FIX: do not show faq/guidelines page to anonymous users for private forums

2017-03-08 16:00:49 +05:30 · 2017-03-08 16:00:49 +05:30 · 801b5838e1
parent cf8bc4483f
commit 801b5838e1
3 changed files with 39 additions and 6 deletions
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@ -10,6 +10,7 @@ class StaticController < ApplicationController

  def show
    return redirect_to(path '/') if current_user && (params[:id] == 'login' || params[:id] == 'signup')
+    return redirect_to path('/login') if SiteSetting.login_required? && current_user.nil? && (params[:id] == 'faq' || params[:id] == 'guidelines')

    map = {
      "faq" => {redirect: "faq_url", topic_id: "guidelines_topic_id"},
--- a/app/views/static/show.html.erb
+++ b/app/views/static/show.html.erb
@ -3,12 +3,12 @@
  <ul class='nav-pills' role='navigation' itemscope itemtype='http://schema.org/SiteNavigationElement'>
    <% unless SiteSetting.login_required? && current_user.nil? %>
      <li class="nav-item-about"><%= link_to t('about'), '/about' %></a></li>
-    <% end %>
-    <% if @faq_overriden %>
-      <li class='nav-item-guidelines'><a class='<%= @page == 'faq' ? 'active' : '' %>' href='<%= guidelines_path %>'><%= t 'guidelines' %></a></li>
-      <li class='nav-item-faq'><a href='<%= faq_path %>'><%= t 'js.faq' %></a></li>
-    <% else %>
-      <li class='nav-item-faq'><a class='<%= @page == 'faq' ? 'active' : '' %>' href='<%=faq_path%>'><%= t 'js.faq' %></a></li>
+      <% if @faq_overriden %>
+        <li class='nav-item-guidelines'><a class='<%= @page == 'faq' ? 'active' : '' %>' href='<%= guidelines_path %>'><%= t 'guidelines' %></a></li>
+        <li class='nav-item-faq'><a href='<%= faq_path %>'><%= t 'js.faq' %></a></li>
+      <% else %>
+        <li class='nav-item-faq'><a class='<%= @page == 'faq' ? 'active' : '' %>' href='<%=faq_path%>'><%= t 'js.faq' %></a></li>
+      <% end %>
    <% end %>
    <li class='nav-item-tos'><a href='<%= tos_path %>' class='<%= @page == 'tos' ? 'active' : '' %>'><%= t 'terms_of_service.title' %></a></li>
    <li class='nav-item-privacy'><a href='<%= privacy_path %>' class='<%= @page == 'privacy' ? 'active' : '' %>'><%= t 'privacy' %></a></li>
--- a/spec/controllers/static_controller_spec.rb
+++ b/spec/controllers/static_controller_spec.rb
@ -94,6 +94,38 @@ describe StaticController do
      xhr :get, :show, id: 'login'
      expect(response).to be_success
    end
+
+    context "when login_required is enabled" do
+      before do
+        SiteSetting.login_required = true
+      end
+
+      it 'faq page redirects to login page for anon' do
+        xhr :get, :show, id: 'faq'
+        expect(response).to redirect_to '/login'
+      end
+
+      it 'guidelines page redirects to login page for anon' do
+        xhr :get, :show, id: 'guidelines'
+        expect(response).to redirect_to '/login'
+      end
+
+      it 'faq page loads for logged in user' do
+        log_in
+        xhr :get, :show, id: 'faq'
+        expect(response).to be_success
+        expect(response).to render_template('static/show')
+        expect(assigns(:page)).to eq('faq')
+      end
+
+      it 'guidelines page loads for logged in user' do
+        log_in
+        xhr :get, :show, id: 'guidelines'
+        expect(response).to be_success
+        expect(response).to render_template('static/show')
+        expect(assigns(:page)).to eq('faq')
+      end
+    end
  end

  describe '#enter' do