3756: do not show 'Show' button in admin user's own row.

author Radhika Chippada <radhika@curoverse.com>

Mon, 12 Jan 2015 19:01:40 +0000 (14:01 -0500)

committer Radhika Chippada <radhika@curoverse.com>

Mon, 12 Jan 2015 19:01:40 +0000 (14:01 -0500)
author Radhika Chippada <radhika@curoverse.com>
Mon, 12 Jan 2015 19:01:40 +0000 (14:01 -0500)
committer Radhika Chippada <radhika@curoverse.com>
Mon, 12 Jan 2015 19:01:40 +0000 (14:01 -0500)
diff --git a/apps/workbench/app/views/application/_show_recent.html.erb b/apps/workbench/app/views/application/_show_recent.html.erb

index 57a5b74e93469c96232000d05bf83ac561b3aa66..3fdbcd701961ad8c708fb21e90fb8d168173d993 100644 (file)
--- a/apps/workbench/app/views/application/_show_recent.html.erb
+++ b/apps/workbench/app/views/application/_show_recent.html.erb
@@ -40,7 +40,9 @@
          </td>
        <% end %>
        <td>
-        <%= render :partial => "show_object_button", :locals => {object: object, size: 'xs'} %>
+        <% if (current_user.is_admin and current_user.uuid != object.uuid) or !current_user.is_admin %>
+          <%= render :partial => "show_object_button", :locals => {object: object, size: 'xs'} %>
+        <% end %>
        </td>
  
        <% object.attributes_for_display.each do |attr, attrvalue| %>
diff --git a/apps/workbench/test/integration/users_test.rb b/apps/workbench/test/integration/users_test.rb

index 4a45a6a87c143ebfc3914864581390f3ee4a0061..80e6a71932efb5098aac750499c3654fc44c6cf8 100644 (file)
--- a/apps/workbench/test/integration/users_test.rb
+++ b/apps/workbench/test/integration/users_test.rb
@@ -204,4 +204,40 @@ class UsersTest < ActionDispatch::IntegrationTest
      assert page.has_text? 'VirtualMachine: testvm.shell'
    end
  
+  [
+    ['admin', false],
+    ['active', true],
+  ].each do |username, expect_show_button|
+    test "login as #{username} and access show button #{expect_show_button}" do
+      need_javascript
+
+      user = api_fixture('users', username)
+
+      visit page_with_token(username, '/users')
+
+      if expect_show_button
+        within('tr', text: user['uuid']) do
+          assert_text user['email']
+          assert_selector 'a', text: 'Show'
+          find('a', text: 'Show').click
+        end
+        assert_selector 'a', 'Data collections'
+      else
+        # no 'Show' button in the admin user's own row
+        within('tr', text: user['uuid']) do
+          assert_text user['email']
+          assert_no_selector 'a', text: 'Show'
+        end
+
+        # but the admin user can access 'Show' button for other users
+        active_user = api_fixture('users', 'active')
+        within('tr', text: active_user['uuid']) do
+          assert_text active_user['email']
+          assert_selector 'a', text: 'Show'
+          find('a', text: 'Show').click
+          assert_selector 'a', 'Attributes'
+        end
+      end
+    end
+  end
  end
author	Radhika Chippada <radhika@curoverse.com>
	Mon, 12 Jan 2015 19:01:40 +0000 (14:01 -0500)
committer	Radhika Chippada <radhika@curoverse.com>
	Mon, 12 Jan 2015 19:01:40 +0000 (14:01 -0500)
apps/workbench/app/views/application/_show_recent.html.erb		patch \| blob \| history
apps/workbench/test/integration/users_test.rb		patch \| blob \| history