Commit 4c04bf87 authored by jplang's avatar jplang

Use regular #authorize method.

git-svn-id: https://svn.redmine.org/redmine/trunk@16724 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 633c50a7
......@@ -17,7 +17,7 @@
class ActivitiesController < ApplicationController
menu_item :activity
before_action :find_optional_project
before_action :find_optional_project_by_id, :authorize_global
accept_rss_auth :index
def index
......@@ -76,15 +76,4 @@ class ActivitiesController < ApplicationController
rescue ActiveRecord::RecordNotFound
render_404
end
private
# TODO: refactor, duplicated in projects_controller
def find_optional_project
return true unless params[:id]
@project = Project.find(params[:id])
authorize
rescue ActiveRecord::RecordNotFound
render_404
end
end
......@@ -285,8 +285,16 @@ class ApplicationController < ActionController::Base
render_404
end
# Find project of id params[:id] if present
def find_optional_project_by_id
if params[:id].present?
@project = Project.find(params[:id])
end
rescue ActiveRecord::RecordNotFound
render_404
end
# Find a project based on params[:project_id]
# TODO: some subclasses override this, see about merging their logic
def find_optional_project
@project = Project.find(params[:project_id]) unless params[:project_id].blank?
allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)
......
......@@ -16,7 +16,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class SearchController < ApplicationController
before_action :find_optional_project
before_action :find_optional_project_by_id, :authorize_global
accept_api_auth :index
def index
......@@ -87,13 +87,4 @@ class SearchController < ApplicationController
format.api { @results ||= []; render :layout => false }
end
end
private
def find_optional_project
return true unless params[:id]
@project = Project.find(params[:id])
check_project_privacy
rescue ActiveRecord::RecordNotFound
render_404
end
end
......@@ -42,10 +42,10 @@ class SearchControllerTest < Redmine::ControllerTest
assert_select '#search-results dt.project a', :text => /eCookbook/
end
def test_search_on_archived_project_should_return_404
def test_search_on_archived_project_should_return_403
Project.find(3).archive
get :index, :params => {:id => 3}
assert_response 404
assert_response 403
end
def test_search_on_invisible_project_by_user_should_be_denied
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment