git-svn-id: http://svn.redmine.org/redmine/trunk@20046 e93f8b46-1217-0410-a6f0-8f06a7374b81

3 years ago · d7e881617d
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -194,6 +194,7 @@ class ApplicationController < ActionController::Base
  def check_if_login_required
    # no check needed if user is already logged in
    return true if User.current.logged?

    require_login if Setting.login_required?
  end

@@ -285,6 +286,7 @@ class ApplicationController < ActionController::Base

  def require_admin
    return unless require_login

    if !User.current.admin?
      render_403
      return false
@@ -375,6 +377,7 @@ class ApplicationController < ActionController::Base
    # if the issue actually exists but requires authentication
    @issue = Issue.find(params[:id])
    raise Unauthorized unless @issue.visible?

    @project = @issue.project
  rescue ActiveRecord::RecordNotFound
    render_404
@@ -391,6 +394,7 @@ class ApplicationController < ActionController::Base
      to_a
    raise ActiveRecord::RecordNotFound if @issues.empty?
    raise Unauthorized unless @issues.all?(&:visible?)

    @projects = @issues.collect(&:project).compact.uniq
    @project = @projects.first if @projects.size == 1
  rescue ActiveRecord::RecordNotFound
@@ -491,6 +495,7 @@ class ApplicationController < ActionController::Base
      if uri.send(component).present? && uri.send(component) != request.send(component)
        return false
      end

      uri.send(:"#{component}=", nil)
    end
    # Always ignore basic user:password in the URL
@@ -575,6 +580,7 @@ class ApplicationController < ActionController::Base
  # but have no HTML representation for non admin users
  def require_admin_or_api_request
    return true if api_request?

    if User.current.admin?
      true
    elsif User.current.logged?