Adds a role setting for controlling visibility of users: all or members of visible projects (#11724).

git-svn-id: http://svn.redmine.org/redmine/trunk@13584 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 14 insertions, 14 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d14914af4..d62bea449 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -60,19 +60,17 @@ class UsersController < ApplicationController
   end
 
   def show
+    unless @user.visible?
+      render_404
+      return
+    end
+
     # show projects based on current user visibility
     @memberships = @user.memberships.where(Project.visible_condition(User.current)).to_a
 
     events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
     @events_by_day = events.group_by(&:event_date)
 
-    unless User.current.admin?
-      if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
-        render_404
-        return
-      end
-    end
-
     respond_to do |format|
       format.html { render :layout => 'base' }
       format.api
diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb
index ade977b41..060c09f6c 100644
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@@ -40,8 +40,9 @@ class WatchersController < ApplicationController
     else
       user_ids << params[:user_id]
     end
-    user_ids.flatten.compact.uniq.each do |user_id|
-      Watcher.create(:watchable => @watched, :user_id => user_id)
+    users = User.active.visible.where(:id => user_ids.flatten.compact.uniq)
+    users.each do |user|
+      Watcher.create(:watchable => @watched, :user => user)
     end
     respond_to do |format|
       format.html { redirect_to_referer_or {render :text => 'Watcher added.', :layout => true}}
@@ -53,7 +54,7 @@ class WatchersController < ApplicationController
   def append
     if params[:watcher].is_a?(Hash)
       user_ids = params[:watcher][:user_ids] || [params[:watcher][:user_id]]
-      @users = User.active.where(:id => user_ids).to_a
+      @users = User.active.visible.where(:id => user_ids).to_a
     end
     if @users.blank?
       render :nothing => true
@@ -61,7 +62,7 @@ class WatchersController < ApplicationController
   end
 
   def destroy
-    @watched.set_watcher(User.find(params[:user_id]), false)
+    @watched.set_watcher(User.visible.find(params[:user_id]), false)
     respond_to do |format|
       format.html { redirect_to :back }
       format.js
@@ -115,12 +116,13 @@ class WatchersController < ApplicationController
   end
 
   def users_for_new_watcher
-    users = []
+    scope = nil
     if params[:q].blank? && @project.present?
-      users = @project.users.sorted
+      scope = @project.users
     else
-      users = User.active.sorted.like(params[:q]).limit(100)
+      scope = User.all.limit(100)
     end
+    users = scope.active.visible.sorted.like(params[:q]).to_a
     if @watched
       users -= @watched.watcher_users
     end