From 7a03cf92ba62a2aa4c299741bcb8401eefda1c9b Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Mon, 1 Jan 2007 10:13:01 +0000 Subject: [PATCH] fixed: non public projects were shown on welcome screen even if current user is not a member git-svn-id: http://redmine.rubyforge.org/svn/trunk@129 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/welcome_controller.rb | 4 ++-- app/models/news.rb | 6 +++--- app/models/project.rb | 15 ++++++++++++--- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index c47198d5..ce45076d 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -19,7 +19,7 @@ class WelcomeController < ApplicationController layout 'base' def index - @news = News.latest - @projects = Project.latest + @news = News.latest logged_in_user + @projects = Project.latest logged_in_user end end diff --git a/app/models/news.rb b/app/models/news.rb index 0083a0ea..89e94f1c 100644 --- a/app/models/news.rb +++ b/app/models/news.rb @@ -22,8 +22,8 @@ class News < ActiveRecord::Base validates_presence_of :title, :description - # returns last created news - def self.latest - find(:all, :limit => 5, :include => [ :author, :project ], :order => "news.created_on DESC") + # returns latest news for projects visible by user + def self.latest(user=nil, count=5) + find(:all, :limit => count, :conditions => Project.visible_by(user), :include => [ :author, :project ], :order => "news.created_on DESC") end end diff --git a/app/models/project.rb b/app/models/project.rb index 1fc2cffa..7db061a6 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -35,11 +35,20 @@ class Project < ActiveRecord::Base validates_associated :repository validates_format_of :name, :with => /^[\w\s\'\-]*$/i - # returns 5 last created projects - def self.latest - find(:all, :limit => 5, :order => "created_on DESC") + # returns latest created projects + # non public projects will be returned only if user is a member of those + def self.latest(user=nil, count=5) + find(:all, :limit => count, :conditions => visible_by(user), :order => "projects.created_on DESC") end + def self.visible_by(user=nil) + if user && !user.memberships.empty? + return ["projects.is_public = ? or projects.id IN (#{user.memberships.collect{|m| m.project_id}.join(',')})", true] + else + return ["projects.is_public = ?", true] + end + end + # Returns an array of all custom fields enabled for project issues # (explictly associated custom fields and custom fields enabled for all projects) def custom_fields_for_issues(tracker)