# make sure that the user is a member of the project (or admin) if project is private
# used as a before_filter for actions that do not require any particular permission on the project
def check_project_privacy
- unless @project.active?
+ if @project && @project.active?
+ if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
+ true
+ else
+ User.current.logged? ? render_403 : require_login
+ end
+ else
@project = nil
render_404
- return false
+ false
end
- return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
- User.current.logged? ? render_403 : require_login
end
# store current uri in session.
class SearchController < ApplicationController
layout 'base'
+
+ before_filter :find_optional_project
helper :messages
include MessagesHelper
return
end
- if params[:id]
- find_project
- return unless check_project_privacy
- end
-
if @project
# only show what the user is allowed to view
@object_types = %w(issues news documents changesets wiki_pages messages)
end
private
- def find_project
+ def find_optional_project
+ return true unless params[:id]
@project = Project.find(params[:id])
+ check_project_privacy
rescue ActiveRecord::RecordNotFound
render_404
end
assert_equal 2, results.size
end
+ def test_search_with_invalid_project_id
+ get :index, :id => 195, :q => 'recipe'
+ assert_response 404
+ assert_nil assigns(:results)
+ end
+
def test_quick_jump_to_issue
# issue of a public project
get :index, :q => "3"