diff options
| author | Go MAEDA <maeda@farend.jp> | 2023-01-20 03:32:40 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2023-01-20 03:32:40 +0000 |
| commit | e7bfab6f4309b83dd5e195d2acbb4f196035c462 (patch) | |
| tree | cace1be9e29b0c21533ae81114f02659b8b95d26 | |
| parent | f9f617caa3dab03d4594b826effe171d65f77338 (diff) | |
| download | redmine-e7bfab6f4309b83dd5e195d2acbb4f196035c462.tar.gz redmine-e7bfab6f4309b83dd5e195d2acbb4f196035c462.zip | |
Merged r22066 from trunk to 5.0-stable (#38063).
git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@22067 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/application_controller.rb | 5 | ||||
| -rw-r--r-- | test/functional/news_controller_test.rb | 12 | ||||
| -rw-r--r-- | test/integration/application_test.rb | 15 |
3 files changed, 30 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d400bdca8..2c070ed67 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base # and authorize the user for the requested action def find_optional_project if params[:project_id].present? - find_project(params[:project_id]) + @project = Project.find(params[:project_id]) end authorize_global + rescue ActiveRecord::RecordNotFound + User.current.logged? ? render_404 : require_login + false end # Finds and sets @project based on @object.project diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb index 0d62b8f19..12e815350 100644 --- a/test/functional/news_controller_test.rb +++ b/test/functional/news_controller_test.rb @@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest assert_select 'h3 a', :text => 'eCookbook first release !' end - def test_index_with_invalid_project_should_respond_with_404 + def test_index_with_invalid_project_should_respond_with_404_for_logged_users + @request.session[:user_id] = 2 + get(:index, :params => {:project_id => 999}) assert_response 404 end + def test_index_with_invalid_project_should_respond_with_302_for_anonymous + Role.anonymous.remove_permission! :view_news + with_settings :login_required => '0' do + get(:index, :params => {:project_id => 999}) + assert_response 302 + end + end + def test_index_without_permission_should_fail Role.all.each {|r| r.remove_permission! :view_news} @request.session[:user_id] = 2 diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb index f7abae80b..1b8c091a0 100644 --- a/test/integration/application_test.rb +++ b/test/integration/application_test.rb @@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest assert_response 302 end end + + def test_find_optional_project_should_not_error + Role.anonymous.remove_permission! :view_gantt + with_settings :login_required => '0' do + get '/projects/nonexistingproject/issues/gantt' + assert_response 302 + end + end + + def test_find_optional_project_should_render_404_for_logged_users + log_user('jsmith', 'jsmith') + + get '/projects/nonexistingproject/issues/gantt' + assert_response 404 + end end |