Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed accidental user logout / Fixed specs [#545]

  • Loading branch information...
commit 9bb1ba4a73205113d6acfa747b66cf1536e57603 1 parent 20133ec
Dimitrij Denissenko authored
View
28 app/controllers/application_controller.rb
@@ -12,25 +12,17 @@ class ApplicationController < ActionController::Base
helper_method :layout_markers, :permitted?
- class << self
-
- def enable_private_rss(options)
- after_authenticate do |controller|
- next unless controller.request.format.rss? and controller.params[:private].present? and User.current.public?
-
- user = User.active.find_by_private_key controller.params[:private]
- if user
- User.current = user
- controller.session[:user_id] = user.id
- @private_rss_enabled = true
- end
- end
-
- after_filter do |controller|
- controller.session[:user_id] = nil if @private_rss_enabled
+ def self.enable_private_rss!(options = {})
+ pos = before_filters.index(:authorize) || before_filters.size
+ filter_chain.send :update_filter_chain, options, :before, pos do |controller|
+
+ if controller.request.format.rss? and controller.params[:private].present? and User.current.public?
+ user = User.active.find_by_private_key controller.params[:private]
+ User.current = user if user
end
+ true
+
end
-
end
protected
@@ -39,7 +31,7 @@ def reset_request_cache!
User.current = nil
Project.current = nil
end
-
+
# Set locale
def set_locale
I18n.locale = RetroCM[:general][:basic][:locale]
View
2  app/controllers/changesets_controller.rb
@@ -14,7 +14,7 @@ class ChangesetsController < ProjectAreaController
keep_params! :only => [:index], :exclude => [:project_id]
- enable_private_rss :only => :index
+ enable_private_rss! :only => :index
def index
@changesets = Project.current.changesets.paginate(
View
3  app/controllers/milestones_controller.rb
@@ -9,8 +9,7 @@ class MilestonesController < ProjectAreaController
:update => ['edit', 'update'],
:delete => ['destroy']
- enable_private_rss :only => :index
-
+ enable_private_rss! :only => :index
before_filter :new, :only => :create
before_filter :edit, :only => :update
View
2  app/controllers/projects_controller.rb
@@ -1,6 +1,6 @@
class ProjectsController < ApplicationController
- enable_private_rss :only => [:index, :show]
+ enable_private_rss! :only => [:index, :show]
before_filter :find_projects
def index
View
4 app/controllers/tickets_controller.rb
@@ -26,9 +26,9 @@ class TicketsController < ProjectAreaController
:watch => ['toggle_subscription']
require_user 'modify_summary', 'modify_content', 'modify_change_content'
-
- enable_private_rss :only => :index
+ enable_private_rss! :only => :index
+
verify :xhr => true, :only => [:modify_summary, :modify_content, :modify_change_content]
before_filter :find_report, :only => [:index, :search]
View
3  extensions/retro_blog/lib/blog_controller.rb
@@ -19,8 +19,7 @@ class BlogController < ProjectAreaController
:update => ['update'],
:delete => ['destroy']
- enable_private_rss :only => :index
-
+ enable_private_rss! :only => :index
before_filter :find_blog_post, :only => [:show, :comment, :edit, :update, :destroy]
before_filter :new, :only => [:create]
before_filter :load_categories, :only => [:index]
View
12 spec/controllers/application_controller_spec.rb
@@ -206,12 +206,18 @@ def do_rescue
describe 'if RSS content is requested' do
- it 'should refuse authorisation without a private key' do
+ it 'should refuse authorisation without a private key' do
bypass_rescue
lambda { get :index, :project_id => '1', :format => 'rss' }.should raise_error(RetroAM::NoAuthorizationError)
- end
+ end
+
+ it 'should refuse authorisation to methods that are not using the filter' do
+ bypass_rescue
+ User.should_not_receive(:find_by_private_key)
+ lambda { get :new, :project_id => '1', :format => 'rss', :private => '[PKEY]' }.should raise_error(RetroAM::NoAuthorizationError)
+ end
- describe 'if a valid private key is submitted' do
+ describe 'if a valid private key is submitted' do
before do
User.stub!(:find_by_private_key).and_return(@user)
View
7 spec/helpers/tickets_helper_spec.rb
@@ -62,19 +62,20 @@
describe 'displaying the content of the last ticket change in one line' do
before do
+ helper.stub!(:datetime_format).and_return('[DATETIME]')
@ticket_change = mock_model(TicketChange, :content => "Line1\nLine2\r\nLine3", :author => 'Me')
@ticket = mock_model(Ticket, :changes => [@ticket_change], :updated_at => 1.month.ago)
end
it 'should return an empty string if no change is present' do
@ticket.should_receive(:changes).and_return([])
- helper.last_change_content_one_line(@ticket).should == ''
+ helper.last_change_content_one_line(@ticket).should == '[DATETIME]'
end
it 'should return the line-up conent if change is present' do
- helper.should_receive(:datetime_format).and_return('[TS]')
+ helper.should_receive(:datetime_format).and_return('[DATETIME]')
helper.should_receive(:truncate).with("Line1 Line2 Line3", :length => 600).and_return('[CONTENT]')
- helper.last_change_content_one_line(@ticket).should == 'Me ([TS]): [CONTENT]'
+ helper.last_change_content_one_line(@ticket).should == 'Me ([DATETIME]): [CONTENT]'
end
end
View
1  spec/views/tickets/index.html.erb_spec.rb
@@ -23,6 +23,7 @@
:author => 'Me',
:email => '',
:created_at => 2.days.ago,
+ :updated_at => 2.days.ago,
:changes => [],
:updated? => false
ticket_2 = mock_model Ticket
Please sign in to comment.
Something went wrong with that request. Please try again.