Handle access denied to not logged user properly

Arthur Esposte
1 parent 97e657da
Showing 2 changed files with 2 additions and 2 deletions Show diff stats
app/controllers/public/content_viewer_controller.rb
test/functional/content_viewer_controller_test.rb
@@ -127,7 +127,7 @@ class ContentViewerController &lt; ApplicationController
     end
  
     unless @page.display_to?(user)
-      if !profile.visible? || profile.secret? || (user && user.follows?(profile))
+      if !profile.visible? || profile.secret? || (user && user.follows?(profile)) || user.blank?
         render_access_denied
       else #!profile.public?
         private_profile_partial_parameters
@@ -262,7 +262,7 @@ class ContentViewerControllerTest &lt; ActionController::TestCase
  
     get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
  
-    assert_template "profile/_private_profile"
+    assert_template "shared/access_denied"
   end
  
   should 'not give access to private articles if logged in but not member' do
...	...	@@ -127,7 +127,7 @@ class ContentViewerController < ApplicationController
127	127	end
128	128
129	129	unless @page.display_to?(user)
130		- if !profile.visible? \|\| profile.secret? \|\| (user && user.follows?(profile))
	130	+ if !profile.visible? \|\| profile.secret? \|\| (user && user.follows?(profile)) \|\| user.blank?
131	131	render_access_denied
132	132	else #!profile.public?
133	133	private_profile_partial_parameters
...	...
...	...	@@ -262,7 +262,7 @@ class ContentViewerControllerTest < ActionController::TestCase
262	262
263	263	get :view_page, :profile => 'test_profile', :page => [ 'my-intranet' ]
264	264
265		- assert_template "profile/_private_profile"
	265	+ assert_template "shared/access_denied"
266	266	end
267	267
268	268	should 'not give access to private articles if logged in but not member' do
...	...