Use regular #authorize method.

git-svn-id: http://svn.redmine.org/redmine/trunk@16724 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb
index f82f0110aee97b01bab93c6097ddf38de4c75a67..a9650a6f0cfa4a3cdf9021d4d263858013d8b804 100644 (file)
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -17,7 +17,7 @@
 
 class ActivitiesController < ApplicationController
   menu_item :activity
-  before_action :find_optional_project
+  before_action :find_optional_project_by_id, :authorize_global
   accept_rss_auth :index
 
   def index
@@ -76,15 +76,4 @@ class ActivitiesController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-
-  private
-
-  # TODO: refactor, duplicated in projects_controller
-  def find_optional_project
-    return true unless params[:id]
-    @project = Project.find(params[:id])
-    authorize
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1d42901f0c34c6e60b771c8083593fcd26d58bbf..1b5a74da21677ba784a3c87e63a352a6b938cdd9 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -285,8 +285,16 @@ class ApplicationController < ActionController::Base
     render_404
   end
 
+  # Find project of id params[:id] if present
+  def find_optional_project_by_id
+    if params[:id].present?
+      @project = Project.find(params[:id])
+    end
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   # Find a project based on params[:project_id]
-  # TODO: some subclasses override this, see about merging their logic
   def find_optional_project
     @project = Project.find(params[:project_id]) unless params[:project_id].blank?
     allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 36bae860a2ff145337043d61596fcea607fc9eb6..2887db9a35450dbebfe3ecc950dae517ddf21db4 100644 (file)
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -16,7 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 class SearchController < ApplicationController
-  before_action :find_optional_project
+  before_action :find_optional_project_by_id, :authorize_global
   accept_api_auth :index
 
   def index
@@ -87,13 +87,4 @@ class SearchController < ApplicationController
       format.api  { @results ||= []; render :layout => false }
     end
   end
-
-private
-  def find_optional_project
-    return true unless params[:id]
-    @project = Project.find(params[:id])
-    check_project_privacy
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end

diff --git a/test/functional/search_controller_test.rb b/test/functional/search_controller_test.rb
index 97075ea66a7fb3877c061d7acd848b6fc4ab8b75..aace89a816a6fdb46ddf4318be52db89bdfb930d 100644 (file)
--- a/test/functional/search_controller_test.rb
+++ b/test/functional/search_controller_test.rb
@@ -42,10 +42,10 @@ class SearchControllerTest < Redmine::ControllerTest
     assert_select '#search-results dt.project a', :text => /eCookbook/
   end
 
-  def test_search_on_archived_project_should_return_404
+  def test_search_on_archived_project_should_return_403
     Project.find(3).archive
     get :index, :params => {:id => 3}
-    assert_response 404
+    assert_response 403
   end
 
   def test_search_on_invisible_project_by_user_should_be_denied