Project

General

Profile

« Previous | Next » 

Revision 1237

Added by Jean-Philippe Lang over 17 years ago

Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).

View differences:

trunk/app/controllers/application.rb
102 102 
  # make sure that the user is a member of the project (or admin) if project is private
103 103 
  # used as a before_filter for actions that do not require any particular permission on the project
104 104 
  def check_project_privacy
105 
    unless @project.active?
105 
    if @project && @project.active?
106 
      if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
107 
        true
108 
      else
109 
        User.current.logged? ? render_403 : require_login
110 
      end
111 
    else
106 112 
      @project = nil
107 113 
      render_404
108 
      return false
114 
      false
109 115 
    end
110 
    return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
111 
    User.current.logged? ? render_403 : require_login
112 116 
  end
113 117 

  		




  114
  118
  
    
  # store current uri in session.


  		












  

    
      trunk/app/controllers/search_controller.rb
    
  





  17
  17
  
    

  		




  18
  18
  
    
class SearchController < ApplicationController


  		




  19
  19
  
    
  layout 'base'


  		




  
  20
  
    
  


  		




  
  21
  
    
  before_filter :find_optional_project


  		




  20
  22
  
    

  		




  21
  23
  
    
  helper :messages


  		




  22
  24
  
    
  include MessagesHelper


  		




  ......




  36
  38
  
    
      return


  		




  37
  39
  
    
    end


  		




  38
  40
  
    
    


  		




  39
  
  
    
    if params[:id]


  		




  40
  
  
    
      find_project


  		




  41
  
  
    
      return unless check_project_privacy


  		




  42
  
  
    
    end


  		




  43
  
  
    
    


  		




  44
  41
  
    
    if @project


  		




  45
  42
  
    
      # only show what the user is allowed to view


  		




  46
  43
  
    
      @object_types = %w(issues news documents changesets wiki_pages messages)


  		




  ......




  104
  101
  
    
  end


  		




  105
  102
  
    

  		




  106
  103
  
    
private  


  		




  107
  
  
    
  def find_project


  		




  
  104
  
    
  def find_optional_project


  		




  
  105
  
    
    return true unless params[:id]


  		




  108
  106
  
    
    @project = Project.find(params[:id])


  		




  
  107
  
    
    check_project_privacy


  		




  109
  108
  
    
  rescue ActiveRecord::RecordNotFound


  		




  110
  109
  
    
    render_404


  		




  111
  110
  
    
  end


  		












  

    
      trunk/test/functional/search_controller_test.rb
    
  





  78
  78
  
    
    assert_equal 2, results.size


  		




  79
  79
  
    
  end


  		




  80
  80
  
    
  


  		




  
  81
  
    
  def test_search_with_invalid_project_id


  		




  
  82
  
    
    get :index, :id => 195, :q => 'recipe'


  		




  
  83
  
    
    assert_response 404


  		




  
  84
  
    
    assert_nil assigns(:results)


  		




  
  85
  
    
  end


  		




  
  86
  
    

  		




  81
  87
  
    
  def test_quick_jump_to_issue


  		




  82
  88
  
    
    # issue of a public project


  		




  83
  89
  
    
    get :index, :q => "3"


  		












Also available in:  Unified diff