Allow non-admin users to see group members (#12795).

Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21072 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/groups_controller.rb

@@ -21,7 +21,7 @@ class GroupsController < ApplicationController
   layout 'admin'
   self.main_menu = false
 
-  before_action :require_admin
+  before_action :require_admin, :except => [:show]
   before_action :find_group, :except => [:index, :new, :create]
   accept_api_auth :index, :show, :create, :update, :destroy, :add_users, :remove_user
 
@@ -50,8 +50,12 @@ class GroupsController < ApplicationController
   end
 
   def show
+    return render_404 unless @group.visible?
+
     respond_to do |format|
-      format.html
+      format.html do
+        render :layout => 'base'
+      end
       format.api
     end
   end

app/views/groups/show.html.erb

@@ -1,4 +1,8 @@
-<%= title [l(:label_group_plural), groups_path], @group.name %>
+<div class="contextual">
+<%= link_to(l(:button_edit), edit_group_path(@group), :class => 'icon icon-edit') if User.current.admin? %>
+</div>
+
+<h2><%= @group.name %></h2>
 
 <% if @group.custom_field_values.any? %>
   <ul>
@@ -14,3 +18,4 @@
     <li><%= user %></li>
 <% end %>
 </ul>
+<% html_title @group.name %>

test/functional/groups_controller_test.rb

@@ -47,6 +47,9 @@ class GroupsControllerTest < Redmine::ControllerTest
   end
 
   def test_show
+    Role.anonymous.update! :users_visibility => 'all'
+
+    @request.session[:user_id] = nil
     get(:show, :params => {:id => 10})
     assert_response :success
   end
@@ -70,6 +73,14 @@ class GroupsControllerTest < Redmine::ControllerTest
     assert_response 404
   end
 
+  def test_show_group_that_is_not_visible_should_return_404
+    Role.anonymous.update! :users_visibility => 'members_of_visible_projects'
+
+    @request.session[:user_id] = nil
+    get :show, :params => {:id => 10}
+    assert_response 404
+  end
+
   def test_new
     get :new
     assert_response :success