##// END OF EJS Templates
jro_apps » redmine
RSS
Let administrators see locked user profiles....
Jean-Philippe Lang -
r3379:bfed36ac8412
parent child
Show More
Side by Side Unified
Context file:
r3379:bfed36ac8412 Loading diff...:
Show file before | Show file after | Hide comments
@@ -50,7 +50,7 class UsersController < ApplicationController
50 50 end
51 51
52 52 def show
53 @user = User.active.find(params[:id])
53 @user = User.find(params[:id])
54 54 @custom_values = @user.custom_values
55 55
56 56 # show only public projects and private projects that the logged in user is also a member of
@@ -61,9 +61,11 class UsersController < ApplicationController
61 61 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
62 62 @events_by_day = events.group_by(&:event_date)
63 63
64 if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
65 render_404
66 return
64 unless User.current.admin?
65 if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
66 render_404
67 return
68 end
67 69 end
68 70 render :layout => 'base'
69 71
Show file before | Show file after | Hide comments
@@ -103,12 +103,11 class UsersControllerTest < ActionController::TestCase
103 103 get :show, :id => 2
104 104 assert_response :success
105 105 end
106
107 106
108 107 def test_show_inactive
108 @request.session[:user_id] = nil
109 109 get :show, :id => 5
110 110 assert_response 404
111 assert_nil assigns(:user)
112 111 end
113 112
114 113 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
@@ -116,6 +115,13 class UsersControllerTest < ActionController::TestCase
116 115 get :show, :id => 9
117 116 assert_response 404
118 117 end
118
119 def test_show_inactive_by_admin
120 @request.session[:user_id] = 1
121 get :show, :id => 5
122 assert_response 200
123 assert_not_nil assigns(:user)
124 end
119 125
120 126 def test_add_routing
121 127 assert_routing(
General Comments 0
You need to be logged in to leave comments. Login now