##// END OF EJS Templates
jro_apps » redmine
RSS
Let administrators see locked user profiles....
Jean-Philippe Lang -
r3379:bfed36ac8412
parent child
Show More
Side by Side Unified
Context file:
r3379:bfed36ac8412 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,146 +1,148
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2009 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class UsersController < ApplicationController
19 19 layout 'admin'
20 20
21 21 before_filter :require_admin, :except => :show
22 22
23 23 helper :sort
24 24 include SortHelper
25 25 helper :custom_fields
26 26 include CustomFieldsHelper
27 27
28 28 def index
29 29 sort_init 'login', 'asc'
30 30 sort_update %w(login firstname lastname mail admin created_on last_login_on)
31 31
32 32 @status = params[:status] ? params[:status].to_i : 1
33 33 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
34 34
35 35 unless params[:name].blank?
36 36 name = "%#{params[:name].strip.downcase}%"
37 37 c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
38 38 end
39 39
40 40 @user_count = User.count(:conditions => c.conditions)
41 41 @user_pages = Paginator.new self, @user_count,
42 42 per_page_option,
43 43 params['page']
44 44 @users = User.find :all,:order => sort_clause,
45 45 :conditions => c.conditions,
46 46 :limit => @user_pages.items_per_page,
47 47 :offset => @user_pages.current.offset
48 48
49 49 render :layout => !request.xhr?
50 50 end
51 51
52 52 def show
53 @user = User.active.find(params[:id])
53 @user = User.find(params[:id])
54 54 @custom_values = @user.custom_values
55 55
56 56 # show only public projects and private projects that the logged in user is also a member of
57 57 @memberships = @user.memberships.select do |membership|
58 58 membership.project.is_public? || (User.current.member_of?(membership.project))
59 59 end
60 60
61 61 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
62 62 @events_by_day = events.group_by(&:event_date)
63 63
64 if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
65 render_404
66 return
64 unless User.current.admin?
65 if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
66 render_404
67 return
68 end
67 69 end
68 70 render :layout => 'base'
69 71
70 72 rescue ActiveRecord::RecordNotFound
71 73 render_404
72 74 end
73 75
74 76 def add
75 77 if request.get?
76 78 @user = User.new(:language => Setting.default_language)
77 79 else
78 80 @user = User.new(params[:user])
79 81 @user.admin = params[:user][:admin] || false
80 82 @user.login = params[:user][:login]
81 83 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
82 84 if @user.save
83 85 Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
84 86 flash[:notice] = l(:notice_successful_create)
85 87 redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} :
86 88 {:controller => 'users', :action => 'edit', :id => @user})
87 89 return
88 90 end
89 91 end
90 92 @auth_sources = AuthSource.find(:all)
91 93 end
92 94
93 95 def edit
94 96 @user = User.find(params[:id])
95 97 if request.post?
96 98 @user.admin = params[:user][:admin] if params[:user][:admin]
97 99 @user.login = params[:user][:login] if params[:user][:login]
98 100 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
99 101 @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
100 102 @user.attributes = params[:user]
101 103 # Was the account actived ? (do it before User#save clears the change)
102 104 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
103 105 if @user.save
104 106 if was_activated
105 107 Mailer.deliver_account_activated(@user)
106 108 elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
107 109 Mailer.deliver_account_information(@user, params[:password])
108 110 end
109 111 flash[:notice] = l(:notice_successful_update)
110 112 redirect_to :back
111 113 end
112 114 end
113 115 @auth_sources = AuthSource.find(:all)
114 116 @membership ||= Member.new
115 117 rescue ::ActionController::RedirectBackError
116 118 redirect_to :controller => 'users', :action => 'edit', :id => @user
117 119 end
118 120
119 121 def edit_membership
120 122 @user = User.find(params[:id])
121 123 @membership = params[:membership_id] ? Member.find(params[:membership_id]) : Member.new(:principal => @user)
122 124 @membership.attributes = params[:membership]
123 125 @membership.save if request.post?
124 126 respond_to do |format|
125 127 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
126 128 format.js {
127 129 render(:update) {|page|
128 130 page.replace_html "tab-content-memberships", :partial => 'users/memberships'
129 131 page.visual_effect(:highlight, "member-#{@membership.id}")
130 132 }
131 133 }
132 134 end
133 135 end
134 136
135 137 def destroy_membership
136 138 @user = User.find(params[:id])
137 139 @membership = Member.find(params[:membership_id])
138 140 if request.post? && @membership.deletable?
139 141 @membership.destroy
140 142 end
141 143 respond_to do |format|
142 144 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
143 145 format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
144 146 end
145 147 end
146 148 end
Show file before | Show file after | Hide comments
@@ -1,223 +1,229
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.dirname(__FILE__) + '/../test_helper'
19 19 require 'users_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class UsersController; def rescue_action(e) raise e end; end
23 23
24 24 class UsersControllerTest < ActionController::TestCase
25 25 include Redmine::I18n
26 26
27 27 fixtures :users, :projects, :members, :member_roles, :roles
28 28
29 29 def setup
30 30 @controller = UsersController.new
31 31 @request = ActionController::TestRequest.new
32 32 @response = ActionController::TestResponse.new
33 33 User.current = nil
34 34 @request.session[:user_id] = 1 # admin
35 35 end
36 36
37 37 def test_index_routing
38 38 assert_generates(
39 39 '/users',
40 40 :controller => 'users', :action => 'index'
41 41 )
42 42 assert_routing(
43 43 {:method => :get, :path => '/users'},
44 44 :controller => 'users', :action => 'index'
45 45 )
46 46 assert_recognizes(
47 47 {:controller => 'users', :action => 'index'},
48 48 {:method => :get, :path => '/users'}
49 49 )
50 50 end
51 51
52 52 def test_index
53 53 get :index
54 54 assert_response :success
55 55 assert_template 'index'
56 56 end
57 57
58 58 def test_index
59 59 get :index
60 60 assert_response :success
61 61 assert_template 'index'
62 62 assert_not_nil assigns(:users)
63 63 # active users only
64 64 assert_nil assigns(:users).detect {|u| !u.active?}
65 65 end
66 66
67 67 def test_index_with_name_filter
68 68 get :index, :name => 'john'
69 69 assert_response :success
70 70 assert_template 'index'
71 71 users = assigns(:users)
72 72 assert_not_nil users
73 73 assert_equal 1, users.size
74 74 assert_equal 'John', users.first.firstname
75 75 end
76 76
77 77 def test_show_routing
78 78 assert_routing(
79 79 {:method => :get, :path => '/users/44'},
80 80 :controller => 'users', :action => 'show', :id => '44'
81 81 )
82 82 assert_recognizes(
83 83 {:controller => 'users', :action => 'show', :id => '44'},
84 84 {:method => :get, :path => '/users/44'}
85 85 )
86 86 end
87 87
88 88 def test_show
89 89 @request.session[:user_id] = nil
90 90 get :show, :id => 2
91 91 assert_response :success
92 92 assert_template 'show'
93 93 assert_not_nil assigns(:user)
94 94 end
95 95
96 96 def test_show_should_not_fail_when_custom_values_are_nil
97 97 user = User.find(2)
98 98
99 99 # Create a custom field to illustrate the issue
100 100 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
101 101 custom_value = user.custom_values.build(:custom_field => custom_field).save!
102 102
103 103 get :show, :id => 2
104 104 assert_response :success
105 105 end
106
107 106
108 107 def test_show_inactive
108 @request.session[:user_id] = nil
109 109 get :show, :id => 5
110 110 assert_response 404
111 assert_nil assigns(:user)
112 111 end
113 112
114 113 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
115 114 @request.session[:user_id] = nil
116 115 get :show, :id => 9
117 116 assert_response 404
118 117 end
118
119 def test_show_inactive_by_admin
120 @request.session[:user_id] = 1
121 get :show, :id => 5
122 assert_response 200
123 assert_not_nil assigns(:user)
124 end
119 125
120 126 def test_add_routing
121 127 assert_routing(
122 128 {:method => :get, :path => '/users/new'},
123 129 :controller => 'users', :action => 'add'
124 130 )
125 131 assert_recognizes(
126 132 #TODO: remove this and replace with POST to collection, need to modify form
127 133 {:controller => 'users', :action => 'add'},
128 134 {:method => :post, :path => '/users/new'}
129 135 )
130 136 assert_recognizes(
131 137 {:controller => 'users', :action => 'add'},
132 138 {:method => :post, :path => '/users'}
133 139 )
134 140 end
135 141
136 142 def test_edit_routing
137 143 assert_routing(
138 144 {:method => :get, :path => '/users/444/edit'},
139 145 :controller => 'users', :action => 'edit', :id => '444'
140 146 )
141 147 assert_routing(
142 148 {:method => :get, :path => '/users/222/edit/membership'},
143 149 :controller => 'users', :action => 'edit', :id => '222', :tab => 'membership'
144 150 )
145 151 assert_recognizes(
146 152 #TODO: use PUT on user_path, modify form
147 153 {:controller => 'users', :action => 'edit', :id => '444'},
148 154 {:method => :post, :path => '/users/444/edit'}
149 155 )
150 156 end
151 157
152 158 def test_edit
153 159 ActionMailer::Base.deliveries.clear
154 160 post :edit, :id => 2, :user => {:firstname => 'Changed'}
155 161 assert_equal 'Changed', User.find(2).firstname
156 162 assert ActionMailer::Base.deliveries.empty?
157 163 end
158 164
159 165 def test_edit_with_activation_should_send_a_notification
160 166 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
161 167 u.login = 'foo'
162 168 u.status = User::STATUS_REGISTERED
163 169 u.save!
164 170 ActionMailer::Base.deliveries.clear
165 171 Setting.bcc_recipients = '1'
166 172
167 173 post :edit, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
168 174 assert u.reload.active?
169 175 mail = ActionMailer::Base.deliveries.last
170 176 assert_not_nil mail
171 177 assert_equal ['foo.bar@somenet.foo'], mail.bcc
172 178 assert mail.body.include?(ll('fr', :notice_account_activated))
173 179 end
174 180
175 181 def test_edit_with_password_change_should_send_a_notification
176 182 ActionMailer::Base.deliveries.clear
177 183 Setting.bcc_recipients = '1'
178 184
179 185 u = User.find(2)
180 186 post :edit, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1'
181 187 assert_equal User.hash_password('newpass'), u.reload.hashed_password
182 188
183 189 mail = ActionMailer::Base.deliveries.last
184 190 assert_not_nil mail
185 191 assert_equal [u.mail], mail.bcc
186 192 assert mail.body.include?('newpass')
187 193 end
188 194
189 195 def test_add_membership_routing
190 196 assert_routing(
191 197 {:method => :post, :path => '/users/123/memberships'},
192 198 :controller => 'users', :action => 'edit_membership', :id => '123'
193 199 )
194 200 end
195 201
196 202 def test_edit_membership_routing
197 203 assert_routing(
198 204 {:method => :post, :path => '/users/123/memberships/55'},
199 205 :controller => 'users', :action => 'edit_membership', :id => '123', :membership_id => '55'
200 206 )
201 207 end
202 208
203 209 def test_edit_membership
204 210 post :edit_membership, :id => 2, :membership_id => 1,
205 211 :membership => { :role_ids => [2]}
206 212 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
207 213 assert_equal [2], Member.find(1).role_ids
208 214 end
209 215
210 216 def test_destroy_membership
211 217 assert_routing(
212 218 #TODO: use DELETE method on user_membership_path, modify form
213 219 {:method => :post, :path => '/users/567/memberships/12/destroy'},
214 220 :controller => 'users', :action => 'destroy_membership', :id => '567', :membership_id => '12'
215 221 )
216 222 end
217 223
218 224 def test_destroy_membership
219 225 post :destroy_membership, :id => 2, :membership_id => 1
220 226 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
221 227 assert_nil Member.find_by_id(1)
222 228 end
223 229 end
General Comments 0
You need to be logged in to leave comments. Login now