Don't show suspended users in autocomplete fields unless you are staff
This commit is contained in:
parent
2d8a4ee91f
commit
6e0eb89697
|
@ -295,7 +295,7 @@ class UsersController < ApplicationController
|
|||
topic_id = params[:topic_id]
|
||||
topic_id = topic_id.to_i if topic_id
|
||||
|
||||
results = UserSearch.new(term, topic_id).search
|
||||
results = UserSearch.new(term, topic_id: topic_id, searching_user: current_user).search
|
||||
|
||||
user_fields = [:username, :use_uploaded_avatar, :upload_avatar_template, :uploaded_avatar_id]
|
||||
user_fields << :name if SiteSetting.enable_names?
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
# Searches for a user by username or full text or name (if enabled in SiteSettings)
|
||||
class UserSearch
|
||||
|
||||
def initialize(term, topic_id=nil)
|
||||
def initialize(term, opts={})
|
||||
@term = term
|
||||
@term_like = "#{term.downcase}%"
|
||||
@topic_id = topic_id
|
||||
@topic_id = opts[:topic_id]
|
||||
@searching_user = opts[:searching_user]
|
||||
end
|
||||
|
||||
def search
|
||||
|
@ -31,6 +32,10 @@ class UserSearch
|
|||
.order("CASE WHEN s.user_id IS NULL THEN 0 ELSE 1 END DESC")
|
||||
end
|
||||
|
||||
unless @searching_user && @searching_user.staff?
|
||||
users = users.not_suspended
|
||||
end
|
||||
|
||||
users.order("CASE WHEN last_seen_at IS NULL THEN 0 ELSE 1 END DESC, last_seen_at DESC, username ASC")
|
||||
.limit(20)
|
||||
end
|
||||
|
|
|
@ -2,15 +2,17 @@ require 'spec_helper'
|
|||
|
||||
describe UserSearch do
|
||||
|
||||
let(:topic) { Fabricate :topic }
|
||||
let(:topic2) { Fabricate :topic }
|
||||
let(:topic3) { Fabricate :topic }
|
||||
let(:user1) { Fabricate :user, username: "mrblonde", name: "Michael Madsen" }
|
||||
let(:user2) { Fabricate :user, username: "mrblue", name: "Eddie Bunker" }
|
||||
let(:user3) { Fabricate :user, username: "mrorange", name: "Tim Roth" }
|
||||
let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi" }
|
||||
let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino" }
|
||||
let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel" }
|
||||
let(:topic) { Fabricate :topic }
|
||||
let(:topic2) { Fabricate :topic }
|
||||
let(:topic3) { Fabricate :topic }
|
||||
let(:user1) { Fabricate :user, username: "mrblonde", name: "Michael Madsen" }
|
||||
let(:user2) { Fabricate :user, username: "mrblue", name: "Eddie Bunker" }
|
||||
let(:user3) { Fabricate :user, username: "mrorange", name: "Tim Roth" }
|
||||
let(:user4) { Fabricate :user, username: "mrpink", name: "Steve Buscemi" }
|
||||
let(:user5) { Fabricate :user, username: "mrbrown", name: "Quentin Tarantino" }
|
||||
let(:user6) { Fabricate :user, username: "mrwhite", name: "Harvey Keitel" }
|
||||
let(:admin) { Fabricate :admin, username: "theadmin" }
|
||||
let(:moderator) { Fabricate :moderator, username: "themod" }
|
||||
|
||||
before do
|
||||
Fabricate :post, user: user1, topic: topic
|
||||
|
@ -19,6 +21,7 @@ describe UserSearch do
|
|||
Fabricate :post, user: user4, topic: topic
|
||||
Fabricate :post, user: user5, topic: topic3
|
||||
Fabricate :post, user: user6, topic: topic
|
||||
user6.update_attributes(suspended_at: 1.day.ago, suspended_till: 1.year.from_now)
|
||||
end
|
||||
|
||||
def search_for(*args)
|
||||
|
@ -49,28 +52,36 @@ describe UserSearch do
|
|||
results.first.should == user4
|
||||
|
||||
# substrings
|
||||
# only staff members see suspended users in results
|
||||
results = search_for("mr")
|
||||
results.size.should == 6
|
||||
results.size.should == 5
|
||||
results.should_not include(user6)
|
||||
search_for("mr", searching_user: user1).size.should == 5
|
||||
|
||||
results = search_for("mrb")
|
||||
results = search_for("mr", searching_user: admin)
|
||||
results.size.should == 6
|
||||
results.should include(user6)
|
||||
search_for("mr", searching_user: moderator).size.should == 6
|
||||
|
||||
results = search_for("mrb", searching_user: admin)
|
||||
results.size.should == 3
|
||||
|
||||
|
||||
results = search_for("MR")
|
||||
results = search_for("MR", searching_user: admin)
|
||||
results.size.should == 6
|
||||
|
||||
results = search_for("MRB")
|
||||
results = search_for("MRB", searching_user: admin)
|
||||
results.size.should == 3
|
||||
|
||||
# topic priority
|
||||
results = search_for("mrb", topic.id)
|
||||
results = search_for("mrb", topic_id: topic.id)
|
||||
results.first.should == user1
|
||||
|
||||
|
||||
results = search_for("mrb", topic2.id)
|
||||
results = search_for("mrb", topic_id: topic2.id)
|
||||
results.first.should == user2
|
||||
|
||||
results = search_for("mrb", topic3.id)
|
||||
results = search_for("mrb", topic_id: topic3.id)
|
||||
results.first.should == user5
|
||||
|
||||
# When searching by name is enabled, it returns the record
|
||||
|
|
Loading…
Reference in New Issue