Browse Source
Avoid double-render error with ApplicationController#find_optional_project (#38063).
Patch by Holger Just. git-svn-id: https://svn.redmine.org/redmine/trunk@22066 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.1.0
Go MAEDA
1 year ago
3 changed files with 30 additions and 2 deletions
+ 4
- 1
app/controllers/application_controller.rb
View File
| @@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base | |||
| # and authorize the user for the requested action | |||
| def find_optional_project | |||
| if params[:project_id].present? | |||
| find_project(params[:project_id]) | |||
| @project = Project.find(params[:project_id]) | |||
| end | |||
| authorize_global | |||
| rescue ActiveRecord::RecordNotFound | |||
| User.current.logged? ? render_404 : require_login | |||
| false | |||
| end | |||
| # Finds and sets @project based on @object.project | |||
+ 11
- 1
test/functional/news_controller_test.rb
View File
| @@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest | |||
| assert_select 'h3 a', :text => 'eCookbook first release !' | |||
| end | |||
| def test_index_with_invalid_project_should_respond_with_404 | |||
| def test_index_with_invalid_project_should_respond_with_404_for_logged_users | |||
| @request.session[:user_id] = 2 | |||
| get(:index, :params => {:project_id => 999}) | |||
| assert_response 404 | |||
| end | |||
| def test_index_with_invalid_project_should_respond_with_302_for_anonymous | |||
| Role.anonymous.remove_permission! :view_news | |||
| with_settings :login_required => '0' do | |||
| get(:index, :params => {:project_id => 999}) | |||
| assert_response 302 | |||
| end | |||
| end | |||
| def test_index_without_permission_should_fail | |||
| Role.all.each {|r| r.remove_permission! :view_news} | |||
| @request.session[:user_id] = 2 | |||
+ 15
- 0
test/integration/application_test.rb
View File
| @@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest | |||
| assert_response 302 | |||
| end | |||
| end | |||
| def test_find_optional_project_should_not_error | |||
| Role.anonymous.remove_permission! :view_gantt | |||
| with_settings :login_required => '0' do | |||
| get '/projects/nonexistingproject/issues/gantt' | |||
| assert_response 302 | |||
| end | |||
| end | |||
| def test_find_optional_project_should_render_404_for_logged_users | |||
| log_user('jsmith', 'jsmith') | |||
| get '/projects/nonexistingproject/issues/gantt' | |||
| assert_response 404 | |||
| end | |||
| end | |||
Loading…