From 92a4828f72f8db2aa558bc3810b3a08be59c0a01 Mon Sep 17 00:00:00 2001
From: Chris Hunt <c@chrishunt.co>
Date: Tue, 4 Jun 2013 15:32:36 -0700
Subject: [PATCH] Redirect all controllers to login if required

We want to skip the filter for sessions controller so that we can login
and we want to skip the filter for static pages because those should be
visible to visitors.
---
 app/controllers/application_controller.rb  |  5 +++++
 app/controllers/session_controller.rb      |  1 +
 app/controllers/static_controller.rb       |  2 +-
 spec/controllers/topics_controller_spec.rb | 19 +++++++++++++++++++
 4 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 34180883f..a07f90da0 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base
   before_filter :preload_json
   before_filter :check_xhr
   before_filter :set_locale
+  before_filter :redirect_to_login_if_required
 
   rescue_from Exception do |exception|
     unless [ ActiveRecord::RecordNotFound, ActionController::RoutingError,
@@ -280,6 +281,10 @@ class ApplicationController < ActionController::Base
       raise Discourse::NotLoggedIn.new unless current_user.present?
     end
 
+    def redirect_to_login_if_required
+      redirect_to :login if SiteSetting.login_required? && !current_user
+    end
+
     def render_not_found_page(status=404)
       f = Topic.where(deleted_at: nil, archetype: "regular")
       @latest = f.order('views desc').take(10)
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index a7c6f66e8..734b2cc16 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -4,6 +4,7 @@ class SessionController < ApplicationController
   #  page is going to be empty, this means that server will see an invalid CSRF and blow the session
   #  once that happens you can't log in with social
   skip_before_filter :verify_authenticity_token, only: [:create]
+  skip_before_filter :redirect_to_login_if_required
 
   def create
     requires_parameter(:login, :password)
diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index 834ee57c3..e2341e760 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -1,6 +1,6 @@
 class StaticController < ApplicationController
 
-  skip_before_filter :check_xhr
+  skip_before_filter :check_xhr, :redirect_to_login_if_required
 
   def show
 
diff --git a/spec/controllers/topics_controller_spec.rb b/spec/controllers/topics_controller_spec.rb
index fe600a116..fe0ea2d0f 100644
--- a/spec/controllers/topics_controller_spec.rb
+++ b/spec/controllers/topics_controller_spec.rb
@@ -435,6 +435,25 @@ describe TopicsController do
 
     end
 
+    context "when 'login required' site setting has been enabled" do
+      before { SiteSetting.stubs(:login_required?).returns(true) }
+
+      context 'and the user is logged in' do
+        before { log_in(:coding_horror) }
+
+        it 'shows the topic' do
+          get :show, topic_id: topic.id, slug: topic.slug
+          expect(response).to be_successful
+        end
+      end
+
+      context 'and the user is not logged in' do
+        it 'redirects to the login page' do
+          get :show, topic_id: topic.id, slug: topic.slug
+          expect(response).to redirect_to login_path
+        end
+      end
+    end
   end
 
   describe '#feed' do