[ARVADOS] updated: 0af4622373325785f76f09aea8fdd71aa3c03339

git at public.curoverse.com git at public.curoverse.com
Mon Jan 12 14:02:26 EST 2015 

Summary of changes:
 .../app/views/application/_show_recent.html.erb    |  4 ++-
 apps/workbench/test/integration/users_test.rb      | 36 ++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

       via  0af4622373325785f76f09aea8fdd71aa3c03339 (commit)
      from  61fdce2ec17d5892642be7a957b824f9d311c192 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 0af4622373325785f76f09aea8fdd71aa3c03339
Author: Radhika Chippada <radhika at curoverse.com>
Date:   Mon Jan 12 14:01:40 2015 -0500

    3756: do not show 'Show' button in admin user's own row.

diff --git a/apps/workbench/app/views/application/_show_recent.html.erb b/apps/workbench/app/views/application/_show_recent.html.erb
index 57a5b74..3fdbcd7 100644
--- a/apps/workbench/app/views/application/_show_recent.html.erb
+++ b/apps/workbench/app/views/application/_show_recent.html.erb
@@ -40,7 +40,9 @@
         </td>
       <% end %>
       <td>
-        <%= render :partial => "show_object_button", :locals => {object: object, size: 'xs'} %>
+        <% if (current_user.is_admin and current_user.uuid != object.uuid) or !current_user.is_admin %>
+          <%= render :partial => "show_object_button", :locals => {object: object, size: 'xs'} %>
+        <% end %>
       </td>
 
       <% object.attributes_for_display.each do |attr, attrvalue| %>
diff --git a/apps/workbench/test/integration/users_test.rb b/apps/workbench/test/integration/users_test.rb
index 4a45a6a..80e6a71 100644
--- a/apps/workbench/test/integration/users_test.rb
+++ b/apps/workbench/test/integration/users_test.rb
@@ -204,4 +204,40 @@ class UsersTest < ActionDispatch::IntegrationTest
     assert page.has_text? 'VirtualMachine: testvm.shell'
   end
 
+  [
+    ['admin', false],
+    ['active', true],
+  ].each do |username, expect_show_button|
+    test "login as #{username} and access show button #{expect_show_button}" do
+      need_javascript
+
+      user = api_fixture('users', username)
+
+      visit page_with_token(username, '/users')
+
+      if expect_show_button
+        within('tr', text: user['uuid']) do
+          assert_text user['email']
+          assert_selector 'a', text: 'Show'
+          find('a', text: 'Show').click
+        end
+        assert_selector 'a', 'Data collections'
+      else
+        # no 'Show' button in the admin user's own row
+        within('tr', text: user['uuid']) do
+          assert_text user['email']
+          assert_no_selector 'a', text: 'Show'
+        end
+
+        # but the admin user can access 'Show' button for other users
+        active_user = api_fixture('users', 'active')
+        within('tr', text: active_user['uuid']) do
+          assert_text active_user['email']
+          assert_selector 'a', text: 'Show'
+          find('a', text: 'Show').click
+          assert_selector 'a', 'Attributes'
+        end
+      end
+    end
+  end
 end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list