From 85ae59fdd1d8690efc569a193853072eb2519c89 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Tue, 17 Apr 2018 16:38:36 +0100
Subject: cobrand hook to deny access to pages

Add a check in the root controller `auto` to a cobrand hook that denies
access if it returns true. This goes here so that cobrands and users are
set up, which is not the case for `check_login_required`. Used to do
things like deny site access unless the user is a superuser.
---
 t/app/controller/root.t | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 't/app/controller/root.t')

diff --git a/t/app/controller/root.t b/t/app/controller/root.t
index ddf659b77..b5f8ba031 100644
--- a/t/app/controller/root.t
+++ b/t/app/controller/root.t
@@ -1,4 +1,5 @@
 use FixMyStreet::TestMech;
+use Test::MockModule;
 
 ok( my $mech = FixMyStreet::TestMech->new, 'Created mech object' );
 
@@ -73,4 +74,18 @@ FixMyStreet::override_config {
     };
 };
 
+subtest "check_login_disallowed cobrand hook" => sub {
+    warn '#' x 50 . "\n";
+    my $cobrand = Test::MockModule->new('FixMyStreet::Cobrand::Default');
+    $cobrand->mock('check_login_disallowed', sub {
+            my $self = shift;
+            return 0 if $self->{c}->req->path eq 'auth';
+            return 1;
+        }
+    );
+
+    $mech->get_ok('/');
+    is $mech->uri->path_query, '/auth?r=', 'redirects to auth page';
+};
+
 done_testing();
-- 
cgit v1.2.3