| @@ -276,14 +276,24 class ApplicationController < ActionController::Base | |||
|
|
276 | 276 | self.model_object = model |
|
|
277 | 277 | end |
|
|
278 | 278 | |
|
|
279 | # Filter for bulk issue operations | |
|
|
279 | # Find the issue whose id is the :id parameter | |
|
|
280 | # Raises a Unauthorized exception if the issue is not visible | |
|
|
281 | def find_issue | |
|
|
282 | # Issue.visible.find(...) can not be used to redirect user to the login form | |
|
|
283 | # if the issue actually exists but requires authentication | |
|
|
284 | @issue = Issue.find(params[:id]) | |
|
|
285 | raise Unauthorized unless @issue.visible? | |
|
|
286 | @project = @issue.project | |
|
|
287 | rescue ActiveRecord::RecordNotFound | |
|
|
288 | render_404 | |
|
|
289 | end | |
|
|
290 | ||
|
|
291 | # Find issues with a single :id param or :ids array param | |
|
|
292 | # Raises a Unauthorized exception if one of the issues is not visible | |
|
|
280 | 293 | def find_issues |
|
|
281 | 294 | @issues = Issue.find_all_by_id(params[:id] || params[:ids]) |
|
|
282 | 295 | raise ActiveRecord::RecordNotFound if @issues.empty? |
|
|
283 | if @issues.detect {|issue| !issue.visible?} | |
|
|
284 | deny_access | |
|
|
285 | return | |
|
|
286 | end | |
|
|
296 | raise Unauthorized if @issues.all?(&:visible?) | |
|
|
287 | 297 | @projects = @issues.collect(&:project).compact.uniq |
|
|
288 | 298 | @project = @projects.first if @projects.size == 1 |
|
|
289 | 299 | rescue ActiveRecord::RecordNotFound |
| @@ -313,19 +313,7 class IssuesController < ApplicationController | |||
|
|
313 | 313 | end |
|
|
314 | 314 | end |
|
|
315 | 315 | |
|
|
316 | private | |
|
|
317 | def find_issue | |
|
|
318 | # Issue.visible.find(...) can not be used to redirect user to the login form | |
|
|
319 | # if the issue actually exists but requires authentication | |
|
|
320 | @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category]) | |
|
|
321 | unless @issue.visible? | |
|
|
322 | deny_access | |
|
|
323 | return | |
|
|
324 | end | |
|
|
325 | @project = @issue.project | |
|
|
326 | rescue ActiveRecord::RecordNotFound | |
|
|
327 | render_404 | |
|
|
328 | end | |
|
|
316 | private | |
|
|
329 | 317 | |
|
|
330 | 318 | def find_project |
|
|
331 | 319 | project_id = params[:project_id] || (params[:issue] && params[:issue][:project_id]) |
| @@ -102,12 +102,4 class JournalsController < ApplicationController | |||
|
|
102 | 102 | rescue ActiveRecord::RecordNotFound |
|
|
103 | 103 | render_404 |
|
|
104 | 104 | end |
|
|
105 | ||
|
|
106 | # TODO: duplicated in IssuesController | |
|
|
107 | def find_issue | |
|
|
108 | @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category]) | |
|
|
109 | @project = @issue.project | |
|
|
110 | rescue ActiveRecord::RecordNotFound | |
|
|
111 | render_404 | |
|
|
112 | end | |
|
|
113 | 105 | end |
General Comments 0
You need to be logged in to leave comments.
Login now