Commit d005f12011a1bdff20234b8eabf432a984e681e7
1 parent
243a2726
Exists in
master
and in
29 other branches
Avoid crash with users who are not logged in
(ActionItem2345)
Showing
2 changed files
with
7 additions
and
1 deletions
Show diff stats
app/models/article.rb
... | ... | @@ -417,7 +417,7 @@ class Article < ActiveRecord::Base |
417 | 417 | end |
418 | 418 | |
419 | 419 | def allow_edit?(user) |
420 | - allow_post_content?(user) || allow_members_to_edit && user.is_member_of?(profile) | |
420 | + allow_post_content?(user) || user && allow_members_to_edit && user.is_member_of?(profile) | |
421 | 421 | end |
422 | 422 | |
423 | 423 | def comments_updated | ... | ... |
test/unit/article_test.rb
... | ... | @@ -1665,4 +1665,10 @@ class ArticleTest < ActiveSupport::TestCase |
1665 | 1665 | assert_equal true, a.allow_edit?(member) |
1666 | 1666 | end |
1667 | 1667 | |
1668 | + should 'not crash on allow_edit without a current user' do | |
1669 | + a = build(Article) | |
1670 | + a.allow_members_to_edit = true | |
1671 | + assert !a.allow_edit?(nil) | |
1672 | + end | |
1673 | + | |
1668 | 1674 | end | ... | ... |