Commit e220e271 authored by Vivek Das Mohapatra's avatar Vivek Das Mohapatra

Suppress a 500 error in the web-UI for project meta config

When a user tries to view a project's meta config, the rails
application actually recreates the XML from the database contents
using the project model.

It does this with the user id set in its context and applies normal
ACL rules.

This means that any data relating to a project the user does not have
at least read access to is missing from the model's internal data
structures, so <path…> elements that refer to unreadable projects
result in a method call on nil and a 500 error in the web UI.

This patch ameliorates that by checking that the relevant object
actually exists in the model before calling an accessor method on it,
and substituting 'HIDDEN' for the project's name if it does not.

This does mean that the user SHOULD NOT try and save said meta config
but that restriction is not enforced here.
parent 66b22bfc
......@@ -62,10 +62,13 @@ xml.project(project_attributes) do
repo.path_elements.includes(:link).each do |pe|
if pe.link.remote_project_name
project_name = pe.link.project.name+":"+pe.link.remote_project_name
else
xml_repository.path(:project => project_name, :repository => pe.link.name)
elsif pe.link.project
project_name = pe.link.project.name
xml_repository.path(:project => project_name, :repository => pe.link.name)
else
xml_repository.path(:project => "HIDDEN", :repository => pe.link.name)
end
xml_repository.path(:project => project_name, :repository => pe.link.name)
end
repo.repository_architectures.joins(:architecture).pluck("architectures.name").each do |arch|
xml_repository.arch arch
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment