diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-06-26 20:41:12 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-06-26 20:41:12 +0000 |
| commit | e7c0e16a3ff68681cb475fa382d843c0977a7c09 (patch) | |
| tree | 0054114634a6b4e2dd3cc1aaf39a7c8e88a95c50 /app/controllers | |
| parent | 339a6212effb4ac1a9e17ff3059c67439a957928 (diff) | |
| download | redmine-e7c0e16a3ff68681cb475fa382d843c0977a7c09.tar.gz redmine-e7c0e16a3ff68681cb475fa382d843c0977a7c09.zip | |
Use regular #authorize method.
git-svn-id: http://svn.redmine.org/redmine/trunk@16724 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/activities_controller.rb | 13 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
| -rw-r--r-- | app/controllers/search_controller.rb | 11 |
3 files changed, 11 insertions, 23 deletions
diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb index f82f0110a..a9650a6f0 100644 --- a/app/controllers/activities_controller.rb +++ b/app/controllers/activities_controller.rb @@ -17,7 +17,7 @@ class ActivitiesController < ApplicationController menu_item :activity - before_action :find_optional_project + before_action :find_optional_project_by_id, :authorize_global accept_rss_auth :index def index @@ -76,15 +76,4 @@ class ActivitiesController < ApplicationController rescue ActiveRecord::RecordNotFound render_404 end - - private - - # TODO: refactor, duplicated in projects_controller - def find_optional_project - return true unless params[:id] - @project = Project.find(params[:id]) - authorize - rescue ActiveRecord::RecordNotFound - render_404 - end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1d42901f0..1b5a74da2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -285,8 +285,16 @@ class ApplicationController < ActionController::Base render_404 end + # Find project of id params[:id] if present + def find_optional_project_by_id + if params[:id].present? + @project = Project.find(params[:id]) + end + rescue ActiveRecord::RecordNotFound + render_404 + end + # Find a project based on params[:project_id] - # TODO: some subclasses override this, see about merging their logic def find_optional_project @project = Project.find(params[:project_id]) unless params[:project_id].blank? allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true) diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 36bae860a..2887db9a3 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -16,7 +16,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class SearchController < ApplicationController - before_action :find_optional_project + before_action :find_optional_project_by_id, :authorize_global accept_api_auth :index def index @@ -87,13 +87,4 @@ class SearchController < ApplicationController format.api { @results ||= []; render :layout => false } end end - -private - def find_optional_project - return true unless params[:id] - @project = Project.find(params[:id]) - check_project_privacy - rescue ActiveRecord::RecordNotFound - render_404 - end end |