From 92a4828f72f8db2aa558bc3810b3a08be59c0a01 Mon Sep 17 00:00:00 2001 From: Chris Hunt Date: Tue, 4 Jun 2013 15:32:36 -0700 Subject: [PATCH] Redirect all controllers to login if required We want to skip the filter for sessions controller so that we can login and we want to skip the filter for static pages because those should be visible to visitors. --- app/controllers/application_controller.rb | 5 +++++ app/controllers/session_controller.rb | 1 + app/controllers/static_controller.rb | 2 +- spec/controllers/topics_controller_spec.rb | 19 +++++++++++++++++++ 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 34180883f59..a07f90da0d2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base before_filter :preload_json before_filter :check_xhr before_filter :set_locale + before_filter :redirect_to_login_if_required rescue_from Exception do |exception| unless [ ActiveRecord::RecordNotFound, ActionController::RoutingError, @@ -280,6 +281,10 @@ class ApplicationController < ActionController::Base raise Discourse::NotLoggedIn.new unless current_user.present? end + def redirect_to_login_if_required + redirect_to :login if SiteSetting.login_required? && !current_user + end + def render_not_found_page(status=404) f = Topic.where(deleted_at: nil, archetype: "regular") @latest = f.order('views desc').take(10) diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index a7c6f66e8ac..734b2cc169d 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -4,6 +4,7 @@ class SessionController < ApplicationController # page is going to be empty, this means that server will see an invalid CSRF and blow the session # once that happens you can't log in with social skip_before_filter :verify_authenticity_token, only: [:create] + skip_before_filter :redirect_to_login_if_required def create requires_parameter(:login, :password) diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb index 834ee57c305..e2341e760a1 100644 --- a/app/controllers/static_controller.rb +++ b/app/controllers/static_controller.rb @@ -1,6 +1,6 @@ class StaticController < ApplicationController - skip_before_filter :check_xhr + skip_before_filter :check_xhr, :redirect_to_login_if_required def show diff --git a/spec/controllers/topics_controller_spec.rb b/spec/controllers/topics_controller_spec.rb index fe600a116df..fe0ea2d0f86 100644 --- a/spec/controllers/topics_controller_spec.rb +++ b/spec/controllers/topics_controller_spec.rb @@ -435,6 +435,25 @@ describe TopicsController do end + context "when 'login required' site setting has been enabled" do + before { SiteSetting.stubs(:login_required?).returns(true) } + + context 'and the user is logged in' do + before { log_in(:coding_horror) } + + it 'shows the topic' do + get :show, topic_id: topic.id, slug: topic.slug + expect(response).to be_successful + end + end + + context 'and the user is not logged in' do + it 'redirects to the login page' do + get :show, topic_id: topic.id, slug: topic.slug + expect(response).to redirect_to login_path + end + end + end end describe '#feed' do