From bfed36ac84122e1856e18a4d1e7cb3e3753b2fa8 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 26 Feb 2010 15:50:16 +0000
Subject: [PATCH] Let administrators see locked user profiles.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3493 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/users_controller.rb      | 10 ++++++----
 test/functional/users_controller_test.rb | 10 ++++++++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 99b01c30f..14930e338 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -50,7 +50,7 @@ class UsersController < ApplicationController
   end
   
   def show
-    @user = User.active.find(params[:id])
+    @user = User.find(params[:id])
     @custom_values = @user.custom_values
     
     # show only public projects and private projects that the logged in user is also a member of
@@ -61,9 +61,11 @@ class UsersController < ApplicationController
     events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
     @events_by_day = events.group_by(&:event_date)
     
-    if @user != User.current && !User.current.admin? && @memberships.empty? && events.empty?
-      render_404
-      return
+    unless User.current.admin?
+      if !@user.active? || (@user != User.current  && @memberships.empty? && events.empty?)
+        render_404
+        return
+      end
     end
     render :layout => 'base'
 
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index 74cfb656d..6823eb307 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -103,12 +103,11 @@ class UsersControllerTest < ActionController::TestCase
     get :show, :id => 2
     assert_response :success
   end
-  
 
   def test_show_inactive
+    @request.session[:user_id] = nil
     get :show, :id => 5
     assert_response 404
-    assert_nil assigns(:user)
   end
   
   def test_show_should_not_reveal_users_with_no_visible_activity_or_project
@@ -116,6 +115,13 @@ class UsersControllerTest < ActionController::TestCase
     get :show, :id => 9
     assert_response 404
   end
+  
+  def test_show_inactive_by_admin
+    @request.session[:user_id] = 1
+    get :show, :id => 5
+    assert_response 200
+    assert_not_nil assigns(:user)
+  end
 
   def test_add_routing
     assert_routing(
-- 
GitLab