From 2c72cbbf188bd4a79792a94c4788cc06c0322ce2 Mon Sep 17 00:00:00 2001 From: Arthur Del Esposte Date: Tue, 9 Jun 2015 13:04:22 +0000 Subject: [PATCH] Handle access denied to not logged user properly --- app/controllers/public/content_viewer_controller.rb | 2 +- test/functional/content_viewer_controller_test.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/public/content_viewer_controller.rb b/app/controllers/public/content_viewer_controller.rb index a1463b0..fe9443a 100644 --- a/app/controllers/public/content_viewer_controller.rb +++ b/app/controllers/public/content_viewer_controller.rb @@ -127,7 +127,7 @@ class ContentViewerController < ApplicationController end unless @page.display_to?(user) - if !profile.visible? || profile.secret? || (user && user.follows?(profile)) + if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank? render_access_denied else #!profile.public? private_profile_partial_parameters diff --git a/test/functional/content_viewer_controller_test.rb b/test/functional/content_viewer_controller_test.rb index 6a449e0..dbeaf6c 100644 --- a/test/functional/content_viewer_controller_test.rb +++ b/test/functional/content_viewer_controller_test.rb @@ -262,7 +262,7 @@ class ContentViewerControllerTest < ActionController::TestCase get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ] - assert_template "profile/_private_profile" + assert_template "shared/access_denied" end should 'not give access to private articles if logged in but not member' do -- libgit2 0.21.2