jro_apps/redmine Commit - r4311:dfc76ce642ee

Fixed: new gantt chart discloses all private projects names (#6276)....

Jean-Philippe Lang -

r4311:dfc76ce642ee

parent child

Context file:

r4311:dfc76ce642ee

Collapse all files

lib/redmine/helpers/gantt.rb +5 -5

                     if @project
                       return number_of_rows_on_project(@project)
                     else
-                      Project.roots.inject(0) do |total, project|
+                      Project.roots.visible.inject(0) do |total, project|
                         total += number_of_rows_on_project(project)
                       end
                     end
                     end
                     # Subprojects
-                    project.children.each do |subproject|
+                    project.children.visible.each do |subproject|
                       count += number_of_rows_on_project(subproject)
                     end
                     if @project
                       output << render_project(@project, options)
                     else
-                      Project.roots.each do |project|
+                      Project.roots.visible.each do |project|
                         output << render_project(project, options)
                       end
                     end
                     if @project
                       output << render_project(@project, options)
                     else
-                      Project.roots.each do |project|
+                      Project.roots.visible.each do |project|
                         output << render_project(project, options)
                       end
                     end
                     end
                     # Fourth, subprojects
-                    project.children.each do |project|
+                    project.children.visible.each do |project|
                       subproject_rendering = render_project(project, options)
                       output << subproject_rendering if options[:format] == :html
                     end

test/functional/gantts_controller_test.rb +12 0

@@ -49,6 +49,18 class GanttsControllerTest < ActionController::TestCase
49	assert_nil assigns(:gantt).project	49	assert_nil assigns(:gantt).project
50	end	50	end
51		51
		52	should "not disclose private projects" do
		53	get :show
		54	assert_response :success
		55	assert_template 'show.html.erb'
		56
		57	assert_tag 'a', :content => /eCookbook/
		58	# Root private project
		59	assert_no_tag 'a', {:content => /OnlineStore/}
		60	# Private children of a public project
		61	assert_no_tag 'a', :content => /Private child of eCookbook/
		62	end
		63
52	should "export to pdf" do	64	should "export to pdf" do
53	get :show, :project_id => 1, :format => 'pdf'	65	get :show, :project_id => 1, :format => 'pdf'
54	assert_response :success	66	assert_response :success

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages