From: Go MAEDA <maeda@farend.jp>
Date: Fri, 20 Jan 2023 03:32:40 +0000 (+0000)
Subject: Merged r22066 from trunk to 5.0-stable (#38063).
X-Git-Tag: 5.0.5~13
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e7bfab6f4309b83dd5e195d2acbb4f196035c462;p=redmine.git

Merged r22066 from trunk to 5.0-stable (#38063).


git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@22067 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d400bdca8..2c070ed67 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base
   # and authorize the user for the requested action
   def find_optional_project
     if params[:project_id].present?
-      find_project(params[:project_id])
+      @project = Project.find(params[:project_id])
     end
     authorize_global
+  rescue ActiveRecord::RecordNotFound
+    User.current.logged? ? render_404 : require_login
+    false
   end
 
   # Finds and sets @project based on @object.project
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb
index 0d62b8f19..12e815350 100644
--- a/test/functional/news_controller_test.rb
+++ b/test/functional/news_controller_test.rb
@@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest
     assert_select 'h3 a', :text => 'eCookbook first release !'
   end
 
-  def test_index_with_invalid_project_should_respond_with_404
+  def test_index_with_invalid_project_should_respond_with_404_for_logged_users
+    @request.session[:user_id] = 2
+
     get(:index, :params => {:project_id => 999})
     assert_response 404
   end
 
+  def test_index_with_invalid_project_should_respond_with_302_for_anonymous
+    Role.anonymous.remove_permission! :view_news
+    with_settings :login_required => '0' do
+      get(:index, :params => {:project_id => 999})
+      assert_response 302
+    end
+  end
+
   def test_index_without_permission_should_fail
     Role.all.each {|r| r.remove_permission! :view_news}
     @request.session[:user_id] = 2
diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb
index f7abae80b..1b8c091a0 100644
--- a/test/integration/application_test.rb
+++ b/test/integration/application_test.rb
@@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest
       assert_response 302
     end
   end
+
+  def test_find_optional_project_should_not_error
+    Role.anonymous.remove_permission! :view_gantt
+    with_settings :login_required => '0' do
+      get '/projects/nonexistingproject/issues/gantt'
+      assert_response 302
+    end
+  end
+
+  def test_find_optional_project_should_render_404_for_logged_users
+    log_user('jsmith', 'jsmith')
+
+    get '/projects/nonexistingproject/issues/gantt'
+    assert_response 404
+  end
 end