diff options
| author | Louise Crow <louise.crow@gmail.com> | 2015-01-06 14:55:47 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2015-04-28 09:07:16 +0100 |
| commit | f71658e9223f954177a5cacb8c7ad43605c264cd (patch) | |
| tree | 2f8841418c7db9ff9535920d5ea7515200c9bb7a | |
| parent | 203d35713262ecfec4dfd44c3b080edcd3760750 (diff) | |
Don't show the widget pages for requests without normal prominence.
| -rw-r--r-- | app/controllers/widgets_controller.rb | 8 | ||||
| -rw-r--r-- | spec/controllers/widgets_controller_spec.rb | 32 |
2 files changed, 39 insertions, 1 deletions
diff --git a/app/controllers/widgets_controller.rb b/app/controllers/widgets_controller.rb index a529e591b..56b80d337 100644 --- a/app/controllers/widgets_controller.rb +++ b/app/controllers/widgets_controller.rb @@ -8,7 +8,7 @@ require 'securerandom' class WidgetsController < ApplicationController - before_filter :check_widget_config, :find_info_request + before_filter :check_widget_config, :find_info_request, :check_prominence skip_before_filter :set_x_frame_options_header, :only => [:show] def show @@ -47,4 +47,10 @@ class WidgetsController < ApplicationController end end + def check_prominence + unless @info_request.prominence == 'normal' + render :nothing => true, :status => :forbidden + end + end + end diff --git a/spec/controllers/widgets_controller_spec.rb b/spec/controllers/widgets_controller_spec.rb index 80c2d2f26..6a58c7c5c 100644 --- a/spec/controllers/widgets_controller_spec.rb +++ b/spec/controllers/widgets_controller_spec.rb @@ -61,6 +61,16 @@ describe WidgetsController do end + context "when the request's prominence is not 'normal'" do + + it 'should return a 403' do + @info_request.prominence = 'hidden' + @info_request.save! + get :show, :request_id => @info_request.id + response.code.should == "403" + end + + end end @@ -91,6 +101,17 @@ describe WidgetsController do end + context "when the request's prominence is not 'normal'" do + + it 'should return a 403' do + @info_request.prominence = 'hidden' + @info_request.save! + get :show, :request_id => @info_request.id + response.code.should == "403" + end + + end + end describe :update do @@ -143,6 +164,17 @@ describe WidgetsController do end + context "when the request's prominence is not 'normal'" do + + it 'should return a 403' do + @info_request.prominence = 'hidden' + @info_request.save! + get :show, :request_id => @info_request.id + response.code.should == "403" + end + + end + end end |