Skip to content
This repository
Browse code

show a "post is not public" message when visitor is not logged in

and tries to access a show page of a non-public post
  • Loading branch information...
commit 8ca39f593646c5c84c04ccd4c893e7928f6b0e1a 1 parent 09cf60f
Florian Staudacher authored June 06, 2012
24  app/assets/stylesheets/error_pages.css.scss
... ...
@@ -0,0 +1,24 @@
  1
+@import 'mixins';
  2
+
  3
+#big-number {
  4
+  font-family: Roboto-BoldCondensed, Helvetica, Arial, sans-serif;
  5
+  font-size: 250px;
  6
+  line-height: 1em;
  7
+  text-align: center;
  8
+  padding-top: 100px;
  9
+  text-shadow: 0 2px 0 #fff, 0 -1px 0 #999;
  10
+  color: #ddd;
  11
+}
  12
+.transparent {
  13
+  @include opacity(0.8);
  14
+}
  15
+#content {
  16
+  font-family: Roboto, Helvetica, Arial, sans-serif;
  17
+  text-align: center;
  18
+  text-shadow: 0 1px 0 #fff;
  19
+  font-size: 1.25em;
  20
+  line-height: 1.5em;
  21
+  color: #666;
  22
+  position: absolute;
  23
+  left: 0; right: 0;
  24
+}
9  app/controllers/posts_controller.rb
@@ -6,7 +6,7 @@
6 6
 
7 7
 class PostsController < ApplicationController
8 8
   include PostsHelper
9  
-  
  9
+
10 10
   before_filter :authenticate_user!, :except => [:show, :iframe, :oembed, :interactions]
11 11
   before_filter :set_format_if_malformed_from_status_net, :only => :show
12 12
   before_filter :find_post, :only => [:show, :next, :previous, :interactions]
@@ -18,6 +18,13 @@ class PostsController < ApplicationController
18 18
              :json,
19 19
              :xml
20 20
 
  21
+  rescue_from Diaspora::NonPublic do |exception|
  22
+    respond_to do |format|
  23
+      format.html { render :template=>'errors/not_public', :status=>404 }
  24
+      format.all { render :nothing=>true, :status=>404 }
  25
+    end
  26
+  end
  27
+
21 28
   def new
22 29
     @feature_flag = FeatureFlagger.new(current_user, current_user.person) #I should be a global before filter so @feature_flag is accessible
23 30
     redirect_to "/stream" and return unless @feature_flag.new_publisher?
5  app/models/post.rb
@@ -150,9 +150,12 @@ def self.find_by_guid_or_id_with_user(id, user=nil)
150 150
     post = if user
151 151
              user.find_visible_shareable_by_id(Post, id, :key => key)
152 152
            else
153  
-             Post.where(key => id, :public => true).includes(:author, :comments => :author).first
  153
+             Post.where(key => id).includes(:author, :comments => :author).first
154 154
            end
155 155
 
  156
+    # is that a private post?
  157
+    raise(Diaspora::NonPublic) unless user || post.public?
  158
+
156 159
     post || raise(ActiveRecord::RecordNotFound.new("could not find a post with id #{id}"))
157 160
   end
158 161
 end
14  app/views/errors/not_public.html.haml
... ...
@@ -0,0 +1,14 @@
  1
+-# Copyright (c) 2010-2012, Diaspora Inc. This file is
  2
+-# licensed under the Affero General Public License version 3 or later. See
  3
+-# the COPYRIGHT file.
  4
+
  5
+- content_for :head do
  6
+  = stylesheet_link_tag :error_pages, :media => 'all'
  7
+
  8
+#big-number.transparent
  9
+  404
  10
+
  11
+#content
  12
+  = t('error_messages.post_not_public')
  13
+  %br
  14
+  = t('error_messages.login_try_again', :login_link => new_user_session_path).html_safe
2  config/environment.rb
@@ -13,6 +13,8 @@ def sqlite?
13 13
 
14 14
 # Load the rails application
15 15
 require File.expand_path('../application', __FILE__)
  16
+require File.join(Rails.root, "lib", "exceptions")
  17
+
16 18
 Haml::Template.options[:format] = :html5
17 19
 Haml::Template.options[:escape_html] = true
18 20
 
2  config/locales/diaspora/en.yml
@@ -79,6 +79,8 @@ en:
79 79
     helper:
80 80
       invalid_fields: "Invalid Fields"
81 81
       correct_the_following_errors_and_try_again: "Correct the following errors and try again."
  82
+    post_not_public: "The post you are trying to view is not public!"
  83
+    login_try_again: "Please <a href='%{login_link}'>login</a> and try again."
82 84
 
83 85
   admins:
84 86
     admin_bar:
6  features/logged_out_browsing.feature
@@ -21,3 +21,9 @@ Feature: Browsing Diaspora as a logged out user
21 21
     Scenario: Visiting a post show page
22 22
       When I view "bob@bob.bob"'s first post
23 23
       Then I should see "public stuff" within "body"
  24
+
  25
+    Scenario: Visiting a non-public post
  26
+      Given "bob@bob.bob" has a non public post with text "my darkest secrets"
  27
+      When I open the show page of the "my darkest secrets" post
  28
+      Then I should see the "post not public" message
  29
+      And I should not see "my darkest secrets"
2  features/step_definitions/message_steps.rb
@@ -9,6 +9,8 @@
9 9
              I18n.translate('profiles.edit.you_are_safe_for_work')
10 10
            when 'you are nsfw'
11 11
              I18n.translate('profiles.edit.you_are_nsfw')
  12
+           when 'post not public'
  13
+             I18n.translate('error_messages.post_not_public')
12 14
            else
13 15
              raise "muriel, you don't have that message key, add one here"
14 16
            end
8  features/step_definitions/new_hotness/trumpeter_steps.rb
@@ -32,6 +32,10 @@ def go_to_framer
32 32
   find(".next").click()
33 33
 end
34 34
 
  35
+def go_to_post_by_text post_text
  36
+  visit post_path_by_content(post_text)
  37
+end
  38
+
35 39
 def finalize_frame
36 40
   find(".done").click()
37 41
 end
@@ -177,3 +181,7 @@ def upload_photo(file_name)
177 181
 When /^I go back to the composer$/ do
178 182
   find(".back").click()
179 183
 end
  184
+
  185
+When /^I open the show page of the "([^"]*)" post$/ do |post_text|
  186
+  go_to_post_by_text post_text
  187
+end
5  features/support/paths.rb
@@ -41,6 +41,11 @@ def path_to(page_name)
41 41
   def login_page
42 42
     path_to "the new user session page"
43 43
   end
  44
+
  45
+  def post_path_by_content text
  46
+    p = Post.find_by_text(text)
  47
+    post_path(p)
  48
+  end
44 49
 end
45 50
 
46 51
 World(NavigationHelpers)
8  lib/exceptions.rb
... ...
@@ -0,0 +1,8 @@
  1
+# Copyright (c) 2010-2012, Diaspora Inc. This file is
  2
+# licensed under the Affero General Public License version 3 or later. See
  3
+# the COPYRIGHT file.
  4
+
  5
+module Diaspora
  6
+  class NonPublic < StandardError
  7
+  end
  8
+end
22  spec/controllers/posts_controller_spec.rb
@@ -56,7 +56,9 @@
56 56
       end
57 57
 
58 58
       it '404 if the post is missing' do
59  
-        expect { get :show, :id => 1234567 }.to raise_error(ActiveRecord::RecordNotFound)
  59
+        expect {
  60
+          get :show, :id => 1234567
  61
+        }.to raise_error(ActiveRecord::RecordNotFound)
60 62
       end
61 63
     end
62 64
 
@@ -85,7 +87,8 @@
85 87
 
86 88
       it 'does not show a private post' do
87 89
         status = alice.post(:status_message, :text => "hello", :public => false, :to => 'all')
88  
-        expect { get :show, :id => status.id }.to raise_error(ActiveRecord::RecordNotFound)
  90
+        get :show, :id => status.id
  91
+        response.status.should == 404
89 92
       end
90 93
 
91 94
       # We want to be using guids from now on for this post route, but do not want to break
@@ -97,20 +100,26 @@
97 100
         end
98 101
 
99 102
         it 'assumes guids less than 8 chars are ids and not guids' do
100  
-          Post.should_receive(:where).with(hash_including(:id => @status.id.to_s)).and_return(Post)
  103
+          p = Post.where(:id => @status.id.to_s)
  104
+          Post.should_receive(:where)
  105
+              .with(hash_including(:id => @status.id.to_s))
  106
+              .and_return(p)
101 107
           get :show, :id => @status.id
102 108
           response.should be_success
103 109
         end
104 110
 
105 111
         it 'assumes guids more than (or equal to) 8 chars are actually guids' do
106  
-          Post.should_receive(:where).with(hash_including(:guid => @status.guid)).and_return(Post)
  112
+          p = Post.where(:guid => @status.guid)
  113
+          Post.should_receive(:where)
  114
+              .with(hash_including(:guid => @status.guid))
  115
+              .and_return(p)
107 116
           get :show, :id => @status.guid
108 117
           response.should be_success
109 118
         end
110 119
       end
111 120
     end
112 121
   end
113  
-  
  122
+
114 123
   describe 'iframe' do
115 124
     it 'contains an iframe' do
116 125
       get :iframe, :id => @message.id
@@ -126,7 +135,8 @@
126 135
     end
127 136
 
128 137
     it 'returns a 404 response when the post is not found' do
129  
-      expect { get :oembed, :url => "/posts/#{@message.id}" }.to raise_error(ActiveRecord::RecordNotFound)
  138
+      get :oembed, :url => "/posts/#{@message.id}"
  139
+      response.status.should == 404
130 140
     end
131 141
   end
132 142
 

0 notes on commit 8ca39f5

Please sign in to comment.
Something went wrong with that request. Please try again.