When a user tries to view a project's meta config, the rails
application actually recreates the XML from the database contents
using the project model.

It does this with the user id set in its context and applies normal
ACL rules.

This means that any data relating to a project the user does not have
at least read access to is missing from the model's internal data
structures, so <path…> elements that refer to unreadable projects
result in a method call on nil and a 500 error in the web UI.

This patch ameliorates that by checking that the relevant object
actually exists in the model before calling an accessor method on it,
and substituting 'HIDDEN' for the project's name if it does not.

This does mean that the user SHOULD NOT try and save said meta config
but that restriction is not enforced here.