diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 20 | ||||
| -rw-r--r-- | app/controllers/issues_controller.rb | 14 | ||||
| -rw-r--r-- | app/controllers/journals_controller.rb | 8 |
3 files changed, 16 insertions, 26 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f5262e6d2..05a4b87fa 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -276,14 +276,24 @@ class ApplicationController < ActionController::Base self.model_object = model end - # Filter for bulk issue operations + # Find the issue whose id is the :id parameter + # Raises a Unauthorized exception if the issue is not visible + def find_issue + # Issue.visible.find(...) can not be used to redirect user to the login form + # if the issue actually exists but requires authentication + @issue = Issue.find(params[:id]) + raise Unauthorized unless @issue.visible? + @project = @issue.project + rescue ActiveRecord::RecordNotFound + render_404 + end + + # Find issues with a single :id param or :ids array param + # Raises a Unauthorized exception if one of the issues is not visible def find_issues @issues = Issue.find_all_by_id(params[:id] || params[:ids]) raise ActiveRecord::RecordNotFound if @issues.empty? - if @issues.detect {|issue| !issue.visible?} - deny_access - return - end + raise Unauthorized if @issues.all?(&:visible?) @projects = @issues.collect(&:project).compact.uniq @project = @projects.first if @projects.size == 1 rescue ActiveRecord::RecordNotFound diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index d2096a3d2..455d2e3d5 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -313,19 +313,7 @@ class IssuesController < ApplicationController end end -private - def find_issue - # Issue.visible.find(...) can not be used to redirect user to the login form - # if the issue actually exists but requires authentication - @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category]) - unless @issue.visible? - deny_access - return - end - @project = @issue.project - rescue ActiveRecord::RecordNotFound - render_404 - end + private def find_project project_id = params[:project_id] || (params[:issue] && params[:issue][:project_id]) diff --git a/app/controllers/journals_controller.rb b/app/controllers/journals_controller.rb index a6e1a9cc9..5b9624ca5 100644 --- a/app/controllers/journals_controller.rb +++ b/app/controllers/journals_controller.rb @@ -102,12 +102,4 @@ class JournalsController < ApplicationController rescue ActiveRecord::RecordNotFound render_404 end - - # TODO: duplicated in IssuesController - def find_issue - @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category]) - @project = @issue.project - rescue ActiveRecord::RecordNotFound - render_404 - end end |