Fixed: new gantt chart discloses all private projects names (#6276).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4425 e93f8b46-1217-0410-a6f0-8f06a7374b81

Fixed: new gantt chart discloses all private projects names (#6276).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4425 e93f8b46-1217-0410-a6f0-8f06a7374b81
dfc76ce6 · Jean-Philippe Lang · 7087a53f · dfc76ce6 · dfc76ce6
Commit dfc76ce6 authored Nov 21, 2010 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 5 deletions

gantt.rb lib/redmine/helpers/gantt.rb +5 -5

gantts_controller_test.rb test/functional/gantts_controller_test.rb +12 -0

No files found.
--- a/lib/redmine/helpers/gantt.rb
+++ b/lib/redmine/helpers/gantt.rb
@@ -91,7 +91,7 @@ module Redmine
        if @project
          return number_of_rows_on_project(@project)
        else
-          Project.roots.inject(0) do |total, project|
+          Project.roots.visible.inject(0) do |total, project|
            total += number_of_rows_on_project(project)
          end
        end
@@ -119,7 +119,7 @@ module Redmine
        end
        # Subprojects
-        project.children.each do |subproject|
+        project.children.visible.each do |subproject|
          count += number_of_rows_on_project(subproject)
        end
@@ -134,7 +134,7 @@ module Redmine
        if @project
          output << render_project(@project, options)
        else
-          Project.roots.each do |project|
+          Project.roots.visible.each do |project|
            output << render_project(project, options)
          end
        end
@@ -150,7 +150,7 @@ module Redmine
        if @project
          output << render_project(@project, options)
        else
-          Project.roots.each do |project|
+          Project.roots.visible.each do |project|
            output << render_project(project, options)
          end
        end
@@ -191,7 +191,7 @@ module Redmine
        end
        # Fourth, subprojects
-        project.children.each do |project|
+        project.children.visible.each do |project|
          subproject_rendering = render_project(project, options)
          output << subproject_rendering if options[:format] == :html
        end

--- a/test/functional/gantts_controller_test.rb
+++ b/test/functional/gantts_controller_test.rb
@@ -49,6 +49,18 @@ class GanttsControllerTest < ActionController::TestCase
      assert_nil assigns(:gantt).project
    end
+    should "not disclose private projects" do
+      get :show
+      assert_response :success
+      assert_template 'show.html.erb'
+      assert_tag 'a', :content => /eCookbook/
+      # Root private project
+      assert_no_tag 'a', {:content => /OnlineStore/}
+      # Private children of a public project
+      assert_no_tag 'a', :content => /Private child of eCookbook/
+    end
    should "export to pdf" do
      get :show, :project_id => 1, :format => 'pdf'
      assert_response :success