Make mission control only accessible for staff members
This commit is contained in:
@@ -1,6 +1,4 @@
|
||||
class Admin::StatsController < AdminController
|
||||
disallow_account_scope
|
||||
|
||||
layout "public"
|
||||
|
||||
def show
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
class AdminController < ApplicationController
|
||||
disallow_account_scope
|
||||
before_action :ensure_staff
|
||||
end
|
||||
|
||||
@@ -24,5 +24,7 @@ module Fizzy
|
||||
config.generators do |g|
|
||||
g.orm :active_record, primary_key_type: :uuid
|
||||
end
|
||||
|
||||
config.mission_control.jobs.http_basic_auth_enabled = false
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
Rails.application.config.before_initialize do
|
||||
# We don't want normal tenanted authentication on mission control.
|
||||
# Note that we're using HTTP basic auth configured via credentials.
|
||||
MissionControl::Jobs.base_controller_class = "ActionController::Base"
|
||||
MissionControl::Jobs.base_controller_class = "AdminController"
|
||||
end
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
require "test_helper"
|
||||
|
||||
class Admin::MissionControlTest < ActionDispatch::IntegrationTest
|
||||
test "staff can access mission control jobs" do
|
||||
sign_in_as :david
|
||||
|
||||
untenanted do
|
||||
get "/admin/jobs"
|
||||
end
|
||||
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "non-staff cannot access mission control jobs" do
|
||||
sign_in_as :jz
|
||||
|
||||
untenanted do
|
||||
get "/admin/jobs"
|
||||
end
|
||||
|
||||
assert_response :forbidden
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,23 @@
|
||||
require "test_helper"
|
||||
|
||||
class Admin::StatsControllerTest < ActionDispatch::IntegrationTest
|
||||
test "staff can access stats" do
|
||||
sign_in_as :david
|
||||
|
||||
untenanted do
|
||||
get admin_stats_url
|
||||
end
|
||||
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "non-staff cannot access stats" do
|
||||
sign_in_as :jz
|
||||
|
||||
untenanted do
|
||||
get admin_stats_url
|
||||
end
|
||||
|
||||
assert_response :forbidden
|
||||
end
|
||||
end
|
||||
Vendored
+2
@@ -1,11 +1,13 @@
|
||||
david:
|
||||
email_address: david@37signals.com
|
||||
staff: true
|
||||
|
||||
jz:
|
||||
email_address: jz@37signals.com
|
||||
|
||||
kevin:
|
||||
email_address: kevin@37signals.com
|
||||
staff: true
|
||||
|
||||
mike:
|
||||
email_address: mike@37signals.com
|
||||
|
||||
Reference in New Issue
Block a user