diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 023352d8..0354d165 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -53,10 +53,8 @@ class UsersController < ApplicationController @user = User.find(params[:id]) @custom_values = @user.custom_values - # show only public projects and private projects that the logged in user is also a member of - @memberships = @user.memberships.select do |membership| - membership.project.is_public? || (User.current.member_of?(membership.project)) - end + # show projects based on current user visibility + @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current)) events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10) @events_by_day = events.group_by(&:event_date) diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index d178f8f8..640ce868 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -96,6 +96,16 @@ class UsersControllerTest < ActionController::TestCase assert_response 200 assert_not_nil assigns(:user) end + + def test_show_displays_memberships_based_on_project_visibility + @request.session[:user_id] = 1 + get :show, :id => 2 + assert_response :success + memberships = assigns(:memberships) + assert_not_nil memberships + project_ids = memberships.map(&:project_id) + assert project_ids.include?(2) #private project admin can see + end def test_edit ActionMailer::Base.deliveries.clear