Let administrators see locked user profiles.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3493 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
d6f9e576e8
commit
bfed36ac84
|
@ -50,7 +50,7 @@ class UsersController < ApplicationController
|
|||
end
|
||||
|
||||
def show
|
||||
@user = User.active.find(params[:id])
|
||||
@user = User.find(params[:id])
|
||||
@custom_values = @user.custom_values
|
||||
|
||||
# show only public projects and private projects that the logged in user is also a member of
|
||||
|
@ -61,10 +61,12 @@ class UsersController < ApplicationController
|
|||
events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
|
||||
@events_by_day = events.group_by(&:event_date)
|
||||
|
||||
if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
|
||||
unless User.current.admin?
|
||||
if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
|
||||
render_404
|
||||
return
|
||||
end
|
||||
end
|
||||
render :layout => 'base'
|
||||
|
||||
rescue ActiveRecord::RecordNotFound
|
||||
|
|
|
@ -104,11 +104,10 @@ class UsersControllerTest < ActionController::TestCase
|
|||
assert_response :success
|
||||
end
|
||||
|
||||
|
||||
def test_show_inactive
|
||||
@request.session[:user_id] = nil
|
||||
get :show, :id => 5
|
||||
assert_response 404
|
||||
assert_nil assigns(:user)
|
||||
end
|
||||
|
||||
def test_show_should_not_reveal_users_with_no_visible_activity_or_project
|
||||
|
@ -117,6 +116,13 @@ class UsersControllerTest < ActionController::TestCase
|
|||
assert_response 404
|
||||
end
|
||||
|
||||
def test_show_inactive_by_admin
|
||||
@request.session[:user_id] = 1
|
||||
get :show, :id => 5
|
||||
assert_response 200
|
||||
assert_not_nil assigns(:user)
|
||||
end
|
||||
|
||||
def test_add_routing
|
||||
assert_routing(
|
||||
{:method => :get, :path => '/users/new'},
|
||||
|
|
Loading…
Reference in New Issue