File tree Expand file tree Collapse file tree 2 files changed +42
-0
lines changed
Expand file tree Collapse file tree 2 files changed +42
-0
lines changed Original file line number Diff line number Diff line change @@ -3,6 +3,7 @@ module Authorization
33
44 included do
55 before_action :ensure_can_access_account , if : -> { Current . account . present? && authenticated? }
6+ before_action :ensure_only_staff_can_access_non_production_remote_environments
67 end
78
89 class_methods do
@@ -29,6 +30,10 @@ def ensure_can_access_account
2930 redirect_to session_menu_url ( script_name : nil ) if Current . user . blank? || !Current . user . active?
3031 end
3132
33+ def ensure_only_staff_can_access_non_production_remote_environments
34+ head :forbidden unless Rails . env . local? || Rails . env . production? || Current . identity . staff?
35+ end
36+
3237 def redirect_existing_user
3338 redirect_to root_path if Current . user
3439 end
Original file line number Diff line number Diff line change 1+ require "test_helper"
2+
3+ class NonProductionRemoteAccessTest < ActionDispatch ::IntegrationTest
4+ test "staff can access in staging environment" do
5+ sign_in_as :david
6+
7+ Rails . stub ( :env , ActiveSupport ::EnvironmentInquirer . new ( "staging" ) ) do
8+ get cards_path
9+ assert_response :success
10+ end
11+ end
12+
13+ test "non-staff cannot access in staging environment" do
14+ sign_in_as :jz
15+
16+ Rails . stub ( :env , ActiveSupport ::EnvironmentInquirer . new ( "staging" ) ) do
17+ get cards_path
18+ assert_response :forbidden
19+ end
20+ end
21+
22+ test "non-staff can access in production environment" do
23+ sign_in_as :jz
24+
25+ Rails . stub ( :env , ActiveSupport ::EnvironmentInquirer . new ( "production" ) ) do
26+ get cards_path
27+ assert_response :success
28+ end
29+ end
30+
31+ test "non-staff can access in local environment" do
32+ sign_in_as :jz
33+
34+ get cards_path
35+ assert_response :success
36+ end
37+ end
You can’t perform that action at this time.
0 commit comments