##// END OF EJS Templates
jro_apps » redmine
RSS
Show projects depending on their visibility in user's profile. #6100...
Jean-Baptiste Barth -
r3821:e43f9fc21edc
parent child
Show More
Side by Side Unified
Context file:
r3821:e43f9fc21edc Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,155 +1,153
1 # Redmine - project management software
1 # Redmine - project management software
2 # Copyright (C) 2006-2009 Jean-Philippe Lang
2 # Copyright (C) 2006-2009 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 class UsersController < ApplicationController
18 class UsersController < ApplicationController
19 layout 'admin'
19 layout 'admin'
20
20
21 before_filter :require_admin, :except => :show
21 before_filter :require_admin, :except => :show
22
22
23 helper :sort
23 helper :sort
24 include SortHelper
24 include SortHelper
25 helper :custom_fields
25 helper :custom_fields
26 include CustomFieldsHelper
26 include CustomFieldsHelper
27
27
28 def index
28 def index
29 sort_init 'login', 'asc'
29 sort_init 'login', 'asc'
30 sort_update %w(login firstname lastname mail admin created_on last_login_on)
30 sort_update %w(login firstname lastname mail admin created_on last_login_on)
31
31
32 @status = params[:status] ? params[:status].to_i : 1
32 @status = params[:status] ? params[:status].to_i : 1
33 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
33 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
34
34
35 unless params[:name].blank?
35 unless params[:name].blank?
36 name = "%#{params[:name].strip.downcase}%"
36 name = "%#{params[:name].strip.downcase}%"
37 c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
37 c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
38 end
38 end
39
39
40 @user_count = User.count(:conditions => c.conditions)
40 @user_count = User.count(:conditions => c.conditions)
41 @user_pages = Paginator.new self, @user_count,
41 @user_pages = Paginator.new self, @user_count,
42 per_page_option,
42 per_page_option,
43 params['page']
43 params['page']
44 @users = User.find :all,:order => sort_clause,
44 @users = User.find :all,:order => sort_clause,
45 :conditions => c.conditions,
45 :conditions => c.conditions,
46 :limit => @user_pages.items_per_page,
46 :limit => @user_pages.items_per_page,
47 :offset => @user_pages.current.offset
47 :offset => @user_pages.current.offset
48
48
49 render :layout => !request.xhr?
49 render :layout => !request.xhr?
50 end
50 end
51
51
52 def show
52 def show
53 @user = User.find(params[:id])
53 @user = User.find(params[:id])
54 @custom_values = @user.custom_values
54 @custom_values = @user.custom_values
55
55
56 # show only public projects and private projects that the logged in user is also a member of
56 # show projects based on current user visibility
57 @memberships = @user.memberships.select do |membership|
57 @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
58 membership.project.is_public? || (User.current.member_of?(membership.project))
59 end
60
58
61 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
59 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
62 @events_by_day = events.group_by(&:event_date)
60 @events_by_day = events.group_by(&:event_date)
63
61
64 unless User.current.admin?
62 unless User.current.admin?
65 if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
63 if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
66 render_404
64 render_404
67 return
65 return
68 end
66 end
69 end
67 end
70 render :layout => 'base'
68 render :layout => 'base'
71
69
72 rescue ActiveRecord::RecordNotFound
70 rescue ActiveRecord::RecordNotFound
73 render_404
71 render_404
74 end
72 end
75
73
76 def add
74 def add
77 if request.get?
75 if request.get?
78 @user = User.new(:language => Setting.default_language)
76 @user = User.new(:language => Setting.default_language)
79 else
77 else
80 @user = User.new(params[:user])
78 @user = User.new(params[:user])
81 @user.admin = params[:user][:admin] || false
79 @user.admin = params[:user][:admin] || false
82 @user.login = params[:user][:login]
80 @user.login = params[:user][:login]
83 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
81 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
84 if @user.save
82 if @user.save
85 Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
83 Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
86 flash[:notice] = l(:notice_successful_create)
84 flash[:notice] = l(:notice_successful_create)
87 redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} :
85 redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} :
88 {:controller => 'users', :action => 'edit', :id => @user})
86 {:controller => 'users', :action => 'edit', :id => @user})
89 return
87 return
90 end
88 end
91 end
89 end
92 @auth_sources = AuthSource.find(:all)
90 @auth_sources = AuthSource.find(:all)
93 end
91 end
94
92
95 def edit
93 def edit
96 @user = User.find(params[:id])
94 @user = User.find(params[:id])
97 if request.post?
95 if request.post?
98 @user.admin = params[:user][:admin] if params[:user][:admin]
96 @user.admin = params[:user][:admin] if params[:user][:admin]
99 @user.login = params[:user][:login] if params[:user][:login]
97 @user.login = params[:user][:login] if params[:user][:login]
100 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
98 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
101 @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
99 @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
102 @user.attributes = params[:user]
100 @user.attributes = params[:user]
103 # Was the account actived ? (do it before User#save clears the change)
101 # Was the account actived ? (do it before User#save clears the change)
104 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
102 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
105 if @user.save
103 if @user.save
106 if was_activated
104 if was_activated
107 Mailer.deliver_account_activated(@user)
105 Mailer.deliver_account_activated(@user)
108 elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
106 elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
109 Mailer.deliver_account_information(@user, params[:password])
107 Mailer.deliver_account_information(@user, params[:password])
110 end
108 end
111 flash[:notice] = l(:notice_successful_update)
109 flash[:notice] = l(:notice_successful_update)
112 redirect_to :back
110 redirect_to :back
113 end
111 end
114 end
112 end
115 @auth_sources = AuthSource.find(:all)
113 @auth_sources = AuthSource.find(:all)
116 @membership ||= Member.new
114 @membership ||= Member.new
117 rescue ::ActionController::RedirectBackError
115 rescue ::ActionController::RedirectBackError
118 redirect_to :controller => 'users', :action => 'edit', :id => @user
116 redirect_to :controller => 'users', :action => 'edit', :id => @user
119 end
117 end
120
118
121 def edit_membership
119 def edit_membership
122 @user = User.find(params[:id])
120 @user = User.find(params[:id])
123 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
121 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
124 @membership.save if request.post?
122 @membership.save if request.post?
125 respond_to do |format|
123 respond_to do |format|
126 if @membership.valid?
124 if @membership.valid?
127 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
125 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
128 format.js {
126 format.js {
129 render(:update) {|page|
127 render(:update) {|page|
130 page.replace_html "tab-content-memberships", :partial => 'users/memberships'
128 page.replace_html "tab-content-memberships", :partial => 'users/memberships'
131 page.visual_effect(:highlight, "member-#{@membership.id}")
129 page.visual_effect(:highlight, "member-#{@membership.id}")
132 }
130 }
133 }
131 }
134 else
132 else
135 format.js {
133 format.js {
136 render(:update) {|page|
134 render(:update) {|page|
137 page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
135 page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
138 }
136 }
139 }
137 }
140 end
138 end
141 end
139 end
142 end
140 end
143
141
144 def destroy_membership
142 def destroy_membership
145 @user = User.find(params[:id])
143 @user = User.find(params[:id])
146 @membership = Member.find(params[:membership_id])
144 @membership = Member.find(params[:membership_id])
147 if request.post? && @membership.deletable?
145 if request.post? && @membership.deletable?
148 @membership.destroy
146 @membership.destroy
149 end
147 end
150 respond_to do |format|
148 respond_to do |format|
151 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
149 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
152 format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
150 format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
153 end
151 end
154 end
152 end
155 end
153 end
Show file before | Show file after | Hide comments
@@ -1,149 +1,159
1 # redMine - project management software
1 # redMine - project management software
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 #
3 #
4 # This program is free software; you can redistribute it and/or
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
7 # of the License, or (at your option) any later version.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU General Public License
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
17
18 require File.dirname(__FILE__) + '/../test_helper'
18 require File.dirname(__FILE__) + '/../test_helper'
19 require 'users_controller'
19 require 'users_controller'
20
20
21 # Re-raise errors caught by the controller.
21 # Re-raise errors caught by the controller.
22 class UsersController; def rescue_action(e) raise e end; end
22 class UsersController; def rescue_action(e) raise e end; end
23
23
24 class UsersControllerTest < ActionController::TestCase
24 class UsersControllerTest < ActionController::TestCase
25 include Redmine::I18n
25 include Redmine::I18n
26
26
27 fixtures :users, :projects, :members, :member_roles, :roles
27 fixtures :users, :projects, :members, :member_roles, :roles
28
28
29 def setup
29 def setup
30 @controller = UsersController.new
30 @controller = UsersController.new
31 @request = ActionController::TestRequest.new
31 @request = ActionController::TestRequest.new
32 @response = ActionController::TestResponse.new
32 @response = ActionController::TestResponse.new
33 User.current = nil
33 User.current = nil
34 @request.session[:user_id] = 1 # admin
34 @request.session[:user_id] = 1 # admin
35 end
35 end
36
36
37 def test_index
37 def test_index
38 get :index
38 get :index
39 assert_response :success
39 assert_response :success
40 assert_template 'index'
40 assert_template 'index'
41 end
41 end
42
42
43 def test_index
43 def test_index
44 get :index
44 get :index
45 assert_response :success
45 assert_response :success
46 assert_template 'index'
46 assert_template 'index'
47 assert_not_nil assigns(:users)
47 assert_not_nil assigns(:users)
48 # active users only
48 # active users only
49 assert_nil assigns(:users).detect {|u| !u.active?}
49 assert_nil assigns(:users).detect {|u| !u.active?}
50 end
50 end
51
51
52 def test_index_with_name_filter
52 def test_index_with_name_filter
53 get :index, :name => 'john'
53 get :index, :name => 'john'
54 assert_response :success
54 assert_response :success
55 assert_template 'index'
55 assert_template 'index'
56 users = assigns(:users)
56 users = assigns(:users)
57 assert_not_nil users
57 assert_not_nil users
58 assert_equal 1, users.size
58 assert_equal 1, users.size
59 assert_equal 'John', users.first.firstname
59 assert_equal 'John', users.first.firstname
60 end
60 end
61
61
62 def test_show
62 def test_show
63 @request.session[:user_id] = nil
63 @request.session[:user_id] = nil
64 get :show, :id => 2
64 get :show, :id => 2
65 assert_response :success
65 assert_response :success
66 assert_template 'show'
66 assert_template 'show'
67 assert_not_nil assigns(:user)
67 assert_not_nil assigns(:user)
68 end
68 end
69
69
70 def test_show_should_not_fail_when_custom_values_are_nil
70 def test_show_should_not_fail_when_custom_values_are_nil
71 user = User.find(2)
71 user = User.find(2)
72
72
73 # Create a custom field to illustrate the issue
73 # Create a custom field to illustrate the issue
74 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
74 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
75 custom_value = user.custom_values.build(:custom_field => custom_field).save!
75 custom_value = user.custom_values.build(:custom_field => custom_field).save!
76
76
77 get :show, :id => 2
77 get :show, :id => 2
78 assert_response :success
78 assert_response :success
79 end
79 end
80
80
81 def test_show_inactive
81 def test_show_inactive
82 @request.session[:user_id] = nil
82 @request.session[:user_id] = nil
83 get :show, :id => 5
83 get :show, :id => 5
84 assert_response 404
84 assert_response 404
85 end
85 end
86
86
87 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
87 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
88 @request.session[:user_id] = nil
88 @request.session[:user_id] = nil
89 get :show, :id => 9
89 get :show, :id => 9
90 assert_response 404
90 assert_response 404
91 end
91 end
92
92
93 def test_show_inactive_by_admin
93 def test_show_inactive_by_admin
94 @request.session[:user_id] = 1
94 @request.session[:user_id] = 1
95 get :show, :id => 5
95 get :show, :id => 5
96 assert_response 200
96 assert_response 200
97 assert_not_nil assigns(:user)
97 assert_not_nil assigns(:user)
98 end
98 end
99
100 def test_show_displays_memberships_based_on_project_visibility
101 @request.session[:user_id] = 1
102 get :show, :id => 2
103 assert_response :success
104 memberships = assigns(:memberships)
105 assert_not_nil memberships
106 project_ids = memberships.map(&:project_id)
107 assert project_ids.include?(2) #private project admin can see
108 end
99
109
100 def test_edit
110 def test_edit
101 ActionMailer::Base.deliveries.clear
111 ActionMailer::Base.deliveries.clear
102 post :edit, :id => 2, :user => {:firstname => 'Changed'}
112 post :edit, :id => 2, :user => {:firstname => 'Changed'}
103 assert_equal 'Changed', User.find(2).firstname
113 assert_equal 'Changed', User.find(2).firstname
104 assert ActionMailer::Base.deliveries.empty?
114 assert ActionMailer::Base.deliveries.empty?
105 end
115 end
106
116
107 def test_edit_with_activation_should_send_a_notification
117 def test_edit_with_activation_should_send_a_notification
108 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
118 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
109 u.login = 'foo'
119 u.login = 'foo'
110 u.status = User::STATUS_REGISTERED
120 u.status = User::STATUS_REGISTERED
111 u.save!
121 u.save!
112 ActionMailer::Base.deliveries.clear
122 ActionMailer::Base.deliveries.clear
113 Setting.bcc_recipients = '1'
123 Setting.bcc_recipients = '1'
114
124
115 post :edit, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
125 post :edit, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
116 assert u.reload.active?
126 assert u.reload.active?
117 mail = ActionMailer::Base.deliveries.last
127 mail = ActionMailer::Base.deliveries.last
118 assert_not_nil mail
128 assert_not_nil mail
119 assert_equal ['foo.bar@somenet.foo'], mail.bcc
129 assert_equal ['foo.bar@somenet.foo'], mail.bcc
120 assert mail.body.include?(ll('fr', :notice_account_activated))
130 assert mail.body.include?(ll('fr', :notice_account_activated))
121 end
131 end
122
132
123 def test_edit_with_password_change_should_send_a_notification
133 def test_edit_with_password_change_should_send_a_notification
124 ActionMailer::Base.deliveries.clear
134 ActionMailer::Base.deliveries.clear
125 Setting.bcc_recipients = '1'
135 Setting.bcc_recipients = '1'
126
136
127 u = User.find(2)
137 u = User.find(2)
128 post :edit, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1'
138 post :edit, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1'
129 assert_equal User.hash_password('newpass'), u.reload.hashed_password
139 assert_equal User.hash_password('newpass'), u.reload.hashed_password
130
140
131 mail = ActionMailer::Base.deliveries.last
141 mail = ActionMailer::Base.deliveries.last
132 assert_not_nil mail
142 assert_not_nil mail
133 assert_equal [u.mail], mail.bcc
143 assert_equal [u.mail], mail.bcc
134 assert mail.body.include?('newpass')
144 assert mail.body.include?('newpass')
135 end
145 end
136
146
137 def test_edit_membership
147 def test_edit_membership
138 post :edit_membership, :id => 2, :membership_id => 1,
148 post :edit_membership, :id => 2, :membership_id => 1,
139 :membership => { :role_ids => [2]}
149 :membership => { :role_ids => [2]}
140 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
150 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
141 assert_equal [2], Member.find(1).role_ids
151 assert_equal [2], Member.find(1).role_ids
142 end
152 end
143
153
144 def test_destroy_membership
154 def test_destroy_membership
145 post :destroy_membership, :id => 2, :membership_id => 1
155 post :destroy_membership, :id => 2, :membership_id => 1
146 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
156 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
147 assert_nil Member.find_by_id(1)
157 assert_nil Member.find_by_id(1)
148 end
158 end
149 end
159 end
General Comments 0
You need to be logged in to leave comments. Login now