Download as
Browse Code »

Commit 2c72cbbf188bd4a79792a94c4788cc06c0322ce2

Authored by Arthur Esposte
Committed by Rodrigo Souto
1 parent 088735b3
Exists in master and in 22 other branches angular_poc, api-article-archived, article-readonly, backup-7-jan-2016, captcha_serpro_plugin, content-manager-hostspot, export-comment-paragraph, fix_event_date_issue, login-captcha, master_rails3, new_video_plugin, pg_search_rank, production, refactor_with_role, refactor_with_role_scope, remove_profile_cat_icons, resend_confirmation_email, staging, staging_rails3, tasks_keep_filter_params, theme-brasil-digital-from-staging, travis

Handle access denied to not logged user properly

Showing 2 changed files with 2 additions and 2 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @2c72cbb
... ... @@ -127,7 +127,7 @@ class ContentViewerController < ApplicationController
127 127 end
128 128  
129 129 unless @page.display_to?(user)
130   - if !profile.visible? || profile.secret? || (user && user.follows?(profile))
  130 + if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank?
131 131 render_access_denied
132 132 else #!profile.public?
133 133 private_profile_partial_parameters
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @2c72cbb
... ... @@ -262,7 +262,7 @@ class ContentViewerControllerTest < ActionController::TestCase
262 262  
263 263 get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
264 264  
265   - assert_template "profile/_private_profile"
  265 + assert_template "shared/access_denied"
266 266 end
267 267  
268 268 should 'not give access to private articles if logged in but not member' do
... ...