Adds a role setting for controlling visibility of users: all or members of visible projects (#11724).

git-svn-id: http://svn.redmine.org/redmine/trunk@13584 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 28 insertions, 0 deletions

diff --git a/app/models/principal.rb b/app/models/principal.rb
index e6e6ea78e..d98531dca 100644
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -38,6 +38,30 @@ class Principal < ActiveRecord::Base
   # Groups and active users
   scope :active, lambda { where(:status => STATUS_ACTIVE) }
 
+  scope :visible, lambda {|*args|
+    user = args.first || User.current
+
+    if user.admin?
+      all
+    else
+      view_all_active = false
+      if user.memberships.to_a.any?
+        view_all_active = user.memberships.any? {|m| m.roles.any? {|r| r.users_visibility == 'all'}}
+      else
+        view_all_active = user.builtin_role.users_visibility == 'all'
+      end
+  
+      if view_all_active
+        active
+      else
+        # self and members of visible projects
+        active.where("#{table_name}.id = ? OR #{table_name}.id IN (SELECT user_id FROM #{Member.table_name} WHERE project_id IN (?))",
+          user.id, user.visible_project_ids
+        )
+      end
+    end
+  }
+
   scope :like, lambda {|q|
     q = q.to_s
     if q.blank?
@@ -84,6 +108,10 @@ class Principal < ActiveRecord::Base
     to_s
   end
 
+  def visible?(user=User.current)
+    Principal.visible(user).where(:id => id).first == self
+  end
+
   # Return true if the principal is a member of project
   def member_of?(project)
     projects.to_a.include?(project)