jro_apps/redmine Commit - r3379:bfed36ac8412

Let administrators see locked user profiles....

Jean-Philippe Lang -

r3379:bfed36ac8412

parent child

Context file:

r3379:bfed36ac8412

Collapse all files

app/controllers/users_controller.rb +4 -2

             # Redmine - project management software
             # Copyright (C) 2006-2009  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class UsersController < ApplicationController
               layout 'admin'
               before_filter :require_admin, :except => :show
               helper :sort
               include SortHelper
               helper :custom_fields
               include CustomFieldsHelper
               def index
                 sort_init 'login', 'asc'
                 sort_update %w(login firstname lastname mail admin created_on last_login_on)
                 @status = params[:status] ? params[:status].to_i : 1
                 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
                 unless params[:name].blank?
                   name = "%#{params[:name].strip.downcase}%"
                   c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
                 end
                 @user_count = User.count(:conditions => c.conditions)
                 @user_pages = Paginator.new self, @user_count,
             								per_page_option,
             								params['page']
                 @users =  User.find :all,:order => sort_clause,
                                     :conditions => c.conditions,
             						:limit  =>  @user_pages.items_per_page,
             						:offset =>  @user_pages.current.offset
                 render :layout => !request.xhr?
               end
               def show
-                @user = User.active.find(params[:id])
+                @user = User.find(params[:id])
                 @custom_values = @user.custom_values
                 # show only public projects and private projects that the logged in user is also a member of
                 @memberships = @user.memberships.select do |membership|
                   membership.project.is_public? || (User.current.member_of?(membership.project))
                 end
                 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
                 @events_by_day = events.group_by(&:event_date)
-                if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
+                unless User.current.admin?
+                  if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
                     render_404
                     return
                   end
+                end
                 render :layout => 'base'
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def add
                 if request.get?
                   @user = User.new(:language => Setting.default_language)
                 else
                   @user = User.new(params[:user])
                   @user.admin = params[:user][:admin] || false
                   @user.login = params[:user][:login]
                   @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
                   if @user.save
                     Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
                     flash[:notice] = l(:notice_successful_create)
                     redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} :
                                                     {:controller => 'users', :action => 'edit', :id => @user})
                     return
                   end
                 end
                 @auth_sources = AuthSource.find(:all)
               end
               def edit
                 @user = User.find(params[:id])
                 if request.post?
                   @user.admin = params[:user][:admin] if params[:user][:admin]
                   @user.login = params[:user][:login] if params[:user][:login]
                   @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
                   @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
                   @user.attributes = params[:user]
                   # Was the account actived ? (do it before User#save clears the change)
                   was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
                   if @user.save
                     if was_activated
                       Mailer.deliver_account_activated(@user)
                     elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
                       Mailer.deliver_account_information(@user, params[:password])
                     end
                     flash[:notice] = l(:notice_successful_update)
                     redirect_to :back
                   end
                 end
                 @auth_sources = AuthSource.find(:all)
                 @membership ||= Member.new
               rescue ::ActionController::RedirectBackError
                 redirect_to :controller => 'users', :action => 'edit', :id => @user
               end
               def edit_membership
                 @user = User.find(params[:id])
                 @membership = params[:membership_id] ? Member.find(params[:membership_id]) : Member.new(:principal => @user)
                 @membership.attributes = params[:membership]
                 @membership.save if request.post?
                 respond_to do |format|
                    format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
                    format.js {
                      render(:update) {|page|
                        page.replace_html "tab-content-memberships", :partial => 'users/memberships'
                        page.visual_effect(:highlight, "member-#{@membership.id}")
                      }
                    }
                  end
               end
               def destroy_membership
                 @user = User.find(params[:id])
                 @membership = Member.find(params[:membership_id])
                 if request.post? && @membership.deletable?
                   @membership.destroy
                 end
                 respond_to do |format|
                   format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
                   format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
                 end
               end
             end

test/functional/users_controller_test.rb +8 -2

             # redMine - project management software
             # Copyright (C) 2006-2007  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.dirname(__FILE__) + '/../test_helper'
             require 'users_controller'
             # Re-raise errors caught by the controller.
             class UsersController; def rescue_action(e) raise e end; end
             class UsersControllerTest < ActionController::TestCase
               include Redmine::I18n
               fixtures :users, :projects, :members, :member_roles, :roles
               def setup
                 @controller = UsersController.new
                 @request    = ActionController::TestRequest.new
                 @response   = ActionController::TestResponse.new
                 User.current = nil
                 @request.session[:user_id] = 1 # admin
               end
               def test_index_routing
                 assert_generates(
                   '/users',
                   :controller => 'users', :action => 'index'
                 )
                 assert_routing(
                   {:method => :get, :path => '/users'},
                   :controller => 'users', :action => 'index'
                 )
                 assert_recognizes(
                   {:controller => 'users', :action => 'index'},
                   {:method => :get, :path => '/users'}
                 )
               end
               def test_index
                 get :index
                 assert_response :success
                 assert_template 'index'
               end
               def test_index
                 get :index
                 assert_response :success
                 assert_template 'index'
                 assert_not_nil assigns(:users)
                 # active users only
                 assert_nil assigns(:users).detect {|u| !u.active?}
               end
               def test_index_with_name_filter
                 get :index, :name => 'john'
                 assert_response :success
                 assert_template 'index'
                 users = assigns(:users)
                 assert_not_nil users
                 assert_equal 1, users.size
                 assert_equal 'John', users.first.firstname
               end
               def test_show_routing
                 assert_routing(
                   {:method => :get, :path => '/users/44'},
                   :controller => 'users', :action => 'show', :id => '44'
                 )
                 assert_recognizes(
                   {:controller => 'users', :action => 'show', :id => '44'},
                   {:method => :get, :path => '/users/44'}
                 )
               end
               def test_show
                 @request.session[:user_id] = nil
                 get :show, :id => 2
                 assert_response :success
                 assert_template 'show'
                 assert_not_nil assigns(:user)
               end
               def test_show_should_not_fail_when_custom_values_are_nil
                 user = User.find(2)
                 # Create a custom field to illustrate the issue
                 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
                 custom_value = user.custom_values.build(:custom_field => custom_field).save!
                 get :show, :id => 2
                 assert_response :success
               end
               def test_show_inactive
+                @request.session[:user_id] = nil
                 get :show, :id => 5
                 assert_response 404
-                assert_nil assigns(:user)
               end
               def test_show_should_not_reveal_users_with_no_visible_activity_or_project
                 @request.session[:user_id] = nil
                 get :show, :id => 9
                 assert_response 404
               end
+              def test_show_inactive_by_admin
+                @request.session[:user_id] = 1
+                get :show, :id => 5
+                assert_response 200
+                assert_not_nil assigns(:user)
+              end
               def test_add_routing
                 assert_routing(
                   {:method => :get, :path => '/users/new'},
                   :controller => 'users', :action => 'add'
                 )
                 assert_recognizes(
                 #TODO: remove this and replace with POST to collection, need to modify form
                   {:controller => 'users', :action => 'add'},
                   {:method => :post, :path => '/users/new'}
                 )
                 assert_recognizes(
                   {:controller => 'users', :action => 'add'},
                   {:method => :post, :path => '/users'}
                 )
               end
               def test_edit_routing
                 assert_routing(
                   {:method => :get, :path => '/users/444/edit'},
                   :controller => 'users', :action => 'edit', :id => '444'
                 )
                 assert_routing(
                   {:method => :get, :path => '/users/222/edit/membership'},
                   :controller => 'users', :action => 'edit', :id => '222', :tab => 'membership'
                 )
                 assert_recognizes(
                 #TODO: use PUT on user_path, modify form
                   {:controller => 'users', :action => 'edit', :id => '444'},
                   {:method => :post, :path => '/users/444/edit'}
                 )
               end
               def test_edit
                 ActionMailer::Base.deliveries.clear
                 post :edit, :id => 2, :user => {:firstname => 'Changed'}
                 assert_equal 'Changed', User.find(2).firstname
                 assert ActionMailer::Base.deliveries.empty?
               end
               def test_edit_with_activation_should_send_a_notification
                 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
                 u.login = 'foo'
                 u.status = User::STATUS_REGISTERED
                 u.save!
                 ActionMailer::Base.deliveries.clear
                 Setting.bcc_recipients = '1'
                 post :edit, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
                 assert u.reload.active?
                 mail = ActionMailer::Base.deliveries.last
                 assert_not_nil mail
                 assert_equal ['foo.bar@somenet.foo'], mail.bcc
                 assert mail.body.include?(ll('fr', :notice_account_activated))
               end
               def test_edit_with_password_change_should_send_a_notification
                 ActionMailer::Base.deliveries.clear
                 Setting.bcc_recipients = '1'
                 u = User.find(2)
                 post :edit, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1'
                 assert_equal User.hash_password('newpass'), u.reload.hashed_password
                 mail = ActionMailer::Base.deliveries.last
                 assert_not_nil mail
                 assert_equal [u.mail], mail.bcc
                 assert mail.body.include?('newpass')
               end
               def test_add_membership_routing
                 assert_routing(
                   {:method => :post, :path => '/users/123/memberships'},
                   :controller => 'users', :action => 'edit_membership', :id => '123'
                 )
               end
               def test_edit_membership_routing
                 assert_routing(
                   {:method => :post, :path => '/users/123/memberships/55'},
                   :controller => 'users', :action => 'edit_membership', :id => '123', :membership_id => '55'
                 )
               end
               def test_edit_membership
                 post :edit_membership, :id => 2, :membership_id => 1,
                                        :membership => { :role_ids => [2]}
                 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
                 assert_equal [2], Member.find(1).role_ids
               end
               def test_destroy_membership
                 assert_routing(
                 #TODO: use DELETE method on user_membership_path, modify form
                   {:method => :post, :path => '/users/567/memberships/12/destroy'},
                   :controller => 'users', :action => 'destroy_membership', :id => '567', :membership_id => '12'
                 )
               end
               def test_destroy_membership
                 post :destroy_membership, :id => 2, :membership_id => 1
                 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
                 assert_nil Member.find_by_id(1)
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages