Allow non-admin users to see group members (#12795).

author Go MAEDA <maeda@farend.jp>

Mon, 19 Jul 2021 14:42:26 +0000 (14:42 +0000)

committer Go MAEDA <maeda@farend.jp>

Mon, 19 Jul 2021 14:42:26 +0000 (14:42 +0000)
author Go MAEDA <maeda@farend.jp>
Mon, 19 Jul 2021 14:42:26 +0000 (14:42 +0000)
committer Go MAEDA <maeda@farend.jp>
Mon, 19 Jul 2021 14:42:26 +0000 (14:42 +0000)
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb

index f6358080bb3fe2d3f334f41b3d537ac38aef5bcf..0ca636e19ed7c290ea3e64c47ebd516272f36d4a 100644 (file)
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -21,7 +21,7 @@ class GroupsController < ApplicationController
    layout 'admin'
    self.main_menu = false
  
-  before_action :require_admin
+  before_action :require_admin, :except => [:show]
    before_action :find_group, :except => [:index, :new, :create]
    accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
  
@@ -50,8 +50,12 @@ class GroupsController < ApplicationController
    end
  
    def show
+    return render_404 unless @group.visible?
+
      respond_to do |format|
-      format.html
+      format.html do
+        render :layout => 'base'
+      end
        format.api
      end
    end
diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb

index 4f413afe8fbf346c0e9a47588917215113f3af08..ad7ee2626ae975b4f08f63142906a2318635d2db 100644 (file)
--- a/app/views/groups/show.html.erb
+++ b/app/views/groups/show.html.erb
@@ -1,4 +1,8 @@
-<%= title [l(:label_group_plural), groups_path], @group.name %>
+<div class="contextual">
+<%= link_to(l(:button_edit), edit_group_path(@group), :class => 'icon icon-edit') if User.current.admin? %>
+</div>
+
+<h2><%= @group.name %></h2>
  
  <% if @group.custom_field_values.any? %>
    <ul>
@@ -14,3 +18,4 @@
      <li><%= user %></li>
  <% end %>
  </ul>
+<% html_title @group.name %>
diff --git a/test/functional/groups_controller_test.rb b/test/functional/groups_controller_test.rb

index 97681520972526aa073b71b3f7b44aada779e724..efb5881988784e561a9652b24846217f2ed4e9af 100644 (file)
--- a/test/functional/groups_controller_test.rb
+++ b/test/functional/groups_controller_test.rb
@@ -47,6 +47,9 @@ class GroupsControllerTest < Redmine::ControllerTest
    end
  
    def test_show
+    Role.anonymous.update! :users_visibility => 'all'
+
+    @request.session[:user_id] = nil
      get(:show, :params => {:id => 10})
      assert_response :success
    end
@@ -70,6 +73,14 @@ class GroupsControllerTest < Redmine::ControllerTest
      assert_response 404
    end
  
+  def test_show_group_that_is_not_visible_should_return_404
+    Role.anonymous.update! :users_visibility => 'members_of_visible_projects'
+
+    @request.session[:user_id] = nil
+    get :show, :params => {:id => 10}
+    assert_response 404
+  end
+
    def test_new
      get :new
      assert_response :success
author	Go MAEDA <maeda@farend.jp>
	Mon, 19 Jul 2021 14:42:26 +0000 (14:42 +0000)
committer	Go MAEDA <maeda@farend.jp>
	Mon, 19 Jul 2021 14:42:26 +0000 (14:42 +0000)
app/controllers/groups_controller.rb		patch \| blob \| history
app/views/groups/show.html.erb		patch \| blob \| history
test/functional/groups_controller_test.rb		patch \| blob \| history