git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10904 e93f8b46-1217-0410-a6f0-8f06a7374b81

11 years ago · 6e1ff5bba6
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -276,14 +276,24 @@ class ApplicationController < ActionController::Base
    self.model_object = model
  end

  # Filter for bulk issue operations
  # Find the issue whose id is the :id parameter
  # Raises a Unauthorized exception if the issue is not visible
  def find_issue
    # Issue.visible.find(...) can not be used to redirect user to the login form
    # if the issue actually exists but requires authentication
    @issue = Issue.find(params[:id])
    raise Unauthorized unless @issue.visible?
    @project = @issue.project
  rescue ActiveRecord::RecordNotFound
    render_404
  end

  # Find issues with a single :id param or :ids array param
  # Raises a Unauthorized exception if one of the issues is not visible
  def find_issues
    @issues = Issue.find_all_by_id(params[:id] || params[:ids])
    raise ActiveRecord::RecordNotFound if @issues.empty?
    if @issues.detect {|issue| !issue.visible?}
      deny_access
      return
    end
    raise Unauthorized if @issues.all?(&:visible?)
    @projects = @issues.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1
  rescue ActiveRecord::RecordNotFound
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -313,19 +313,7 @@ class IssuesController < ApplicationController
    end
  end

 private
  def find_issue
    # Issue.visible.find(...) can not be used to redirect user to the login form
    # if the issue actually exists but requires authentication
    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
    unless @issue.visible?
      deny_access
      return
    end
    @project = @issue.project
  rescue ActiveRecord::RecordNotFound
    render_404
  end
  private

  def find_project
    project_id = params[:project_id] || (params[:issue] && params[:issue][:project_id])
--- a/app/controllers/journals_controller.rb
+++ b/app/controllers/journals_controller.rb
@@ -102,12 +102,4 @@ class JournalsController < ApplicationController
  rescue ActiveRecord::RecordNotFound
    render_404
  end

  # TODO: duplicated in IssuesController
  def find_issue
    @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
    @project = @issue.project
  rescue ActiveRecord::RecordNotFound
    render_404
  end
 end