Patch by Holger Just. git-svn-id: https://svn.redmine.org/redmine/trunk@22066 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.1.0
@@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base | |||
# and authorize the user for the requested action | |||
def find_optional_project | |||
if params[:project_id].present? | |||
find_project(params[:project_id]) | |||
@project = Project.find(params[:project_id]) | |||
end | |||
authorize_global | |||
rescue ActiveRecord::RecordNotFound | |||
User.current.logged? ? render_404 : require_login | |||
false | |||
end | |||
# Finds and sets @project based on @object.project |
@@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest | |||
assert_select 'h3 a', :text => 'eCookbook first release !' | |||
end | |||
def test_index_with_invalid_project_should_respond_with_404 | |||
def test_index_with_invalid_project_should_respond_with_404_for_logged_users | |||
@request.session[:user_id] = 2 | |||
get(:index, :params => {:project_id => 999}) | |||
assert_response 404 | |||
end | |||
def test_index_with_invalid_project_should_respond_with_302_for_anonymous | |||
Role.anonymous.remove_permission! :view_news | |||
with_settings :login_required => '0' do | |||
get(:index, :params => {:project_id => 999}) | |||
assert_response 302 | |||
end | |||
end | |||
def test_index_without_permission_should_fail | |||
Role.all.each {|r| r.remove_permission! :view_news} | |||
@request.session[:user_id] = 2 |
@@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest | |||
assert_response 302 | |||
end | |||
end | |||
def test_find_optional_project_should_not_error | |||
Role.anonymous.remove_permission! :view_gantt | |||
with_settings :login_required => '0' do | |||
get '/projects/nonexistingproject/issues/gantt' | |||
assert_response 302 | |||
end | |||
end | |||
def test_find_optional_project_should_render_404_for_logged_users | |||
log_user('jsmith', 'jsmith') | |||
get '/projects/nonexistingproject/issues/gantt' | |||
assert_response 404 | |||
end | |||
end |