security improved

author: gitlabhq <m@gitlabhq.com> 2011-10-17 13:39:03 +0300
committer: gitlabhq <m@gitlabhq.com> 2011-10-17 13:39:03 +0300
commit: 783ca8979652085e2708cf3e020f3f83349dedb2 (patch)
tree: 2753b16c8ea021b95489ded0a92c54158cef8545 /spec/support
parent: b08e4074b49acdb00dc9e041dab65a11462a090c (diff)
download: gitlab-ce-783ca8979652085e2708cf3e020f3f83349dedb2.tar.gz
1 files changed, 15 insertions, 2 deletions
diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb
index 953b535698d..dcdfa6d50ff 100644
--- a/spec/support/matchers.rb
+++ b/spec/support/matchers.rb
@@ -21,17 +21,30 @@ RSpec::Matchers.define :be_denied_for do |user|
   end 
 end
 
+RSpec::Matchers.define :be_404_for do |user|
+  match do |url|
+    include UrlAccess
+    url_404?(user, url)
+  end 
+end
+
 module UrlAccess 
   def url_allowed?(user, url)
     emulate_user(user)
     visit url
-    result = (current_path == url)
+    (page.status_code != 404 && current_path != new_user_session_path)
   end
 
   def url_denied?(user, url)
     emulate_user(user)
     visit url
-    result = (current_path != url)
+    (page.status_code == 404 || current_path == new_user_session_path)
+  end
+
+  def url_404?(user, url)
+    emulate_user(user)
+    visit url
+    page.status_code == 404
   end
 
   def emulate_user(user)
author	gitlabhq <m@gitlabhq.com>	2011-10-17 13:39:03 +0300
committer	gitlabhq <m@gitlabhq.com>	2011-10-17 13:39:03 +0300
commit	783ca8979652085e2708cf3e020f3f83349dedb2 (patch)
tree	2753b16c8ea021b95489ded0a92c54158cef8545 /spec/support
parent	b08e4074b49acdb00dc9e041dab65a11462a090c (diff)
download	gitlab-ce-783ca8979652085e2708cf3e020f3f83349dedb2.tar.gz