diff --git a/CHANGELOG.md b/CHANGELOG.md index f9332f07..e9c72b6d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## Changed - Minor versions are now being built only for amd64 architecture to speed up the build process. +- If user is not authorized to see a page, they will be redirected to the home page with appropriate message instead of seeing an error. # [0.31.0] - 2025-09-04 diff --git a/spec/requests/imports_spec.rb b/spec/requests/imports_spec.rb index 56eb3333..09481269 100644 --- a/spec/requests/imports_spec.rb +++ b/spec/requests/imports_spec.rb @@ -62,9 +62,10 @@ RSpec.describe 'Imports', type: :request do end it 'prevents viewing other users import' do - expect { - get import_path(other_import) - }.to raise_error(Pundit::NotAuthorizedError) + get import_path(other_import) + + expect(response).to redirect_to(root_path) + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end @@ -98,9 +99,10 @@ RSpec.describe 'Imports', type: :request do end it 'prevents access to new import form' do - expect { - get new_import_path - }.to raise_error(Pundit::NotAuthorizedError) + get new_import_path + + expect(response).to redirect_to(root_path) + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end diff --git a/spec/requests/settings/background_jobs_spec.rb b/spec/requests/settings/background_jobs_spec.rb index 64b415af..f2bea2cd 100644 --- a/spec/requests/settings/background_jobs_spec.rb +++ b/spec/requests/settings/background_jobs_spec.rb @@ -18,7 +18,7 @@ RSpec.describe '/settings/background_jobs', type: :request do get settings_background_jobs_url expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end @@ -32,7 +32,7 @@ RSpec.describe '/settings/background_jobs', type: :request do get settings_background_jobs_url expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end context 'when job name is start_immich_import' do @@ -104,7 +104,7 @@ RSpec.describe '/settings/background_jobs', type: :request do get settings_background_jobs_url expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end @@ -118,7 +118,7 @@ RSpec.describe '/settings/background_jobs', type: :request do get settings_background_jobs_url expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end context 'when user is an admin' do @@ -128,7 +128,7 @@ RSpec.describe '/settings/background_jobs', type: :request do get settings_background_jobs_url expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end end @@ -138,7 +138,7 @@ RSpec.describe '/settings/background_jobs', type: :request do post settings_background_jobs_url, params: { job_name: 'start_reverse_geocoding' } expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end context 'when job name is start_immich_import' do @@ -146,7 +146,7 @@ RSpec.describe '/settings/background_jobs', type: :request do post settings_background_jobs_url, params: { job_name: 'start_immich_import' } expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end @@ -155,7 +155,7 @@ RSpec.describe '/settings/background_jobs', type: :request do post settings_background_jobs_url, params: { job_name: 'start_photoprism_import' } expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end @@ -166,7 +166,7 @@ RSpec.describe '/settings/background_jobs', type: :request do get settings_background_jobs_url expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end end diff --git a/spec/requests/settings/users_spec.rb b/spec/requests/settings/users_spec.rb index a80694ae..2ef8a6a6 100644 --- a/spec/requests/settings/users_spec.rb +++ b/spec/requests/settings/users_spec.rb @@ -101,7 +101,7 @@ RSpec.describe '/settings/users', type: :request do get settings_users_url expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end @@ -110,7 +110,7 @@ RSpec.describe '/settings/users', type: :request do post settings_users_url, params: { user: valid_attributes } expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end @@ -121,7 +121,7 @@ RSpec.describe '/settings/users', type: :request do patch settings_user_url(user), params: { user: valid_attributes } expect(response).to redirect_to(root_url) - expect(flash[:notice]).to eq('You are not authorized to perform this action.') + expect(flash[:alert]).to eq('You are not authorized to perform this action.') end end end