@user = User.find(params[:id])
@custom_values = @user.custom_values
- # show only public projects and private projects that the logged in user is also a member of
- @memberships = @user.memberships.select do |membership|
- membership.project.is_public? || (User.current.member_of?(membership.project))
- end
+ # show projects based on current user visibility
+ @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
@events_by_day = events.group_by(&:event_date)
assert_response 200
assert_not_nil assigns(:user)
end
+
+ def test_show_displays_memberships_based_on_project_visibility
+ @request.session[:user_id] = 1
+ get :show, :id => 2
+ assert_response :success
+ memberships = assigns(:memberships)
+ assert_not_nil memberships
+ project_ids = memberships.map(&:project_id)
+ assert project_ids.include?(2) #private project admin can see
+ end
def test_edit
ActionMailer::Base.deliveries.clear