summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhukl <contact@smyck.org>2009-10-07 21:03:28 +0200
committerhukl <contact@smyck.org>2009-10-07 21:03:28 +0200
commit9dadc61cae2c4c01a97880e89ca86a0e760fc8d1 (patch)
tree4c50bccc0339429d669a04e5dc3f2e735dfcb515
parenta57fb0c2084885c35b7ba89917c37696e5df3b3f (diff)
implemented complete restful user management interface including functional tests. this enables basic user operation. note that only admins are allowed to create, edit, destroy other users
-rw-r--r--app/controllers/users_controller.rb30
-rw-r--r--app/helpers/users_helper.rb7
-rw-r--r--app/models/user.rb2
-rw-r--r--app/views/users/_admin_user_item.html.erb12
-rw-r--r--app/views/users/_user_item.html.erb4
-rw-r--r--app/views/users/create.html.erb2
-rw-r--r--app/views/users/destroy.html.erb2
-rw-r--r--app/views/users/edit.html.erb32
-rw-r--r--app/views/users/index.html.erb15
-rw-r--r--app/views/users/new.html.erb32
-rw-r--r--app/views/users/show.html.erb22
-rw-r--r--app/views/users/update.html.erb2
-rw-r--r--public/stylesheets/admin.css4
-rw-r--r--test/fixtures/users.yml1
-rw-r--r--test/functional/nodes_controller_test.rb2
-rw-r--r--test/functional/users_controller_test.rb146
-rw-r--r--test/test_helper.rb3
17 files changed, 292 insertions, 26 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 19f6b2d..b15f83b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -3,29 +3,57 @@ class UsersController < ApplicationController
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_filter :login_required
6 before_filter :verify_admin_status, :except => [:index, :show]
6 7
7 layout 'admin' 8 layout 'admin'
8 9
9 def index 10 def index
10 @users = User.all 11 @users = User.all(:order => "login ASC")
11 end 12 end
12 13
13 def new 14 def new
15 @user = User.new( params[:user] )
14 end 16 end
15 17
16 def create 18 def create
19 @user = User.new params[:user]
20
21 if @user.save
22 redirect_to user_path(@user)
23 else
24 render :new
25 end
17 end 26 end
18 27
19 def edit 28 def edit
29 @user = User.find(params[:id])
20 end 30 end
21 31
22 def update 32 def update
33 @user = User.find(params[:id])
34
35 if @user.update_attributes(params[:user])
36 redirect_to user_path(@user)
37 else
38 render :edit
39 end
23 end 40 end
24 41
25 def show 42 def show
43 @user = User.find(params[:id])
26 end 44 end
27 45
28 def destroy 46 def destroy
47 user = User.find(params[:id])
48 user.destroy if user
49 redirect_to users_path
29 end 50 end
30 51
52 private
53 def verify_admin_status
54 unless current_user.admin
55 flash[:notice] = "Sorry, you need to be an admin for this action"
56 redirect_to users_path
57 end
58 end
31end 59end
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 2310a24..ff03138 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,2 +1,9 @@
1module UsersHelper 1module UsersHelper
2 def user_list_by_admin_status
3 if current_user && current_user.admin
4 render :partial => 'admin_user_item', :collection => @users
5 else
6 render :partial => 'user_item', :collection => @users
7 end
8 end
2end 9end
diff --git a/app/models/user.rb b/app/models/user.rb
index 26ebf45..035a145 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -21,7 +21,7 @@ class User < ActiveRecord::Base
21 validates_format_of :email, :with => Authentication.email_regex, 21 validates_format_of :email, :with => Authentication.email_regex,
22 :message => Authentication.bad_email_message 22 :message => Authentication.bad_email_message
23 23
24 attr_accessible :login, :email, :password, :password_confirmation 24 attr_accessible :login, :email, :password, :password_confirmation, :admin
25 25
26 # Authenticates a user by their login name and unencrypted password. Returns the user or nil. 26 # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
27 def self.authenticate(login, password) 27 def self.authenticate(login, password)
diff --git a/app/views/users/_admin_user_item.html.erb b/app/views/users/_admin_user_item.html.erb
new file mode 100644
index 0000000..d882dc4
--- /dev/null
+++ b/app/views/users/_admin_user_item.html.erb
@@ -0,0 +1,12 @@
1<tr>
2 <td><%= admin_user_item.login %></td>
3 <td>
4 <%= link_to "Show", user_path(admin_user_item) %>
5 <%= link_to(
6 "Destroy",
7 user_path(admin_user_item),
8 :method => "delete",
9 :confirm => "Are you sure to delete user: #{admin_user_item.login}?"
10 ) %>
11 </td>
12</tr> \ No newline at end of file
diff --git a/app/views/users/_user_item.html.erb b/app/views/users/_user_item.html.erb
new file mode 100644
index 0000000..c3389ba
--- /dev/null
+++ b/app/views/users/_user_item.html.erb
@@ -0,0 +1,4 @@
1<tr>
2 <td><%= user_item.login %></td>
3 <td></td>
4</tr> \ No newline at end of file
diff --git a/app/views/users/create.html.erb b/app/views/users/create.html.erb
deleted file mode 100644
index 48ea02e..0000000
--- a/app/views/users/create.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
1<h1>Users#create</h1>
2<p>Find me in app/views/users/create.html.erb</p>
diff --git a/app/views/users/destroy.html.erb b/app/views/users/destroy.html.erb
deleted file mode 100644
index de4bd26..0000000
--- a/app/views/users/destroy.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
1<h1>Users#destroy</h1>
2<p>Find me in app/views/users/destroy.html.erb</p>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index 1881fbd..5b73242 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -1,2 +1,30 @@
1<h1>Users#edit</h1> 1<h1>Edit existing user</h1>
2<p>Find me in app/views/users/edit.html.erb</p> 2
3<% form_for @user do |f| %>
4<table id="new_node">
5 <tr>
6 <td class="description">Login</td>
7 <td><%= f.text_field :login %></td>
8 </tr>
9 <tr>
10 <td class="description">E-Mail</td>
11 <td><%= f.text_field :email %></td>
12 </tr>
13 <tr>
14 <td class="description">Password</td>
15 <td><%= f.text_field :password %></td>
16 </tr>
17 <tr>
18 <td class="description">Confirm</td>
19 <td><%= f.text_field :password_confirmation %></td>
20 </tr>
21 <tr>
22 <td class="description">Admin?</td>
23 <td><%= f.check_box :admin %></td>
24 </tr>
25 <tr>
26 <td class="description"></td>
27 <td class="right"><%= f.submit "Create" %></td>
28 </tr>
29</table>
30<% end %> \ No newline at end of file
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index f0b5b28..8526d84 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -1,12 +1,13 @@
1<h1>Users</h1> 1<h1>Users</h1>
2 2
3<table> 3<table id="user_list">
4 <tr> 4 <tr>
5 <td>login</td> 5 <td>login</td>
6 </tr> 6 </tr>
7 <% @users.each do |user| %> 7 <%= user_list_by_admin_status %>
8 <tr> 8</table>
9 <td><%= user.login %></td> 9
10 </tr> 10
11 <% end %> 11<% content_for :subnavigation do %>
12</table> \ No newline at end of file 12 <%= link_to "create", new_user_path %>
13<% end %> \ No newline at end of file
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index c21a1ad..0629641 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -1,2 +1,30 @@
1<h1>Users#new</h1> 1<h1>Create new user</h1>
2<p>Find me in app/views/users/new.html.erb</p> 2
3<% form_for @user do |f| %>
4<table id="new_node">
5 <tr>
6 <td class="description">Login</td>
7 <td><%= f.text_field :login %></td>
8 </tr>
9 <tr>
10 <td class="description">E-Mail</td>
11 <td><%= f.text_field :email %></td>
12 </tr>
13 <tr>
14 <td class="description">Password</td>
15 <td><%= f.text_field :password %></td>
16 </tr>
17 <tr>
18 <td class="description">Confirm</td>
19 <td><%= f.text_field :password_confirmation %></td>
20 </tr>
21 <tr>
22 <td class="description">Admin?</td>
23 <td><%= f.check_box :admin %></td>
24 </tr>
25 <tr>
26 <td class="description"></td>
27 <td class="right"><%= f.submit "Create" %></td>
28 </tr>
29</table>
30<% end %> \ No newline at end of file
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index e5fa3ad..3055d24 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -1,2 +1,20 @@
1<h1>Users#show</h1> 1<h1>User: <%= @user.login %></h1>
2<p>Find me in app/views/users/show.html.erb</p> 2
3<table id="new_node">
4 <tr>
5 <td class="description">Login</td>
6 <td><%= @user.login %></td>
7 </tr>
8 <tr>
9 <td class="description">E-Mail</td>
10 <td><%= @user.email %></td>
11 </tr>
12 <tr>
13 <td class="description">Admin?</td>
14 <td><%= @user.admin ? "yes" : "no" %></td>
15 </tr>
16</table>
17
18<% content_for :subnavigation do %>
19 <%= link_to 'Edit', edit_user_path(@user) %>
20<% end %>
diff --git a/app/views/users/update.html.erb b/app/views/users/update.html.erb
deleted file mode 100644
index cabbde1..0000000
--- a/app/views/users/update.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
1<h1>Users#update</h1>
2<p>Find me in app/views/users/update.html.erb</p>
diff --git a/public/stylesheets/admin.css b/public/stylesheets/admin.css
index d74632b..1822ed1 100644
--- a/public/stylesheets/admin.css
+++ b/public/stylesheets/admin.css
@@ -439,3 +439,7 @@ input#move_to_search_term, input#node_staged_slug {
439 width: 680px; 439 width: 680px;
440} 440}
441 441
442table#user_list td {
443 padding-right: 30px;
444}
445
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 5b32afc..a62b350 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -13,4 +13,5 @@ aaron:
13 salt: 5be6f9cdd04fd7ab3c91cd32a5334ba2339b8005 13 salt: 5be6f9cdd04fd7ab3c91cd32a5334ba2339b8005
14 crypted_password: 740a48caf7dd5ff11318d812d57c0a0928cfbc12 # 'monkey' 14 crypted_password: 740a48caf7dd5ff11318d812d57c0a0928cfbc12 # 'monkey'
15 created_at: <%= 1.days.ago.to_s :db %> 15 created_at: <%= 1.days.ago.to_s :db %>
16 admin: true
16 17
diff --git a/test/functional/nodes_controller_test.rb b/test/functional/nodes_controller_test.rb
index 3293f42..3dae9db 100644
--- a/test/functional/nodes_controller_test.rb
+++ b/test/functional/nodes_controller_test.rb
@@ -2,8 +2,6 @@ require 'test_helper'
2 2
3class NodesControllerTest < ActionController::TestCase 3class NodesControllerTest < ActionController::TestCase
4 4
5 include AuthenticatedTestHelper
6
7 def test_get_index 5 def test_get_index
8 Node.root.descendants.delete_all 6 Node.root.descendants.delete_all
9 test_node = Node.create :slug => "foo" 7 test_node = Node.create :slug => "foo"
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index c3db123..a8333fe 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -1,8 +1,148 @@
1require 'test_helper' 1require 'test_helper'
2 2
3class UsersControllerTest < ActionController::TestCase 3class UsersControllerTest < ActionController::TestCase
4 # Replace this with your real tests. 4
5 test "the truth" do 5 test "get index as regular user renders stripped partial" do
6 assert true 6 login_as :quentin
7 get :index
8 assert_response :success
9 assert_select "a", { :count => 0, :text => "Destroy" }
7 end 10 end
11
12 test "get index as admin user renders admin partial" do
13 login_as :aaron
14 get :index
15 assert_response :success
16 assert_select "a", "Destroy"
17 assert_select "a", "Show", "Edit Link is missing"
18 end
19
20 test "get new when logged in as admin" do
21 login_as :aaron
22 get :new
23 assert_response :success
24 end
25
26 test "get new without being logged in as admin redirects back to index" do
27 login_as :quentin
28 get :new
29 assert_response :redirect
30 assert_redirected_to users_path
31 assert_equal(
32 "Sorry, you need to be an admin for this action",
33 @response.flash[:notice]
34 )
35 end
36
37 test "creating new users being logged in as admin" do
38 login_as :aaron
39 assert_difference "User.count", +1 do
40 post :create, :user => {
41 :login => "peter",
42 :email => "foo@bar.com",
43 :password => "xxxzzz",
44 :password_confirmation => "xxxzzz"
45 }
46 end
47
48 assert_redirected_to user_path(User.last)
49 assert !User.last.admin
50 end
51
52 test "creating new admin users being logged in as admin" do
53 login_as :aaron
54 assert_difference "User.count", +1 do
55 post :create, :user => {
56 :login => "peter",
57 :email => "foo@bar.com",
58 :password => "xxxzzz",
59 :password_confirmation => "xxxzzz",
60 :admin => true
61 }
62 end
63
64 assert_redirected_to user_path(User.last)
65 assert User.last.admin
66 end
67
68 test "creating new users not being logged as regular user wont work" do
69 login_as :quentin
70 assert_no_difference "User.count" do
71 post :create, :user => {
72 :login => "peter",
73 :email => "foo@bar.com",
74 :password => "xxxzzz",
75 :password_confirmation => "xxxzzz"
76 }
77 end
78
79 assert_redirected_to users_path
80 assert_equal(
81 "Sorry, you need to be an admin for this action",
82 @response.flash[:notice]
83 )
84 end
85
86 test "get edit of another user being logged in as regular user wont work" do
87 login_as :quentin
88 get :edit, :id => User.find_by_login("aaron").id
89 assert_redirected_to users_path
90 assert_equal(
91 "Sorry, you need to be an admin for this action",
92 @response.flash[:notice]
93 )
94 end
95
96 test "get edit of another user being logged in as admin user" do
97 login_as :aaron
98 get :edit, :id => User.find_by_login("quentin").id
99 assert_response :success
100 end
101
102 test "updating an user when being logged in as regular user wont work" do
103 user = User.find_by_login("aaron")
104 login_as :quentin
105 put :update, :id => user.id, :user => {:login => "random"}
106 assert_redirected_to users_path
107 assert_equal(
108 "Sorry, you need to be an admin for this action",
109 @response.flash[:notice]
110 )
111 end
112
113 test "updating an user when being login in as admin user" do
114 user = User.find_by_login("quentin")
115 login_as :aaron
116 put :update, :id => user.id, :user => {:login => "random"}
117 assert_redirected_to user_path(user)
118 assert_equal "random", user.reload.login
119 end
120
121 test "showing a user" do
122 login_as :quentin
123 get :show, :id => User.find_by_login("aaron").id
124 assert_response :success
125 end
126
127 test "destroying an user being logged in as regular user wont work" do
128 login_as :quentin
129 assert_no_difference "User.count" do
130 delete :destroy, :id => User.find_by_login("aaron").id
131 end
132 assert_redirected_to users_path
133 assert_equal(
134 "Sorry, you need to be an admin for this action",
135 @response.flash[:notice]
136 )
137 end
138
139 test "destroying an user being logged in as admin user" do
140 login_as :aaron
141 assert_difference "User.count", -1 do
142 delete :destroy, :id => User.find_by_login("quentin").id
143 end
144 assert_redirected_to users_path
145 end
146
147
8end 148end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index b9fe251..21d4604 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -3,6 +3,9 @@ require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
3require 'test_help' 3require 'test_help'
4 4
5class ActiveSupport::TestCase 5class ActiveSupport::TestCase
6
7 include AuthenticatedTestHelper
8
6 # Transactional fixtures accelerate your tests by wrapping each test method 9 # Transactional fixtures accelerate your tests by wrapping each test method
7 # in a transaction that's rolled back on completion. This ensures that the 10 # in a transaction that's rolled back on completion. This ensures that the
8 # test database remains unchanged so your fixtures don't have to be reloaded 11 # test database remains unchanged so your fixtures don't have to be reloaded