# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
- allowed ? true : deny_access
+ if allowed
+ true
+ else
+ if @project && @project.archived?
+ render_403 :message => :notice_not_authorized_archived_project
+ else
+ deny_access
+ end
+ end
end
# Authorize the user for the requested action outside a project
redirect_to default
end
- def render_403
+ def render_403(options={})
@project = nil
+ @message = options[:message] || :notice_not_authorized
+ @message = l(@message) if @message.is_a?(Symbol)
respond_to do |format|
format.html { render :template => "common/403", :layout => use_layout, :status => 403 }
format.atom { head 403 }
self.status == STATUS_ACTIVE
end
+ def archived?
+ self.status == STATUS_ARCHIVED
+ end
+
# Archives the project and its descendants
def archive
# Check that there is no issue of a non descendant project that is assigned
<h2>403</h2>
-<p><%= l(:notice_not_authorized) %></p>
+<p><%=h @message %></p>
<p><a href="javascript:history.back()">Back</a></p>
<% html_title '403' %>
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
setting_default_notification_option: Default notification option
label_user_mail_option_only_my_events: Only for things I watch or I'm involved in
label_user_mail_option_only_assigned: Only for things I am assigned to
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.\r
notice_file_not_found: The page you were trying to access doesn't exist or has been removed.
notice_locking_conflict: Data has been updated by another user.
notice_not_authorized: You are not authorized to access this page.
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
notice_email_sent: "An email was sent to {{value}}"
notice_email_error: "An error occurred while sending mail ({{value}})"
notice_feeds_access_key_reseted: Your RSS access key was reset.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.\r
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
notice_file_not_found: "La page à laquelle vous souhaitez accéder n'existe pas ou a été supprimée."
notice_locking_conflict: Les données ont été mises à jour par un autre utilisateur. Mise à jour impossible.
notice_not_authorized: "Vous n'êtes pas autorisés à accéder à cette page."
+ notice_not_authorized_archived_project: Le projet auquel vous tentez d'accéder a été archivé.
notice_email_sent: "Un email a été envoyé à {{value}}"
notice_email_error: "Erreur lors de l'envoi de l'email ({{value}})"
notice_feeds_access_key_reseted: "Votre clé d'accès aux flux RSS a été réinitialisée."
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.\r
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.\r
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.\r
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.\r
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
label_user_mail_option_none: No events
field_member_of_group: Assignee's group
field_assigned_to_role: Assignee's role
+ notice_not_authorized_archived_project: The project you're trying to access has been archived.
assert_equal Project.find_by_identifier('ecookbook'), assigns(:project)
end
+ def show_archived_project_should_be_denied
+ project = Project.find_by_identifier('ecookbook')
+ project.archive!
+
+ get :show, :id => 'ecookbook'
+ assert_response 403
+ assert_nil assigns(:project)
+ assert_tag :tag => 'p', :content => /archived/
+ end
+
def test_private_subprojects_hidden
get :show, :id => 'ecookbook'
assert_response :success
@ecookbook.reload
assert !@ecookbook.active?
+ assert @ecookbook.archived?
assert !user.projects.include?(@ecookbook)
# Subproject are also archived
assert !@ecookbook.children.empty?
assert @ecookbook.unarchive
@ecookbook.reload
assert @ecookbook.active?
+ assert !@ecookbook.archived?
assert user.projects.include?(@ecookbook)
# Subproject can now be unarchived
@ecookbook_sub1.reload
projects / redmine.git / commitdiff