Fixes #3755 - User with user_id 1 is show in admin interface (which should not)
This commit is contained in:
parent
9beb793e3b
commit
d98445d1fe
2 changed files with 16 additions and 1 deletions
|
@ -174,10 +174,13 @@ returns
|
|||
|
||||
if is_query
|
||||
statement = statement.where(
|
||||
'(users.firstname LIKE ? OR users.lastname LIKE ? OR users.email LIKE ? OR users.login LIKE ?) AND users.id != 1', "%#{query}%", "%#{query}%", "%#{query}%", "%#{query}%"
|
||||
'(users.firstname LIKE ? OR users.lastname LIKE ? OR users.email LIKE ? OR users.login LIKE ?)', "%#{query}%", "%#{query}%", "%#{query}%", "%#{query}%"
|
||||
)
|
||||
end
|
||||
|
||||
# Fixes #3755 - User with user_id 1 is show in admin interface (which should not)
|
||||
statement = statement.where('users.id != 1')
|
||||
|
||||
statement.order(Arel.sql(order_sql))
|
||||
.offset(offset)
|
||||
.limit(limit)
|
||||
|
|
|
@ -1421,6 +1421,12 @@ RSpec.describe 'User', type: :request do
|
|||
make_request(query: '9U7Z', group_ids: { 999 => 'read' })
|
||||
expect(json_response.count).to eq(0)
|
||||
end
|
||||
|
||||
it 'does not list user with id 1' do
|
||||
make_request(query: '')
|
||||
not_in_response = json_response.none? { |item| item['id'] == 1 }
|
||||
expect(not_in_response).to be(true)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'with searchindex', searchindex: true do
|
||||
|
@ -1449,6 +1455,12 @@ RSpec.describe 'User', type: :request do
|
|||
make_request(query: '9U7Z', group_ids: { 999 => 'read' })
|
||||
expect(json_response.count).to eq(0)
|
||||
end
|
||||
|
||||
it 'does not list user with id 1' do
|
||||
make_request(query: '')
|
||||
not_in_response = json_response.none? { |item| item['id'] == 1 }
|
||||
expect(not_in_response).to be(true)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue