|
|
32 | 32 | @status = params[:status] ? params[:status].to_i : 1 |
|
|
33 | 33 | c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status]) |
|
|
34 | 34 | |
|
|
35 | 35 | unless params[:name].blank? |
|
|
36 | 36 | name = "%#{params[:name].strip.downcase}%" |
|
|
37 | 37 | c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name] |
|
|
38 | 38 | end |
|
|
39 | 39 | |
|
|
40 | 40 | @user_count = User.count(:conditions => c.conditions) |
|
|
41 | 41 | @user_pages = Paginator.new self, @user_count, |
|
|
42 | 42 | per_page_option, |
|
|
43 | 43 | params['page'] |
|
|
44 | 44 | @users = User.find :all,:order => sort_clause, |
|
|
45 | 45 | :conditions => c.conditions, |
|
|
46 | 46 | :limit => @user_pages.items_per_page, |
|
|
47 | 47 | :offset => @user_pages.current.offset |
|
|
48 | 48 | |
|
|
49 | 49 | render :layout => !request.xhr? |
|
|
50 | 50 | end |
|
|
51 | 51 | |
|
|
52 | 52 | def show |
|
|
53 | 53 | @user = User.find(params[:id]) |
|
|
54 | 54 | @custom_values = @user.custom_values |
|
|
55 | 55 | |
|
|
56 | 56 | # show projects based on current user visibility |
|
|
57 | 57 | @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current)) |
|
|
58 | 58 | |
|
|
59 | 59 | events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10) |
|
|
60 | 60 | @events_by_day = events.group_by(&:event_date) |
|
|
61 | 61 | |
|
|
62 | 62 | unless User.current.admin? |
|
|
63 | 63 | if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?) |
|
|
64 | 64 | render_404 |
|
|
65 | 65 | return |
|
|
66 | 66 | end |
|
|
67 | 67 | end |
|
|
68 | 68 | render :layout => 'base' |
|
|
69 | 69 | |
|
|
70 | 70 | rescue ActiveRecord::RecordNotFound |
|
|
71 | 71 | render_404 |
|
|
72 | 72 | end |
|
|
73 | 73 | |
|
|
74 | 74 | def add |
|
|
75 | 75 | if request.get? |
|
|
76 | 76 | @user = User.new(:language => Setting.default_language) |
|
|
77 | 77 | else |
|
|
78 | 78 | @user = User.new(params[:user]) |
|
|
79 | 79 | @user.admin = params[:user][:admin] || false |
|
|
80 | 80 | @user.login = params[:user][:login] |
|
|
81 | 81 | @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id |
|
|
82 | 82 | if @user.save |
|
|
83 | 83 | Mailer.deliver_account_information(@user, params[:password]) if params[:send_information] |
|
|
84 | 84 | flash[:notice] = l(:notice_successful_create) |
|
|
85 | 85 | redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} : |
|
|
86 | 86 | {:controller => 'users', :action => 'edit', :id => @user}) |
|
|
87 | 87 | return |
|
|
88 | 88 | end |
|
|
89 | 89 | end |
|
|
90 | 90 | @auth_sources = AuthSource.find(:all) |
|
|
91 | 91 | end |
|
|
92 | 92 | |
|
|
93 | 93 | def edit |
|
|
94 | 94 | @user = User.find(params[:id]) |
|
|
95 | 95 | if request.post? |
|
|
96 | 96 | @user.admin = params[:user][:admin] if params[:user][:admin] |
|
|
97 | 97 | @user.login = params[:user][:login] if params[:user][:login] |
|
|
98 | @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id | |
|
|
98 | if params[:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?) | |
|
|
99 | @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] | |
|
|
100 | end | |
|
|
99 | 101 | @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids] |
|
|
100 | 102 | @user.attributes = params[:user] |
|
|
101 | 103 | # Was the account actived ? (do it before User#save clears the change) |
|
|
102 | 104 | was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE]) |
|
|
103 | 105 | if @user.save |
|
|
104 | 106 | if was_activated |
|
|
105 | 107 | Mailer.deliver_account_activated(@user) |
|
|
106 | 108 | elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil? |
|
|
107 | 109 | Mailer.deliver_account_information(@user, params[:password]) |
|
|
108 | 110 | end |
|
|
109 | 111 | flash[:notice] = l(:notice_successful_update) |
|
|
110 | 112 | redirect_to :back |
|
|
111 | 113 | end |
|
|
112 | 114 | end |
|
|
113 | 115 | @auth_sources = AuthSource.find(:all) |
|
|
114 | 116 | @membership ||= Member.new |
|
|
115 | 117 | rescue ::ActionController::RedirectBackError |
|
|
116 | 118 | redirect_to :controller => 'users', :action => 'edit', :id => @user |
|
|
117 | 119 | end |
|
|
118 | 120 | |
|
|
119 | 121 | def edit_membership |
|
|
120 | 122 | @user = User.find(params[:id]) |
|
|
121 | 123 | @membership = Member.edit_membership(params[:membership_id], params[:membership], @user) |
|
|
122 | 124 | @membership.save if request.post? |
|
|
123 | 125 | respond_to do |format| |
|
|
124 | 126 | if @membership.valid? |
|
|
125 | 127 | format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' } |
|
|
126 | 128 | format.js { |
|
|
127 | 129 | render(:update) {|page| |
|
|
128 | 130 | page.replace_html "tab-content-memberships", :partial => 'users/memberships' |
|
|
129 | 131 | page.visual_effect(:highlight, "member-#{@membership.id}") |
|
|
130 | 132 | } |
|
|
131 | 133 | } |
|
|
132 | 134 | else |
|
|
133 | 135 | format.js { |
|
|
134 | 136 | render(:update) {|page| |
|
|
135 | 137 | page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', '))) |
|
|
136 | 138 | } |
|
|
137 | 139 | } |
|
|
138 | 140 | end |
|
|
139 | 141 | end |
|
|
140 | 142 | end |
|
|
141 | 143 | |
|
|
142 | 144 | def destroy_membership |
|
|
143 | 145 | @user = User.find(params[:id]) |
|
|
144 | 146 | @membership = Member.find(params[:membership_id]) |
|
|
145 | 147 | if request.post? && @membership.deletable? |
|
|
146 | 148 | @membership.destroy |
|
|
147 | 149 | end |
|
|
148 | 150 | respond_to do |format| |
|
|
149 | 151 | format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' } |
|
|
150 | 152 | format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} } |
|
|
151 | 153 | end |
|
|
152 | 154 | end |
|
|
153 | 155 | end |
| @@ -1,159 +1,171 | |||
|
|
1 | 1 | # redMine - project management software |
|
|
2 | 2 | # Copyright (C) 2006-2007 Jean-Philippe Lang |
|
|
3 | 3 | # |
|
|
4 | 4 | # This program is free software; you can redistribute it and/or |
|
|
5 | 5 | # modify it under the terms of the GNU General Public License |
|
|
6 | 6 | # as published by the Free Software Foundation; either version 2 |
|
|
7 | 7 | # of the License, or (at your option) any later version. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU General Public License |
|
|
15 | 15 | # along with this program; if not, write to the Free Software |
|
|
16 | 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
17 | 17 | |
|
|
18 | 18 | require File.dirname(__FILE__) + '/../test_helper' |
|
|
19 | 19 | require 'users_controller' |
|
|
20 | 20 | |
|
|
21 | 21 | # Re-raise errors caught by the controller. |
|
|
22 | 22 | class UsersController; def rescue_action(e) raise e end; end |
|
|
23 | 23 | |
|
|
24 | 24 | class UsersControllerTest < ActionController::TestCase |
|
|
25 | 25 | include Redmine::I18n |
|
|
26 | 26 | |
|
|
27 | 27 | fixtures :users, :projects, :members, :member_roles, :roles |
|
|
28 | 28 | |
|
|
29 | 29 | def setup |
|
|
30 | 30 | @controller = UsersController.new |
|
|
31 | 31 | @request = ActionController::TestRequest.new |
|
|
32 | 32 | @response = ActionController::TestResponse.new |
|
|
33 | 33 | User.current = nil |
|
|
34 | 34 | @request.session[:user_id] = 1 # admin |
|
|
35 | 35 | end |
|
|
36 | 36 | |
|
|
37 | 37 | def test_index |
|
|
38 | 38 | get :index |
|
|
39 | 39 | assert_response :success |
|
|
40 | 40 | assert_template 'index' |
|
|
41 | 41 | end |
|
|
42 | 42 | |
|
|
43 | 43 | def test_index |
|
|
44 | 44 | get :index |
|
|
45 | 45 | assert_response :success |
|
|
46 | 46 | assert_template 'index' |
|
|
47 | 47 | assert_not_nil assigns(:users) |
|
|
48 | 48 | # active users only |
|
|
49 | 49 | assert_nil assigns(:users).detect {|u| !u.active?} |
|
|
50 | 50 | end |
|
|
51 | 51 | |
|
|
52 | 52 | def test_index_with_name_filter |
|
|
53 | 53 | get :index, :name => 'john' |
|
|
54 | 54 | assert_response :success |
|
|
55 | 55 | assert_template 'index' |
|
|
56 | 56 | users = assigns(:users) |
|
|
57 | 57 | assert_not_nil users |
|
|
58 | 58 | assert_equal 1, users.size |
|
|
59 | 59 | assert_equal 'John', users.first.firstname |
|
|
60 | 60 | end |
|
|
61 | 61 | |
|
|
62 | 62 | def test_show |
|
|
63 | 63 | @request.session[:user_id] = nil |
|
|
64 | 64 | get :show, :id => 2 |
|
|
65 | 65 | assert_response :success |
|
|
66 | 66 | assert_template 'show' |
|
|
67 | 67 | assert_not_nil assigns(:user) |
|
|
68 | 68 | end |
|
|
69 | 69 | |
|
|
70 | 70 | def test_show_should_not_fail_when_custom_values_are_nil |
|
|
71 | 71 | user = User.find(2) |
|
|
72 | 72 | |
|
|
73 | 73 | # Create a custom field to illustrate the issue |
|
|
74 | 74 | custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text') |
|
|
75 | 75 | custom_value = user.custom_values.build(:custom_field => custom_field).save! |
|
|
76 | 76 | |
|
|
77 | 77 | get :show, :id => 2 |
|
|
78 | 78 | assert_response :success |
|
|
79 | 79 | end |
|
|
80 | 80 | |
|
|
81 | 81 | def test_show_inactive |
|
|
82 | 82 | @request.session[:user_id] = nil |
|
|
83 | 83 | get :show, :id => 5 |
|
|
84 | 84 | assert_response 404 |
|
|
85 | 85 | end |
|
|
86 | 86 | |
|
|
87 | 87 | def test_show_should_not_reveal_users_with_no_visible_activity_or_project |
|
|
88 | 88 | @request.session[:user_id] = nil |
|
|
89 | 89 | get :show, :id => 9 |
|
|
90 | 90 | assert_response 404 |
|
|
91 | 91 | end |
|
|
92 | 92 | |
|
|
93 | 93 | def test_show_inactive_by_admin |
|
|
94 | 94 | @request.session[:user_id] = 1 |
|
|
95 | 95 | get :show, :id => 5 |
|
|
96 | 96 | assert_response 200 |
|
|
97 | 97 | assert_not_nil assigns(:user) |
|
|
98 | 98 | end |
|
|
99 | 99 | |
|
|
100 | 100 | def test_show_displays_memberships_based_on_project_visibility |
|
|
101 | 101 | @request.session[:user_id] = 1 |
|
|
102 | 102 | get :show, :id => 2 |
|
|
103 | 103 | assert_response :success |
|
|
104 | 104 | memberships = assigns(:memberships) |
|
|
105 | 105 | assert_not_nil memberships |
|
|
106 | 106 | project_ids = memberships.map(&:project_id) |
|
|
107 | 107 | assert project_ids.include?(2) #private project admin can see |
|
|
108 | 108 | end |
|
|
109 | 109 | |
|
|
110 | 110 | def test_edit |
|
|
111 | 111 | ActionMailer::Base.deliveries.clear |
|
|
112 | 112 | post :edit, :id => 2, :user => {:firstname => 'Changed'} |
|
|
113 | 113 | assert_equal 'Changed', User.find(2).firstname |
|
|
114 | 114 | assert ActionMailer::Base.deliveries.empty? |
|
|
115 | 115 | end |
|
|
116 | 116 | |
|
|
117 | 117 | def test_edit_with_activation_should_send_a_notification |
|
|
118 | 118 | u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr') |
|
|
119 | 119 | u.login = 'foo' |
|
|
120 | 120 | u.status = User::STATUS_REGISTERED |
|
|
121 | 121 | u.save! |
|
|
122 | 122 | ActionMailer::Base.deliveries.clear |
|
|
123 | 123 | Setting.bcc_recipients = '1' |
|
|
124 | 124 | |
|
|
125 | 125 | post :edit, :id => u.id, :user => {:status => User::STATUS_ACTIVE} |
|
|
126 | 126 | assert u.reload.active? |
|
|
127 | 127 | mail = ActionMailer::Base.deliveries.last |
|
|
128 | 128 | assert_not_nil mail |
|
|
129 | 129 | assert_equal ['foo.bar@somenet.foo'], mail.bcc |
|
|
130 | 130 | assert mail.body.include?(ll('fr', :notice_account_activated)) |
|
|
131 | 131 | end |
|
|
132 | 132 | |
|
|
133 | 133 | def test_edit_with_password_change_should_send_a_notification |
|
|
134 | 134 | ActionMailer::Base.deliveries.clear |
|
|
135 | 135 | Setting.bcc_recipients = '1' |
|
|
136 | 136 | |
|
|
137 | 137 | u = User.find(2) |
|
|
138 | 138 | post :edit, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1' |
|
|
139 | 139 | assert_equal User.hash_password('newpass'), u.reload.hashed_password |
|
|
140 | 140 | |
|
|
141 | 141 | mail = ActionMailer::Base.deliveries.last |
|
|
142 | 142 | assert_not_nil mail |
|
|
143 | 143 | assert_equal [u.mail], mail.bcc |
|
|
144 | 144 | assert mail.body.include?('newpass') |
|
|
145 | 145 | end |
|
|
146 | ||
|
|
147 | test "POST :edit with a password change to an AuthSource user switching to Internal authentication" do | |
|
|
148 | # Configure as auth source | |
|
|
149 | u = User.find(2) | |
|
|
150 | u.auth_source = AuthSource.find(1) | |
|
|
151 | u.save! | |
|
|
152 | ||
|
|
153 | post :edit, :id => u.id, :user => {:auth_source_id => ''}, :password => 'newpass', :password_confirmation => 'newpass' | |
|
|
154 | ||
|
|
155 | assert_equal nil, u.reload.auth_source | |
|
|
156 | assert_equal User.hash_password('newpass'), u.reload.hashed_password | |
|
|
157 | end | |
|
|
146 | 158 | |
|
|
147 | 159 | def test_edit_membership |
|
|
148 | 160 | post :edit_membership, :id => 2, :membership_id => 1, |
|
|
149 | 161 | :membership => { :role_ids => [2]} |
|
|
150 | 162 | assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships' |
|
|
151 | 163 | assert_equal [2], Member.find(1).role_ids |
|
|
152 | 164 | end |
|
|
153 | 165 | |
|
|
154 | 166 | def test_destroy_membership |
|
|
155 | 167 | post :destroy_membership, :id => 2, :membership_id => 1 |
|
|
156 | 168 | assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships' |
|
|
157 | 169 | assert_nil Member.find_by_id(1) |
|
|
158 | 170 | end |
|
|
159 | 171 | end |
General Comments 0
You need to be logged in to leave comments.
Login now