references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-13 19:20:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix visibility scope of groups in members filters

Browse Source 
https://community.openproject.org/work_packages/74000
This commit is contained in:
Oliver Günther
2026-04-17 10:55:43 +02:00
parent d6620b1742
commit 8fafc2593b
6 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/members_controller.rb
+1 -1
View File
@@ -166,7 +166,7 @@ class MembersController < ApplicationController
end
def members_filter_options(roles)
groups = Group.all.sort
groups = Group.visible.sort
shares = WorkPackageRole.all
status = Members::UserFilterComponent.status_param(params)
app/controllers/users_controller.rb
+1 -1
View File
@@ -67,7 +67,7 @@ class UsersController < ApplicationController
include PaginationHelper
def index
@groups = Group.all.sort
@groups = Group.visible.sort
@status = Users::UserFilterComponent.status_param params
@users = Users::UserFilterComponent.filter params
end
app/models/queries/work_packages/filter/group_filter.rb
+1 -1
View File
@@ -93,6 +93,6 @@ class Queries::WorkPackages::Filter::GroupFilter < Queries::WorkPackages::Filter
end
def all_groups
@all_groups ||= ::Group.all
@all_groups ||= ::Group.visible
end
end
spec/controllers/members_controller_spec.rb
+20
View File
@@ -211,6 +211,26 @@ RSpec.describe MembersController do
end
end
describe "#index" do
let(:role) { create(:project_role, permissions: [:manage_members]) }
let!(:member) { create(:member, project:, user:, roles: [role]) }
let!(:visible_group) { create(:group, members: [user]) }
let!(:hidden_group) { create(:group) }
before { login_as(user) }
it "only includes groups the user is a member of in the filter options" do
get :index, params: { project_id: project.id }
expect(response).to be_successful
groups = assigns(:members_filter_options)[:groups]
expect(groups).to include(visible_group)
expect(groups).not_to include(hidden_group)
end
end
describe "#create with reduced visibility" do
let(:project_permissions) { %i[manage_members invite_members_by_email] }
let!(:other_project) { create(:project) }
spec/models/queries/work_packages/filter/group_filter_spec.rb
+2 -2
View File
@@ -59,7 +59,7 @@ RSpec.describe Queries::WorkPackages::Filter::GroupFilter do
describe "#allowed_values" do
before do
allow(Group)
.to receive(:all)
.to receive(:visible)
.and_return [group]
end
@@ -81,7 +81,7 @@ RSpec.describe Queries::WorkPackages::Filter::GroupFilter do
before do
allow(Group)
.to receive(:all)
.to receive(:visible)
.and_return([group, group2])
instance.values = [group2.id.to_s]
spec/views/users/index.html.erb_spec.rb
+1 -1
View File
@@ -41,7 +41,7 @@ RSpec.describe "users/index" do
assign(:users, User.where(id: [admin.id, user.id]))
assign(:status, "all")
assign(:groups, Group.all)
assign(:groups, Group.visible)
without_partial_double_verification do
allow(view).to receive_messages(current_user: admin, controller_name: "users", action_name: "index")