Skip to content

Commit da11041

Browse files
dlpiercedlpierce
authored
Merge pull request #6726 from samvera/hyrax-6725
Prevent unauthenticated access to /dashboard/collections/
2 parents 65e0658 + c23aede commit da11041

File tree

2 files changed

+45
-15
lines changed

2 files changed

+45
-15
lines changed

app/controllers/hyrax/dashboard/collections_controller.rb

-3
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,6 @@ class CollectionsController < Hyrax::My::CollectionsController
2626
# Catch permission errors
2727
rescue_from Hydra::AccessDenied, CanCan::AccessDenied, with: :deny_collection_access
2828

29-
# actions: index, create, new, edit, show, update, destroy, permissions, citation
30-
before_action :authenticate_user!, except: [:index]
31-
3229
class_attribute :presenter_class,
3330
:form_class,
3431
:single_item_search_builder_class,

spec/controllers/hyrax/dashboard/collections_controller_spec.rb

+45-12
Original file line numberDiff line numberDiff line change
@@ -586,21 +586,31 @@
586586
end
587587

588588
describe "#show" do
589+
before do
590+
if collection.is_a? Valkyrie::Resource
591+
Hyrax::Collections::CollectionMemberService
592+
.add_members(collection_id: collection.id,
593+
new_members: [asset1, asset2, asset3, asset4, asset5],
594+
user: user)
595+
else
596+
[asset1, asset2, asset3, asset4, asset5].each do |asset|
597+
asset.member_of_collections << collection
598+
asset.save!
599+
end
600+
end
601+
end
602+
603+
context "when not signed in" do
604+
it "is not successful" do
605+
get :show, params: { id: collection }
606+
607+
expect(response).not_to be_successful
608+
end
609+
end
610+
589611
context "when signed in" do
590612
before do
591613
sign_in user
592-
593-
if collection.is_a? Valkyrie::Resource
594-
Hyrax::Collections::CollectionMemberService
595-
.add_members(collection_id: collection.id,
596-
new_members: [asset1, asset2, asset3, asset4, asset5],
597-
user: user)
598-
else
599-
[asset1, asset2, asset3, asset4, asset5].each do |asset|
600-
asset.member_of_collections << collection
601-
asset.save!
602-
end
603-
end
604614
end
605615

606616
it "returns the collection and its members" do
@@ -803,6 +813,29 @@
803813
expect(response).to be_successful
804814
end
805815
end
816+
817+
describe "#index" do
818+
context "when not signed in" do
819+
it "is not successful" do
820+
get :index, params: { id: collection }
821+
822+
expect(response).not_to be_successful
823+
end
824+
end
825+
826+
context "when signed in" do
827+
before do
828+
sign_in user
829+
end
830+
831+
it "sets breadcrumbs" do
832+
expect(controller).to receive(:add_breadcrumb).with('Home', root_path(locale: 'en'))
833+
expect(controller).to receive(:add_breadcrumb).with('Dashboard', dashboard_path(locale: 'en'))
834+
expect(controller).to receive(:add_breadcrumb).with('Collections', my_collections_path(locale: 'en'))
835+
get :index, params: { per_page: 1 }
836+
end
837+
end
838+
end
806839
end
807840
end
808841
end

0 commit comments

Comments
 (0)