</td>
<% end %>
<td>
- <%= render :partial => "show_object_button", :locals => {object: object, size: 'xs'} %>
+ <% if (current_user.is_admin and current_user.uuid != object.uuid) or !current_user.is_admin %>
+ <%= render :partial => "show_object_button", :locals => {object: object, size: 'xs'} %>
+ <% end %>
</td>
<% object.attributes_for_display.each do |attr, attrvalue| %>
assert page.has_text? 'VirtualMachine: testvm.shell'
end
+ [
+ ['admin', false],
+ ['active', true],
+ ].each do |username, expect_show_button|
+ test "login as #{username} and access show button #{expect_show_button}" do
+ need_javascript
+
+ user = api_fixture('users', username)
+
+ visit page_with_token(username, '/users')
+
+ if expect_show_button
+ within('tr', text: user['uuid']) do
+ assert_text user['email']
+ assert_selector 'a', text: 'Show'
+ find('a', text: 'Show').click
+ end
+ assert_selector 'a', 'Data collections'
+ else
+ # no 'Show' button in the admin user's own row
+ within('tr', text: user['uuid']) do
+ assert_text user['email']
+ assert_no_selector 'a', text: 'Show'
+ end
+
+ # but the admin user can access 'Show' button for other users
+ active_user = api_fixture('users', 'active')
+ within('tr', text: active_user['uuid']) do
+ assert_text active_user['email']
+ assert_selector 'a', text: 'Show'
+ find('a', text: 'Show').click
+ assert_selector 'a', 'Attributes'
+ end
+ end
+ end
+ end
end