git-svn-id: http://svn.redmine.org/redmine/trunk@16724 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.0.0
@@ -17,7 +17,7 @@ | |||
class ActivitiesController < ApplicationController | |||
menu_item :activity | |||
before_action :find_optional_project | |||
before_action :find_optional_project_by_id, :authorize_global | |||
accept_rss_auth :index | |||
def index | |||
@@ -76,15 +76,4 @@ class ActivitiesController < ApplicationController | |||
rescue ActiveRecord::RecordNotFound | |||
render_404 | |||
end | |||
private | |||
# TODO: refactor, duplicated in projects_controller | |||
def find_optional_project | |||
return true unless params[:id] | |||
@project = Project.find(params[:id]) | |||
authorize | |||
rescue ActiveRecord::RecordNotFound | |||
render_404 | |||
end | |||
end |
@@ -285,8 +285,16 @@ class ApplicationController < ActionController::Base | |||
render_404 | |||
end | |||
# Find project of id params[:id] if present | |||
def find_optional_project_by_id | |||
if params[:id].present? | |||
@project = Project.find(params[:id]) | |||
end | |||
rescue ActiveRecord::RecordNotFound | |||
render_404 | |||
end | |||
# Find a project based on params[:project_id] | |||
# TODO: some subclasses override this, see about merging their logic | |||
def find_optional_project | |||
@project = Project.find(params[:project_id]) unless params[:project_id].blank? | |||
allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true) |
@@ -16,7 +16,7 @@ | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
class SearchController < ApplicationController | |||
before_action :find_optional_project | |||
before_action :find_optional_project_by_id, :authorize_global | |||
accept_api_auth :index | |||
def index | |||
@@ -87,13 +87,4 @@ class SearchController < ApplicationController | |||
format.api { @results ||= []; render :layout => false } | |||
end | |||
end | |||
private | |||
def find_optional_project | |||
return true unless params[:id] | |||
@project = Project.find(params[:id]) | |||
check_project_privacy | |||
rescue ActiveRecord::RecordNotFound | |||
render_404 | |||
end | |||
end |
@@ -42,10 +42,10 @@ class SearchControllerTest < Redmine::ControllerTest | |||
assert_select '#search-results dt.project a', :text => /eCookbook/ | |||
end | |||
def test_search_on_archived_project_should_return_404 | |||
def test_search_on_archived_project_should_return_403 | |||
Project.find(3).archive | |||
get :index, :params => {:id => 3} | |||
assert_response 404 | |||
assert_response 403 | |||
end | |||
def test_search_on_invisible_project_by_user_should_be_denied |