Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1237 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
3a9b0988c7
commit
d4429a544c
app/controllers
test/functional
|
@ -102,13 +102,17 @@ class ApplicationController < ActionController::Base
|
||||||
# make sure that the user is a member of the project (or admin) if project is private
|
# make sure that the user is a member of the project (or admin) if project is private
|
||||||
# used as a before_filter for actions that do not require any particular permission on the project
|
# used as a before_filter for actions that do not require any particular permission on the project
|
||||||
def check_project_privacy
|
def check_project_privacy
|
||||||
unless @project.active?
|
if @project && @project.active?
|
||||||
|
if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
|
||||||
|
true
|
||||||
|
else
|
||||||
|
User.current.logged? ? render_403 : require_login
|
||||||
|
end
|
||||||
|
else
|
||||||
@project = nil
|
@project = nil
|
||||||
render_404
|
render_404
|
||||||
return false
|
false
|
||||||
end
|
end
|
||||||
return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
|
|
||||||
User.current.logged? ? render_403 : require_login
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# store current uri in session.
|
# store current uri in session.
|
||||||
|
|
|
@ -17,6 +17,8 @@
|
||||||
|
|
||||||
class SearchController < ApplicationController
|
class SearchController < ApplicationController
|
||||||
layout 'base'
|
layout 'base'
|
||||||
|
|
||||||
|
before_filter :find_optional_project
|
||||||
|
|
||||||
helper :messages
|
helper :messages
|
||||||
include MessagesHelper
|
include MessagesHelper
|
||||||
|
@ -36,11 +38,6 @@ class SearchController < ApplicationController
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
if params[:id]
|
|
||||||
find_project
|
|
||||||
return unless check_project_privacy
|
|
||||||
end
|
|
||||||
|
|
||||||
if @project
|
if @project
|
||||||
# only show what the user is allowed to view
|
# only show what the user is allowed to view
|
||||||
@object_types = %w(issues news documents changesets wiki_pages messages)
|
@object_types = %w(issues news documents changesets wiki_pages messages)
|
||||||
|
@ -104,8 +101,10 @@ class SearchController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
def find_project
|
def find_optional_project
|
||||||
|
return true unless params[:id]
|
||||||
@project = Project.find(params[:id])
|
@project = Project.find(params[:id])
|
||||||
|
check_project_privacy
|
||||||
rescue ActiveRecord::RecordNotFound
|
rescue ActiveRecord::RecordNotFound
|
||||||
render_404
|
render_404
|
||||||
end
|
end
|
||||||
|
|
|
@ -78,6 +78,12 @@ class SearchControllerTest < Test::Unit::TestCase
|
||||||
assert_equal 2, results.size
|
assert_equal 2, results.size
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_search_with_invalid_project_id
|
||||||
|
get :index, :id => 195, :q => 'recipe'
|
||||||
|
assert_response 404
|
||||||
|
assert_nil assigns(:results)
|
||||||
|
end
|
||||||
|
|
||||||
def test_quick_jump_to_issue
|
def test_quick_jump_to_issue
|
||||||
# issue of a public project
|
# issue of a public project
|
||||||
get :index, :q => "3"
|
get :index, :q => "3"
|
||||||
|
|
Loading…
Reference in New Issue