fixed: non public projects were shown on welcome screen even if current user is not a member

git-svn-id: http://redmine.rubyforge.org/svn/trunk@129 e93f8b46-1217-0410-a6f0-8f06a7374b81
pull/351/head
Jean-Philippe Lang 18 years ago
parent e6fa690d65
commit 7a03cf92ba
  1. 4
      app/controllers/welcome_controller.rb
  2. 6
      app/models/news.rb
  3. 15
      app/models/project.rb

@ -19,7 +19,7 @@ class WelcomeController < ApplicationController
layout 'base'
def index
@news = News.latest
@projects = Project.latest
@news = News.latest logged_in_user
@projects = Project.latest logged_in_user
end
end

@ -22,8 +22,8 @@ class News < ActiveRecord::Base
validates_presence_of :title, :description
# returns last created news
def self.latest
find(:all, :limit => 5, :include => [ :author, :project ], :order => "news.created_on DESC")
# returns latest news for projects visible by user
def self.latest(user=nil, count=5)
find(:all, :limit => count, :conditions => Project.visible_by(user), :include => [ :author, :project ], :order => "news.created_on DESC")
end
end

@ -35,11 +35,20 @@ class Project < ActiveRecord::Base
validates_associated :repository
validates_format_of :name, :with => /^[\w\s\'\-]*$/i
# returns 5 last created projects
def self.latest
find(:all, :limit => 5, :order => "created_on DESC")
# returns latest created projects
# non public projects will be returned only if user is a member of those
def self.latest(user=nil, count=5)
find(:all, :limit => count, :conditions => visible_by(user), :order => "projects.created_on DESC")
end
def self.visible_by(user=nil)
if user && !user.memberships.empty?
return ["projects.is_public = ? or projects.id IN (#{user.memberships.collect{|m| m.project_id}.join(',')})", true]
else
return ["projects.is_public = ?", true]
end
end
# Returns an array of all custom fields enabled for project issues
# (explictly associated custom fields and custom fields enabled for all projects)
def custom_fields_for_issues(tracker)

Loading…
Cancel
Save