diff options
-rw-r--r-- | app/controllers/previews_controller.rb | 4 | ||||
-rw-r--r-- | test/functional/previews_controller_test.rb | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/previews_controller.rb b/app/controllers/previews_controller.rb index 38245b94b..e74d1fe55 100644 --- a/app/controllers/previews_controller.rb +++ b/app/controllers/previews_controller.rb @@ -19,7 +19,7 @@ class PreviewsController < ApplicationController before_filter :find_project, :find_attachments def issue - @issue = @project.issues.find_by_id(params[:id]) unless params[:id].blank? + @issue = Issue.visible.find_by_id(params[:id]) unless params[:id].blank? if @issue @description = params[:issue] && params[:issue][:description] if @description && @description.gsub(/(\r?\n|\n\r?)/, "\n") == @issue.description.to_s.gsub(/(\r?\n|\n\r?)/, "\n") @@ -45,7 +45,7 @@ class PreviewsController < ApplicationController def find_project project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id] - @project = Project.find(project_id) + @project = Project.visible.find(project_id) rescue ActiveRecord::RecordNotFound render_404 end diff --git a/test/functional/previews_controller_test.rb b/test/functional/previews_controller_test.rb index 976af94e3..abbbd7afa 100644 --- a/test/functional/previews_controller_test.rb +++ b/test/functional/previews_controller_test.rb @@ -62,6 +62,14 @@ class PreviewsControllerTest < ActionController::TestCase assert_select 'a.attachment', :text => 'foo.bar' end + def test_preview_issue_with_project_changed + @request.session[:user_id] = 2 + post :issue, :project_id => '1', :id => 1, :issue => {:notes => 'notes', :project_id => 2} + assert_response :success + assert_not_nil assigns(:issue) + assert_not_nil assigns(:notes) + end + def test_preview_new_news get :news, :project_id => 1, :news => {:title => '', |