[Delivers #102256768] client slug authz #618
Changes from all commits
576db96
714e58a
b8bb4b4
6654395
3da90d1
cdc3c08
ade1f7a
540c231
ab416eb
99c18cf
6a04ff0
4facebd
d467010
6f05e73
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,8 @@ | ||
%h1 | ||
Authentication Error | ||
%h4 | ||
- if flash[:notice] | ||
= flash[:notice] | ||
- else | ||
We were unable to authorize your request. Please check with the administrator. | ||
=# TODO: Update with support email | ||
%div.inset | ||
%h1 | ||
Authentication Error | ||
%h4 | ||
- if flash[:notice] | ||
= flash[:notice] | ||
- else | ||
We were unable to authorize your request. Please check with the administrator. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
%div.inset | ||
%h1 | ||
Authorization error | ||
%h4 | ||
You do not have access to this page | ||
- if flash[:notice] | ||
= flash[:notice] |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,7 +25,7 @@ | |
# Debug mode disables concatenation and preprocessing of assets. | ||
# This option may cause significant delays in view rendering with a large | ||
# number of complex assets. | ||
config.assets.debug = true | ||
config.assets.debug = ENV['ASSETS_DEBUG'] ? true : false | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nice. Add this to the setup docs? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @pkarman Curious about the motivation for this...in my experience, it's preferable to have the files served separately in development mode. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Mostly I was trying to cut down on the noise in my terminal when I was trying to debug something. All the static assets being served were logging a success response and so it seemed less optimal to see them on every request. |
||
|
||
# Use letter opener to avoid sending real emails. The "web" version makes | ||
# the emails visible at /letter_opener | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
namespace :check do | ||
desc "Report all non-admin Users with a null client_slug" | ||
task client_slug: :environment do | ||
User.where(client_slug: nil).each do |user| | ||
next if user.admin? | ||
puts "missing: #{user.id} #{user.email_address}" | ||
end | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
describe "client_slug confers authz rules" do | ||
it "rejects requests for user with no client_slug" do | ||
user = FactoryGirl.create(:user) | ||
login_as(user) | ||
visit '/ncr/work_orders/new' | ||
expect(page.status_code).to eq(403) | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still new to this area, so please forgive what may be a stupid question:
When would this be false? And do we have a test for that situation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be false in the following cases, most (but not all) of which have tests.
The user does not have a 'admin' role and one of the following is true:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be easy to add the missing tests for those cases?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But of course! added in 6f05e73
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay, thanks!