Merged r3935 from trunk.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.0-stable@3985 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 12 insertions, 4 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 023352d8a..0354d165d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -53,10 +53,8 @@ class UsersController < ApplicationController
     @user = User.find(params[:id])
     @custom_values = @user.custom_values
     
-    # show only public projects and private projects that the logged in user is also a member of
-    @memberships = @user.memberships.select do |membership|
-      membership.project.is_public? || (User.current.member_of?(membership.project))
-    end
+    # show projects based on current user visibility
+    @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
     
     events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
     @events_by_day = events.group_by(&:event_date)
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index d178f8f85..640ce8685 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -96,6 +96,16 @@ class UsersControllerTest < ActionController::TestCase
     assert_response 200
     assert_not_nil assigns(:user)
   end
+  
+  def test_show_displays_memberships_based_on_project_visibility
+    @request.session[:user_id] = 1
+    get :show, :id => 2
+    assert_response :success
+    memberships = assigns(:memberships)
+    assert_not_nil memberships
+    project_ids = memberships.map(&:project_id)
+    assert project_ids.include?(2) #private project admin can see
+  end
 
   def test_edit
     ActionMailer::Base.deliveries.clear