diff options
author | Sean McGivern <sean@mcgivern.me.uk> | 2016-11-28 20:14:12 +0000 |
---|---|---|
committer | Sean McGivern <sean@mcgivern.me.uk> | 2016-11-28 20:14:12 +0000 |
commit | 29d86842747c4a9faf52edd5a25564e271983335 (patch) | |
tree | 07b88bd0b7be3c6c2b069e0c1f0ad7435549c599 | |
parent | 84638de6a35f2a3391117db5b692e8641d9ee061 (diff) | |
parent | beedd40ef7744151d87f4d3ba0b47b2878a83195 (diff) | |
download | gitlab-ce-29d86842747c4a9faf52edd5a25564e271983335.tar.gz |
Merge branch '25026-authenticate-user-for-new-snippet' into 'master'
Ensure user is authenticated to create a new snippet
Closes #25026
See merge request !7786
4 files changed, 47 insertions, 4 deletions
diff --git a/app/controllers/concerns/toggle_award_emoji.rb b/app/controllers/concerns/toggle_award_emoji.rb index 3717c49f272..fbf9a026b10 100644 --- a/app/controllers/concerns/toggle_award_emoji.rb +++ b/app/controllers/concerns/toggle_award_emoji.rb @@ -1,11 +1,8 @@ module ToggleAwardEmoji extend ActiveSupport::Concern - included do - before_action :authenticate_user!, only: [:toggle_award_emoji] - end - def toggle_award_emoji + authenticate_user! name = params.require(:name) if awardable.user_can_award?(current_user, name) diff --git a/changelogs/unreleased/25026-authenticate-user-for-new-snippet.yml b/changelogs/unreleased/25026-authenticate-user-for-new-snippet.yml new file mode 100644 index 00000000000..a7b5810f1bf --- /dev/null +++ b/changelogs/unreleased/25026-authenticate-user-for-new-snippet.yml @@ -0,0 +1,4 @@ +--- +title: Redirect to sign-in page when unauthenticated user tries to create a snippet +merge_request: 7786 +author: diff --git a/spec/controllers/snippets_controller_spec.rb b/spec/controllers/snippets_controller_spec.rb index 2d762fdaa04..d76fe9f580f 100644 --- a/spec/controllers/snippets_controller_spec.rb +++ b/spec/controllers/snippets_controller_spec.rb @@ -3,6 +3,28 @@ require 'spec_helper' describe SnippetsController do let(:user) { create(:user) } + describe 'GET #new' do + context 'when signed in' do + before do + sign_in(user) + end + + it 'responds with status 200' do + get :new + + expect(response).to have_http_status(200) + end + end + + context 'when not signed in' do + it 'redirects to the sign in page' do + get :new + + expect(response).to redirect_to(new_user_session_path) + end + end + end + describe 'GET #show' do context 'when the personal snippet is private' do let(:personal_snippet) { create(:personal_snippet, :private, author: user) } diff --git a/spec/features/snippets/create_snippet_spec.rb b/spec/features/snippets/create_snippet_spec.rb new file mode 100644 index 00000000000..cb95e7828db --- /dev/null +++ b/spec/features/snippets/create_snippet_spec.rb @@ -0,0 +1,20 @@ +require 'rails_helper' + +feature 'Create Snippet', feature: true do + before do + login_as :user + visit new_snippet_path + end + + scenario 'Authenticated user creates a snippet' do + fill_in 'personal_snippet_title', with: 'My Snippet Title' + page.within('.file-editor') do + find(:xpath, "//input[@id='personal_snippet_content']").set 'Hello World!' + end + + click_button 'Create snippet' + + expect(page).to have_content('My Snippet Title') + expect(page).to have_content('Hello World!') + end +end |