From 2e59751823585a8ef8729d4287239b326ab02193 Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Tue, 3 Apr 2018 13:07:32 +0200
Subject: Improve require_admin! and require_staff! filters (#7018)

Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
---
 spec/controllers/admin/base_controller_spec.rb | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'spec/controllers/admin/base_controller_spec.rb')

diff --git a/spec/controllers/admin/base_controller_spec.rb b/spec/controllers/admin/base_controller_spec.rb
index 2b60e7e92..9ac833623 100644
--- a/spec/controllers/admin/base_controller_spec.rb
+++ b/spec/controllers/admin/base_controller_spec.rb
@@ -9,18 +9,25 @@ describe Admin::BaseController, type: :controller do
     end
   end
 
-  it 'renders admin layout' do
+  it 'requires administrator or moderator' do
     routes.draw { get 'success' => 'admin/base#success' }
-    sign_in(Fabricate(:user, admin: true))
+    sign_in(Fabricate(:user, admin: false, moderator: false))
     get :success
-    expect(response).to render_template layout: 'admin'
+
+    expect(response).to have_http_status(:forbidden)
   end
 
-  it 'requires administrator' do
+  it 'renders admin layout as a moderator' do
     routes.draw { get 'success' => 'admin/base#success' }
-    sign_in(Fabricate(:user, admin: false))
+    sign_in(Fabricate(:user, moderator: true))
     get :success
+    expect(response).to render_template layout: 'admin'
+  end
 
-    expect(response).to redirect_to('/')
+  it 'renders admin layout as an admin' do
+    routes.draw { get 'success' => 'admin/base#success' }
+    sign_in(Fabricate(:user, admin: true))
+    get :success
+    expect(response).to render_template layout: 'admin'
   end
 end
-- 
cgit