Fix 404 if Group guest visit empty group page

Dmitriy Zaporozhets
1 parent 0235c2a7
Showing 2 changed files with 5 additions and 1 deletions Show diff stats
app/controllers/groups_controller.rb
app/models/ability.rb
@@ -110,7 +110,7 @@ class GroupsController &lt; ApplicationController
  
   # Dont allow unauthorized access to group
   def authorize_read_group!
-    unless projects.present? or can?(current_user, :manage_group, @group)
+    unless projects.present? or can?(current_user, :read_group, @group)
       return render_404
     end
   end
@@ -135,6 +135,10 @@ class Ability
     def group_abilities user, group
       rules = []
  
+      if group.users.include?(user)
+        rules << :read_group
+      end
+
       # Only group owner and administrators can manage group
       if group.owners.include?(user) || user.admin?
         rules << [
...	...	@@ -110,7 +110,7 @@ class GroupsController < ApplicationController
110	110
111	111	# Dont allow unauthorized access to group
112	112	def authorize_read_group!
113		- unless projects.present? or can?(current_user, :manage_group, @group)
	113	+ unless projects.present? or can?(current_user, :read_group, @group)
114	114	return render_404
115	115	end
116	116	end
...	...
...	...	@@ -135,6 +135,10 @@ class Ability
135	135	def group_abilities user, group
136	136	rules = []
137	137
	138	+ if group.users.include?(user)
	139	+ rules << :read_group
	140	+ end
	141	+
138	142	# Only group owner and administrators can manage group
139	143	if group.owners.include?(user) \|\| user.admin?
140	144	rules << [
...	...