Make mission control only accessible for staff members
This commit is contained in:
@@ -1,6 +1,4 @@
|
|||||||
class Admin::StatsController < AdminController
|
class Admin::StatsController < AdminController
|
||||||
disallow_account_scope
|
|
||||||
|
|
||||||
layout "public"
|
layout "public"
|
||||||
|
|
||||||
def show
|
def show
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
class AdminController < ApplicationController
|
class AdminController < ApplicationController
|
||||||
|
disallow_account_scope
|
||||||
before_action :ensure_staff
|
before_action :ensure_staff
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -24,5 +24,7 @@ module Fizzy
|
|||||||
config.generators do |g|
|
config.generators do |g|
|
||||||
g.orm :active_record, primary_key_type: :uuid
|
g.orm :active_record, primary_key_type: :uuid
|
||||||
end
|
end
|
||||||
|
|
||||||
|
config.mission_control.jobs.http_basic_auth_enabled = false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -1,5 +1,3 @@
|
|||||||
Rails.application.config.before_initialize do
|
Rails.application.config.before_initialize do
|
||||||
# We don't want normal tenanted authentication on mission control.
|
MissionControl::Jobs.base_controller_class = "AdminController"
|
||||||
# Note that we're using HTTP basic auth configured via credentials.
|
|
||||||
MissionControl::Jobs.base_controller_class = "ActionController::Base"
|
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -0,0 +1,23 @@
|
|||||||
|
require "test_helper"
|
||||||
|
|
||||||
|
class Admin::MissionControlTest < ActionDispatch::IntegrationTest
|
||||||
|
test "staff can access mission control jobs" do
|
||||||
|
sign_in_as :david
|
||||||
|
|
||||||
|
untenanted do
|
||||||
|
get "/admin/jobs"
|
||||||
|
end
|
||||||
|
|
||||||
|
assert_response :success
|
||||||
|
end
|
||||||
|
|
||||||
|
test "non-staff cannot access mission control jobs" do
|
||||||
|
sign_in_as :jz
|
||||||
|
|
||||||
|
untenanted do
|
||||||
|
get "/admin/jobs"
|
||||||
|
end
|
||||||
|
|
||||||
|
assert_response :forbidden
|
||||||
|
end
|
||||||
|
end
|
||||||
@@ -0,0 +1,23 @@
|
|||||||
|
require "test_helper"
|
||||||
|
|
||||||
|
class Admin::StatsControllerTest < ActionDispatch::IntegrationTest
|
||||||
|
test "staff can access stats" do
|
||||||
|
sign_in_as :david
|
||||||
|
|
||||||
|
untenanted do
|
||||||
|
get admin_stats_url
|
||||||
|
end
|
||||||
|
|
||||||
|
assert_response :success
|
||||||
|
end
|
||||||
|
|
||||||
|
test "non-staff cannot access stats" do
|
||||||
|
sign_in_as :jz
|
||||||
|
|
||||||
|
untenanted do
|
||||||
|
get admin_stats_url
|
||||||
|
end
|
||||||
|
|
||||||
|
assert_response :forbidden
|
||||||
|
end
|
||||||
|
end
|
||||||
Vendored
+2
@@ -1,11 +1,13 @@
|
|||||||
david:
|
david:
|
||||||
email_address: david@37signals.com
|
email_address: david@37signals.com
|
||||||
|
staff: true
|
||||||
|
|
||||||
jz:
|
jz:
|
||||||
email_address: jz@37signals.com
|
email_address: jz@37signals.com
|
||||||
|
|
||||||
kevin:
|
kevin:
|
||||||
email_address: kevin@37signals.com
|
email_address: kevin@37signals.com
|
||||||
|
staff: true
|
||||||
|
|
||||||
mike:
|
mike:
|
||||||
email_address: mike@37signals.com
|
email_address: mike@37signals.com
|
||||||
|
|||||||
Reference in New Issue
Block a user