nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'stable' into develop

Browse source
This commit is contained in:
Jonne Haß 2015-10-11 17:30:47 +02:00
commit 2aed793d19
4 changed files with 64 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Changelog.md
View file

@ -103,6 +103,7 @@ With the port to Bootstrap 3, app/views/terms/default.haml has a new structure.
* Expose Unicorn's pid option to our configuration system [#6411](https://github.com/diaspora/diaspora/pull/6411) * Expose Unicorn's pid option to our configuration system [#6411](https://github.com/diaspora/diaspora/pull/6411)
* Add stream of all public posts [#6465](https://github.com/diaspora/diaspora/pull/6465) * Add stream of all public posts [#6465](https://github.com/diaspora/diaspora/pull/6465)
* Reload stream when clicking on already active one [#6466](https://github.com/diaspora/diaspora/pull/6466) * Reload stream when clicking on already active one [#6466](https://github.com/diaspora/diaspora/pull/6466)
* Sign in user before evaluating post visibility [#6490](https://github.com/diaspora/diaspora/pull/6490)
# 0.5.3.1 # 0.5.3.1

4
app/controllers/posts_controller.rb
View file

@ -11,10 +11,14 @@ class PostsController < ApplicationController
respond_to :html, :mobile, :json, :xml respond_to :html, :mobile, :json, :xml
rescue_from Diaspora::NonPublic do rescue_from Diaspora::NonPublic do
if user_signed_in?
@code = "not-public" @code = "not-public"
respond_to do |format| respond_to do |format|
format.all { render template: "errors/not_public", status: 404, layout: "error_page" } format.all { render template: "errors/not_public", status: 404, layout: "error_page" }
end end
else
authenticate_user!
end
end end
def show def show

5
features/desktop/logged_out_browsing.feature
View file

@ -21,5 +21,6 @@ Feature: Browsing Diaspora as a logged out user
Scenario: Visiting a non-public post Scenario: Visiting a non-public post
Given "bob@bob.bob" has a non public post with text "my darkest secrets" Given "bob@bob.bob" has a non public post with text "my darkest secrets"
When I open the show page of the "my darkest secrets" post When I open the show page of the "my darkest secrets" post
Then I should see the "post not public" message Then I should not see "my darkest secrets"
And I should not see "my darkest secrets" When I sign in as "bob@bob.bob"
Then I should see "my darkest secrets" within "#single-post-content"

26
spec/controllers/posts_controller_spec.rb
View file

@ -25,6 +25,7 @@ describe PostsController, type: :controller do
end end
context "user signed in" do context "user signed in" do
context "given a post that the user is allowed to see" do
before do before do
sign_in :user, alice sign_in :user, alice
expect(post_service_double).to receive(:post).and_return(@message) expect(post_service_double).to receive(:post).and_return(@message)
@ -58,6 +59,19 @@ describe PostsController, type: :controller do
end end
end end
context "given a post that the user is not allowed to see" do
before do
sign_in :user, alice
expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic)
end
it "returns a 404" do
get :show, id: @message.id
expect(response.code).to eq("404")
end
end
end
context "user not signed in" do context "user not signed in" do
context "given a public post" do context "given a public post" do
before :each do before :each do
@ -81,6 +95,18 @@ describe PostsController, type: :controller do
expect(response.body).to eq(@status.to_diaspora_xml) expect(response.body).to eq(@status.to_diaspora_xml)
end end
end end
context "given a limited post" do
before do
expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic)
end
it "forces the user to sign" do
get :show, id: @message.id
expect(response).to be_redirect
expect(response).to redirect_to new_user_session_path
end
end
end end
end end