Download as
Browse Code »

Commit 89b2559c511936a51e0c97a692b7d316d1f11a91

Authored by Antonio Terceiro
2 parents e51ebfd7 48f51755
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Merge branch 'private-environment' into 'master' 

Fixes pages that appear public even when environment is private

This fixes a bug in which some pages (eg. a profile page) were visible to unlogged users even if the environment has enabled "show content only to members". See commit message for explanation of what was done and why. Closes issue #124

See merge request !679
Showing 4 changed files with 23 additions and 2 deletions   Show diff stats
app/controllers/application_controller.rb
  Diff comments   View file @89b2559
@@ -9,11 +9,15 @@ class ApplicationController < ActionController::Base @@ -9,11 +9,15 @@ class ApplicationController < ActionController::Base
9 before_filter :allow_cross_domain_access 9 before_filter :allow_cross_domain_access
10 10
11 before_filter :login_from_cookie 11 before_filter :login_from_cookie
12 - before_filter :login_required, :if => :private_environment? 12 + before_filter :require_login_for_environment, :if => :private_environment?
13 13
14 before_filter :verify_members_whitelist, :if => [:private_environment?, :user] 14 before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
15 before_filter :redirect_to_current_user 15 before_filter :redirect_to_current_user
16 16
  17 + def require_login_for_environment
  18 + login_required
  19 + end
  20 +
17 def verify_members_whitelist 21 def verify_members_whitelist
18 render_access_denied unless user.is_admin? || environment.in_whitelist?(user) 22 render_access_denied unless user.is_admin? || environment.in_whitelist?(user)
19 end 23 end
app/controllers/public/account_controller.rb
  Diff comments   View file @89b2559
@@ -2,7 +2,7 @@ class AccountController < ApplicationController @@ -2,7 +2,7 @@ class AccountController < ApplicationController
2 2
3 no_design_blocks 3 no_design_blocks
4 4
5 - before_filter :login_required, :only => [:activation_question, :accept_terms, :activate_enterprise, :change_password] 5 + before_filter :login_required, :require_login_for_environment, :only => [:activation_question, :accept_terms, :activate_enterprise, :change_password]
6 before_filter :redirect_if_logged_in, :only => [:login, :signup] 6 before_filter :redirect_if_logged_in, :only => [:login, :signup]
7 before_filter :protect_from_bots, :only => :signup 7 before_filter :protect_from_bots, :only => :signup
8 8
test/functional/account_controller_test.rb
  Diff comments   View file @89b2559
@@ -1046,4 +1046,15 @@ class AccountControllerTest < ActionController::TestCase @@ -1046,4 +1046,15 @@ class AccountControllerTest < ActionController::TestCase
1046 :national_region_type_id => NationalRegionType::CITY, 1046 :national_region_type_id => NationalRegionType::CITY,
1047 :parent_national_region_code => parent_region.national_region_code) 1047 :parent_national_region_code => parent_region.national_region_code)
1048 end 1048 end
  1049 +
  1050 + should 'not lock users out of login if environment is restrict to members' do
  1051 + Environment.default.enable(:restrict_to_members)
  1052 + get :login
  1053 + assert_response :success
  1054 +
  1055 + post :login, :user => {:login => 'johndoe', :password => 'test'}
  1056 + assert session[:user]
  1057 + assert_response :redirect
  1058 + end
  1059 +
1049 end 1060 end
test/functional/profile_controller_test.rb
  Diff comments   View file @89b2559
@@ -1812,4 +1812,10 @@ class ProfileControllerTest < ActionController::TestCase @@ -1812,4 +1812,10 @@ class ProfileControllerTest < ActionController::TestCase
1812 assert @response.body.index("another_user") > @response.body.index("different_user") 1812 assert @response.body.index("another_user") > @response.body.index("different_user")
1813 end 1813 end
1814 1814
  1815 + should 'redirect to login if environment is restrict to members' do
  1816 + Environment.default.enable(:restrict_to_members)
  1817 + get :index
  1818 + assert_redirected_to :controller => 'account', :action => 'login'
  1819 + end
  1820 +
1815 end 1821 end