Fixed user list presenter disrespecting privileges
If user had no right to view user accounts, the list presenter ignored that and linked to pages that shown privilege errors. Now it shows the links only if user has right to view user accounts.
This commit is contained in:
Marcin Kurczewski
parent
97482fb38e
commit
6a751ed0b2
3 changed files with 27 additions and 11 deletions
|
|
@ -39,12 +39,14 @@
|
|||
|
||||
#user-list .user img {
|
||||
vertical-align: top;
|
||||
margin-right: 1em;
|
||||
display: block;
|
||||
}
|
||||
#user-list .user>a {
|
||||
display: block;
|
||||
#user-list .user .avatar {
|
||||
float: left;
|
||||
margin-right: 1em;
|
||||
}
|
||||
#user-list .user .avatar a {
|
||||
display: block;
|
||||
}
|
||||
#user-list .user .details {
|
||||
float: left;
|
||||
|
|
|
|||
|
|
@ -13,11 +13,14 @@ App.Presenters.UserListPresenter = function(
|
|||
var $el = jQuery('#content');
|
||||
var templates = {};
|
||||
var params;
|
||||
var privileges = {};
|
||||
|
||||
function init(params, loaded) {
|
||||
topNavigationPresenter.select('users');
|
||||
topNavigationPresenter.changeTitle('Users');
|
||||
|
||||
privileges.canViewUsers = auth.hasPrivilege(auth.privileges.viewUsers);
|
||||
|
||||
promise.wait(
|
||||
util.promiseTemplate('user-list'),
|
||||
util.promiseTemplate('user-list-item'))
|
||||
|
|
@ -60,7 +63,7 @@ App.Presenters.UserListPresenter = function(
|
|||
}
|
||||
|
||||
function render() {
|
||||
$el.html(templates.list());
|
||||
$el.html(templates.list(privileges));
|
||||
}
|
||||
|
||||
function updateActiveOrder(activeOrder) {
|
||||
|
|
@ -71,10 +74,10 @@ App.Presenters.UserListPresenter = function(
|
|||
function renderUsers($page, users) {
|
||||
var $target = $page.find('.users');
|
||||
_.each(users, function(user) {
|
||||
var $item = jQuery('<li>' + templates.listItem({
|
||||
var $item = jQuery('<li>' + templates.listItem(_.extend({
|
||||
user: user,
|
||||
formatRelativeTime: util.formatRelativeTime,
|
||||
}) + '</li>');
|
||||
}, privileges)) + '</li>');
|
||||
$target.append($item);
|
||||
});
|
||||
_.map(_.map($target.find('img'), jQuery), util.loadImagesNicely);
|
||||
|
|
|
|||
|
|
@ -1,12 +1,23 @@
|
|||
<div class="user">
|
||||
<div class="avatar">
|
||||
<% if (canViewUsers) { %>
|
||||
<a href="#/user/<%= user.name %>">
|
||||
<% } %>
|
||||
<img width="80" height="80" src="/data/thumbnails/80x80/avatars/<%= user.name %>" alt="<%= user.name %>"/>
|
||||
<% if (canViewUsers) { %>
|
||||
</a>
|
||||
<% } %>
|
||||
</div>
|
||||
|
||||
<div class="details">
|
||||
<h1>
|
||||
<% if (canViewUsers) { %>
|
||||
<a href="#/user/<%= user.name %>">
|
||||
<%= user.name %>
|
||||
</a>
|
||||
<% } else { %>
|
||||
<%= user.name %>
|
||||
<% } %>
|
||||
</h1>
|
||||
<div class="date-joined" title="<%= user.registrationTime %>">
|
||||
Joined: <%= formatRelativeTime(user.registrationTime) %>
|
||||
|
|
|
|||
Loading…
Reference in a new issue