From e5934e0a3a43fe2aacda39740117f0606ea82235 Mon Sep 17 00:00:00 2001
From: Loic d'Anterroches <titoo@users.sourceforge.net>
Date: Thu, 8 Oct 2009 13:27:15 +0200
Subject: [PATCH] Fixed issue 167, timeline feed URL should only include auth
 token for private projects.

---
 src/IDF/Project.php       | 41 +++++++++++++++++++++++++++++++++++++++
 src/IDF/Views/Project.php |  2 +-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/src/IDF/Project.php b/src/IDF/Project.php
index f30814b..d9895db 100644
--- a/src/IDF/Project.php
+++ b/src/IDF/Project.php
@@ -32,6 +32,14 @@ class IDF_Project extends Pluf_Model
     public $_model = __CLASS__;
     public $_extra_cache = array();
     protected $_pconf = null;
+    /**
+     * Check if the project as one restricted tab.
+     *
+     * This is the cached information.
+     *
+     * @see self::isRestricted
+     */
+    protected $_isRestricted = null; 
 
     function init()
     {
@@ -617,4 +625,37 @@ class IDF_Project extends Pluf_Model
             }
         }
     }
+
+    /**
+     * Check if the project has one restricted tab.
+     *
+     * @return bool
+     */
+    public function isRestricted()
+    {
+        if ($this->_isRestricted !== null) {
+            return $this->_isRestricted;
+        }
+        if ($this->private) {
+            $this->_isRestricted = true;
+            return true;
+        }
+        $tabs = array(
+                      'source_access_rights',
+                      'issues_access_rights',
+                      'downloads_access_rights',
+                      'wiki_access_rights',
+                      'review_access_rights'
+                      );
+        $conf = $this->getConf();
+        foreach ($tabs as $tab) {
+            if (!in_array($conf->getVal($tab, 'all'), 
+                          array('all', 'none'))) {
+                $this->_isRestricted = true;
+                return true;
+            }
+        }
+        $this->_isRestricted = false;
+        return false;
+    }
 }
diff --git a/src/IDF/Views/Project.php b/src/IDF/Views/Project.php
index 60710d5..fb4ee08 100644
--- a/src/IDF/Views/Project.php
+++ b/src/IDF/Views/Project.php
@@ -120,7 +120,7 @@ class IDF_Views_Project
             $tags = IDF_Views_Wiki::getWikiTags($prj);
             $pages = $tags[0]->get_idf_wikipage_list(); 
         }
-        if (!$request->user->isAnonymous()) {
+        if (!$request->user->isAnonymous() and $prj->isRestricted()) {
             $feedurl = Pluf_HTTP_URL_urlForView('idf_project_timeline_feed_auth',
                                                 array($prj->shortname, 
                                                       IDF_Precondition::genFeedToken($prj, $request->user)));