Adds a role setting for controlling visibility of users: all or members of visible projects (#11724).

git-svn-id: http://svn.redmine.org/redmine/trunk@13584 e93f8b46-1217-0410-a6f0-8f06a7374b81

4 files changed, 51 insertions, 7 deletions

diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml
index 2f1e57804..241c5afe6 100644
--- a/test/fixtures/roles.yml
+++ b/test/fixtures/roles.yml
@@ -4,6 +4,7 @@ roles_001:
   id: 1
   builtin: 0
   issues_visibility: all
+  users_visibility: all
   permissions: |
     --- 
     - :add_project
@@ -67,6 +68,7 @@ roles_002:
   id: 2
   builtin: 0
   issues_visibility: default
+  users_visibility: all
   permissions: |
     --- 
     - :edit_project
@@ -114,6 +116,7 @@ roles_003:
   id: 3
   builtin: 0
   issues_visibility: default
+  users_visibility: all
   permissions: |
     --- 
     - :edit_project
@@ -155,6 +158,7 @@ roles_004:
   id: 4
   builtin: 1
   issues_visibility: default
+  users_visibility: all
   permissions: |
     --- 
     - :view_issues
@@ -184,6 +188,7 @@ roles_005:
   id: 5
   builtin: 2
   issues_visibility: default
+  users_visibility: all
   permissions: |
     --- 
     - :view_issues
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index 78b6689fc..d9a46bd60 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -106,12 +106,6 @@ class UsersControllerTest < ActionController::TestCase
     assert_response 404
   end
 
-  def test_show_should_not_reveal_users_with_no_visible_activity_or_project
-    @request.session[:user_id] = nil
-    get :show, :id => 9
-    assert_response 404
-  end
-
   def test_show_inactive_by_admin
     @request.session[:user_id] = 1
     get :show, :id => 5
@@ -119,6 +113,15 @@ class UsersControllerTest < ActionController::TestCase
     assert_not_nil assigns(:user)
   end
 
+  def test_show_user_who_is_not_visible_should_return_404
+    Role.anonymous.update! :users_visibility => 'members_of_visible_projects'
+    user = User.generate!
+
+    @request.session[:user_id] = nil
+    get :show, :id => user.id
+    assert_response 404
+  end
+
   def test_show_displays_memberships_based_on_project_visibility
     @request.session[:user_id] = 1
     get :show, :id => 2
diff --git a/test/functional/watchers_controller_test.rb b/test/functional/watchers_controller_test.rb
index dc72a9b6b..628ad0550 100644
--- a/test/functional/watchers_controller_test.rb
+++ b/test/functional/watchers_controller_test.rb
@@ -227,6 +227,21 @@ class WatchersControllerTest < ActionController::TestCase
     assert Issue.find(2).watched_by?(user)
   end
 
+  def test_autocomplete_for_user_should_return_visible_users
+    Role.update_all :users_visibility => 'members_of_visible_projects'
+
+    hidden = User.generate!(:lastname => 'autocomplete')
+    visible = User.generate!(:lastname => 'autocomplete')
+    User.add_to_project(visible, Project.find(1))
+
+    @request.session[:user_id] = 2
+    xhr :get, :autocomplete_for_user, :q => 'autocomp', :project_id => 'ecookbook'
+    assert_response :success
+
+    assert_include visible, assigns(:users)
+    assert_not_include hidden, assigns(:users)
+  end
+
   def test_append
     @request.session[:user_id] = 2
     assert_no_difference 'Watcher.count' do
diff --git a/test/unit/principal_test.rb b/test/unit/principal_test.rb
index 3b599c373..4e2dd4f21 100644
--- a/test/unit/principal_test.rb
+++ b/test/unit/principal_test.rb
@@ -20,7 +20,7 @@
 require File.expand_path('../../test_helper', __FILE__)
 
 class PrincipalTest < ActiveSupport::TestCase
-  fixtures :users, :projects, :members, :member_roles
+  fixtures :users, :projects, :members, :member_roles, :roles
 
   def test_active_scope_should_return_groups_and_active_users
     result = Principal.active.to_a
@@ -30,6 +30,27 @@ class PrincipalTest < ActiveSupport::TestCase
     assert_nil result.detect {|p| p.is_a?(AnonymousUser)}
   end
 
+  def test_visible_scope_for_admin_should_return_all_principals
+    admin = User.generate! {|u| u.admin = true}
+    assert_equal Principal.count, Principal.visible(admin).count
+  end
+
+  def test_visible_scope_for_user_with_members_of_visible_projects_visibility_should_return_active_principals
+    Role.non_member.update! :users_visibility => 'all'
+    user = User.generate!
+
+    expected = Principal.active
+    assert_equal expected.map(&:id).sort, Principal.visible(user).pluck(:id).sort
+  end
+
+  def test_visible_scope_for_user_with_members_of_visible_projects_visibility_should_return_members_of_visible_projects_and_self
+    Role.non_member.update! :users_visibility => 'members_of_visible_projects'
+    user = User.generate!
+
+    expected = Project.visible(user).map(&:member_principals).flatten.map(&:principal).uniq << user
+    assert_equal expected.map(&:id).sort, Principal.visible(user).pluck(:id).sort
+  end
+
   def test_member_of_scope_should_return_the_union_of_all_members
     projects = Project.find([1])
     assert_equal [3, 2], Principal.member_of(projects).sort.map(&:id)