Loading Changelog.md +1 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ * Expose Unicorn's pid option to our configuration system [#6411](https://github.com/diaspora/diaspora/pull/6411) * Add stream of all public posts [#6465](https://github.com/diaspora/diaspora/pull/6465) * Reload stream when clicking on already active one [#6466](https://github.com/diaspora/diaspora/pull/6466) * Sign in user before evaluating post visibility [#6490](https://github.com/diaspora/diaspora/pull/6490) # 0.5.3.1 Loading app/controllers/posts_controller.rb +6 −2 Original line number Diff line number Diff line Loading @@ -11,9 +11,13 @@ class PostsController < ApplicationController respond_to :html, :mobile, :json, :xml rescue_from Diaspora::NonPublic do if user_signed_in? respond_to do |format| format.all { render template: "errors/not_public", status: 404, layout: "application" } end else authenticate_user! end end def show Loading features/desktop/logged_out_browsing.feature +3 −2 Original line number Diff line number Diff line Loading @@ -21,5 +21,6 @@ Feature: Browsing Diaspora as a logged out user Scenario: Visiting a non-public post Given "bob@bob.bob" has a non public post with text "my darkest secrets" When I open the show page of the "my darkest secrets" post Then I should see the "post not public" message And I should not see "my darkest secrets" Then I should not see "my darkest secrets" When I sign in as "bob@bob.bob" Then I should see "my darkest secrets" within "#single-post-content" spec/controllers/posts_controller_spec.rb +51 −25 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ describe PostsController, type: :controller do end context "user signed in" do context "given a post that the user is allowed to see" do before do sign_in :user, alice expect(post_service_double).to receive(:post).and_return(@message) Loading Loading @@ -58,6 +59,19 @@ describe PostsController, type: :controller do end end context "given a post that the user is not allowed to see" do before do sign_in :user, alice expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic) end it "returns a 404" do get :show, id: @message.id expect(response.code).to eq("404") end end end context "user not signed in" do context "given a public post" do before :each do Loading @@ -81,6 +95,18 @@ describe PostsController, type: :controller do expect(response.body).to eq(@status.to_diaspora_xml) end end context "given a limited post" do before do expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic) end it "forces the user to sign" do get :show, id: @message.id expect(response).to be_redirect expect(response).to redirect_to new_user_session_path end end end end Loading Loading
Changelog.md +1 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ * Expose Unicorn's pid option to our configuration system [#6411](https://github.com/diaspora/diaspora/pull/6411) * Add stream of all public posts [#6465](https://github.com/diaspora/diaspora/pull/6465) * Reload stream when clicking on already active one [#6466](https://github.com/diaspora/diaspora/pull/6466) * Sign in user before evaluating post visibility [#6490](https://github.com/diaspora/diaspora/pull/6490) # 0.5.3.1 Loading
app/controllers/posts_controller.rb +6 −2 Original line number Diff line number Diff line Loading @@ -11,9 +11,13 @@ class PostsController < ApplicationController respond_to :html, :mobile, :json, :xml rescue_from Diaspora::NonPublic do if user_signed_in? respond_to do |format| format.all { render template: "errors/not_public", status: 404, layout: "application" } end else authenticate_user! end end def show Loading
features/desktop/logged_out_browsing.feature +3 −2 Original line number Diff line number Diff line Loading @@ -21,5 +21,6 @@ Feature: Browsing Diaspora as a logged out user Scenario: Visiting a non-public post Given "bob@bob.bob" has a non public post with text "my darkest secrets" When I open the show page of the "my darkest secrets" post Then I should see the "post not public" message And I should not see "my darkest secrets" Then I should not see "my darkest secrets" When I sign in as "bob@bob.bob" Then I should see "my darkest secrets" within "#single-post-content"
spec/controllers/posts_controller_spec.rb +51 −25 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ describe PostsController, type: :controller do end context "user signed in" do context "given a post that the user is allowed to see" do before do sign_in :user, alice expect(post_service_double).to receive(:post).and_return(@message) Loading Loading @@ -58,6 +59,19 @@ describe PostsController, type: :controller do end end context "given a post that the user is not allowed to see" do before do sign_in :user, alice expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic) end it "returns a 404" do get :show, id: @message.id expect(response.code).to eq("404") end end end context "user not signed in" do context "given a public post" do before :each do Loading @@ -81,6 +95,18 @@ describe PostsController, type: :controller do expect(response.body).to eq(@status.to_diaspora_xml) end end context "given a limited post" do before do expect(post_service_double).to receive(:post).and_raise(Diaspora::NonPublic) end it "forces the user to sign" do get :show, id: @message.id expect(response).to be_redirect expect(response).to redirect_to new_user_session_path end end end end Loading
