diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 7510d503e..98cb4a827 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -102,13 +102,17 @@ class ApplicationController < ActionController::Base # make sure that the user is a member of the project (or admin) if project is private # used as a before_filter for actions that do not require any particular permission on the project def check_project_privacy - unless @project.active? + if @project && @project.active? + if @project.is_public? || User.current.member_of?(@project) || User.current.admin? + true + else + User.current.logged? ? render_403 : require_login + end + else @project = nil render_404 - return false + false end - return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin? - User.current.logged? ? render_403 : require_login end # store current uri in session. diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 69e1ee503..f15653b63 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -17,6 +17,8 @@ class SearchController < ApplicationController layout 'base' + + before_filter :find_optional_project helper :messages include MessagesHelper @@ -36,11 +38,6 @@ class SearchController < ApplicationController return end - if params[:id] - find_project - return unless check_project_privacy - end - if @project # only show what the user is allowed to view @object_types = %w(issues news documents changesets wiki_pages messages) @@ -104,8 +101,10 @@ class SearchController < ApplicationController end private - def find_project + def find_optional_project + return true unless params[:id] @project = Project.find(params[:id]) + check_project_privacy rescue ActiveRecord::RecordNotFound render_404 end diff --git a/test/functional/search_controller_test.rb b/test/functional/search_controller_test.rb index 63f1097d6..49004c7e6 100644 --- a/test/functional/search_controller_test.rb +++ b/test/functional/search_controller_test.rb @@ -78,6 +78,12 @@ class SearchControllerTest < Test::Unit::TestCase assert_equal 2, results.size end + def test_search_with_invalid_project_id + get :index, :id => 195, :q => 'recipe' + assert_response 404 + assert_nil assigns(:results) + end + def test_quick_jump_to_issue # issue of a public project get :index, :q => "3"