Avoid double-render error with ApplicationController#find_optional_project (#38063).

author Go MAEDA <maeda@farend.jp>

Fri, 20 Jan 2023 03:31:41 +0000 (03:31 +0000)

committer Go MAEDA <maeda@farend.jp>

Fri, 20 Jan 2023 03:31:41 +0000 (03:31 +0000)
author Go MAEDA <maeda@farend.jp>
Fri, 20 Jan 2023 03:31:41 +0000 (03:31 +0000)
committer Go MAEDA <maeda@farend.jp>
Fri, 20 Jan 2023 03:31:41 +0000 (03:31 +0000)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb

index 6bda0108890fe874de3f5f104d212f92e3a8419d..c39fe8ad1ef43deba9f1cd8081923dfd9d4d9523 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base
    # and authorize the user for the requested action
    def find_optional_project
      if params[:project_id].present?
-      find_project(params[:project_id])
+      @project = Project.find(params[:project_id])
      end
      authorize_global
+  rescue ActiveRecord::RecordNotFound
+    User.current.logged? ? render_404 : require_login
+    false
    end
  
    # Finds and sets @project based on @object.project
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb

index ffa439073c82c5c9098d6ac7b1df38d115f6a881..d21835656b497c2314b3b8837b6fb524d3153918 100644 (file)
--- a/test/functional/news_controller_test.rb
+++ b/test/functional/news_controller_test.rb
@@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest
      assert_select 'h3 a', :text => 'eCookbook first release !'
    end
  
-  def test_index_with_invalid_project_should_respond_with_404
+  def test_index_with_invalid_project_should_respond_with_404_for_logged_users
+    @request.session[:user_id] = 2
+
      get(:index, :params => {:project_id => 999})
      assert_response 404
    end
  
+  def test_index_with_invalid_project_should_respond_with_302_for_anonymous
+    Role.anonymous.remove_permission! :view_news
+    with_settings :login_required => '0' do
+      get(:index, :params => {:project_id => 999})
+      assert_response 302
+    end
+  end
+
    def test_index_without_permission_should_fail
      Role.all.each {|r| r.remove_permission! :view_news}
      @request.session[:user_id] = 2
diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb

index d6caac41a6bab9326385ede248bbea55e47c8955..f80e9f81a8dec283f801a2e93afd7eab6bca5cc3 100644 (file)
--- a/test/integration/application_test.rb
+++ b/test/integration/application_test.rb
@@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest
        assert_response 302
      end
    end
+
+  def test_find_optional_project_should_not_error
+    Role.anonymous.remove_permission! :view_gantt
+    with_settings :login_required => '0' do
+      get '/projects/nonexistingproject/issues/gantt'
+      assert_response 302
+    end
+  end
+
+  def test_find_optional_project_should_render_404_for_logged_users
+    log_user('jsmith', 'jsmith')
+
+    get '/projects/nonexistingproject/issues/gantt'
+    assert_response 404
+  end
  end
author	Go MAEDA <maeda@farend.jp>
	Fri, 20 Jan 2023 03:31:41 +0000 (03:31 +0000)
committer	Go MAEDA <maeda@farend.jp>
	Fri, 20 Jan 2023 03:31:41 +0000 (03:31 +0000)
app/controllers/application_controller.rb		patch \| blob \| history
test/functional/news_controller_test.rb		patch \| blob \| history
test/integration/application_test.rb		patch \| blob \| history