Don't redirect anonymous users to the login form when module is disabled (#26145).

git-svn-id: http://svn.redmine.org/redmine/trunk@16726 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f1d57d4b8e508fd874b26fd416712c3a2cbeab96..a05f54077838ce3178982c8114edb7cd91e4afdc 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -260,6 +260,9 @@ class ApplicationController < ActionController::Base
     else
       if @project && @project.archived?
         render_403 :message => :notice_not_authorized_archived_project
+      elsif @project && !@project.allows_to?(:controller => ctrl, :action => action)
+        # Project module is disabled
+        render_403
       else
         deny_access
       end

diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb
index bc66e86d909ec76c51d4f61552f20314967d9ec4..b0feee8271618ade72785151c5066357d1111923 100644 (file)
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -579,7 +579,7 @@ class ProjectsControllerTest < Redmine::ControllerTest
     get :settings, :params => {
         :id => 1
       }
-    assert_response 302
+    assert_response 403
   end
 
   def test_setting_with_wiki_module_and_no_wiki
@@ -700,7 +700,7 @@ class ProjectsControllerTest < Redmine::ControllerTest
           :name => 'Closed'
         }
       }
-    assert_response 302
+    assert_response 403
     assert_equal 'eCookbook', Project.find(1).name
   end