Merge branch 'bvl-missing-message-on-access-denied' into 'master'
Render access denied without message Closes #47844 See merge request gitlab-org/gitlab-ce!19755
This commit is contained in:
commit
7b7ba297cf
|
@ -284,8 +284,10 @@ class ApplicationController < ActionController::Base
|
||||||
return unless current_user
|
return unless current_user
|
||||||
return if current_user.terms_accepted?
|
return if current_user.terms_accepted?
|
||||||
|
|
||||||
|
message = _("Please accept the Terms of Service before continuing.")
|
||||||
|
|
||||||
if sessionless_user?
|
if sessionless_user?
|
||||||
render_403
|
access_denied!(message)
|
||||||
else
|
else
|
||||||
# Redirect to the destination if the request is a get.
|
# Redirect to the destination if the request is a get.
|
||||||
# Redirect to the source if it was a post, so the user can re-submit after
|
# Redirect to the source if it was a post, so the user can re-submit after
|
||||||
|
@ -296,7 +298,7 @@ class ApplicationController < ActionController::Base
|
||||||
URI(request.referer).path if request.referer
|
URI(request.referer).path if request.referer
|
||||||
end
|
end
|
||||||
|
|
||||||
flash[:notice] = _("Please accept the Terms of Service before continuing.")
|
flash[:notice] = message
|
||||||
redirect_to terms_path(redirect: redirect_path), status: :found
|
redirect_to terms_path(redirect: redirect_path), status: :found
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
- message = local_assigns.fetch(:message)
|
- message = local_assigns.fetch(:message, nil)
|
||||||
- content_for(:title, 'Access Denied')
|
- content_for(:title, 'Access Denied')
|
||||||
|
|
||||||
= image_tag('illustrations/error-403.svg', alt: '403', lazy: false)
|
= image_tag('illustrations/error-403.svg', alt: '403', lazy: false)
|
||||||
|
|
|
@ -458,6 +458,8 @@ describe ApplicationController do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'for sessionless users' do
|
context 'for sessionless users' do
|
||||||
|
render_views
|
||||||
|
|
||||||
before do
|
before do
|
||||||
sign_out user
|
sign_out user
|
||||||
end
|
end
|
||||||
|
@ -468,6 +470,14 @@ describe ApplicationController do
|
||||||
expect(response).to have_gitlab_http_status(403)
|
expect(response).to have_gitlab_http_status(403)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'renders the error message when the format was html' do
|
||||||
|
get :index,
|
||||||
|
private_token: create(:personal_access_token, user: user).token,
|
||||||
|
format: :html
|
||||||
|
|
||||||
|
expect(response.body).to have_content /accept the terms of service/i
|
||||||
|
end
|
||||||
|
|
||||||
it 'renders a 200 when the sessionless user accepted the terms' do
|
it 'renders a 200 when the sessionless user accepted the terms' do
|
||||||
accept_terms(user)
|
accept_terms(user)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'errors/access_denied' do
|
||||||
|
it 'does not fail to render when there is no message provided' do
|
||||||
|
expect { render }.not_to raise_error
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue