diff options
| author | Paul Slaughter <pslaughter@gitlab.com> | 2018-05-29 17:48:58 -0500 |
|---|---|---|
| committer | Paul Slaughter <pslaughter@gitlab.com> | 2018-05-31 11:23:50 -0500 |
| commit | 45fa9dfa7b7c84912ddece49c46db9bcf6b07468 (patch) | |
| tree | b977dd21a7e2df6ea93ae1b7827b29befb5ab4e0 | |
| parent | eab3504e4120c4456f7e09f37c39f10e9dcf2135 (diff) | |
| download | gitlab-ce-45fa9dfa7b7c84912ddece49c46db9bcf6b07468.tar.gz | |
Revert access_denied alias for render_403
| -rw-r--r-- | app/controllers/application_controller.rb | 19 | ||||
| -rw-r--r-- | spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb | 12 |
2 files changed, 17 insertions, 14 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c8f726c2b45..db8a8cdc0d2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -130,22 +130,25 @@ class ApplicationController < ActionController::Base end def access_denied!(message = nil) - render_403 message + respond_to do |format| + format.any { head :not_found } + format.html do + render "errors/access_denied", + layout: "errors", + status: 404, + locals: { message: message } + end + end end def git_not_found! render "errors/git_not_found.html", layout: "errors", status: 404 end - def render_403(message = nil) + def render_403 respond_to do |format| format.any { head :forbidden } - format.html do - render "errors/access_denied", - layout: "errors", - status: 403, - locals: { message: message } - end + format.html { render "errors/access_denied", layout: "errors", status: 403 } end end diff --git a/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb b/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb index d20471ef603..27f558e1b5d 100644 --- a/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb +++ b/spec/controllers/concerns/controller_with_cross_project_access_check_spec.rb @@ -43,13 +43,13 @@ describe ControllerWithCrossProjectAccessCheck do end end - it 'renders a 403 with trying to access a cross project page' do + it 'renders a 404 with trying to access a cross project page' do message = "This page is unavailable because you are not allowed to read "\ "information across multiple projects." get :index - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(404) expect(response.body).to match(/#{message}/) end @@ -119,7 +119,7 @@ describe ControllerWithCrossProjectAccessCheck do get :index - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(404) end it 'is executed when the `unless` condition returns true' do @@ -127,19 +127,19 @@ describe ControllerWithCrossProjectAccessCheck do get :index - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(404) end it 'does not skip the check on an action that is not skipped' do get :show, id: 'hello' - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(404) end it 'does not skip the check on an action that was not defined to skip' do get :edit, id: 'hello' - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(404) end end end |