From 6a751ed0b2c764c2c5ca50e1d5db53bcb307ddaf Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Mon, 17 Nov 2014 22:16:02 +0100
Subject: [PATCH] Fixed user list presenter disrespecting privileges

If user had no right to view user accounts, the list presenter ignored
that and linked to pages that shown privilege errors. Now it shows the
links only if user has right to view user accounts.
---
 public_html/css/user-list.css                 |  8 ++++---
 .../js/Presenters/UserListPresenter.js        |  9 +++++---
 public_html/templates/user-list-item.tpl      | 21 ++++++++++++++-----
 3 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/public_html/css/user-list.css b/public_html/css/user-list.css
index 5e91471e..ddfdf96f 100644
--- a/public_html/css/user-list.css
+++ b/public_html/css/user-list.css
@@ -39,12 +39,14 @@
 
 #user-list .user img {
 	vertical-align: top;
-	margin-right: 1em;
 	display: block;
 }
-#user-list .user>a {
-	display: block;
+#user-list .user .avatar {
 	float: left;
+	margin-right: 1em;
+}
+#user-list .user .avatar a {
+	display: block;
 }
 #user-list .user .details {
 	float: left;
diff --git a/public_html/js/Presenters/UserListPresenter.js b/public_html/js/Presenters/UserListPresenter.js
index f4e531c1..4d05fe85 100644
--- a/public_html/js/Presenters/UserListPresenter.js
+++ b/public_html/js/Presenters/UserListPresenter.js
@@ -13,11 +13,14 @@ App.Presenters.UserListPresenter = function(
 	var $el = jQuery('#content');
 	var templates = {};
 	var params;
+	var privileges = {};
 
 	function init(params, loaded) {
 		topNavigationPresenter.select('users');
 		topNavigationPresenter.changeTitle('Users');
 
+		privileges.canViewUsers = auth.hasPrivilege(auth.privileges.viewUsers);
+
 		promise.wait(
 				util.promiseTemplate('user-list'),
 				util.promiseTemplate('user-list-item'))
@@ -60,7 +63,7 @@ App.Presenters.UserListPresenter = function(
 	}
 
 	function render() {
-		$el.html(templates.list());
+		$el.html(templates.list(privileges));
 	}
 
 	function updateActiveOrder(activeOrder) {
@@ -71,10 +74,10 @@ App.Presenters.UserListPresenter = function(
 	function renderUsers($page, users) {
 		var $target = $page.find('.users');
 		_.each(users, function(user) {
-			var $item = jQuery('<li>' + templates.listItem({
+			var $item = jQuery('<li>' + templates.listItem(_.extend({
 				user: user,
 				formatRelativeTime: util.formatRelativeTime,
-			}) + '</li>');
+			}, privileges)) + '</li>');
 			$target.append($item);
 		});
 		_.map(_.map($target.find('img'), jQuery), util.loadImagesNicely);
diff --git a/public_html/templates/user-list-item.tpl b/public_html/templates/user-list-item.tpl
index c4ad5d33..b9da540f 100644
--- a/public_html/templates/user-list-item.tpl
+++ b/public_html/templates/user-list-item.tpl
@@ -1,12 +1,23 @@
 <div class="user">
-	<a href="#/user/<%= user.name %>">
-		<img width="80" height="80" src="/data/thumbnails/80x80/avatars/<%= user.name %>" alt="<%= user.name %>"/>
-	</a>
+	<div class="avatar">
+		<% if (canViewUsers) { %>
+			<a href="#/user/<%= user.name %>">
+		<% } %>
+			<img width="80" height="80" src="/data/thumbnails/80x80/avatars/<%= user.name %>" alt="<%= user.name %>"/>
+		<% if (canViewUsers) { %>
+			</a>
+		<% } %>
+	</div>
+
 	<div class="details">
 		<h1>
-			<a href="#/user/<%= user.name %>">
+			<% if (canViewUsers) { %>
+				<a href="#/user/<%= user.name %>">
+					<%= user.name %>
+				</a>
+			<% } else { %>
 				<%= user.name %>
-			</a>
+			<% } %>
 		</h1>
 		<div class="date-joined" title="<%= user.registrationTime %>">
 			Joined: <%= formatRelativeTime(user.registrationTime) %>