Commit 694768e51870ebb24a25730188e018782d3175ca
1 parent
0235c2a7
Exists in
master
and in
4 other branches
Fix 404 if Group guest visit empty group page
Showing
2 changed files
with
5 additions
and
1 deletions
Show diff stats
app/controllers/groups_controller.rb
| @@ -110,7 +110,7 @@ class GroupsController < ApplicationController | @@ -110,7 +110,7 @@ class GroupsController < ApplicationController | ||
| 110 | 110 | ||
| 111 | # Dont allow unauthorized access to group | 111 | # Dont allow unauthorized access to group |
| 112 | def authorize_read_group! | 112 | def authorize_read_group! |
| 113 | - unless projects.present? or can?(current_user, :manage_group, @group) | 113 | + unless projects.present? or can?(current_user, :read_group, @group) |
| 114 | return render_404 | 114 | return render_404 |
| 115 | end | 115 | end |
| 116 | end | 116 | end |
app/models/ability.rb
| @@ -135,6 +135,10 @@ class Ability | @@ -135,6 +135,10 @@ class Ability | ||
| 135 | def group_abilities user, group | 135 | def group_abilities user, group |
| 136 | rules = [] | 136 | rules = [] |
| 137 | 137 | ||
| 138 | + if group.users.include?(user) | ||
| 139 | + rules << :read_group | ||
| 140 | + end | ||
| 141 | + | ||
| 138 | # Only group owner and administrators can manage group | 142 | # Only group owner and administrators can manage group |
| 139 | if group.owners.include?(user) || user.admin? | 143 | if group.owners.include?(user) || user.admin? |
| 140 | rules << [ | 144 | rules << [ |