Commit e5c54751 authored by jplang's avatar jplang

Use ApplicationController#find_optional_project instead.

git-svn-id: https://svn.redmine.org/redmine/trunk@16720 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 7fceaaf4
...@@ -114,13 +114,6 @@ class QueriesController < ApplicationController ...@@ -114,13 +114,6 @@ class QueriesController < ApplicationController
render_404 render_404
end end
def find_optional_project
@project = Project.find(params[:project_id]) if params[:project_id]
render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
rescue ActiveRecord::RecordNotFound
render_404
end
def update_query_from_params def update_query_from_params
@query.project = params[:query_is_for_all] ? nil : @project @query.project = params[:query_is_for_all] ? nil : @project
@query.build_from_params(params) @query.build_from_params(params)
......
...@@ -244,6 +244,31 @@ class QueriesControllerTest < Redmine::ControllerTest ...@@ -244,6 +244,31 @@ class QueriesControllerTest < Redmine::ControllerTest
assert_select 'input[name=?]', 'query[name]' assert_select 'input[name=?]', 'query[name]'
end end
def test_create_query_without_permission_should_fail
Role.all.each {|r| r.remove_permission! :save_queries, :manage_public_queries}
@request.session[:user_id] = 2
assert_no_difference '::Query.count' do
post :create, :params => {
:project_id => 'ecookbook',
:query => {:name => 'Foo'}
}
end
assert_response 403
end
def test_create_global_query_without_permission_should_fail
Role.all.each {|r| r.remove_permission! :save_queries, :manage_public_queries}
@request.session[:user_id] = 2
assert_no_difference '::Query.count' do
post :create, :params => {
:query => {:name => 'Foo'}
}
end
assert_response 403
end
def test_create_global_query_from_gantt def test_create_global_query_from_gantt
@request.session[:user_id] = 1 @request.session[:user_id] = 1
assert_difference 'IssueQuery.count' do assert_difference 'IssueQuery.count' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment