Commit 7fe92d99 authored by Bob Van Landuyt's avatar Bob Van Landuyt

Render access denied without message

The `errors/access_denied` page should not fail to render when no
message is provided.

When accessing something as a sessionless user, we should also display
the terms message if possible.
parent 96482886
......@@ -284,8 +284,10 @@ class ApplicationController < ActionController::Base
return unless current_user
return if current_user.terms_accepted?
message = _("Please accept the Terms of Service before continuing.")
if sessionless_user?
render_403
access_denied!(message)
else
# Redirect to the destination if the request is a get.
# Redirect to the source if it was a post, so the user can re-submit after
......@@ -296,7 +298,7 @@ class ApplicationController < ActionController::Base
URI(request.referer).path if request.referer
end
flash[:notice] = _("Please accept the Terms of Service before continuing.")
flash[:notice] = message
redirect_to terms_path(redirect: redirect_path), status: :found
end
end
......
- message = local_assigns.fetch(:message)
- message = local_assigns.fetch(:message, nil)
- content_for(:title, 'Access Denied')
= image_tag('illustrations/error-403.svg', alt: '403', lazy: false)
......
......@@ -458,6 +458,8 @@ describe ApplicationController do
end
context 'for sessionless users' do
render_views
before do
sign_out user
end
......@@ -468,6 +470,14 @@ describe ApplicationController do
expect(response).to have_gitlab_http_status(403)
end
it 'renders the error message when the format was html' do
get :index,
private_token: create(:personal_access_token, user: user).token,
format: :html
expect(response.body).to have_content /accept the terms of service/i
end
it 'renders a 200 when the sessionless user accepted the terms' do
accept_terms(user)
......
require 'spec_helper'
describe 'errors/access_denied' do
it 'does not fail to render when there is no message provided' do
expect { render }.not_to raise_error
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment