Browse Source
Use regular #authorize method.
git-svn-id: http://svn.redmine.org/redmine/trunk@16724 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.0.0
Jean-Philippe Lang
7 years ago
4 changed files with 13 additions and 25 deletions
+ 1
- 12
app/controllers/activities_controller.rb
View File
| @@ -17,7 +17,7 @@ | |||
| class ActivitiesController < ApplicationController | |||
| menu_item :activity | |||
| before_action :find_optional_project | |||
| before_action :find_optional_project_by_id, :authorize_global | |||
| accept_rss_auth :index | |||
| def index | |||
| @@ -76,15 +76,4 @@ class ActivitiesController < ApplicationController | |||
| rescue ActiveRecord::RecordNotFound | |||
| render_404 | |||
| end | |||
| private | |||
| # TODO: refactor, duplicated in projects_controller | |||
| def find_optional_project | |||
| return true unless params[:id] | |||
| @project = Project.find(params[:id]) | |||
| authorize | |||
| rescue ActiveRecord::RecordNotFound | |||
| render_404 | |||
| end | |||
| end | |||
+ 9
- 1
app/controllers/application_controller.rb
View File
| @@ -285,8 +285,16 @@ class ApplicationController < ActionController::Base | |||
| render_404 | |||
| end | |||
| # Find project of id params[:id] if present | |||
| def find_optional_project_by_id | |||
| if params[:id].present? | |||
| @project = Project.find(params[:id]) | |||
| end | |||
| rescue ActiveRecord::RecordNotFound | |||
| render_404 | |||
| end | |||
| # Find a project based on params[:project_id] | |||
| # TODO: some subclasses override this, see about merging their logic | |||
| def find_optional_project | |||
| @project = Project.find(params[:project_id]) unless params[:project_id].blank? | |||
| allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true) | |||
+ 1
- 10
app/controllers/search_controller.rb
View File
| @@ -16,7 +16,7 @@ | |||
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
| class SearchController < ApplicationController | |||
| before_action :find_optional_project | |||
| before_action :find_optional_project_by_id, :authorize_global | |||
| accept_api_auth :index | |||
| def index | |||
| @@ -87,13 +87,4 @@ class SearchController < ApplicationController | |||
| format.api { @results ||= []; render :layout => false } | |||
| end | |||
| end | |||
| private | |||
| def find_optional_project | |||
| return true unless params[:id] | |||
| @project = Project.find(params[:id]) | |||
| check_project_privacy | |||
| rescue ActiveRecord::RecordNotFound | |||
| render_404 | |||
| end | |||
| end | |||
+ 2
- 2
test/functional/search_controller_test.rb
View File
| @@ -42,10 +42,10 @@ class SearchControllerTest < Redmine::ControllerTest | |||
| assert_select '#search-results dt.project a', :text => /eCookbook/ | |||
| end | |||
| def test_search_on_archived_project_should_return_404 | |||
| def test_search_on_archived_project_should_return_403 | |||
| Project.find(3).archive | |||
| get :index, :params => {:id => 3} | |||
| assert_response 404 | |||
| assert_response 403 | |||
| end | |||
| def test_search_on_invisible_project_by_user_should_be_denied | |||
Loading…