diff options
| author | Go MAEDA <maeda@farend.jp> | 2021-07-19 14:42:26 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2021-07-19 14:42:26 +0000 |
| commit | 482656fb2c09e9e456a3e006ceaf78d0c6f33ee5 (patch) | |
| tree | 616b059cb0a94297a0a079a4b53a9218cccf2e2f | |
| parent | 8e4d71adc9ebcfa48d7fcff388cc68661c03eaa2 (diff) | |
| download | redmine-482656fb2c09e9e456a3e006ceaf78d0c6f33ee5.tar.gz redmine-482656fb2c09e9e456a3e006ceaf78d0c6f33ee5.zip | |
Allow non-admin users to see group members (#12795).
Patch by Go MAEDA.
git-svn-id: http://svn.redmine.org/redmine/trunk@21072 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/groups_controller.rb | 8 | ||||
| -rw-r--r-- | app/views/groups/show.html.erb | 7 | ||||
| -rw-r--r-- | test/functional/groups_controller_test.rb | 11 |
3 files changed, 23 insertions, 3 deletions
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index f6358080b..0ca636e19 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -21,7 +21,7 @@ class GroupsController < ApplicationController layout 'admin' self.main_menu = false - before_action :require_admin + before_action :require_admin, :except => [:show] before_action :find_group, :except => [:index, :new, :create] accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user @@ -50,8 +50,12 @@ class GroupsController < ApplicationController end def show + return render_404 unless @group.visible? + respond_to do |format| - format.html + format.html do + render :layout => 'base' + end format.api end end diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb index 4f413afe8..ad7ee2626 100644 --- a/app/views/groups/show.html.erb +++ b/app/views/groups/show.html.erb @@ -1,4 +1,8 @@ -<%= title [l(:label_group_plural), groups_path], @group.name %> +<div class="contextual"> +<%= link_to(l(:button_edit), edit_group_path(@group), :class => 'icon icon-edit') if User.current.admin? %> +</div> + +<h2><%= @group.name %></h2> <% if @group.custom_field_values.any? %> <ul> @@ -14,3 +18,4 @@ <li><%= user %></li> <% end %> </ul> +<% html_title @group.name %> diff --git a/test/functional/groups_controller_test.rb b/test/functional/groups_controller_test.rb index 976815209..efb588198 100644 --- a/test/functional/groups_controller_test.rb +++ b/test/functional/groups_controller_test.rb @@ -47,6 +47,9 @@ class GroupsControllerTest < Redmine::ControllerTest end def test_show + Role.anonymous.update! :users_visibility => 'all' + + @request.session[:user_id] = nil get(:show, :params => {:id => 10}) assert_response :success end @@ -70,6 +73,14 @@ class GroupsControllerTest < Redmine::ControllerTest assert_response 404 end + def test_show_group_that_is_not_visible_should_return_404 + Role.anonymous.update! :users_visibility => 'members_of_visible_projects' + + @request.session[:user_id] = nil + get :show, :params => {:id => 10} + assert_response 404 + end + def test_new get :new assert_response :success |