From 310060ff579ad42934194853e9759ea82f6bceee Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Mon, 26 Jun 2017 20:51:28 +0000 Subject: [PATCH] Code cleanup. git-svn-id: http://svn.redmine.org/redmine/trunk@16725 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/application_controller.rb | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1b5a74da2..f1d57d4b8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -272,35 +272,31 @@ class ApplicationController < ActionController::Base end # Find project of id params[:id] - def find_project - @project = Project.find(params[:id]) + def find_project(project_id=params[:id]) + @project = Project.find(project_id) rescue ActiveRecord::RecordNotFound render_404 end # Find project of id params[:project_id] def find_project_by_project_id - @project = Project.find(params[:project_id]) - rescue ActiveRecord::RecordNotFound - render_404 + find_project(params[:project_id]) end # Find project of id params[:id] if present def find_optional_project_by_id if params[:id].present? - @project = Project.find(params[:id]) + find_project(params[:id]) end - rescue ActiveRecord::RecordNotFound - render_404 end # Find a project based on params[:project_id] + # and authorize the user for the requested action def find_optional_project - @project = Project.find(params[:project_id]) unless params[:project_id].blank? - allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true) - allowed ? true : deny_access - rescue ActiveRecord::RecordNotFound - render_404 + if params[:project_id].present? + find_project(params[:project_id]) + end + authorize_global end # Finds and sets @project based on @object.project -- 2.39.5