diff options
| author | Go MAEDA <maeda@farend.jp> | 2023-01-20 03:38:34 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2023-01-20 03:38:34 +0000 |
| commit | 4d5d735c76f7e774e9c8b41eced49a8abbfa9c8b (patch) | |
| tree | 579417316053fcfd79a0e34895ade330407669b0 | |
| parent | 6bd8970afb045e836789679c52b57f6a789c964e (diff) | |
| download | redmine-4d5d735c76f7e774e9c8b41eced49a8abbfa9c8b.tar.gz redmine-4d5d735c76f7e774e9c8b41eced49a8abbfa9c8b.zip | |
Merged r22066 from trunk to 4.2-stable (#38063).
git-svn-id: https://svn.redmine.org/redmine/branches/4.2-stable@22068 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/application_controller.rb | 5 | ||||
| -rw-r--r-- | test/functional/news_controller_test.rb | 12 | ||||
| -rw-r--r-- | test/integration/application_test.rb | 15 |
3 files changed, 30 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 06bf0c786..c1a5b8e9f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -344,9 +344,12 @@ class ApplicationController < ActionController::Base # and authorize the user for the requested action def find_optional_project if params[:project_id].present? - find_project(params[:project_id]) + @project = Project.find(params[:project_id]) end authorize_global + rescue ActiveRecord::RecordNotFound + User.current.logged? ? render_404 : require_login + false end # Finds and sets @project based on @object.project diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb index 0d62b8f19..12e815350 100644 --- a/test/functional/news_controller_test.rb +++ b/test/functional/news_controller_test.rb @@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest assert_select 'h3 a', :text => 'eCookbook first release !' end - def test_index_with_invalid_project_should_respond_with_404 + def test_index_with_invalid_project_should_respond_with_404_for_logged_users + @request.session[:user_id] = 2 + get(:index, :params => {:project_id => 999}) assert_response 404 end + def test_index_with_invalid_project_should_respond_with_302_for_anonymous + Role.anonymous.remove_permission! :view_news + with_settings :login_required => '0' do + get(:index, :params => {:project_id => 999}) + assert_response 302 + end + end + def test_index_without_permission_should_fail Role.all.each {|r| r.remove_permission! :view_news} @request.session[:user_id] = 2 diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb index 684863736..315a1f20f 100644 --- a/test/integration/application_test.rb +++ b/test/integration/application_test.rb @@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest assert_response 302 end end + + def test_find_optional_project_should_not_error + Role.anonymous.remove_permission! :view_gantt + with_settings :login_required => '0' do + get '/projects/nonexistingproject/issues/gantt' + assert_response 302 + end + end + + def test_find_optional_project_should_render_404_for_logged_users + log_user('jsmith', 'jsmith') + + get '/projects/nonexistingproject/issues/gantt' + assert_response 404 + end end |