Merge branch 'stable' into develop

2015-10-11 17:30:47 +02:00 · 2015-10-11 17:30:47 +02:00 · 2aed793d19
commit 2aed793d19
parent 5d7470d94a 123e6d1dd4
4 changed files with 64 additions and 32 deletions
--- a/Changelog.md
+++ b/Changelog.md
@ -103,6 +103,7 @@ With the port to Bootstrap 3, app/views/terms/default.haml has a new structure.
 * Expose Unicorn's pid option to our configuration system [#6411](https://github.com/diaspora/diaspora/pull/6411)
 * Add stream of all public posts [#6465](https://github.com/diaspora/diaspora/pull/6465)
 * Reload stream when clicking on already active one [#6466](https://github.com/diaspora/diaspora/pull/6466)
+* Sign in user before evaluating post visibility [#6490](https://github.com/diaspora/diaspora/pull/6490)

 # 0.5.3.1

--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@ -11,9 +11,13 @@ class PostsController < ApplicationController
  respond_to :html, :mobile, :json, :xml

  rescue_from Diaspora::NonPublic do
-    @code = "not-public"
-    respond_to do |format|
-      format.all { render template: "errors/not_public", status: 404, layout: "error_page" }
+    if user_signed_in?
+      @code = "not-public"
+      respond_to do |format|
+        format.all { render template: "errors/not_public", status: 404, layout: "error_page" }
+      end
+    else
+      authenticate_user!
    end
  end

--- a/features/desktop/logged_out_browsing.feature
+++ b/features/desktop/logged_out_browsing.feature
@ -21,5 +21,6 @@ Feature: Browsing Diaspora as a logged out user
    Scenario: Visiting a non-public post
      Given "bob@bob.bob" has a non public post with text "my darkest secrets"
      When I open the show page of the "my darkest secrets" post
-      Then I should see the "post not public" message
-      And I should not see "my darkest secrets"
+      Then I should not see "my darkest secrets"
+      When I sign in as "bob@bob.bob"
+      Then I should see "my darkest secrets" within "#single-post-content"
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@ -25,36 +25,50 @@ describe PostsController, type: :controller do
    end

    context "user signed in" do
-      before do
-        sign_in :user, alice
-        expect(post_service_double).to receive(:post).and_return(@message)
+      context "given a post that the user is allowed to see" do
+        before do
+          sign_in :user, alice
+          expect(post_service_double).to receive(:post).and_return(@message)
+        end
+
+        it "succeeds" do
+          get :show, id: @message.id
+          expect(response).to be_success
+        end
+
+        it 'succeeds after removing a mention when closing the mentioned user\'s account' do
+          user = FactoryGirl.create(:user, username: "user")
+          alice.share_with(user.person, alice.aspects.first)
+          msg = alice.build_post :status_message,
+                                 text: "Mention @{User ; #{user.diaspora_handle}}", public: true, to: "all"
+          msg.save!
+          expect(msg.mentioned_people.count).to eq(1)
+          user.destroy
+          get :show, id: msg.id
+          expect(response).to be_success
+        end
+
+        it "renders the application layout on mobile" do
+          get :show, id: @message.id, format: :mobile
+          expect(response).to render_template("layouts/application")
+        end
+
+        it "succeeds on mobile with a reshare" do
+          get :show, id: FactoryGirl.create(:reshare, author: alice.person).id, format: :mobile
+          expect(response).to be_success
+        end
      end

-      it "succeeds" do
-        get :show, id: @message.id
-        expect(response).to be_success
-      end
+      context "given a post that the user is not allowed to see" do
+        before do
+          sign_in :user, alice
+          expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic)
+        end

-      it 'succeeds after removing a mention when closing the mentioned user\'s account' do
-        user = FactoryGirl.create(:user, username: "user")
-        alice.share_with(user.person, alice.aspects.first)
-        msg = alice.build_post :status_message,
-                               text: "Mention @{User ; #{user.diaspora_handle}}", public: true, to: "all"
-        msg.save!
-        expect(msg.mentioned_people.count).to eq(1)
-        user.destroy
-        get :show, id: msg.id
-        expect(response).to be_success
-      end
-
-      it "renders the application layout on mobile" do
-        get :show, id: @message.id, format: :mobile
-        expect(response).to render_template("layouts/application")
-      end
-
-      it "succeeds on mobile with a reshare" do
-        get :show, id: FactoryGirl.create(:reshare, author: alice.person).id, format: :mobile
-        expect(response).to be_success
+        it "returns a 404" do
+          get :show, id: @message.id
+          expect(response.code).to eq("404")
+        end
      end
    end

@ -81,6 +95,18 @@ describe PostsController, type: :controller do
          expect(response.body).to eq(@status.to_diaspora_xml)
        end
      end
+
+      context "given a limited post" do
+        before do
+          expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic)
+        end
+
+        it "forces the user to sign" do
+          get :show, id: @message.id
+          expect(response).to be_redirect
+          expect(response).to redirect_to new_user_session_path
+        end
+      end
    end
  end