Download as
Browse Code »

Commit 2c72cbbf188bd4a79792a94c4788cc06c0322ce2

Authored by Arthur Esposte
Committed by Rodrigo Souto
1 parent 088735b3
Exists in master and in 22 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, temp_ratings

Handle access denied to not logged user properly

Showing 2 changed files with 2 additions and 2 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @2c72cbb
... ... @@ -127,7 +127,7 @@ class ContentViewerController < ApplicationController
127 127 end
128 128  
129 129 unless @page.display_to?(user)
130   - if !profile.visible? || profile.secret? || (user && user.follows?(profile))
  130 + if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank?
131 131 render_access_denied
132 132 else #!profile.public?
133 133 private_profile_partial_parameters
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @2c72cbb
... ... @@ -262,7 +262,7 @@ class ContentViewerControllerTest < ActionController::TestCase
262 262  
263 263 get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
264 264  
265   - assert_template "profile/_private_profile"
  265 + assert_template "shared/access_denied"
266 266 end
267 267  
268 268 should 'not give access to private articles if logged in but not member' do
... ...