commit c4cf6b070d96ece062f0ef007783c1fd175d434a Author: Felix Schäfer Date: Fri Oct 11 13:23:26 2013 +0200 Limit watcher autocomplete proposals to users visible by the current user diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb index 2f55de2..dd8c94e 100644 --- a/app/controllers/watchers_controller.rb +++ b/app/controllers/watchers_controller.rb @@ -52,7 +52,7 @@ class WatchersController < ApplicationController def append if params[:watcher].is_a?(Hash) user_ids = params[:watcher][:user_ids] || [params[:watcher][:user_id]] - @users = User.active.find_all_by_id(user_ids) + @users = User.visible.find_all_by_id(user_ids) end end @@ -66,7 +66,7 @@ class WatchersController < ApplicationController end def autocomplete_for_user - @users = User.active.sorted.like(params[:q]).limit(100).all + @users = User.visible.sorted.like(params[:q]).limit(100).all if @watched @users -= @watched.watcher_users end diff --git a/app/models/user.rb b/app/models/user.rb index 9cf1620..d8b01a2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -78,6 +78,10 @@ class User < Principal scope :logged, lambda { where("#{User.table_name}.status <> #{STATUS_ANONYMOUS}") } scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) } + scope :visible, lambda {|*args| + pids = Project.visible(*args).pluck(:id) + active.joins(:members).where(:members => {:project_id => pids}).uniq + } acts_as_customizable diff --git a/app/views/watchers/_new.html.erb b/app/views/watchers/_new.html.erb index 9fdf792..e616731 100644 --- a/app/views/watchers/_new.html.erb +++ b/app/views/watchers/_new.html.erb @@ -17,7 +17,7 @@ :project_id => @project) }')" %>
- <%= principals_check_box_tags 'watcher[user_ids][]', (watched ? watched.addable_watcher_users : User.active.all(:limit => 100)) %> + <%= principals_check_box_tags 'watcher[user_ids][]', (watched ? watched.addable_watcher_users : User.visible.all(:limit => 100)) %>