diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 9c9238273..921953779 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -3,7 +3,7 @@ class OrganisationsController < ApplicationController include Modules::CaseLogsFilter include Modules::SearchFilter - before_action :authenticate_user!, except: [:index] + before_action :authenticate_user! before_action :find_resource, except: [:index] before_action :authenticate_scope! diff --git a/spec/requests/organisations_controller_spec.rb b/spec/requests/organisations_controller_spec.rb index 2b01d62e2..deb809831 100644 --- a/spec/requests/organisations_controller_spec.rb +++ b/spec/requests/organisations_controller_spec.rb @@ -25,6 +25,11 @@ RSpec.describe OrganisationsController, type: :request do get "/organisations/#{organisation.id}/users", headers: headers, params: {} expect(response).to redirect_to("/account/sign-in") end + + it "does not let you see organisations list" do + get "/organisations", headers: headers, params: {} + expect(response).to redirect_to("/account/sign-in") + end end end