Fix 404 if Group guest visit empty group page

694768e5 · Dmitriy Zaporozhets · 0235c2a7 · 694768e5 · 694768e5
Commit 694768e5 authored Sep 11, 2013 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

groups_controller.rb app/controllers/groups_controller.rb +1 -1

ability.rb app/models/ability.rb +4 -0

No files found.
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -110,7 +110,7 @@ class GroupsController < ApplicationController

  # Dont allow unauthorized access to group
  def authorize_read_group!
-    unless projects.present? or can?(current_user, :manage_group, @group)
+    unless projects.present? or can?(current_user, :read_group, @group)
      return render_404
    end
  end

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -135,6 +135,10 @@ class Ability
    def group_abilities user, group
      rules = []

+      if group.users.include?(user)
+        rules << :read_group
+      end
+
      # Only group owner and administrators can manage group
      if group.owners.include?(user) || user.admin?
        rules << [