Return 404 if controls are accessed without writes

kjetilk · kjetilk · commit 44f335b32d58 · 2018-02-08T00:20:03.000+01:00
diff --git a/lib/RDF/LinkedData.pm b/lib/RDF/LinkedData.pm
@@ -479,6 +479,14 @@ sub response {
 	}
 
 	my $type = $self->type;
+
+	if (($type eq 'controls')  && (!$self->writes_enabled)) {
+	  $response->status(404);
+	  $response->headers->content_type('text/plain');
+	  $response->body('HTTP 404: Controls are only available in read-enabled applications');
+	  return $response;
+	}
+
 	$self->type('');
 	my $node = $self->my_node($uri);
 	$self->log->info("Try rendering '$type' page for subject node: " . $node->as_string);
diff --git a/t/20-psgi-basic.t b/t/20-psgi-basic.t
@@ -3,7 +3,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 60 ;
+use Test::More tests => 61 ;
 use Test::RDF;
 use Test::WWW::Mechanize::PSGI;
 use Module::Load::Conditional qw[can_load];
@@ -47,6 +47,13 @@ foreach my $accept_header (('text/html',
     is($res->header('Location'), 'http://en.wikipedia.org/wiki/Foo', "Location is Wikipedia page");
 }
 
+{
+    note "Get /foo/controls, no redirects";
+    my $mech = Test::WWW::Mechanize::PSGI->new(app => $tester, requests_redirectable => []);
+    my $res = $mech->get("/foo/controls");
+    is($mech->status, 404, "Returns 404");
+}
+
 {
     note "Get /foo, no redirects, ask for RDF/XML";
     my $mech = Test::WWW::Mechanize::PSGI->new(app => $tester, requests_redirectable => []);
