FIX: Return 404 if API access is invalid.

2017-08-10 18:27:01 +09:00 · 2017-08-10 18:27:01 +09:00 · f7d3702454
parent b84e87dedd
commit f7d3702454
2 changed files with 11 additions and 0 deletions
--- a/lib/staff_constraint.rb
+++ b/lib/staff_constraint.rb
@ -5,6 +5,8 @@ class StaffConstraint
  def matches?(request)
    provider = Discourse.current_user_provider.new(request.env)
    provider.current_user && provider.current_user.staff?
+  rescue Discourse::InvalidAccess
+    false
  end

 end
--- a/spec/integration/admin/admin_controller_spec.rb
+++ b/spec/integration/admin/admin_controller_spec.rb
@ -0,0 +1,9 @@
+require 'rails_helper'
+
+RSpec.describe "Admin::AdminController" do
+  it "should return the right response if user isn't a staff" do
+    expect do
+      get "/admin", api_key: 'asdiasiduga'
+    end.to raise_error(ActionController::RoutingError)
+  end
+end