Merge pull request #1208 from bgeuken/test_for_issue_1199

Some smaller things I stumbled over while debugging issue 1199
openSUSE · Oct 12, 2015 · 936d0b3 · 936d0b3
2 parents 6d9e320 + eb9ace8
commit 936d0b3
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 4 deletions.
diff --git a/src/api/app/controllers/webui/user_controller.rb b/src/api/app/controllers/webui/user_controller.rb
@@ -9,7 +9,7 @@ class Webui::UserController < Webui::WebuiController
   before_filter :check_user, :only => [:edit, :save, :change_password, :register, :delete, :confirm,
                                        :lock, :admin, :login, :notifications, :update_notifications, :show]
   before_filter :check_display_user, :only => [:show, :edit, :requests, :list_my, :delete, :save, :confirm, :admin, :lock]
-  before_filter :require_login, :only => [:edit, :save, :notifications, :update_notifications]
+  before_filter :require_login, :only => [:edit, :save, :notifications, :update_notifications, :index]
   before_filter :require_admin, :only => [:edit, :delete, :lock, :confirm, :admin, :index]
 
   skip_before_action :check_anonymous, only: [:do_login]

diff --git a/src/api/app/controllers/webui/webui_controller.rb b/src/api/app/controllers/webui/webui_controller.rb
@@ -149,7 +149,7 @@ def render_json_response_for_dataTable(options)
   end
 
   def require_login
-    if User.current.is_nobody?
+    if User.current.nil? || User.current.is_nobody?
       render :text => 'Please login' and return false if request.xhr?
 
       flash[:error] = 'Please login to access the requested page.'
@@ -312,9 +312,10 @@ def require_configuration
 
   # Before filter to check if current user is administrator
   def require_admin
-    unless User.current.is_admin?
+    if User.current.nil? || !User.current.is_admin?
       flash[:error] = 'Requires admin privileges'
-      redirect_back_or_to :controller => 'main', :action => 'index' and return
+      redirect_back_or_to :controller => 'main', :action => 'index'
+      return
     end
   end
 

diff --git a/src/api/test/functional/webui/user_controller_test.rb b/src/api/test/functional/webui/user_controller_test.rb
@@ -51,6 +51,19 @@ def test_show_user_page
     find('#flash-messages').must_have_text("User not found INVALID")
   end
 
+  def test_index
+    login_tom
+    visit users_path
+    flash_message_type.must_equal :alert
+    flash_message.must_equal "Requires admin privileges"
+    assert_equal root_path, page.current_path
+
+    login_king
+    visit users_path
+    assert_equal users_path, page.current_path
+    page.must_have_text "Manage users."
+  end
+
   def test_show_icons
     visit '/user/icon/Iggy.png'
     page.status_code.must_equal 200
@@ -103,6 +116,20 @@ def test_notification_settings_for_events
     page.must_have_checked_field('Event::CommentForProject_commenter')
   end
 
+  def test_that_require_login_works
+    logout
+    visit users_path
+    assert_equal user_login_path, page.current_path
+    flash_message.must_equal "Please login to access the requested page."
+  end
+
+  def test_that_require_admin_works
+    login_tom
+    visit users_path
+    assert_equal root_path, page.current_path
+    flash_message.must_equal "Requires admin privileges"
+  end
+
   def test_that_redirect_after_login_works
     visit search_path
     visit user_login_path