Use regular #authorize method.

git-svn-id: http://svn.redmine.org/redmine/trunk@16724 e93f8b46-1217-0410-a6f0-8f06a7374b81

4 files changed, 13 insertions, 25 deletions

diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb
index f82f0110a..a9650a6f0 100644
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -17,7 +17,7 @@
 
 class ActivitiesController < ApplicationController
   menu_item :activity
-  before_action :find_optional_project
+  before_action :find_optional_project_by_id, :authorize_global
   accept_rss_auth :index
 
   def index
@@ -76,15 +76,4 @@ class ActivitiesController < ApplicationController
   rescue ActiveRecord::RecordNotFound
     render_404
   end
-
-  private
-
-  # TODO: refactor, duplicated in projects_controller
-  def find_optional_project
-    return true unless params[:id]
-    @project = Project.find(params[:id])
-    authorize
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1d42901f0..1b5a74da2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -285,8 +285,16 @@ class ApplicationController < ActionController::Base
     render_404
   end
 
+  # Find project of id params[:id] if present
+  def find_optional_project_by_id
+    if params[:id].present?
+      @project = Project.find(params[:id])
+    end
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   # Find a project based on params[:project_id]
-  # TODO: some subclasses override this, see about merging their logic
   def find_optional_project
     @project = Project.find(params[:project_id]) unless params[:project_id].blank?
     allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 36bae860a..2887db9a3 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -16,7 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 class SearchController < ApplicationController
-  before_action :find_optional_project
+  before_action :find_optional_project_by_id, :authorize_global
   accept_api_auth :index
 
   def index
@@ -87,13 +87,4 @@ class SearchController < ApplicationController
       format.api  { @results ||= []; render :layout => false }
     end
   end
-
-private
-  def find_optional_project
-    return true unless params[:id]
-    @project = Project.find(params[:id])
-    check_project_privacy
-  rescue ActiveRecord::RecordNotFound
-    render_404
-  end
 end
diff --git a/test/functional/search_controller_test.rb b/test/functional/search_controller_test.rb
index 97075ea66..aace89a81 100644
--- a/test/functional/search_controller_test.rb
+++ b/test/functional/search_controller_test.rb
@@ -42,10 +42,10 @@ class SearchControllerTest < Redmine::ControllerTest
     assert_select '#search-results dt.project a', :text => /eCookbook/
   end
 
-  def test_search_on_archived_project_should_return_404
+  def test_search_on_archived_project_should_return_403
     Project.find(3).archive
     get :index, :params => {:id => 3}
-    assert_response 404
+    assert_response 403
   end
 
   def test_search_on_invisible_project_by_user_should_be_denied