diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-06-04 18:04:04 +0300 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-06-05 11:29:27 +0300 |
| commit | 491e1fc905ef52dcc2e7df7deabd3c1f6e42aa52 (patch) | |
| tree | 74e4732b0f66f2a6828740278c1914cd4faa0869 /spec/controllers/application_controller_spec.rb | |
| parent | 04236363bce399fbde36f396fdcf51d61735e1b0 (diff) | |
Render a 403 when showing an access denied message
When we want to show an access denied message to a user, we don't have
to hide the resource's existence.
So in that case we render a 403, this 403 is not handled by nginx on
omnibus installs, making sure the message is visible to the user.
Diffstat (limited to 'spec/controllers/application_controller_spec.rb')
| -rw-r--r-- | spec/controllers/application_controller_spec.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index b048da1991c..683c57c96f8 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -477,4 +477,28 @@ describe ApplicationController do end end end + + describe '#access_denied' do + controller(described_class) do + def index + access_denied!(params[:message]) + end + end + + before do + sign_in user + end + + it 'renders a 404 without a message' do + get :index + + expect(response).to have_gitlab_http_status(404) + end + + it 'renders a 403 when a message is passed to access denied' do + get :index, message: 'None shall pass' + + expect(response).to have_gitlab_http_status(403) + end + end end |