summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhukl <contact@smyck.org>2009-10-07 21:20:18 +0200
committerhukl <contact@smyck.org>2009-10-07 21:20:18 +0200
commitcbed060fa16ce62821f637ff5d8fde7aa421d31e (patch)
tree47c376a50ec5ada60c96f4e1c2694a8b2a5855d9
parent9dadc61cae2c4c01a97880e89ca86a0e760fc8d1 (diff)
enabling users to edit their own details - tested as well - yay
-rw-r--r--app/controllers/users_controller.rb37
-rw-r--r--test/functional/users_controller_test.rb14
2 files changed, 35 insertions, 16 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b15f83b..ead989d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,12 +1,13 @@
1class UsersController < ApplicationController 1class UsersController < ApplicationController
2 2
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_filter :login_required
6 before_filter :verify_admin_status, :except => [:index, :show] 6 before_filter :find_user, :only => [:show, :edit, :update, :destroy]
7 7 before_filter :verify_status, :except => [:index, :show]
8
8 layout 'admin' 9 layout 'admin'
9 10
10 def index 11 def index
11 @users = User.all(:order => "login ASC") 12 @users = User.all(:order => "login ASC")
12 end 13 end
@@ -17,7 +18,7 @@ class UsersController < ApplicationController
17 18
18 def create 19 def create
19 @user = User.new params[:user] 20 @user = User.new params[:user]
20 21
21 if @user.save 22 if @user.save
22 redirect_to user_path(@user) 23 redirect_to user_path(@user)
23 else 24 else
@@ -26,12 +27,9 @@ class UsersController < ApplicationController
26 end 27 end
27 28
28 def edit 29 def edit
29 @user = User.find(params[:id])
30 end 30 end
31 31
32 def update 32 def update
33 @user = User.find(params[:id])
34
35 if @user.update_attributes(params[:user]) 33 if @user.update_attributes(params[:user])
36 redirect_to user_path(@user) 34 redirect_to user_path(@user)
37 else 35 else
@@ -40,20 +38,27 @@ class UsersController < ApplicationController
40 end 38 end
41 39
42 def show 40 def show
43 @user = User.find(params[:id])
44 end 41 end
45 42
46 def destroy 43 def destroy
47 user = User.find(params[:id]) 44 @user.destroy if @user
48 user.destroy if user
49 redirect_to users_path 45 redirect_to users_path
50 end 46 end
51 47
52 private 48 private
53 def verify_admin_status 49 def find_user
54 unless current_user.admin 50 @user = User.find(params[:id])
55 flash[:notice] = "Sorry, you need to be an admin for this action" 51 end
56 redirect_to users_path 52
53 def verify_status
54 @user ||= User.new
55 unless @user.id == current_user.id || current_user.admin
56 deny_user_access
57 end 57 end
58 end 58 end
59
60 def deny_user_access
61 flash[:notice] = "Sorry, you need to be an admin for this action"
62 redirect_to users_path
63 end
59end 64end
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index a8333fe..05257fa 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -99,6 +99,12 @@ class UsersControllerTest < ActionController::TestCase
99 assert_response :success 99 assert_response :success
100 end 100 end
101 101
102 test "editing own user details is allowed" do
103 login_as :quentin
104 get :edit, :id => User.find_by_login("quentin").id
105 assert_response :success
106 end
107
102 test "updating an user when being logged in as regular user wont work" do 108 test "updating an user when being logged in as regular user wont work" do
103 user = User.find_by_login("aaron") 109 user = User.find_by_login("aaron")
104 login_as :quentin 110 login_as :quentin
@@ -118,6 +124,14 @@ class UsersControllerTest < ActionController::TestCase
118 assert_equal "random", user.reload.login 124 assert_equal "random", user.reload.login
119 end 125 end
120 126
127 test "updating own user details is allowd" do
128 user = User.find_by_login("quentin")
129 login_as :quentin
130 put :update, :id => user.id, :user => {:login => "random"}
131 assert_redirected_to user_path(user)
132 assert_equal "random", user.reload.login
133 end
134
121 test "showing a user" do 135 test "showing a user" do
122 login_as :quentin 136 login_as :quentin
123 get :show, :id => User.find_by_login("aaron").id 137 get :show, :id => User.find_by_login("aaron").id