.circleci
.github
app
bin
config
db
docs
lib
log
nanobox
public
spec
controllers
activitypub
admin
account_moderation_notes_controller_spec.rb
accounts_controller_spec.rb
base_controller_spec.rb
change_email_controller_spec.rb
confirmations_controller_spec.rb
custom_emojis_controller_spec.rb
domain_blocks_controller_spec.rb
email_domain_blocks_controller_spec.rb
instances_controller_spec.rb
invites_controller_spec.rb
reported_statuses_controller_spec.rb
reports_controller_spec.rb
resets_controller_spec.rb
roles_controller_spec.rb
settings_controller_spec.rb
silences_controller_spec.rb
statuses_controller_spec.rb
subscriptions_controller_spec.rb
suspensions_controller_spec.rb
two_factor_authentications_controller_spec.rb
api
auth
concerns
oauth
settings
well_known
about_controller_spec.rb
account_follow_controller_spec.rb
account_unfollow_controller_spec.rb
accounts_controller_spec.rb
application_controller_spec.rb
authorize_follows_controller_spec.rb
follower_accounts_controller_spec.rb
following_accounts_controller_spec.rb
home_controller_spec.rb
invites_controller_spec.rb
manifests_controller_spec.rb
media_controller_spec.rb
remote_follow_controller_spec.rb
statuses_controller_spec.rb
stream_entries_controller_spec.rb
tags_controller_spec.rb
fabricators
features
fixtures
helpers
lib
mailers
models
policies
presenters
requests
routing
services
support
validators
views
workers
rails_helper.rb
spec_helper.rb
streaming
vendor
.babelrc
.buildpacks
.codeclimate.yml
.dockerignore
.editorconfig
.env.nanobox
.env.production.sample
.env.test
.env.vagrant
.eslintignore
.eslintrc.yml
.foreman
.gitattributes
.gitignore
.haml-lint.yml
.nanoignore
.nvmrc
.postcssrc.yml
.profile
.rspec
.rubocop.yml
.ruby-version
.scss-lint.yml
.slugignore
.yarnclean
AUTHORS.md
Aptfile
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Capfile
Dockerfile
Gemfile
Gemfile.lock
LICENSE
Procfile
Procfile.dev
README.md
Rakefile
Vagrantfile
app.json
boxfile.yml
config.ru
docker-compose.yml
jest.config.js
package.json
scalingo.json
yarn.lock
2e59751823
Previously these returns 302 redirects instead of 403s, which meant posting links to admin pages in slack caused them to unfurl, rather than stay as a link. Additionally, require_admin! doesn't appear to be actively used, on require_staff!
34 lines
891 B
Ruby
34 lines
891 B
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe Admin::BaseController, type: :controller do
|
|
controller do
|
|
def success
|
|
render 'admin/reports/show'
|
|
end
|
|
end
|
|
|
|
it 'requires administrator or moderator' do
|
|
routes.draw { get 'success' => 'admin/base#success' }
|
|
sign_in(Fabricate(:user, admin: false, moderator: false))
|
|
get :success
|
|
|
|
expect(response).to have_http_status(:forbidden)
|
|
end
|
|
|
|
it 'renders admin layout as a moderator' do
|
|
routes.draw { get 'success' => 'admin/base#success' }
|
|
sign_in(Fabricate(:user, moderator: true))
|
|
get :success
|
|
expect(response).to render_template layout: 'admin'
|
|
end
|
|
|
|
it 'renders admin layout as an admin' do
|
|
routes.draw { get 'success' => 'admin/base#success' }
|
|
sign_in(Fabricate(:user, admin: true))
|
|
get :success
|
|
expect(response).to render_template layout: 'admin'
|
|
end
|
|
end
|