Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-15 09:46:02 +01:00
Code Issues Packages Projects Releases Activity

Avoid double-render error with ApplicationController#find_optional_project (#38063).

Browse Source 
Patch by Holger Just.


git-svn-id: https://svn.redmine.org/redmine/trunk@22066 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA
2023-01-20 03:31:41 +00:00
parent 21eef7e65c
commit 9d65eee424
3 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/application_controller.rb
View File

@@ -354,9 +354,12 @@ class ApplicationController < ActionController::Base
# and authorize the user for the requested action # and authorize the user for the requested action
def find_optional_project def find_optional_project
if params[:project_id].present? if params[:project_id].present?
find_project(params[:project_id]) @project = Project.find(params[:project_id])
end end
authorize_global authorize_global
rescue ActiveRecord::RecordNotFound
User.current.logged? ? render_404 : require_login
false
end end
# Finds and sets @project based on @object.project # Finds and sets @project based on @object.project

12
test/functional/news_controller_test.rb
View File

@@ -40,11 +40,21 @@ class NewsControllerTest < Redmine::ControllerTest
assert_select 'h3 a', :text => 'eCookbook first release !' assert_select 'h3 a', :text => 'eCookbook first release !'
end end
def test_index_with_invalid_project_should_respond_with_404 def test_index_with_invalid_project_should_respond_with_404_for_logged_users
@request.session[:user_id] = 2
get(:index, :params => {:project_id => 999}) get(:index, :params => {:project_id => 999})
assert_response 404 assert_response 404
end end
def test_index_with_invalid_project_should_respond_with_302_for_anonymous
Role.anonymous.remove_permission! :view_news
with_settings :login_required => '0' do
get(:index, :params => {:project_id => 999})
assert_response 302
end
end
def test_index_without_permission_should_fail def test_index_without_permission_should_fail
Role.all.each {|r| r.remove_permission! :view_news} Role.all.each {|r| r.remove_permission! :view_news}
@request.session[:user_id] = 2 @request.session[:user_id] = 2

15
test/integration/application_test.rb
View File

@@ -96,4 +96,19 @@ class ApplicationTest < Redmine::IntegrationTest
assert_response 302 assert_response 302
end end
end end
def test_find_optional_project_should_not_error
Role.anonymous.remove_permission! :view_gantt
with_settings :login_required => '0' do
get '/projects/nonexistingproject/issues/gantt'
assert_response 302
end
end
def test_find_optional_project_should_render_404_for_logged_users
log_user('jsmith', 'jsmith')
get '/projects/nonexistingproject/issues/gantt'
assert_response 404
end
end end