| @@ -53,10 +53,8 class UsersController < ApplicationController | |||||
| 53 | @user = User.find(params[:id]) |
|
53 | @user = User.find(params[:id]) | |
| 54 | @custom_values = @user.custom_values |
|
54 | @custom_values = @user.custom_values | |
| 55 |
|
55 | |||
| 56 | # show only public projects and private projects that the logged in user is also a member of |
|
56 | # show projects based on current user visibility | |
| 57 |
@memberships = @user.memberships. |
|
57 | @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current)) | |
| 58 | membership.project.is_public? || (User.current.member_of?(membership.project)) |
|
|||
| 59 | end |
|
|||
| 60 |
|
58 | |||
| 61 | events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10) |
|
59 | events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10) | |
| 62 | @events_by_day = events.group_by(&:event_date) |
|
60 | @events_by_day = events.group_by(&:event_date) | |
| @@ -96,6 +96,16 class UsersControllerTest < ActionController::TestCase | |||||
| 96 | assert_response 200 |
|
96 | assert_response 200 | |
| 97 | assert_not_nil assigns(:user) |
|
97 | assert_not_nil assigns(:user) | |
| 98 | end |
|
98 | end | |
|
|
99 | ||||
|
|
100 | def test_show_displays_memberships_based_on_project_visibility | |||
|
|
101 | @request.session[:user_id] = 1 | |||
|
|
102 | get :show, :id => 2 | |||
|
|
103 | assert_response :success | |||
|
|
104 | memberships = assigns(:memberships) | |||
|
|
105 | assert_not_nil memberships | |||
|
|
106 | project_ids = memberships.map(&:project_id) | |||
|
|
107 | assert project_ids.include?(2) #private project admin can see | |||
|
|
108 | end | |||
| 99 |
|
109 | |||
| 100 | def test_edit |
|
110 | def test_edit | |
| 101 | ActionMailer::Base.deliveries.clear |
|
111 | ActionMailer::Base.deliveries.clear | |
General Comments 0
You need to be logged in to leave comments.
Login now