Fixed: new gantt chart discloses all private projects names (#6276).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4425 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
parent
7087a53f27
commit
dfc76ce642
|
|
@ -91,7 +91,7 @@ module Redmine
|
||||||
if @project
|
if @project
|
||||||
return number_of_rows_on_project(@project)
|
return number_of_rows_on_project(@project)
|
||||||
else
|
else
|
||||||
Project.roots.inject(0) do |total, project|
|
Project.roots.visible.inject(0) do |total, project|
|
||||||
total += number_of_rows_on_project(project)
|
total += number_of_rows_on_project(project)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -119,7 +119,7 @@ module Redmine
|
||||||
end
|
end
|
||||||
|
|
||||||
# Subprojects
|
# Subprojects
|
||||||
project.children.each do |subproject|
|
project.children.visible.each do |subproject|
|
||||||
count += number_of_rows_on_project(subproject)
|
count += number_of_rows_on_project(subproject)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -134,7 +134,7 @@ module Redmine
|
||||||
if @project
|
if @project
|
||||||
output << render_project(@project, options)
|
output << render_project(@project, options)
|
||||||
else
|
else
|
||||||
Project.roots.each do |project|
|
Project.roots.visible.each do |project|
|
||||||
output << render_project(project, options)
|
output << render_project(project, options)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -150,7 +150,7 @@ module Redmine
|
||||||
if @project
|
if @project
|
||||||
output << render_project(@project, options)
|
output << render_project(@project, options)
|
||||||
else
|
else
|
||||||
Project.roots.each do |project|
|
Project.roots.visible.each do |project|
|
||||||
output << render_project(project, options)
|
output << render_project(project, options)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
@ -191,7 +191,7 @@ module Redmine
|
||||||
end
|
end
|
||||||
|
|
||||||
# Fourth, subprojects
|
# Fourth, subprojects
|
||||||
project.children.each do |project|
|
project.children.visible.each do |project|
|
||||||
subproject_rendering = render_project(project, options)
|
subproject_rendering = render_project(project, options)
|
||||||
output << subproject_rendering if options[:format] == :html
|
output << subproject_rendering if options[:format] == :html
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -49,6 +49,18 @@ class GanttsControllerTest < ActionController::TestCase
|
||||||
assert_nil assigns(:gantt).project
|
assert_nil assigns(:gantt).project
|
||||||
end
|
end
|
||||||
|
|
||||||
|
should "not disclose private projects" do
|
||||||
|
get :show
|
||||||
|
assert_response :success
|
||||||
|
assert_template 'show.html.erb'
|
||||||
|
|
||||||
|
assert_tag 'a', :content => /eCookbook/
|
||||||
|
# Root private project
|
||||||
|
assert_no_tag 'a', {:content => /OnlineStore/}
|
||||||
|
# Private children of a public project
|
||||||
|
assert_no_tag 'a', :content => /Private child of eCookbook/
|
||||||
|
end
|
||||||
|
|
||||||
should "export to pdf" do
|
should "export to pdf" do
|
||||||
get :show, :project_id => 1, :format => 'pdf'
|
get :show, :project_id => 1, :format => 'pdf'
|
||||||
assert_response :success
|
assert_response :success
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue