codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-27 09:36:19 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Admins who haven't been approved can log in when must_approve_users is enabled

Browse source
This commit is contained in:
Neil Lalonde 2013-08-06 16:51:29 -04:00
parent 57baf1f112
commit c74da0d262
2 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/session_controller.rb
View file

@ -22,7 +22,7 @@ class SessionController < ApplicationController
if @user.present?
# If the site requires user approval and the user is not approved yet
if SiteSetting.must_approve_users? && !@user.approved?
if SiteSetting.must_approve_users? && !@user.approved? && !@user.admin?
render json: {error: I18n.t("login.not_approved")}
return
end

11
spec/controllers/session_controller_spec.rb
View file

@ -107,6 +107,17 @@ describe SessionController do
)
end
end
context "with an unapproved user who is an admin" do
before do
User.any_instance.stubs(:admin?).returns(true)
xhr :post, :create, login: user.email, password: 'myawesomepassword'
end
it 'sets a session id' do
session[:current_user_id].should == user.id
end
end
end
end