Download as
Browse Code »

Commit ea121f37f2ce66c963f8e005440e513bce48a86d

Authored by Rodrigo Souto
1 parent 5a1eee95
Exists in master and in 14 other branches add_member_task_reject_details, admin_visible_profile, community_notifications, fix_rails4_organization_ratings, fix_sign_up_form, forum_topic_creation, new_security, organization_ratings_improvements, profile_api_improvements, ratings_minor_fixes, send_email_to_admins, stable-spb-1.4, stable-spb-1.5, web_steps_improvements

profile-roles: answer not found when accessing person profile

Showing 2 changed files with 13 additions and 0 deletions   Show diff stats
app/controllers/my_profile/profile_roles_controller.rb
  Diff comments   View file @ea121f3
1 1 class ProfileRolesController < MyProfileController
2 2  
3 3 protect 'manage_custom_roles', :profile
  4 + before_filter :ensure_organization
4 5  
5 6 def index
6 7 @roles = profile.custom_roles
... ... @@ -113,4 +114,8 @@ class ProfileRolesController &lt; MyProfileController
113 114 end
114 115 end
115 116  
  117 + def ensure_organization
  118 + render_not_found unless profile.organization?
  119 + end
  120 +
116 121 end
... ...
test/functional/profile_roles_controller_test.rb
  Diff comments   View file @ea121f3
... ... @@ -103,4 +103,12 @@ class ProfileRolesControllerTest &lt; ActionController::TestCase
103 103 assert_not_includes community.members_by_role(role), moderator
104 104 assert_not_includes community.members_by_role(moderator_role), moderator
105 105 end
  106 +
  107 + should 'avoid access with person profile' do
  108 + person = create_user('sample_user').person
  109 + login_as person.identifier
  110 + get :index , :profile => person.identifier
  111 +
  112 + assert_response 404
  113 + end
106 114 end
... ...