##// END OF EJS Templates
jro_apps » redmine
RSS
Show projects depending on their visibility in user's profile. #6100...
Jean-Baptiste Barth -
r3821:e43f9fc21edc
parent child
Show More
Side by Side Unified
Context file:
r3821:e43f9fc21edc Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,155 +1,153
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2009 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class UsersController < ApplicationController
19 19 layout 'admin'
20 20
21 21 before_filter :require_admin, :except => :show
22 22
23 23 helper :sort
24 24 include SortHelper
25 25 helper :custom_fields
26 26 include CustomFieldsHelper
27 27
28 28 def index
29 29 sort_init 'login', 'asc'
30 30 sort_update %w(login firstname lastname mail admin created_on last_login_on)
31 31
32 32 @status = params[:status] ? params[:status].to_i : 1
33 33 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
34 34
35 35 unless params[:name].blank?
36 36 name = "%#{params[:name].strip.downcase}%"
37 37 c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
38 38 end
39 39
40 40 @user_count = User.count(:conditions => c.conditions)
41 41 @user_pages = Paginator.new self, @user_count,
42 42 per_page_option,
43 43 params['page']
44 44 @users = User.find :all,:order => sort_clause,
45 45 :conditions => c.conditions,
46 46 :limit => @user_pages.items_per_page,
47 47 :offset => @user_pages.current.offset
48 48
49 49 render :layout => !request.xhr?
50 50 end
51 51
52 52 def show
53 53 @user = User.find(params[:id])
54 54 @custom_values = @user.custom_values
55 55
56 # show only public projects and private projects that the logged in user is also a member of
57 @memberships = @user.memberships.select do |membership|
58 membership.project.is_public? || (User.current.member_of?(membership.project))
59 end
56 # show projects based on current user visibility
57 @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
60 58
61 59 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
62 60 @events_by_day = events.group_by(&:event_date)
63 61
64 62 unless User.current.admin?
65 63 if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
66 64 render_404
67 65 return
68 66 end
69 67 end
70 68 render :layout => 'base'
71 69
72 70 rescue ActiveRecord::RecordNotFound
73 71 render_404
74 72 end
75 73
76 74 def add
77 75 if request.get?
78 76 @user = User.new(:language => Setting.default_language)
79 77 else
80 78 @user = User.new(params[:user])
81 79 @user.admin = params[:user][:admin] || false
82 80 @user.login = params[:user][:login]
83 81 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
84 82 if @user.save
85 83 Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
86 84 flash[:notice] = l(:notice_successful_create)
87 85 redirect_to(params[:continue] ? {:controller => 'users', :action => 'add'} :
88 86 {:controller => 'users', :action => 'edit', :id => @user})
89 87 return
90 88 end
91 89 end
92 90 @auth_sources = AuthSource.find(:all)
93 91 end
94 92
95 93 def edit
96 94 @user = User.find(params[:id])
97 95 if request.post?
98 96 @user.admin = params[:user][:admin] if params[:user][:admin]
99 97 @user.login = params[:user][:login] if params[:user][:login]
100 98 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
101 99 @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
102 100 @user.attributes = params[:user]
103 101 # Was the account actived ? (do it before User#save clears the change)
104 102 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
105 103 if @user.save
106 104 if was_activated
107 105 Mailer.deliver_account_activated(@user)
108 106 elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
109 107 Mailer.deliver_account_information(@user, params[:password])
110 108 end
111 109 flash[:notice] = l(:notice_successful_update)
112 110 redirect_to :back
113 111 end
114 112 end
115 113 @auth_sources = AuthSource.find(:all)
116 114 @membership ||= Member.new
117 115 rescue ::ActionController::RedirectBackError
118 116 redirect_to :controller => 'users', :action => 'edit', :id => @user
119 117 end
120 118
121 119 def edit_membership
122 120 @user = User.find(params[:id])
123 121 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
124 122 @membership.save if request.post?
125 123 respond_to do |format|
126 124 if @membership.valid?
127 125 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
128 126 format.js {
129 127 render(:update) {|page|
130 128 page.replace_html "tab-content-memberships", :partial => 'users/memberships'
131 129 page.visual_effect(:highlight, "member-#{@membership.id}")
132 130 }
133 131 }
134 132 else
135 133 format.js {
136 134 render(:update) {|page|
137 135 page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
138 136 }
139 137 }
140 138 end
141 139 end
142 140 end
143 141
144 142 def destroy_membership
145 143 @user = User.find(params[:id])
146 144 @membership = Member.find(params[:membership_id])
147 145 if request.post? && @membership.deletable?
148 146 @membership.destroy
149 147 end
150 148 respond_to do |format|
151 149 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
152 150 format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
153 151 end
154 152 end
155 153 end
Show file before | Show file after | Hide comments
@@ -1,149 +1,159
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.dirname(__FILE__) + '/../test_helper'
19 19 require 'users_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class UsersController; def rescue_action(e) raise e end; end
23 23
24 24 class UsersControllerTest < ActionController::TestCase
25 25 include Redmine::I18n
26 26
27 27 fixtures :users, :projects, :members, :member_roles, :roles
28 28
29 29 def setup
30 30 @controller = UsersController.new
31 31 @request = ActionController::TestRequest.new
32 32 @response = ActionController::TestResponse.new
33 33 User.current = nil
34 34 @request.session[:user_id] = 1 # admin
35 35 end
36 36
37 37 def test_index
38 38 get :index
39 39 assert_response :success
40 40 assert_template 'index'
41 41 end
42 42
43 43 def test_index
44 44 get :index
45 45 assert_response :success
46 46 assert_template 'index'
47 47 assert_not_nil assigns(:users)
48 48 # active users only
49 49 assert_nil assigns(:users).detect {|u| !u.active?}
50 50 end
51 51
52 52 def test_index_with_name_filter
53 53 get :index, :name => 'john'
54 54 assert_response :success
55 55 assert_template 'index'
56 56 users = assigns(:users)
57 57 assert_not_nil users
58 58 assert_equal 1, users.size
59 59 assert_equal 'John', users.first.firstname
60 60 end
61 61
62 62 def test_show
63 63 @request.session[:user_id] = nil
64 64 get :show, :id => 2
65 65 assert_response :success
66 66 assert_template 'show'
67 67 assert_not_nil assigns(:user)
68 68 end
69 69
70 70 def test_show_should_not_fail_when_custom_values_are_nil
71 71 user = User.find(2)
72 72
73 73 # Create a custom field to illustrate the issue
74 74 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
75 75 custom_value = user.custom_values.build(:custom_field => custom_field).save!
76 76
77 77 get :show, :id => 2
78 78 assert_response :success
79 79 end
80 80
81 81 def test_show_inactive
82 82 @request.session[:user_id] = nil
83 83 get :show, :id => 5
84 84 assert_response 404
85 85 end
86 86
87 87 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
88 88 @request.session[:user_id] = nil
89 89 get :show, :id => 9
90 90 assert_response 404
91 91 end
92 92
93 93 def test_show_inactive_by_admin
94 94 @request.session[:user_id] = 1
95 95 get :show, :id => 5
96 96 assert_response 200
97 97 assert_not_nil assigns(:user)
98 98 end
99 99
100 def test_show_displays_memberships_based_on_project_visibility
101 @request.session[:user_id] = 1
102 get :show, :id => 2
103 assert_response :success
104 memberships = assigns(:memberships)
105 assert_not_nil memberships
106 project_ids = memberships.map(&:project_id)
107 assert project_ids.include?(2) #private project admin can see
108 end
109
100 110 def test_edit
101 111 ActionMailer::Base.deliveries.clear
102 112 post :edit, :id => 2, :user => {:firstname => 'Changed'}
103 113 assert_equal 'Changed', User.find(2).firstname
104 114 assert ActionMailer::Base.deliveries.empty?
105 115 end
106 116
107 117 def test_edit_with_activation_should_send_a_notification
108 118 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
109 119 u.login = 'foo'
110 120 u.status = User::STATUS_REGISTERED
111 121 u.save!
112 122 ActionMailer::Base.deliveries.clear
113 123 Setting.bcc_recipients = '1'
114 124
115 125 post :edit, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
116 126 assert u.reload.active?
117 127 mail = ActionMailer::Base.deliveries.last
118 128 assert_not_nil mail
119 129 assert_equal ['foo.bar@somenet.foo'], mail.bcc
120 130 assert mail.body.include?(ll('fr', :notice_account_activated))
121 131 end
122 132
123 133 def test_edit_with_password_change_should_send_a_notification
124 134 ActionMailer::Base.deliveries.clear
125 135 Setting.bcc_recipients = '1'
126 136
127 137 u = User.find(2)
128 138 post :edit, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1'
129 139 assert_equal User.hash_password('newpass'), u.reload.hashed_password
130 140
131 141 mail = ActionMailer::Base.deliveries.last
132 142 assert_not_nil mail
133 143 assert_equal [u.mail], mail.bcc
134 144 assert mail.body.include?('newpass')
135 145 end
136 146
137 147 def test_edit_membership
138 148 post :edit_membership, :id => 2, :membership_id => 1,
139 149 :membership => { :role_ids => [2]}
140 150 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
141 151 assert_equal [2], Member.find(1).role_ids
142 152 end
143 153
144 154 def test_destroy_membership
145 155 post :destroy_membership, :id => 2, :membership_id => 1
146 156 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
147 157 assert_nil Member.find_by_id(1)
148 158 end
149 159 end
General Comments 0
You need to be logged in to leave comments. Login now