FIX: Redirect to login for anon user.

https://meta.discourse.org/t/link-to-upgrade-shows-500-error/70993/7
2017-10-02 18:44:11 +08:00 · 2017-10-02 18:44:11 +08:00 · f117e28158
parent a6539a6cf5
commit f117e28158
3 changed files with 55 additions and 22 deletions
--- a/app/controllers/docker_manager/admin_controller.rb
+++ b/app/controllers/docker_manager/admin_controller.rb
@ -20,27 +20,27 @@ module DockerManager

      if (version < expected_version) || (ruby_version < expected_ruby_version)

-        render text: <<HTML
-<html><head></head><body>
-<h2>You are running an old version of the Discourse image.</h2>
-<p>
-Upgrades via the web UI are disabled until you run the latest image.
-</p>
-<p>
-To do so log in to your server using SSH and run:
-</p>
+        render text: <<~HTML
+        <html><head></head><body>
+        <h2>You are running an old version of the Discourse image.</h2>
+        <p>
+        Upgrades via the web UI are disabled until you run the latest image.
+        </p>
+        <p>
+        To do so log in to your server using SSH and run:
+        </p>

-<pre>
-cd /var/discourse
-git pull
-./launcher rebuild app
-</pre>
-<p>
-<a href='https://meta.discourse.org/t/how-do-i-update-my-docker-image-to-latest/23325'>More info on our support site</a>
-</p>
-</body>
-</html>
-HTML
+        <pre>
+        cd /var/discourse
+        git pull
+        ./launcher rebuild app
+        </pre>
+        <p>
+        <a href='https://meta.discourse.org/t/how-do-i-update-my-docker-image-to-latest/23325'>More info on our support site</a>
+        </p>
+        </body>
+        </html>
+        HTML
      else
        render
      end
--- a/app/controllers/docker_manager/application_controller.rb
+++ b/app/controllers/docker_manager/application_controller.rb
@ -1,6 +1,5 @@
 module DockerManager
  class ApplicationController < ActionController::Base
-
    helper DockerManager::ApplicationHelper

    include CurrentUser
@ -17,7 +16,8 @@ module DockerManager
    protected

    def ensure_admin
-      raise Discourse::InvalidAccess.new unless current_user && current_user.admin?
+      return redirect_to '/login' if !current_user
+      return render(plain: I18n.t('invalid_access'), status: 404) if !current_user.admin?
    end

  end
--- a/spec/requests/admin_controller_spec.rb
+++ b/spec/requests/admin_controller_spec.rb
@ -0,0 +1,33 @@
+require 'rails_helper'
+
+RSpec.describe DockerManager::AdminController do
+  describe 'anonymous user' do
+    it 'should redirect to login page' do
+      get '/admin/upgrade'
+
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to('/login')
+    end
+  end
+
+  describe 'when user is not an admin' do
+    it 'should redirect to login page' do
+      sign_in(Fabricate(:user))
+
+      get '/admin/upgrade'
+
+      expect(response.status).to eq(404)
+      expect(response.body).to eq(I18n.t('invalid_access'))
+    end
+  end
+
+  describe 'when user is an admin' do
+    it 'should return the right response' do
+      sign_in(Fabricate(:admin))
+
+      get '/admin/upgrade'
+
+      expect(response.status).to eq(200)
+    end
+  end
+end