Don't treat CSRF tokens as optional session data for administrators (they're needed to allow them to edit anything! Fixes #95

(Also change wording of test namess to match usual rspec convention)
author: Seb Bacon <seb.bacon@gmail.com> 2011-07-27 15:27:22 +0100
committer: Seb Bacon <seb.bacon@gmail.com> 2011-07-27 15:28:58 +0100
commit: 44ffca31030651ca9d816cfd7d0784d0652c4ee5 (patch)
tree: 6fc1a8dd5ff33947584f0e32b6d676f14860e386 /app/controllers/admin_controller.rb
parent: cace286e2d92ad50c4253c5765055e9da4da3871 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 375c19529..655670b5a 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -51,7 +51,10 @@ class AdminController < ApplicationController
             if !username.empty? && !password.empty?
                 authenticate_or_request_with_http_basic do |user_name, password|
                     user_name == username && password == password
+                    session[:using_admin] = 1
                 end
+            else
+                session[:using_admin] = 1
             end
 	end
 end
author	Seb Bacon <seb.bacon@gmail.com>	2011-07-27 15:27:22 +0100
committer	Seb Bacon <seb.bacon@gmail.com>	2011-07-27 15:28:58 +0100
commit	44ffca31030651ca9d816cfd7d0784d0652c4ee5 (patch)
tree	6fc1a8dd5ff33947584f0e32b6d676f14860e386 /app/controllers/admin_controller.rb
parent	cace286e2d92ad50c4253c5765055e9da4da3871 (diff)