Merged r14141 and r14146 (#19276).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 21 Mar 2015 08:35:46 +0000 (08:35 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 21 Mar 2015 08:35:46 +0000 (08:35 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 21 Mar 2015 08:35:46 +0000 (08:35 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 21 Mar 2015 08:35:46 +0000 (08:35 +0000)
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb

index 161022635d25423e15aa4b0ef69b553136516aa7..d38b69dd1a0bfada189ca795746399502bbd990f 100644 (file)
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -133,7 +133,7 @@ class IssuesController < ApplicationController
    end
  
    def create
-    unless User.current.allowed_to?(:add_issues, @issue.project)
+    unless User.current.allowed_to?(:add_issues, @issue.project, :global => true)
        raise ::Unauthorized
      end
      call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
@@ -151,7 +151,13 @@ class IssuesController < ApplicationController
        return
      else
        respond_to do |format|
-        format.html { render :action => 'new' }
+        format.html {
+          if @issue.project.nil?
+            render_error :status => 422
+          else
+            render :action => 'new'
+          end
+        }
          format.api  { render_validation_errors(@issue) }
        end
      end
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb

index 70e74baa5262a0bad22be83412b97137317330fe..dc3bd4861bdd2b129fe421f3ab070a33d54a446b 100644 (file)
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -2218,7 +2218,7 @@ class IssuesControllerTest < ActionController::TestCase
             :issue => {:project_id => 3,
                        :tracker_id => 2,
                        :subject => 'Foo'}
-      assert_response 403
+      assert_response 422
      end
    end
  
diff --git a/test/integration/api_test/issues_test.rb b/test/integration/api_test/issues_test.rb

index 8213834bafed93ffd3f9c01278544bd2c9a81843..5d8641c197cc61a666c48e5ba05608268faac9bd 100644 (file)
--- a/test/integration/api_test/issues_test.rb
+++ b/test/integration/api_test/issues_test.rb
@@ -444,6 +444,11 @@ JSON
      assert json['errors'].include?("Subject cannot be blank")
    end
  
+  test "POST /issues.json with invalid project_id should respond with 422" do
+    post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith')
+    assert_response 422
+  end
+
    test "PUT /issues/:id.xml" do
      assert_difference('Journal.count') do
        put '/issues/6.xml',
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 21 Mar 2015 08:35:46 +0000 (08:35 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 21 Mar 2015 08:35:46 +0000 (08:35 +0000)
app/controllers/issues_controller.rb		patch \| blob \| history
test/functional/issues_controller_test.rb		patch \| blob \| history
test/integration/api_test/issues_test.rb		patch \| blob \| history