kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes a data disclosure issue introduced in r3941. 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4535 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2010-12-18 17:11:41 +00:00
parent 525656a490
commit 93847ae337
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/journals_controller.rb
View File

@ -19,6 +19,7 @@ class JournalsController < ApplicationController
before_filter :find_journal, :only => [:edit] before_filter :find_journal, :only => [:edit]
before_filter :find_issue, :only => [:new] before_filter :find_issue, :only => [:new]
before_filter :find_optional_project, :only => [:index] before_filter :find_optional_project, :only => [:index]
before_filter :authorize, :only => [:new, :edit]
accept_key_auth :index accept_key_auth :index
helper :issues helper :issues

10
test/functional/journals_controller_test.rb
View File

@ -40,14 +40,20 @@ class JournalsControllerTest < ActionController::TestCase
def test_reply_to_issue def test_reply_to_issue
@request.session[:user_id] = 2 @request.session[:user_id] = 2
get :new, :id => 1 get :new, :id => 6
assert_response :success assert_response :success
assert_select_rjs :show, "update" assert_select_rjs :show, "update"
end end
def test_reply_to_issue_without_permission
@request.session[:user_id] = 7
get :new, :id => 6
assert_response 403
end
def test_reply_to_note def test_reply_to_note
@request.session[:user_id] = 2 @request.session[:user_id] = 2
get :new, :id => 1, :journal_id => 2 get :new, :id => 6, :journal_id => 4
assert_response :success assert_response :success
assert_select_rjs :show, "update" assert_select_rjs :show, "update"
end end