From 2c72cbbf188bd4a79792a94c4788cc06c0322ce2 Mon Sep 17 00:00:00 2001
From: Arthur Del Esposte <arthurmde@gmail.com>
Date: Tue, 9 Jun 2015 13:04:22 +0000
Subject: [PATCH] Handle access denied to not logged user properly

---
 app/controllers/public/content_viewer_controller.rb | 2 +-
 test/functional/content_viewer_controller_test.rb   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb
index a1463b0..fe9443a 100644
--- a/app/controllers/public/content_viewer_controller.rb
+++ b/app/controllers/public/content_viewer_controller.rb
@@ -127,7 +127,7 @@ class ContentViewerController < ApplicationController
     end
 
     unless @page.display_to?(user)
-      if !profile.visible? || profile.secret? || (user && user.follows?(profile))
+      if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank?
         render_access_denied
       else #!profile.public?
         private_profile_partial_parameters
diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb
index 6a449e0..dbeaf6c 100644
--- a/test/functional/content_viewer_controller_test.rb
+++ b/test/functional/content_viewer_controller_test.rb
@@ -262,7 +262,7 @@ class ContentViewerControllerTest < ActionController::TestCase
 
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
 
-    assert_template "profile/_private_profile"
+    assert_template "shared/access_denied"
   end
 
   should 'not give access to private articles if logged in but not member' do
--
libgit2 0.21.2