Fixed confidentiality issue on account/show.
Only public projects or private projects that the logged in user belongs to are displayed. git-svn-id: http://redmine.rubyforge.org/svn/trunk@567 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
1c44600c62
commit
1a2aee84b2
|
@ -28,6 +28,11 @@ class AccountController < ApplicationController
|
||||||
def show
|
def show
|
||||||
@user = User.find(params[:id])
|
@user = User.find(params[:id])
|
||||||
@custom_values = @user.custom_values.find(:all, :include => :custom_field)
|
@custom_values = @user.custom_values.find(:all, :include => :custom_field)
|
||||||
|
|
||||||
|
# show only public projects and private projects that the logged in user is also a member of
|
||||||
|
@memberships = @user.memberships.select do |membership|
|
||||||
|
membership.project.is_public? || (logged_in_user && logged_in_user.role_for_project(membership.project))
|
||||||
|
end
|
||||||
rescue ActiveRecord::RecordNotFound
|
rescue ActiveRecord::RecordNotFound
|
||||||
render_404
|
render_404
|
||||||
end
|
end
|
||||||
|
|
|
@ -13,12 +13,12 @@
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3><%=l(:label_project_plural)%></h3>
|
<h3><%=l(:label_project_plural)%></h3>
|
||||||
<p>
|
<ul>
|
||||||
<% for membership in @user.memberships %>
|
<% for membership in @memberships %>
|
||||||
<%= membership.project.name %> (<%= membership.role.name %>, <%= format_date(membership.created_on) %>)
|
<li><%= link_to membership.project.name, :controller => 'projects', :action => 'show', :id => membership.project %>
|
||||||
<br />
|
(<%= membership.role.name %>, <%= format_date(membership.created_on) %>)</li>
|
||||||
<% end %>
|
<% end %>
|
||||||
</p>
|
</ul>
|
||||||
|
|
||||||
<h3><%=l(:label_activity)%></h3>
|
<h3><%=l(:label_activity)%></h3>
|
||||||
<p>
|
<p>
|
||||||
|
|
Loading…
Reference in New Issue