0001-Allow-non-admin-users-to-see-group-members-when-the-.patch

Go MAEDA, 2021-06-12 09:56

Download (2.75 KB)

View differences:

app/controllers/groups_controller.rb
21 21
  layout 'admin'
22 22
  self.main_menu = false
23 23

  
24
  before_action :require_admin
24
  before_action :require_admin, :except => [:show]
25 25
  before_action :find_group, :except => [:index, :new, :create]
26 26
  accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
27 27

  
......
50 50
  end
51 51

  
52 52
  def show
53
    return render_404 unless @group.visible?
54

  
53 55
    respond_to do |format|
54
      format.html
56
      format.html do
57
        render :layout => 'base'
58
      end
55 59
      format.api
56 60
    end
57 61
  end
app/views/groups/show.html.erb
1
<%= title [l(:label_group_plural), groups_path], @group.name %>
1
<div class="contextual">
2
<%= link_to(l(:button_edit), edit_group_path(@group), :class => 'icon icon-edit') if User.current.admin? %>
3
</div>
4

  
5
<h2><%= @group.name %></h2>
2 6

  
3 7
<% if @group.custom_field_values.any? %>
4 8
  <ul>
......
14 18
    <li><%= user %></li>
15 19
<% end %>
16 20
</ul>
21
<% html_title @group.name %>
test/functional/groups_controller_test.rb
47 47
  end
48 48

  
49 49
  def test_show
50
    Role.anonymous.update! :users_visibility => 'all'
51

  
52
    @request.session[:user_id] = nil
50 53
    get(:show, :params => {:id => 10})
51 54
    assert_response :success
52 55
  end
......
70 73
    assert_response 404
71 74
  end
72 75

  
76
  def test_show_group_that_is_not_visible_should_return_404
77
    Role.anonymous.update! :users_visibility => 'members_of_visible_projects'
78

  
79
    @request.session[:user_id] = nil
80
    get :show, :params => {:id => 10}
81
    assert_response 404
82
  end
83

  
73 84
  def test_new
74 85
    get :new
75 86
    assert_response :success
76
-