security: when login is required don't return the site node in the preload store

2013-10-15 09:50:30 +11:00 · 2013-10-15 09:50:30 +11:00 · cf08d2c751
parent 634e764707
commit cf08d2c751
1 changed files with 5 additions and 0 deletions
--- a/app/models/site.rb
+++ b/app/models/site.rb
@ -55,6 +55,11 @@ class Site
  end

  def self.cached_json(guardian)
+
+    if guardian.anonymous? && SiteSetting.login_required
+      return {}.to_json
+    end
+
    # Sam: bumping this way down, SiteSerializer will serialize post actions as well,
    #   On my local this was not being flushed as post actions types changed, it turn this
    #   broke local.