diff options
| author | Emelia Smith <ThisIsMissEm@users.noreply.github.com> | 2018-04-03 13:07:32 +0200 |
|---|---|---|
| committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-04-03 13:07:32 +0200 |
| commit | 2e59751823585a8ef8729d4287239b326ab02193 (patch) | |
| tree | 0b942b9b0640e7378f5578c2a2705c0c5c136e9e /spec/controllers/admin/base_controller_spec.rb | |
| parent | 1c293086a16fce465d5bdc123809f2d28b3e2ab6 (diff) | |
Improve require_admin! and require_staff! filters (#7018)
Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
Diffstat (limited to 'spec/controllers/admin/base_controller_spec.rb')
| -rw-r--r-- | spec/controllers/admin/base_controller_spec.rb | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/spec/controllers/admin/base_controller_spec.rb b/spec/controllers/admin/base_controller_spec.rb index 2b60e7e92..9ac833623 100644 --- a/spec/controllers/admin/base_controller_spec.rb +++ b/spec/controllers/admin/base_controller_spec.rb @@ -9,18 +9,25 @@ describe Admin::BaseController, type: :controller do end end - it 'renders admin layout' do + it 'requires administrator or moderator' do routes.draw { get 'success' => 'admin/base#success' } - sign_in(Fabricate(:user, admin: true)) + sign_in(Fabricate(:user, admin: false, moderator: false)) get :success - expect(response).to render_template layout: 'admin' + + expect(response).to have_http_status(:forbidden) end - it 'requires administrator' do + it 'renders admin layout as a moderator' do routes.draw { get 'success' => 'admin/base#success' } - sign_in(Fabricate(:user, admin: false)) + sign_in(Fabricate(:user, moderator: true)) get :success + expect(response).to render_template layout: 'admin' + end - expect(response).to redirect_to('/') + it 'renders admin layout as an admin' do + routes.draw { get 'success' => 'admin/base#success' } + sign_in(Fabricate(:user, admin: true)) + get :success + expect(response).to render_template layout: 'admin' end end |