From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 21 Mar 2015 08:35:46 +0000 (+0000)
Subject: Merged r14141 and r14146 (#19276).
X-Git-Tag: 3.0.2~25
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=20eea840f52aff84a10c41a716fde780a78a0094;p=redmine.git

Merged r14141 and r14146 (#19276).

git-svn-id: http://svn.redmine.org/redmine/branches/3.0-stable@14150 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 161022635..d38b69dd1 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -133,7 +133,7 @@ class IssuesController < ApplicationController
   end
 
   def create
-    unless User.current.allowed_to?(:add_issues, @issue.project)
+    unless User.current.allowed_to?(:add_issues, @issue.project, :global => true)
       raise ::Unauthorized
     end
     call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
@@ -151,7 +151,13 @@ class IssuesController < ApplicationController
       return
     else
       respond_to do |format|
-        format.html { render :action => 'new' }
+        format.html {
+          if @issue.project.nil?
+            render_error :status => 422
+          else
+            render :action => 'new'
+          end
+        }
         format.api  { render_validation_errors(@issue) }
       end
     end
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 70e74baa5..dc3bd4861 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -2218,7 +2218,7 @@ class IssuesControllerTest < ActionController::TestCase
            :issue => {:project_id => 3,
                       :tracker_id => 2,
                       :subject => 'Foo'}
-      assert_response 403
+      assert_response 422
     end
   end
 
diff --git a/test/integration/api_test/issues_test.rb b/test/integration/api_test/issues_test.rb
index 8213834ba..5d8641c19 100644
--- a/test/integration/api_test/issues_test.rb
+++ b/test/integration/api_test/issues_test.rb
@@ -444,6 +444,11 @@ JSON
     assert json['errors'].include?("Subject cannot be blank")
   end
 
+  test "POST /issues.json with invalid project_id should respond with 422" do
+    post '/issues.json', {:issue => {:project_id => 999, :subject => "API"}}, credentials('jsmith')
+    assert_response 422
+  end
+
   test "PUT /issues/:id.xml" do
     assert_difference('Journal.count') do
       put '/issues/6.xml',