t#30469:fix artist auth error

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7e50a98..ebe43b7 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -65,7 +65,7 @@ class ApplicationController < ActionController::Base
       false
     end
   end
-  
+      
   def authenticate_artist
     if @author and @author.artist?
       true
@@ -73,9 +73,7 @@ class ApplicationController < ActionController::Base
       respond_to do |format|
         format.html { redirect_to main_app.new_artist_path, :status => :found }
         format.js { render "artists/new" }
-        format.json { 
-          raise ActiveRecord::Forbidden
-        }
+        format.json { render :text => {:error => I18n.t('devise.failure.unauthenticated')}.to_json, :status => :unauthorized }
       end
       false
     end

diff --git a/public/403.html b/public/403.html
index 0586538..98bdf9e 100644 (file)
--- a/public/403.html
+++ b/public/403.html
@@ -19,8 +19,8 @@
 <body>
   <!-- This file lives in public/404.html -->
   <div class="dialog">
-    <h1>このページにアクセスする権限がありません</h1>
-    <p>URLが間違っているか、アカウントが違う可能性があります</p>
+    <h1>このページにアクセスする権限がありません。</h1>
+    <p>ページがコンテンツオーナーによって非公開にされている、管理者からの認可が下りていない、などの理由が考えられます。</p>
   </div>
 </body>
 </html>

diff --git a/public/404.html b/public/404.html
index 9a48320..a1f8832 100644 (file)
--- a/public/404.html
+++ b/public/404.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-  <title>The page you were looking for doesn't exist (404)</title>
+  <title>ページが見つかりません (404)</title>
   <style type="text/css">
     body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
     div.dialog {
@@ -19,8 +19,8 @@
 <body>
   <!-- This file lives in public/404.html -->
   <div class="dialog">
-    <h1>The page you were looking for doesn't exist.</h1>
-    <p>You may have mistyped the address or the page may have moved.</p>
+    <h1>指定されたページは存在しません。</h1>
+    <p>Urlが間違っているか、ページが削除されているかもしれません。</p>
   </div>
 </body>
 </html>

diff --git a/spec/controllers/home_controller_spec.rb b/spec/controllers/home_controller_spec.rb
index 62ac4cf..292308c 100644 (file)
--- a/spec/controllers/home_controller_spec.rb
+++ b/spec/controllers/home_controller_spec.rb
@@ -742,10 +742,9 @@ if MagicNumber['run_mode'] == 1
         end
       end
       context 'json形式' do
-        it '例外403 forbiddenを返す' do
-          lambda{
-            get :resource_picture, :format => :json
-          }.should raise_error(ActiveRecord::Forbidden)
+        it '応答メッセージにUnauthorizedを返す' do
+          get :resource_picture, :format => :json
+          response.message.should match(/Unauthorized/)
         end
       end
     end

diff --git a/spec/controllers/original_pictures_controller_spec.rb b/spec/controllers/original_pictures_controller_spec.rb
index 32ae9d7..3bcfe70 100644 (file)
--- a/spec/controllers/original_pictures_controller_spec.rb
+++ b/spec/controllers/original_pictures_controller_spec.rb
@@ -129,10 +129,9 @@ if MagicNumber['run_mode'] == 1
         end
       end
       context 'json形式' do
-        it '例外403 forbiddenを返す' do
-          lambda{
-            get :index, :format => :json
-          }.should raise_error(ActiveRecord::Forbidden)
+        it '応答メッセージにUnauthorizedを返す' do
+          get :index, :format => :json
+          response.message.should match(/Unauthorized/)
         end
       end
     end
@@ -279,10 +278,9 @@ if MagicNumber['run_mode'] == 1
         end
       end
       context 'json形式' do
-        it '例外403 forbiddenを返す' do
-          lambda{
-            get :show, :id => @pic.id, :format => :json
-          }.should raise_error(ActiveRecord::Forbidden)
+        it '応答メッセージにUnauthorizedを返す' do
+          get :show, :id => @pic.id, :format => :json
+          response.message.should match(/Unauthorized/)
         end
       end
     end
@@ -418,10 +416,9 @@ if MagicNumber['run_mode'] == 1
         end
       end
       context 'json形式' do
-        it '例外403 forbiddenを返す' do
-          lambda{
-            get :history, :id => @op.id, :format => :json
-          }.should raise_error(ActiveRecord::Forbidden)
+        it '応答メッセージにUnauthorizedを返す' do
+          get :history, :id => @op.id, :format => :json
+          response.message.should match(/Unauthorized/)
         end
       end
     end
@@ -521,10 +518,9 @@ if MagicNumber['run_mode'] == 1
         end
       end
       context 'json形式' do
-        it '例外403 forbiddenを返す' do
-          lambda{
+        it '応答メッセージにUnauthorizedを返す' do
           get :new, :format => :json
-          }.should raise_error(ActiveRecord::Forbidden)
+          response.message.should match(/Unauthorized/)
         end
       end
     end
@@ -649,10 +645,9 @@ if MagicNumber['run_mode'] == 1
         before do
           @attr.merge!({:format => :json})
         end
-        it '例外403 forbiddenを返す' do
-          lambda{
-            post :create, @attr
-          }.should raise_error(ActiveRecord::Forbidden)
+        it '応答メッセージにUnauthorizedを返す' do
+          post :create, @attr
+          response.message.should match(/Unauthorized/)
         end
       end
     end
@@ -908,10 +903,9 @@ if MagicNumber['run_mode'] == 1
         end
       end
       context 'json形式' do
-        it '例外403 forbiddenを返す' do
-          lambda{
-            put :update, :id => @op.id, :original_picture => @attr, :format => :json
-          }.should raise_error(ActiveRecord::Forbidden)
+        it '応答メッセージにUnauthorizedを返す' do
+          put :update, :id => @op.id, :original_picture => @attr, :format => :json
+          response.message.should match(/Unauthorized/)
         end
       end
     end
@@ -1038,6 +1032,27 @@ if MagicNumber['run_mode'] == 1
         end
       end
     end
+    context '作家が絵師でないとき' do
+      before do
+        Author.any_instance.stub(:artist?).and_return(false)
+      end
+      context 'html形式' do
+        it 'ステータスコード302 Foundを返す' do
+          delete :destroy, :id => @op.id
+          response.status.should eq 302
+        end
+        it '絵師登録ページへ遷移する' do
+          delete :destroy, :id => @op.id
+          response.should redirect_to new_artist_path
+        end
+      end
+      context 'json形式' do
+        it '応答メッセージにUnauthorizedを返す' do
+          delete :destroy, :id => @op.id, :format => :json
+          response.message.should match(/Unauthorized/)
+        end
+      end
+    end
     context '削除に失敗したとき' do
       before do
         OriginalPicture.any_instance.stub(:destroy_with_resource_picture).and_return(false)

diff --git a/spec/controllers/resource_pictures_controller_spec.rb b/spec/controllers/resource_pictures_controller_spec.rb
index d998878..3a17867 100644 (file)
--- a/spec/controllers/resource_pictures_controller_spec.rb
+++ b/spec/controllers/resource_pictures_controller_spec.rb
@@ -832,10 +832,9 @@ if MagicNumber['run_mode'] == 1
         before do
           @attr.merge!({:format => :json})
         end
-        it '例外403 forbiddenを返す' do
-          lambda{
-            post :create, @attr
-          }.should raise_error(ActiveRecord::Forbidden)
+        it '応答メッセージにUnauthorizedを返す' do
+          post :create, @attr
+          response.message.should match(/Unauthorized/)
         end
       end
     end
@@ -945,6 +944,27 @@ if MagicNumber['run_mode'] == 1
         end
       end
     end
+    context '作家が絵師でないとき' do
+      before do
+        Author.any_instance.stub(:artist?).and_return(false)
+      end
+      context 'html形式' do
+        it 'ステータスコード302 Foundを返す' do
+          delete :destroy, :id => @rp.id
+          response.status.should eq 302
+        end
+        it '絵師登録ページへ遷移する' do
+          delete :destroy, :id => @rp.id
+          response.should redirect_to new_artist_path
+        end
+      end
+      context 'json形式' do
+        it '応答メッセージにUnauthorizedを返す' do
+          delete :destroy, :id => @rp.id, :format => :json
+          response.message.should match(/Unauthorized/)
+        end
+      end
+    end
     context '削除に失敗したとき' do
       before do
         ResourcePicture.any_instance.stub(:unpublish).and_return(false)