diff options
-rw-r--r-- | app/controllers/application_controller.rb | 5 | ||||
-rw-r--r-- | test/functional/news_controller_test.rb | 12 | ||||
-rw-r--r-- | test/integration/application_test.rb | 15 |
3 files changed, 30 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6bda01088..c39fe8ad1 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base # and authorize the user for the requested action def find_optional_project if params[:project_id].present? - find_project(params[:project_id]) + @project = Project.find(params[:project_id]) end authorize_global + rescue ActiveRecord::RecordNotFound + User.current.logged? ? render_404 : require_login + false end # Finds and sets @project based on @object.project diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb index ffa439073..d21835656 100644 --- a/test/functional/news_controller_test.rb +++ b/test/functional/news_controller_test.rb @@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest assert_select 'h3 a', :text => 'eCookbook first release !' end - def test_index_with_invalid_project_should_respond_with_404 + def test_index_with_invalid_project_should_respond_with_404_for_logged_users + @request.session[:user_id] = 2 + get(:index, :params => {:project_id => 999}) assert_response 404 end + def test_index_with_invalid_project_should_respond_with_302_for_anonymous + Role.anonymous.remove_permission! :view_news + with_settings :login_required => '0' do + get(:index, :params => {:project_id => 999}) + assert_response 302 + end + end + def test_index_without_permission_should_fail Role.all.each {|r| r.remove_permission! :view_news} @request.session[:user_id] = 2 diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb index d6caac41a..f80e9f81a 100644 --- a/test/integration/application_test.rb +++ b/test/integration/application_test.rb @@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest assert_response 302 end end + + def test_find_optional_project_should_not_error + Role.anonymous.remove_permission! :view_gantt + with_settings :login_required => '0' do + get '/projects/nonexistingproject/issues/gantt' + assert_response 302 + end + end + + def test_find_optional_project_should_render_404_for_logged_users + log_user('jsmith', 'jsmith') + + get '/projects/nonexistingproject/issues/gantt' + assert_response 404 + end end |