class ActivitiesController < ApplicationController
menu_item :activity
- before_action :find_optional_project
+ before_action :find_optional_project_by_id, :authorize_global
accept_rss_auth :index
def index
rescue ActiveRecord::RecordNotFound
render_404
end
-
- private
-
- # TODO: refactor, duplicated in projects_controller
- def find_optional_project
- return true unless params[:id]
- @project = Project.find(params[:id])
- authorize
- rescue ActiveRecord::RecordNotFound
- render_404
- end
end
render_404
end
+ # Find project of id params[:id] if present
+ def find_optional_project_by_id
+ if params[:id].present?
+ @project = Project.find(params[:id])
+ end
+ rescue ActiveRecord::RecordNotFound
+ render_404
+ end
+
# Find a project based on params[:project_id]
- # TODO: some subclasses override this, see about merging their logic
def find_optional_project
@project = Project.find(params[:project_id]) unless params[:project_id].blank?
allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SearchController < ApplicationController
- before_action :find_optional_project
+ before_action :find_optional_project_by_id, :authorize_global
accept_api_auth :index
def index
format.api { @results ||= []; render :layout => false }
end
end
-
-private
- def find_optional_project
- return true unless params[:id]
- @project = Project.find(params[:id])
- check_project_privacy
- rescue ActiveRecord::RecordNotFound
- render_404
- end
end
assert_select '#search-results dt.project a', :text => /eCookbook/
end
- def test_search_on_archived_project_should_return_404
+ def test_search_on_archived_project_should_return_403
Project.find(3).archive
get :index, :params => {:id => 3}
- assert_response 404
+ assert_response 403
end
def test_search_on_invisible_project_by_user_should_be_denied