Commit c2b201d3b18eb7354faec1f57b8309ab2994b058 to dustin's money

c2b201d
all branches
- master
all tags
- moved-to-ruby
- 2.2
- 2.1
- 2.0
comments

dustin / money

Description:	My money tracking app. There are many like it, but this one is mine.
Clone URL:	git://github.com/dustin/money.git Give this clone URL to anyone. `git clone git://github.com/dustin/money.git`
Search Repo:

Don't error on unauthenticated admin page views, either.

dustin (author)

Mon May 26 18:52:27 -0700 2008

commit c2b201d3b18eb7354faec1f57b8309ab2994b058
tree 5bbab08a36b6466bb1804aa7276314766da68a41
parent f9d995f39b80f4c8023e12f29f9f1c461d81e16b

app/controllers/adm_controller.rb
test/functional/adm_controller_test.rb

app/controllers/adm_controller.rb

0
@@ -94,11 +94,15 @@ class AdmController < ApplicationController
0
   end
0
 
0
   def authorized?
0
-    current_user.admin?
0
+    logged_in? && current_user.admin?
0
   end
0
 
0
   def access_denied
0
-    # XXX:  Should probably find a good place for this document.
0
-    render :template => 'report/access_denied'
0
+    if logged_in?
0
+      # XXX:  Should probably find a good place for this document.
0
+      render :template => 'report/access_denied'
0
+    else
0
+      redirect_to login_path
0
+    end
0
   end
0
 end

test/functional/adm_controller_test.rb

0
@@ -56,6 +56,12 @@ class AdmControllerTest < Test::Unit::TestCase
0
     assert User.authenticate('quentin', 'test'), 'Password changed!'
0
   end
0
 
0
+  def test_reset_not_logged_in
0
+    post :reset_password, :user => 'quentin'
0
+    assert_redirected_to login_path
0
+    assert User.authenticate('quentin', 'test'), 'Password changed!'
0
+  end
0
+
0
   def test_rjs_delete
0
     login_as :quentin
0
     assert_difference 'MoneyTransaction.count', -1 do

Comments

No one has commented yet.