Commit 123e6d1d authored by Steffen van Bergerem's avatar Steffen van Bergerem Committed by Jonne Haß

Redirect logged out users to sign up page for limited posts

closes #6490
parent 9be6b411
......@@ -18,6 +18,7 @@
* Expose Unicorn's pid option to our configuration system [#6411](https://github.com/diaspora/diaspora/pull/6411)
* Add stream of all public posts [#6465](https://github.com/diaspora/diaspora/pull/6465)
* Reload stream when clicking on already active one [#6466](https://github.com/diaspora/diaspora/pull/6466)
* Sign in user before evaluating post visibility [#6490](https://github.com/diaspora/diaspora/pull/6490)
# 0.5.3.1
......
......@@ -11,8 +11,12 @@ class PostsController < ApplicationController
respond_to :html, :mobile, :json, :xml
rescue_from Diaspora::NonPublic do
respond_to do |format|
format.all { render template: "errors/not_public", status: 404, layout: "application" }
if user_signed_in?
respond_to do |format|
format.all { render template: "errors/not_public", status: 404, layout: "application" }
end
else
authenticate_user!
end
end
......
......@@ -21,5 +21,6 @@ Feature: Browsing Diaspora as a logged out user
Scenario: Visiting a non-public post
Given "bob@bob.bob" has a non public post with text "my darkest secrets"
When I open the show page of the "my darkest secrets" post
Then I should see the "post not public" message
And I should not see "my darkest secrets"
Then I should not see "my darkest secrets"
When I sign in as "bob@bob.bob"
Then I should see "my darkest secrets" within "#single-post-content"
......@@ -25,36 +25,50 @@ describe PostsController, type: :controller do
end
context "user signed in" do
before do
sign_in :user, alice
expect(post_service_double).to receive(:post).and_return(@message)
end
context "given a post that the user is allowed to see" do
before do
sign_in :user, alice
expect(post_service_double).to receive(:post).and_return(@message)
end
it "succeeds" do
get :show, id: @message.id
expect(response).to be_success
end
it "succeeds" do
get :show, id: @message.id
expect(response).to be_success
end
it 'succeeds after removing a mention when closing the mentioned user\'s account' do
user = FactoryGirl.create(:user, username: "user")
alice.share_with(user.person, alice.aspects.first)
msg = alice.build_post :status_message,
text: "Mention @{User ; #{user.diaspora_handle}}", public: true, to: "all"
msg.save!
expect(msg.mentioned_people.count).to eq(1)
user.destroy
get :show, id: msg.id
expect(response).to be_success
end
it 'succeeds after removing a mention when closing the mentioned user\'s account' do
user = FactoryGirl.create(:user, username: "user")
alice.share_with(user.person, alice.aspects.first)
msg = alice.build_post :status_message,
text: "Mention @{User ; #{user.diaspora_handle}}", public: true, to: "all"
msg.save!
expect(msg.mentioned_people.count).to eq(1)
user.destroy
get :show, id: msg.id
expect(response).to be_success
end
it "renders the application layout on mobile" do
get :show, id: @message.id, format: :mobile
expect(response).to render_template("layouts/application")
end
it "renders the application layout on mobile" do
get :show, id: @message.id, format: :mobile
expect(response).to render_template("layouts/application")
it "succeeds on mobile with a reshare" do
get :show, id: FactoryGirl.create(:reshare, author: alice.person).id, format: :mobile
expect(response).to be_success
end
end
it "succeeds on mobile with a reshare" do
get :show, id: FactoryGirl.create(:reshare, author: alice.person).id, format: :mobile
expect(response).to be_success
context "given a post that the user is not allowed to see" do
before do
sign_in :user, alice
expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic)
end
it "returns a 404" do
get :show, id: @message.id
expect(response.code).to eq("404")
end
end
end
......@@ -81,6 +95,18 @@ describe PostsController, type: :controller do
expect(response.body).to eq(@status.to_diaspora_xml)
end
end
context "given a limited post" do
before do
expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic)
end
it "forces the user to sign" do
get :show, id: @message.id
expect(response).to be_redirect
expect(response).to redirect_to new_user_session_path
end
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment