diff options
| -rw-r--r-- | app/controllers/users_controller.rb | 1 | ||||
| -rw-r--r-- | app/models/user.rb | 6 | ||||
| -rw-r--r-- | test/functional/users_controller_test.rb | 18 |
3 files changed, 24 insertions, 1 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index eb1cd4c..87df678 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb | |||
| @@ -33,6 +33,7 @@ class UsersController < ApplicationController | |||
| 33 | end | 33 | end |
| 34 | 34 | ||
| 35 | def update | 35 | def update |
| 36 | params[:user].delete(:admin) unless current_user.is_admin? | ||
| 36 | if @user.update_attributes(params[:user]) | 37 | if @user.update_attributes(params[:user]) |
| 37 | flash[:notice] = "Updated user #{@user.login}" | 38 | flash[:notice] = "Updated user #{@user.login}" |
| 38 | redirect_to user_path(@user) | 39 | redirect_to user_path(@user) |
diff --git a/app/models/user.rb b/app/models/user.rb index 035a145..ce5503f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb | |||
| @@ -79,7 +79,11 @@ class User < ActiveRecord::Base | |||
| 79 | return false | 79 | return false |
| 80 | end | 80 | end |
| 81 | 81 | ||
| 82 | private | 82 | def is_admin? |
| 83 | !!admin | ||
| 84 | end | ||
| 85 | |||
| 86 | private | ||
| 83 | 87 | ||
| 84 | def set_permission(granted, node) | 88 | def set_permission(granted, node) |
| 85 | permission = self.permissions.for_node(node).first | 89 | permission = self.permissions.for_node(node).first |
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 307ba4c..89c6dc2 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb | |||
| @@ -158,5 +158,23 @@ class UsersControllerTest < ActionController::TestCase | |||
| 158 | assert_redirected_to users_path | 158 | assert_redirected_to users_path |
| 159 | end | 159 | end |
| 160 | 160 | ||
| 161 | test "admin user can promote regular users to admins" do | ||
| 162 | login_as :aaron | ||
| 163 | user = users(:quentin) | ||
| 164 | put :update, :id => user.id, :user => {:admin => true} | ||
| 165 | |||
| 166 | user.reload | ||
| 167 | assert_equal true, user.is_admin? | ||
| 168 | end | ||
| 169 | |||
| 170 | test "regular users cannot promote themselves to admins" do | ||
| 171 | login_as :quentin | ||
| 172 | user = users(:quentin) | ||
| 173 | put :update, :id => user.id, :user => {:admin => true} | ||
| 174 | |||
| 175 | user.reload | ||
| 176 | assert_equal false, user.is_admin? | ||
| 177 | end | ||
| 178 | |||
| 161 | 179 | ||
| 162 | end | 180 | end |
