Download as
Browse Code »

Commit 226e4e287669e2245d3a3fcd552f7460dcd495cc

Authored by Moises Machado
Committed by Antonio Terceiro
1 parent 7e5e9579
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

ActionItem905: avoid ssl in public articles

Showing 2 changed files with 11 additions and 0 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @226e4e2
... ... @@ -44,6 +44,10 @@ class ContentViewerController < ApplicationController
44 44 return if redirect_to_ssl
45 45 end
46 46  
  47 + if @page.public?
  48 + return unless avoid_ssl
  49 + end
  50 +
47 51 if !@page.display_to?(user)
48 52 # FIXME find a nice "access denied" layout
49 53 render :action => 'access_denied', :status => 403, :layout => false
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @226e4e2
... ... @@ -460,6 +460,13 @@ class ContentViewerControllerTest < Test::Unit::TestCase
460 460 assert_redirected_to :protocol => 'https://', :profile => 'testinguser', :page => [ 'myarticle' ]
461 461 end
462 462  
  463 + should 'avoid SSL for viewing public articles' do
  464 + @request.expects(:ssl?).returns(true).at_least_once
  465 + page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :public_article => true)
  466 + get :view_page, :profile => 'testinguser', :page => [ 'myarticle' ]
  467 + assert_redirected_to :protocol => 'http://', :profile => 'testinguser', :page => [ 'myarticle' ]
  468 + end
  469 +
463 470 should 'not redirect to SSL if already on SSL' do
464 471 @request.expects(:ssl?).returns(true).at_least_once
465 472 page = profile.articles.create!(:name => 'myarticle', :body => 'top secret', :public_article => false)
... ...