@@ -94,11 +94,15 @@ class AdmController < ApplicationController end def authorized? - current_user.admin? + logged_in? && current_user.admin? end def access_denied - # XXX: Should probably find a good place for this document. - render :template => 'report/access_denied' + if logged_in? + # XXX: Should probably find a good place for this document. + render :template => 'report/access_denied' + else + redirect_to login_path + end end end app/controllers/adm_controller.rb @@ -56,6 +56,12 @@ class AdmControllerTest < Test::Unit::TestCase assert User.authenticate('quentin', 'test'), 'Password changed!' end + def test_reset_not_logged_in + post :reset_password, :user => 'quentin' + assert_redirected_to login_path + assert User.authenticate('quentin', 'test'), 'Password changed!' + end + def test_rjs_delete login_as :quentin assert_difference 'MoneyTransaction.count', -1 do test/functional/adm_controller_test.rb f9d995f39b80f4c8023e12f29f9f1c461d81e16b Dustin Sallings dustin@spy.net http://github.com/dustin/money/commit/c2b201d3b18eb7354faec1f57b8309ab2994b058 c2b201d3b18eb7354faec1f57b8309ab2994b058 2008-05-26T18:52:27-07:00 2008-05-26T18:52:27-07:00 Don't error on unauthenticated admin page views, either. 5bbab08a36b6466bb1804aa7276314766da68a41 Dustin Sallings dustin@spy.net