From ea121f37f2ce66c963f8e005440e513bce48a86d Mon Sep 17 00:00:00 2001
From: Rodrigo Souto <rodrigo@colivre.coop.br>
Date: Tue, 16 Feb 2016 10:10:42 -0300
Subject: [PATCH] profile-roles: answer not found when accessing person profile

---
 app/controllers/my_profile/profile_roles_controller.rb | 5 +++++
 test/functional/profile_roles_controller_test.rb       | 8 ++++++++
 2 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/app/controllers/my_profile/profile_roles_controller.rb b/app/controllers/my_profile/profile_roles_controller.rb
index 3063bce..bfc8315 100644
--- a/app/controllers/my_profile/profile_roles_controller.rb
+++ b/app/controllers/my_profile/profile_roles_controller.rb
@@ -1,6 +1,7 @@
 class ProfileRolesController < MyProfileController
 
   protect 'manage_custom_roles', :profile
+  before_filter :ensure_organization
 
   def index
     @roles = profile.custom_roles
@@ -113,4 +114,8 @@ class ProfileRolesController < MyProfileController
     end
   end
 
+  def ensure_organization
+    render_not_found unless profile.organization?
+  end
+
 end
diff --git a/test/functional/profile_roles_controller_test.rb b/test/functional/profile_roles_controller_test.rb
index 796ea77..deb6370 100644
--- a/test/functional/profile_roles_controller_test.rb
+++ b/test/functional/profile_roles_controller_test.rb
@@ -103,4 +103,12 @@ class ProfileRolesControllerTest < ActionController::TestCase
     assert_not_includes community.members_by_role(role), moderator
     assert_not_includes community.members_by_role(moderator_role), moderator
   end
+
+  should 'avoid access with person profile' do
+    person = create_user('sample_user').person
+    login_as person.identifier
+    get :index , :profile => person.identifier
+
+    assert_response 404
+  end
 end
--
libgit2 0.21.2