From dfc76ce642ee1ca5f50f15a0d3956c688d38246a Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sun, 21 Nov 2010 14:57:53 +0000
Subject: [PATCH] Fixed: new gantt chart discloses all private projects names
 (#6276).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4425 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/helpers/gantt.rb              | 10 +++++-----
 test/functional/gantts_controller_test.rb | 12 ++++++++++++
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/lib/redmine/helpers/gantt.rb b/lib/redmine/helpers/gantt.rb
index ac8f80d0f..4218c51ef 100644
--- a/lib/redmine/helpers/gantt.rb
+++ b/lib/redmine/helpers/gantt.rb
@@ -91,7 +91,7 @@ module Redmine
         if @project
           return number_of_rows_on_project(@project)
         else
-          Project.roots.inject(0) do |total, project|
+          Project.roots.visible.inject(0) do |total, project|
             total += number_of_rows_on_project(project)
           end
         end
@@ -119,7 +119,7 @@ module Redmine
         end
 
         # Subprojects
-        project.children.each do |subproject|
+        project.children.visible.each do |subproject|
           count += number_of_rows_on_project(subproject)
         end
 
@@ -134,7 +134,7 @@ module Redmine
         if @project
           output << render_project(@project, options)
         else
-          Project.roots.each do |project|
+          Project.roots.visible.each do |project|
             output << render_project(project, options)
           end
         end
@@ -150,7 +150,7 @@ module Redmine
         if @project
           output << render_project(@project, options)
         else
-          Project.roots.each do |project|
+          Project.roots.visible.each do |project|
             output << render_project(project, options)
           end
         end
@@ -191,7 +191,7 @@ module Redmine
         end
 
         # Fourth, subprojects
-        project.children.each do |project|
+        project.children.visible.each do |project|
           subproject_rendering = render_project(project, options)
           output << subproject_rendering if options[:format] == :html
         end
diff --git a/test/functional/gantts_controller_test.rb b/test/functional/gantts_controller_test.rb
index 4c891c3d0..30ef14e09 100644
--- a/test/functional/gantts_controller_test.rb
+++ b/test/functional/gantts_controller_test.rb
@@ -49,6 +49,18 @@ class GanttsControllerTest < ActionController::TestCase
       assert_nil assigns(:gantt).project
     end
 
+    should "not disclose private projects" do
+      get :show
+      assert_response :success
+      assert_template 'show.html.erb'
+      
+      assert_tag 'a', :content => /eCookbook/
+      # Root private project
+      assert_no_tag 'a', {:content => /OnlineStore/}
+      # Private children of a public project
+      assert_no_tag 'a', :content => /Private child of eCookbook/
+    end
+
     should "export to pdf" do
       get :show, :project_id => 1, :format => 'pdf'
       assert_response :success
-- 
GitLab