diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 99b01c30f..14930e338 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -50,7 +50,7 @@ class UsersController < ApplicationController end def show - @user = User.active.find(params[:id]) + @user = User.find(params[:id]) @custom_values = @user.custom_values # show only public projects and private projects that the logged in user is also a member of @@ -61,9 +61,11 @@ class UsersController < ApplicationController events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10) @events_by_day = events.group_by(&:event_date) - if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty? - render_404 - return + unless User.current.admin? + if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?) + render_404 + return + end end render :layout => 'base' diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 74cfb656d..6823eb307 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -103,12 +103,11 @@ class UsersControllerTest < ActionController::TestCase get :show, :id => 2 assert_response :success end - def test_show_inactive + @request.session[:user_id] = nil get :show, :id => 5 assert_response 404 - assert_nil assigns(:user) end def test_show_should_not_reveal_users_with_no_visible_activity_or_project @@ -116,6 +115,13 @@ class UsersControllerTest < ActionController::TestCase get :show, :id => 9 assert_response 404 end + + def test_show_inactive_by_admin + @request.session[:user_id] = 1 + get :show, :id => 5 + assert_response 200 + assert_not_nil assigns(:user) + end def test_add_routing assert_routing(