Redirect all controllers to login if required

We want to skip the filter for sessions controller so that we can login and we want to skip the filter for static pages because those should be visible to visitors.
2025-03-23 17:35:43 +08:00 · 2013-06-04 15:32:36 -07:00 · 2013-06-04 15:32:36 -07:00 · 92a4828f72
commit 92a4828f72
parent 85ceb5efa7
4 changed files with 26 additions and 1 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base
  before_filter :preload_json
  before_filter :check_xhr
  before_filter :set_locale
+  before_filter :redirect_to_login_if_required

  rescue_from Exception do |exception|
    unless [ ActiveRecord::RecordNotFound, ActionController::RoutingError,
@ -280,6 +281,10 @@ class ApplicationController < ActionController::Base
      raise Discourse::NotLoggedIn.new unless current_user.present?
    end

+    def redirect_to_login_if_required
+      redirect_to :login if SiteSetting.login_required? && !current_user
+    end
+
    def render_not_found_page(status=404)
      f = Topic.where(deleted_at: nil, archetype: "regular")
      @latest = f.order('views desc').take(10)
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -4,6 +4,7 @@ class SessionController < ApplicationController
  #  page is going to be empty, this means that server will see an invalid CSRF and blow the session
  #  once that happens you can't log in with social
  skip_before_filter :verify_authenticity_token, only: [:create]
+  skip_before_filter :redirect_to_login_if_required

  def create
    requires_parameter(:login, :password)
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@ -1,6 +1,6 @@
 class StaticController < ApplicationController

-  skip_before_filter :check_xhr
+  skip_before_filter :check_xhr, :redirect_to_login_if_required

  def show

--- a/spec/controllers/topics_controller_spec.rb
+++ b/spec/controllers/topics_controller_spec.rb
@ -435,6 +435,25 @@ describe TopicsController do

    end

+    context "when 'login required' site setting has been enabled" do
+      before { SiteSetting.stubs(:login_required?).returns(true) }
+
+      context 'and the user is logged in' do
+        before { log_in(:coding_horror) }
+
+        it 'shows the topic' do
+          get :show, topic_id: topic.id, slug: topic.slug
+          expect(response).to be_successful
+        end
+      end
+
+      context 'and the user is not logged in' do
+        it 'redirects to the login page' do
+          get :show, topic_id: topic.id, slug: topic.slug
+          expect(response).to redirect_to login_path
+        end
+      end
+    end
  end

  describe '#feed' do