summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/application_controller.rb5
-rw-r--r--test/functional/news_controller_test.rb12
-rw-r--r--test/integration/application_test.rb15
3 files changed, 30 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6bda01088..c39fe8ad1 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base
# and authorize the user for the requested action
def find_optional_project
if params[:project_id].present?
- find_project(params[:project_id])
+ @project = Project.find(params[:project_id])
end
authorize_global
+ rescue ActiveRecord::RecordNotFound
+ User.current.logged? ? render_404 : require_login
+ false
end
# Finds and sets @project based on @object.project
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb
index ffa439073..d21835656 100644
--- a/test/functional/news_controller_test.rb
+++ b/test/functional/news_controller_test.rb
@@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest
assert_select 'h3 a', :text => 'eCookbook first release !'
end
- def test_index_with_invalid_project_should_respond_with_404
+ def test_index_with_invalid_project_should_respond_with_404_for_logged_users
+ @request.session[:user_id] = 2
+
get(:index, :params => {:project_id => 999})
assert_response 404
end
+ def test_index_with_invalid_project_should_respond_with_302_for_anonymous
+ Role.anonymous.remove_permission! :view_news
+ with_settings :login_required => '0' do
+ get(:index, :params => {:project_id => 999})
+ assert_response 302
+ end
+ end
+
def test_index_without_permission_should_fail
Role.all.each {|r| r.remove_permission! :view_news}
@request.session[:user_id] = 2
diff --git a/test/integration/application_test.rb b/test/integration/application_test.rb
index d6caac41a..f80e9f81a 100644
--- a/test/integration/application_test.rb
+++ b/test/integration/application_test.rb
@@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest
assert_response 302
end
end
+
+ def test_find_optional_project_should_not_error
+ Role.anonymous.remove_permission! :view_gantt
+ with_settings :login_required => '0' do
+ get '/projects/nonexistingproject/issues/gantt'
+ assert_response 302
+ end
+ end
+
+ def test_find_optional_project_should_render_404_for_logged_users
+ log_user('jsmith', 'jsmith')
+
+ get '/projects/nonexistingproject/issues/gantt'
+ assert_response 404
+ end
end