Project

General

Profile

Download (2.75 KB)

Feature #12795 » 0001-Allow-non-admin-users-to-see-group-members-when-the-.patch

Go MAEDA, 2021-06-12 09:56

View differences:

app/controllers/groups_controller.rb
21 21 
  layout 'admin'
22 22 
  self.main_menu = false
23 23 

  		




  24
  
  
    
  before_action :require_admin

  		




  
  24
  
    
  before_action :require_admin, :except => [:show]

  		




  25
  25
  
    
  before_action :find_group, :except => [:index, :new, :create]

  		




  26
  26
  
    
  accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user

  		




  27
  27
  
    

  		




  ......




  50
  50
  
    
  end

  		




  51
  51
  
    

  		




  52
  52
  
    
  def show

  		




  
  53
  
    
    return render_404 unless @group.visible?

  		




  
  54
  
    

  		




  53
  55
  
    
    respond_to do |format|

  		




  54
  
  
    
      format.html

  		




  
  56
  
    
      format.html do

  		




  
  57
  
    
        render :layout => 'base'

  		




  
  58
  
    
      end

  		




  55
  59
  
    
      format.api

  		




  56
  60
  
    
    end

  		




  57
  61
  
    
  end

  		












  

    
      app/views/groups/show.html.erb
    
  





  1
  
  
    
<%= title [l(:label_group_plural), groups_path], @group.name %>

  		




  
  1
  
    
<div class="contextual">

  		




  
  2
  
    
<%= link_to(l(:button_edit), edit_group_path(@group), :class => 'icon icon-edit') if User.current.admin? %>

  		




  
  3
  
    
</div>

  		




  
  4
  
    

  		




  
  5
  
    
<h2><%= @group.name %></h2>

  		




  2
  6
  
    

  		




  3
  7
  
    
<% if @group.custom_field_values.any? %>

  		




  4
  8
  
    
  <ul>

  		




  ......




  14
  18
  
    
    <li><%= user %></li>

  		




  15
  19
  
    
<% end %>

  		




  16
  20
  
    
</ul>

  		




  
  21
  
    
<% html_title @group.name %>

  		












  

    
      test/functional/groups_controller_test.rb
    
  





  47
  47
  
    
  end

  		




  48
  48
  
    

  		




  49
  49
  
    
  def test_show

  		




  
  50
  
    
    Role.anonymous.update! :users_visibility => 'all'

  		




  
  51
  
    

  		




  
  52
  
    
    @request.session[:user_id] = nil

  		




  50
  53
  
    
    get(:show, :params => {:id => 10})

  		




  51
  54
  
    
    assert_response :success

  		




  52
  55
  
    
  end

  		




  ......




  70
  73
  
    
    assert_response 404

  		




  71
  74
  
    
  end

  		




  72
  75
  
    

  		




  
  76
  
    
  def test_show_group_that_is_not_visible_should_return_404

  		




  
  77
  
    
    Role.anonymous.update! :users_visibility => 'members_of_visible_projects'

  		




  
  78
  
    

  		




  
  79
  
    
    @request.session[:user_id] = nil

  		




  
  80
  
    
    get :show, :params => {:id => 10}

  		




  
  81
  
    
    assert_response 404

  		




  
  82
  
    
  end

  		




  
  83
  
    

  		




  73
  84
  
    
  def test_new

  		




  74
  85
  
    
    get :new

  		




  75
  86
  
    
    assert_response :success

  		















  (4-4/4)