Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1237 e93f8b46-1217-0410-a6f0-8f06a7374b81

Fixes #820: invalid project id causes a NoMethodError in SearchController (Angel Dobbs-Sciortino).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1237 e93f8b46-1217-0410-a6f0-8f06a7374b81
d4429a54 · Jean-Philippe Lang · 3a9b0988 · d4429a54 · d4429a54 · d4429a54
Commit d4429a54 authored Mar 12, 2008 by Jean-Philippe Lang
Showing with 19 additions and 10 deletions

application.rb app/controllers/application.rb +8 -4

search_controller.rb app/controllers/search_controller.rb +5 -6

search_controller_test.rb test/functional/search_controller_test.rb +6 -0

No files found.
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -102,13 +102,17 @@ class ApplicationController < ActionController::Base
  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
  def check_project_privacy
-    unless @project.active?
+    if @project && @project.active?
+      if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
+        true
+      else
+        User.current.logged? ? render_403 : require_login
+      end
+    else
      @project = nil
      render_404
-      return false
+      false
    end
-    return true if @project.is_public? || User.current.member_of?(@project) || User.current.admin?
-    User.current.logged? ? render_403 : require_login
  end

  # store current uri in session.

--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -17,6 +17,8 @@

 class SearchController < ApplicationController
  layout 'base'
+  
+  before_filter :find_optional_project

  helper :messages
  include MessagesHelper
@@ -36,11 +38,6 @@ class SearchController < ApplicationController
      return
    end
    
-    if params[:id]
-      find_project
-      return unless check_project_privacy
-    end
-    
    if @project
      # only show what the user is allowed to view
      @object_types = %w(issues news documents changesets wiki_pages messages)
@@ -104,8 +101,10 @@ class SearchController < ApplicationController
  end

 private  
-  def find_project
+  def find_optional_project
+    return true unless params[:id]
    @project = Project.find(params[:id])
+    check_project_privacy
  rescue ActiveRecord::RecordNotFound
    render_404
  end

--- a/test/functional/search_controller_test.rb
+++ b/test/functional/search_controller_test.rb
@@ -78,6 +78,12 @@ class SearchControllerTest < Test::Unit::TestCase
    assert_equal 2, results.size
  end
  
+  def test_search_with_invalid_project_id
+    get :index, :id => 195, :q => 'recipe'
+    assert_response 404
+    assert_nil assigns(:results)
+  end
+
  def test_quick_jump_to_issue
    # issue of a public project
    get :index, :q => "3"