diff --git a/app/views/users/show.api.rsb b/app/views/users/show.api.rsb
old mode 100644
new mode 100755
index e4c49f9..e711bc4
--- a/app/views/users/show.api.rsb
+++ b/app/views/users/show.api.rsb
@@ -1,6 +1,6 @@
api.user do
api.id @user.id
- api.login @user.login if User.current.admin? || (User.current == @user)
+ api.login @user.login
api.firstname @user.firstname
api.lastname @user.lastname
api.mail @user.mail if User.current.admin? || !@user.pref.hide_mail
@@ -28,7 +28,7 @@ api.user do
attrs = {:id => member_role.role.id, :name => member_role.role.name}
attrs.merge!(:inherited => true) if member_role.inherited_from.present?
api.role attrs
- end
+ end
end
end
end if membership.project
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
old mode 100644
new mode 100755
index b44ed6a..9b1ece8
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -6,9 +6,7 @@
- <% if User.current.admin? %>
- - <%=l(:field_login)%>: <%= @user.login %>
- <% end %>
+ - <%=l(:field_login)%>: <%= @user.login %>
<% unless @user.pref.hide_mail %>
- <%=l(:field_mail)%>: <%= mail_to(@user.mail, nil, :encode => 'javascript') %>
<% end %>
diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb
old mode 100644
new mode 100755
index 9118a8b..cf2e452
--- a/test/integration/api_test/users_test.rb
+++ b/test/integration/api_test/users_test.rb
@@ -89,16 +89,10 @@ class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
assert_select 'user id', :text => '2'
end
- test "GET /users/:id should not return login for other user" do
+ test "GET /users/:id should return login for visible user" do
get '/users/3.xml', {}, credentials('jsmith')
assert_response :success
- assert_select 'user login', 0
- end
-
- test "GET /users/:id should return login for current user" do
- get '/users/2.xml', {}, credentials('jsmith')
- assert_response :success
- assert_select 'user login', :text => 'jsmith'
+ assert_select 'user login', :text => 'dlopper'
end
test "GET /users/:id should not return api_key for other user" do