Merged r22066 from trunk to 4.2-stable (#38063).

author Go MAEDA <maeda@farend.jp>

Fri, 20 Jan 2023 03:38:34 +0000 (03:38 +0000)

committer Go MAEDA <maeda@farend.jp>

Fri, 20 Jan 2023 03:38:34 +0000 (03:38 +0000)
author Go MAEDA <maeda@farend.jp>
Fri, 20 Jan 2023 03:38:34 +0000 (03:38 +0000)
committer Go MAEDA <maeda@farend.jp>
Fri, 20 Jan 2023 03:38:34 +0000 (03:38 +0000)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb

index 06bf0c786aa7ce910b2ce8729d8c0bf1e55cf550..c1a5b8e9f95dee57c6f1e525ccefa217ebe82032 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -344,9 +344,12 @@ class ApplicationController < ActionController::Base
    # and authorize the user for the requested action
    def find_optional_project
      if params[:project_id].present?
-      find_project(params[:project_id])
+      @project = Project.find(params[:project_id])
      end
      authorize_global
+  rescue ActiveRecord::RecordNotFound
+    User.current.logged? ? render_404 : require_login
+    false
    end
  
    # Finds and sets @project based on @object.project
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb

index 0d62b8f196321d95c0c3ea2a5723dc81b970f074..12e815350a2e5db9cbbc8c1e94c554e46210f30e 100644 (file)
--- a/test/functional/news_controller_test.rb
+++ b/test/functional/news_controller_test.rb
@@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest
      assert_select 'h3 a', :text => 'eCookbook first release !'
    end
  
-  def test_index_with_invalid_project_should_respond_with_404
+  def test_index_with_invalid_project_should_respond_with_404_for_logged_users
+    @request.session[:user_id] = 2
+
      get(:index, :params => {:project_id => 999})
      assert_response 404
    end
  
+  def test_index_with_invalid_project_should_respond_with_302_for_anonymous
+    Role.anonymous.remove_permission! :view_news
+    with_settings :login_required => '0' do
+      get(:index, :params => {:project_id => 999})
+      assert_response 302
+    end
+  end
+
    def test_index_without_permission_should_fail
      Role.all.each {|r| r.remove_permission! :view_news}
      @request.session[:user_id] = 2
diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb

index 684863736c0273e02f0582b03bc6ac952bfbfe62..315a1f20ffedbf6283b6a2eb60ac4ed757a74d63 100644 (file)
--- a/test/integration/application_test.rb
+++ b/test/integration/application_test.rb
@@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest
        assert_response 302
      end
    end
+
+  def test_find_optional_project_should_not_error
+    Role.anonymous.remove_permission! :view_gantt
+    with_settings :login_required => '0' do
+      get '/projects/nonexistingproject/issues/gantt'
+      assert_response 302
+    end
+  end
+
+  def test_find_optional_project_should_render_404_for_logged_users
+    log_user('jsmith', 'jsmith')
+
+    get '/projects/nonexistingproject/issues/gantt'
+    assert_response 404
+  end
  end
author	Go MAEDA <maeda@farend.jp>
	Fri, 20 Jan 2023 03:38:34 +0000 (03:38 +0000)
committer	Go MAEDA <maeda@farend.jp>
	Fri, 20 Jan 2023 03:38:34 +0000 (03:38 +0000)
app/controllers/application_controller.rb		patch \| blob \| history
test/functional/news_controller_test.rb		patch \| blob \| history
test/integration/application_test.rb		patch \| blob \| history