From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 21 Nov 2010 14:57:53 +0000 (+0000)
Subject: Fixed: new gantt chart discloses all private projects names (#6276).
X-Git-Tag: 1.1.0~159
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=dfc76ce642ee1ca5f50f15a0d3956c688d38246a;p=redmine.git

Fixed: new gantt chart discloses all private projects names (#6276).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4425 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/lib/redmine/helpers/gantt.rb b/lib/redmine/helpers/gantt.rb
index ac8f80d0f..4218c51ef 100644
--- a/lib/redmine/helpers/gantt.rb
+++ b/lib/redmine/helpers/gantt.rb
@@ -91,7 +91,7 @@ module Redmine
         if @project
           return number_of_rows_on_project(@project)
         else
-          Project.roots.inject(0) do |total, project|
+          Project.roots.visible.inject(0) do |total, project|
             total += number_of_rows_on_project(project)
           end
         end
@@ -119,7 +119,7 @@ module Redmine
         end
 
         # Subprojects
-        project.children.each do |subproject|
+        project.children.visible.each do |subproject|
           count += number_of_rows_on_project(subproject)
         end
 
@@ -134,7 +134,7 @@ module Redmine
         if @project
           output << render_project(@project, options)
         else
-          Project.roots.each do |project|
+          Project.roots.visible.each do |project|
             output << render_project(project, options)
           end
         end
@@ -150,7 +150,7 @@ module Redmine
         if @project
           output << render_project(@project, options)
         else
-          Project.roots.each do |project|
+          Project.roots.visible.each do |project|
             output << render_project(project, options)
           end
         end
@@ -191,7 +191,7 @@ module Redmine
         end
 
         # Fourth, subprojects
-        project.children.each do |project|
+        project.children.visible.each do |project|
           subproject_rendering = render_project(project, options)
           output << subproject_rendering if options[:format] == :html
         end
diff --git a/test/functional/gantts_controller_test.rb b/test/functional/gantts_controller_test.rb
index 4c891c3d0..30ef14e09 100644
--- a/test/functional/gantts_controller_test.rb
+++ b/test/functional/gantts_controller_test.rb
@@ -49,6 +49,18 @@ class GanttsControllerTest < ActionController::TestCase
       assert_nil assigns(:gantt).project
     end
 
+    should "not disclose private projects" do
+      get :show
+      assert_response :success
+      assert_template 'show.html.erb'
+      
+      assert_tag 'a', :content => /eCookbook/
+      # Root private project
+      assert_no_tag 'a', {:content => /OnlineStore/}
+      # Private children of a public project
+      assert_no_tag 'a', :content => /Private child of eCookbook/
+    end
+
     should "export to pdf" do
       get :show, :project_id => 1, :format => 'pdf'
       assert_response :success