Fixed: new gantt chart discloses all private projects names (#6276).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4425 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
parent
7087a53f27
commit
dfc76ce642
|
|
@ -91,7 +91,7 @@ module Redmine
|
|||
if @project
|
||||
return number_of_rows_on_project(@project)
|
||||
else
|
||||
Project.roots.inject(0) do |total, project|
|
||||
Project.roots.visible.inject(0) do |total, project|
|
||||
total += number_of_rows_on_project(project)
|
||||
end
|
||||
end
|
||||
|
|
@ -119,7 +119,7 @@ module Redmine
|
|||
end
|
||||
|
||||
# Subprojects
|
||||
project.children.each do |subproject|
|
||||
project.children.visible.each do |subproject|
|
||||
count += number_of_rows_on_project(subproject)
|
||||
end
|
||||
|
||||
|
|
@ -134,7 +134,7 @@ module Redmine
|
|||
if @project
|
||||
output << render_project(@project, options)
|
||||
else
|
||||
Project.roots.each do |project|
|
||||
Project.roots.visible.each do |project|
|
||||
output << render_project(project, options)
|
||||
end
|
||||
end
|
||||
|
|
@ -150,7 +150,7 @@ module Redmine
|
|||
if @project
|
||||
output << render_project(@project, options)
|
||||
else
|
||||
Project.roots.each do |project|
|
||||
Project.roots.visible.each do |project|
|
||||
output << render_project(project, options)
|
||||
end
|
||||
end
|
||||
|
|
@ -191,7 +191,7 @@ module Redmine
|
|||
end
|
||||
|
||||
# Fourth, subprojects
|
||||
project.children.each do |project|
|
||||
project.children.visible.each do |project|
|
||||
subproject_rendering = render_project(project, options)
|
||||
output << subproject_rendering if options[:format] == :html
|
||||
end
|
||||
|
|
|
|||
|
|
@ -49,6 +49,18 @@ class GanttsControllerTest < ActionController::TestCase
|
|||
assert_nil assigns(:gantt).project
|
||||
end
|
||||
|
||||
should "not disclose private projects" do
|
||||
get :show
|
||||
assert_response :success
|
||||
assert_template 'show.html.erb'
|
||||
|
||||
assert_tag 'a', :content => /eCookbook/
|
||||
# Root private project
|
||||
assert_no_tag 'a', {:content => /OnlineStore/}
|
||||
# Private children of a public project
|
||||
assert_no_tag 'a', :content => /Private child of eCookbook/
|
||||
end
|
||||
|
||||
should "export to pdf" do
|
||||
get :show, :project_id => 1, :format => 'pdf'
|
||||
assert_response :success
|
||||
|
|
|
|||
Loading…
Reference in New Issue