mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 10:50:26 -06:00
FIX: You should be an admin to do the wizard
This commit is contained in:
parent
8f7a2cb470
commit
7f66cf618c
@ -461,6 +461,10 @@ class ApplicationController < ActionController::Base
|
||||
raise Discourse::InvalidAccess.new unless current_user && current_user.staff?
|
||||
end
|
||||
|
||||
def ensure_admin
|
||||
raise Discourse::InvalidAccess.new unless current_user && current_user.admin?
|
||||
end
|
||||
|
||||
def ensure_wizard_enabled
|
||||
raise Discourse::InvalidAccess.new unless SiteSetting.wizard_enabled?
|
||||
end
|
||||
|
@ -6,7 +6,7 @@ class StepsController < ApplicationController
|
||||
|
||||
before_filter :ensure_wizard_enabled
|
||||
before_filter :ensure_logged_in
|
||||
before_filter :ensure_staff
|
||||
before_filter :ensure_admin
|
||||
|
||||
def update
|
||||
wizard = Wizard::Builder.new(current_user).build
|
||||
|
@ -4,7 +4,7 @@ require_dependency 'wizard/builder'
|
||||
class WizardController < ApplicationController
|
||||
before_filter :ensure_wizard_enabled, only: [:index]
|
||||
before_filter :ensure_logged_in
|
||||
before_filter :ensure_staff
|
||||
before_filter :ensure_admin
|
||||
|
||||
skip_before_filter :check_xhr, :preload_json
|
||||
|
||||
|
@ -13,7 +13,7 @@ describe StepsController do
|
||||
end
|
||||
|
||||
it "raises an error if you aren't an admin" do
|
||||
log_in
|
||||
log_in(:moderator)
|
||||
xhr :put, :update, id: 'made-up-id', fields: { forum_title: "updated title" }
|
||||
expect(response).to be_forbidden
|
||||
end
|
||||
|
@ -14,7 +14,7 @@ describe WizardController do
|
||||
end
|
||||
|
||||
it "raises an error if you aren't an admin" do
|
||||
log_in
|
||||
log_in(:moderator)
|
||||
xhr :get, :index
|
||||
expect(response).to be_forbidden
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user