Use ApplicationController#find_optional_project instead.

git-svn-id: http://svn.redmine.org/redmine/trunk@16720 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-12-22 08:21:14 +00:00 · 2017-06-26 19:40:16 +00:00 · 2017-06-26 19:40:16 +00:00 · d5bec063e7
commit d5bec063e7
parent f3523f25fd
2 changed files with 25 additions and 7 deletions
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@ -114,13 +114,6 @@ class QueriesController < ApplicationController
    render_404
  end
  def find_optional_project
    @project = Project.find(params[:project_id]) if params[:project_id]
    render_403 unless User.current.allowed_to?(:save_queries, @project, :global => true)
  rescue ActiveRecord::RecordNotFound
    render_404
  end
  def update_query_from_params
    @query.project = params[:query_is_for_all] ? nil : @project
    @query.build_from_params(params)
--- a/test/functional/queries_controller_test.rb
+++ b/test/functional/queries_controller_test.rb
@ -244,6 +244,31 @@ class QueriesControllerTest < Redmine::ControllerTest
    assert_select 'input[name=?]', 'query[name]'
  end
  def test_create_query_without_permission_should_fail
    Role.all.each {|r| r.remove_permission! :save_queries, :manage_public_queries}
    @request.session[:user_id] = 2
    assert_no_difference '::Query.count' do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query => {:name => 'Foo'}
        }
    end
    assert_response 403
  end
  def test_create_global_query_without_permission_should_fail
    Role.all.each {|r| r.remove_permission! :save_queries, :manage_public_queries}
    @request.session[:user_id] = 2
    assert_no_difference '::Query.count' do
      post :create, :params => {
          :query => {:name => 'Foo'}
        }
    end
    assert_response 403
  end
  def test_create_global_query_from_gantt
    @request.session[:user_id] = 1
    assert_difference 'IssueQuery.count' do