codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2025-05-02 08:54:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Admins who haven't been approved can log in when must_approve_users is enabled

Browse source
This commit is contained in:
Neil Lalonde 2013-08-06 16:51:29 -04:00
parent 57baf1f112
commit c74da0d262
2 changed files with 12 additions and 1 deletions

2
app/controllers/session_controller.rb
View file

@ -22,7 +22,7 @@ class SessionController < ApplicationController
if @user.present? if @user.present?
# If the site requires user approval and the user is not approved yet # If the site requires user approval and the user is not approved yet
if SiteSetting.must_approve_users? && !@user.approved? if SiteSetting.must_approve_users? && !@user.approved? && !@user.admin?
render json: {error: I18n.t("login.not_approved")} render json: {error: I18n.t("login.not_approved")}
return return
end end

11
spec/controllers/session_controller_spec.rb
View file

@ -107,6 +107,17 @@ describe SessionController do
) )
end end
end end
context "with an unapproved user who is an admin" do
before do
User.any_instance.stubs(:admin?).returns(true)
xhr :post, :create, login: user.email, password: 'myawesomepassword'
end
it 'sets a session id' do
session[:current_user_id].should == user.id
end
end
end end
end end