diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-03-12 20:50:48 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-03-12 20:50:48 +0000 |
| commit | d4429a544c50c908d85259eb3706a6960b0a604d (patch) | |
| tree | ca7491c5d510f1515197820f50f74ccf9c795e8a | |
| parent | 3a9b0988c7515371531e47f9eef9f8e60ce352aa (diff) | |
| download | redmine-d4429a544c50c908d85259eb3706a6960b0a604d.tar.gz redmine-d4429a544c50c908d85259eb3706a6960b0a604d.zip | |
Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1237 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/application.rb | 12 | ||||
| -rw-r--r-- | app/controllers/search_controller.rb | 11 | ||||
| -rw-r--r-- | test/functional/search_controller_test.rb | 6 |
3 files changed, 19 insertions, 10 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 7510d503e..98cb4a827 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -102,13 +102,17 @@ class ApplicationController < ActionController::Base # make sure that the user is a member of the project (or admin) if project is private # used as a before_filter for actions that do not require any particular permission on the project def check_project_privacy - unless @project.active? + if @project && @project.active? + if @project.is_public? || User.current.member_of?(@project) || User.current.admin? + true + else + User.current.logged? ? render_403 : require_login + end + else @project = nil render_404 - return false + false end - return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin? - User.current.logged? ? render_403 : require_login end # store current uri in session. diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 69e1ee503..f15653b63 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -17,6 +17,8 @@ class SearchController < ApplicationController layout 'base' + + before_filter :find_optional_project helper :messages include MessagesHelper @@ -36,11 +38,6 @@ class SearchController < ApplicationController return end - if params[:id] - find_project - return unless check_project_privacy - end - if @project # only show what the user is allowed to view @object_types = %w(issues news documents changesets wiki_pages messages) @@ -104,8 +101,10 @@ class SearchController < ApplicationController end private - def find_project + def find_optional_project + return true unless params[:id] @project = Project.find(params[:id]) + check_project_privacy rescue ActiveRecord::RecordNotFound render_404 end diff --git a/test/functional/search_controller_test.rb b/test/functional/search_controller_test.rb index 63f1097d6..49004c7e6 100644 --- a/test/functional/search_controller_test.rb +++ b/test/functional/search_controller_test.rb @@ -78,6 +78,12 @@ class SearchControllerTest < Test::Unit::TestCase assert_equal 2, results.size end + def test_search_with_invalid_project_id + get :index, :id => 195, :q => 'recipe' + assert_response 404 + assert_nil assigns(:results) + end + def test_quick_jump_to_issue # issue of a public project get :index, :q => "3" |