From 7a03cf92ba62a2aa4c299741bcb8401eefda1c9b Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Mon, 1 Jan 2007 10:13:01 +0000
Subject: [PATCH] fixed: non public projects were shown on welcome screen even
 if current user is not a member

git-svn-id: http://redmine.rubyforge.org/svn/trunk@129 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/welcome_controller.rb |  4 ++--
 app/models/news.rb                    |  6 +++---
 app/models/project.rb                 | 15 ++++++++++++---
 3 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb
index c47198d51..ce45076d5 100644
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -19,7 +19,7 @@ class WelcomeController < ApplicationController
   layout 'base'
 
   def index
-    @news = News.latest
-    @projects = Project.latest
+    @news = News.latest logged_in_user
+    @projects = Project.latest logged_in_user
   end
 end
diff --git a/app/models/news.rb b/app/models/news.rb
index 0083a0eae..89e94f1ce 100644
--- a/app/models/news.rb
+++ b/app/models/news.rb
@@ -22,8 +22,8 @@ class News < ActiveRecord::Base
   
   validates_presence_of :title, :description
   
-  # returns last created news
-  def self.latest
-    find(:all, :limit => 5, :include => [ :author, :project ], :order => "news.created_on DESC")	
+  # returns latest news for projects visible by user
+  def self.latest(user=nil, count=5)
+    find(:all, :limit => count, :conditions => Project.visible_by(user), :include => [ :author, :project ], :order => "news.created_on DESC")	
   end
 end
diff --git a/app/models/project.rb b/app/models/project.rb
index 1fc2cffa1..7db061a62 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -35,11 +35,20 @@ class Project < ActiveRecord::Base
   validates_associated :repository
   validates_format_of :name, :with => /^[\w\s\'\-]*$/i
 
-  # returns 5 last created projects
-  def self.latest
-    find(:all, :limit => 5, :order => "created_on DESC")	
+  # returns latest created projects
+  # non public projects will be returned only if user is a member of those
+  def self.latest(user=nil, count=5)
+    find(:all, :limit => count, :conditions => visible_by(user), :order => "projects.created_on DESC")	
   end	
 
+  def self.visible_by(user=nil)
+    if user && !user.memberships.empty?
+      return ["projects.is_public = ? or projects.id IN (#{user.memberships.collect{|m| m.project_id}.join(',')})", true]
+    else
+      return ["projects.is_public = ?", true]
+    end
+  end
+  
   # Returns an array of all custom fields enabled for project issues
   # (explictly associated custom fields and custom fields enabled for all projects)
   def custom_fields_for_issues(tracker)
-- 
GitLab