summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/controllers/users_controller.rb30
-rw-r--r--app/helpers/users_helper.rb7
-rw-r--r--app/models/user.rb2
-rw-r--r--app/views/users/_admin_user_item.html.erb12
-rw-r--r--app/views/users/_user_item.html.erb4
-rw-r--r--app/views/users/create.html.erb2
-rw-r--r--app/views/users/destroy.html.erb2
-rw-r--r--app/views/users/edit.html.erb32
-rw-r--r--app/views/users/index.html.erb15
-rw-r--r--app/views/users/new.html.erb32
-rw-r--r--app/views/users/show.html.erb22
-rw-r--r--app/views/users/update.html.erb2
-rw-r--r--public/stylesheets/admin.css4
-rw-r--r--test/fixtures/users.yml1
-rw-r--r--test/functional/nodes_controller_test.rb2
-rw-r--r--test/functional/users_controller_test.rb146
-rw-r--r--test/test_helper.rb3
17 files changed, 292 insertions, 26 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 19f6b2d..b15f83b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -3,29 +3,57 @@ class UsersController < ApplicationController
3 # Private 3 # Private
4 4
5 before_filter :login_required 5 before_filter :login_required
6 before_filter :verify_admin_status, :except => [:index, :show]
6 7
7 layout 'admin' 8 layout 'admin'
8 9
9 def index 10 def index
10 @users = User.all 11 @users = User.all(:order => "login ASC")
11 end 12 end
12 13
13 def new 14 def new
15 @user = User.new( params[:user] )
14 end 16 end
15 17
16 def create 18 def create
19 @user = User.new params[:user]
20
21 if @user.save
22 redirect_to user_path(@user)
23 else
24 render :new
25 end
17 end 26 end
18 27
19 def edit 28 def edit
29 @user = User.find(params[:id])
20 end 30 end
21 31
22 def update 32 def update
33 @user = User.find(params[:id])
34
35 if @user.update_attributes(params[:user])
36 redirect_to user_path(@user)
37 else
38 render :edit
39 end
23 end 40 end
24 41
25 def show 42 def show
43 @user = User.find(params[:id])
26 end 44 end
27 45
28 def destroy 46 def destroy
47 user = User.find(params[:id])
48 user.destroy if user
49 redirect_to users_path
29 end 50 end
30 51
52 private
53 def verify_admin_status
54 unless current_user.admin
55 flash[:notice] = "Sorry, you need to be an admin for this action"
56 redirect_to users_path
57 end
58 end
31end 59end
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 2310a24..ff03138 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,2 +1,9 @@
1module UsersHelper 1module UsersHelper
2 def user_list_by_admin_status
3 if current_user && current_user.admin
4 render :partial => 'admin_user_item', :collection => @users
5 else
6 render :partial => 'user_item', :collection => @users
7 end
8 end
2end 9end
diff --git a/app/models/user.rb b/app/models/user.rb
index 26ebf45..035a145 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -21,7 +21,7 @@ class User < ActiveRecord::Base
21 validates_format_of :email, :with => Authentication.email_regex, 21 validates_format_of :email, :with => Authentication.email_regex,
22 :message => Authentication.bad_email_message 22 :message => Authentication.bad_email_message
23 23
24 attr_accessible :login, :email, :password, :password_confirmation 24 attr_accessible :login, :email, :password, :password_confirmation, :admin
25 25
26 # Authenticates a user by their login name and unencrypted password. Returns the user or nil. 26 # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
27 def self.authenticate(login, password) 27 def self.authenticate(login, password)
diff --git a/app/views/users/_admin_user_item.html.erb b/app/views/users/_admin_user_item.html.erb
new file mode 100644
index 0000000..d882dc4
--- /dev/null
+++ b/app/views/users/_admin_user_item.html.erb
@@ -0,0 +1,12 @@
1<tr>
2 <td><%= admin_user_item.login %></td>
3 <td>
4 <%= link_to "Show", user_path(admin_user_item) %>
5 <%= link_to(
6 "Destroy",
7 user_path(admin_user_item),
8 :method => "delete",
9 :confirm => "Are you sure to delete user: #{admin_user_item.login}?"
10 ) %>
11 </td>
12</tr> \ No newline at end of file
diff --git a/app/views/users/_user_item.html.erb b/app/views/users/_user_item.html.erb
new file mode 100644
index 0000000..c3389ba
--- /dev/null
+++ b/app/views/users/_user_item.html.erb
@@ -0,0 +1,4 @@
1<tr>
2 <td><%= user_item.login %></td>
3 <td></td>
4</tr> \ No newline at end of file
diff --git a/app/views/users/create.html.erb b/app/views/users/create.html.erb
deleted file mode 100644
index 48ea02e..0000000
--- a/app/views/users/create.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
1<h1>Users#create</h1>
2<p>Find me in app/views/users/create.html.erb</p>
diff --git a/app/views/users/destroy.html.erb b/app/views/users/destroy.html.erb
deleted file mode 100644
index de4bd26..0000000
--- a/app/views/users/destroy.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
1<h1>Users#destroy</h1>
2<p>Find me in app/views/users/destroy.html.erb</p>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index 1881fbd..5b73242 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -1,2 +1,30 @@
1<h1>Users#edit</h1> 1<h1>Edit existing user</h1>
2<p>Find me in app/views/users/edit.html.erb</p> 2
3<% form_for @user do |f| %>
4<table id="new_node">
5 <tr>
6 <td class="description">Login</td>
7 <td><%= f.text_field :login %></td>
8 </tr>
9 <tr>
10 <td class="description">E-Mail</td>
11 <td><%= f.text_field :email %></td>
12 </tr>
13 <tr>
14 <td class="description">Password</td>
15 <td><%= f.text_field :password %></td>
16 </tr>
17 <tr>
18 <td class="description">Confirm</td>
19 <td><%= f.text_field :password_confirmation %></td>
20 </tr>
21 <tr>
22 <td class="description">Admin?</td>
23 <td><%= f.check_box :admin %></td>
24 </tr>
25 <tr>
26 <td class="description"></td>
27 <td class="right"><%= f.submit "Create" %></td>
28 </tr>
29</table>
30<% end %> \ No newline at end of file
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index f0b5b28..8526d84 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -1,12 +1,13 @@
1<h1>Users</h1> 1<h1>Users</h1>
2 2
3<table> 3<table id="user_list">
4 <tr> 4 <tr>
5 <td>login</td> 5 <td>login</td>
6 </tr> 6 </tr>
7 <% @users.each do |user| %> 7 <%= user_list_by_admin_status %>
8 <tr> 8</table>
9 <td><%= user.login %></td> 9
10 </tr> 10
11 <% end %> 11<% content_for :subnavigation do %>
12</table> \ No newline at end of file 12 <%= link_to "create", new_user_path %>
13<% end %> \ No newline at end of file
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index c21a1ad..0629641 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -1,2 +1,30 @@
1<h1>Users#new</h1> 1<h1>Create new user</h1>
2<p>Find me in app/views/users/new.html.erb</p> 2
3<% form_for @user do |f| %>
4<table id="new_node">
5 <tr>
6 <td class="description">Login</td>
7 <td><%= f.text_field :login %></td>
8 </tr>
9 <tr>
10 <td class="description">E-Mail</td>
11 <td><%= f.text_field :email %></td>
12 </tr>
13 <tr>
14 <td class="description">Password</td>
15 <td><%= f.text_field :password %></td>
16 </tr>
17 <tr>
18 <td class="description">Confirm</td>
19 <td><%= f.text_field :password_confirmation %></td>
20 </tr>
21 <tr>
22 <td class="description">Admin?</td>
23 <td><%= f.check_box :admin %></td>
24 </tr>
25 <tr>
26 <td class="description"></td>
27 <td class="right"><%= f.submit "Create" %></td>
28 </tr>
29</table>
30<% end %> \ No newline at end of file
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
index e5fa3ad..3055d24 100644
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@@ -1,2 +1,20 @@
1<h1>Users#show</h1> 1<h1>User: <%= @user.login %></h1>
2<p>Find me in app/views/users/show.html.erb</p> 2
3<table id="new_node">
4 <tr>
5 <td class="description">Login</td>
6 <td><%= @user.login %></td>
7 </tr>
8 <tr>
9 <td class="description">E-Mail</td>
10 <td><%= @user.email %></td>
11 </tr>
12 <tr>
13 <td class="description">Admin?</td>
14 <td><%= @user.admin ? "yes" : "no" %></td>
15 </tr>
16</table>
17
18<% content_for :subnavigation do %>
19 <%= link_to 'Edit', edit_user_path(@user) %>
20<% end %>
diff --git a/app/views/users/update.html.erb b/app/views/users/update.html.erb
deleted file mode 100644
index cabbde1..0000000
--- a/app/views/users/update.html.erb
+++ /dev/null
@@ -1,2 +0,0 @@
1<h1>Users#update</h1>
2<p>Find me in app/views/users/update.html.erb</p>
diff --git a/public/stylesheets/admin.css b/public/stylesheets/admin.css
index d74632b..1822ed1 100644
--- a/public/stylesheets/admin.css
+++ b/public/stylesheets/admin.css
@@ -439,3 +439,7 @@ input#move_to_search_term, input#node_staged_slug {
439 width: 680px; 439 width: 680px;
440} 440}
441 441
442table#user_list td {
443 padding-right: 30px;
444}
445
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 5b32afc..a62b350 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -13,4 +13,5 @@ aaron:
13 salt: 5be6f9cdd04fd7ab3c91cd32a5334ba2339b8005 13 salt: 5be6f9cdd04fd7ab3c91cd32a5334ba2339b8005
14 crypted_password: 740a48caf7dd5ff11318d812d57c0a0928cfbc12 # 'monkey' 14 crypted_password: 740a48caf7dd5ff11318d812d57c0a0928cfbc12 # 'monkey'
15 created_at: <%= 1.days.ago.to_s :db %> 15 created_at: <%= 1.days.ago.to_s :db %>
16 admin: true
16 17
diff --git a/test/functional/nodes_controller_test.rb b/test/functional/nodes_controller_test.rb
index 3293f42..3dae9db 100644
--- a/test/functional/nodes_controller_test.rb
+++ b/test/functional/nodes_controller_test.rb
@@ -2,8 +2,6 @@ require 'test_helper'
2 2
3class NodesControllerTest < ActionController::TestCase 3class NodesControllerTest < ActionController::TestCase
4 4
5 include AuthenticatedTestHelper
6
7 def test_get_index 5 def test_get_index
8 Node.root.descendants.delete_all 6 Node.root.descendants.delete_all
9 test_node = Node.create :slug => "foo" 7 test_node = Node.create :slug => "foo"
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index c3db123..a8333fe 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -1,8 +1,148 @@
1require 'test_helper' 1require 'test_helper'
2 2
3class UsersControllerTest < ActionController::TestCase 3class UsersControllerTest < ActionController::TestCase
4 # Replace this with your real tests. 4
5 test "the truth" do 5 test "get index as regular user renders stripped partial" do
6 assert true 6 login_as :quentin
7 get :index
8 assert_response :success
9 assert_select "a", { :count => 0, :text => "Destroy" }
7 end 10 end
11
12 test "get index as admin user renders admin partial" do
13 login_as :aaron
14 get :index
15 assert_response :success
16 assert_select "a", "Destroy"
17 assert_select "a", "Show", "Edit Link is missing"
18 end
19
20 test "get new when logged in as admin" do
21 login_as :aaron
22 get :new
23 assert_response :success
24 end
25
26 test "get new without being logged in as admin redirects back to index" do
27 login_as :quentin
28 get :new
29 assert_response :redirect
30 assert_redirected_to users_path
31 assert_equal(
32 "Sorry, you need to be an admin for this action",
33 @response.flash[:notice]
34 )
35 end
36
37 test "creating new users being logged in as admin" do
38 login_as :aaron
39 assert_difference "User.count", +1 do
40 post :create, :user => {
41 :login => "peter",
42 :email => "foo@bar.com",
43 :password => "xxxzzz",
44 :password_confirmation => "xxxzzz"
45 }
46 end
47
48 assert_redirected_to user_path(User.last)
49 assert !User.last.admin
50 end
51
52 test "creating new admin users being logged in as admin" do
53 login_as :aaron
54 assert_difference "User.count", +1 do
55 post :create, :user => {
56 :login => "peter",
57 :email => "foo@bar.com",
58 :password => "xxxzzz",
59 :password_confirmation => "xxxzzz",
60 :admin => true
61 }
62 end
63
64 assert_redirected_to user_path(User.last)
65 assert User.last.admin
66 end
67
68 test "creating new users not being logged as regular user wont work" do
69 login_as :quentin
70 assert_no_difference "User.count" do
71 post :create, :user => {
72 :login => "peter",
73 :email => "foo@bar.com",
74 :password => "xxxzzz",
75 :password_confirmation => "xxxzzz"
76 }
77 end
78
79 assert_redirected_to users_path
80 assert_equal(
81 "Sorry, you need to be an admin for this action",
82 @response.flash[:notice]
83 )
84 end
85
86 test "get edit of another user being logged in as regular user wont work" do
87 login_as :quentin
88 get :edit, :id => User.find_by_login("aaron").id
89 assert_redirected_to users_path
90 assert_equal(
91 "Sorry, you need to be an admin for this action",
92 @response.flash[:notice]
93 )
94 end
95
96 test "get edit of another user being logged in as admin user" do
97 login_as :aaron
98 get :edit, :id => User.find_by_login("quentin").id
99 assert_response :success
100 end
101
102 test "updating an user when being logged in as regular user wont work" do
103 user = User.find_by_login("aaron")
104 login_as :quentin
105 put :update, :id => user.id, :user => {:login => "random"}
106 assert_redirected_to users_path
107 assert_equal(
108 "Sorry, you need to be an admin for this action",
109 @response.flash[:notice]
110 )
111 end
112
113 test "updating an user when being login in as admin user" do
114 user = User.find_by_login("quentin")
115 login_as :aaron
116 put :update, :id => user.id, :user => {:login => "random"}
117 assert_redirected_to user_path(user)
118 assert_equal "random", user.reload.login
119 end
120
121 test "showing a user" do
122 login_as :quentin
123 get :show, :id => User.find_by_login("aaron").id
124 assert_response :success
125 end
126
127 test "destroying an user being logged in as regular user wont work" do
128 login_as :quentin
129 assert_no_difference "User.count" do
130 delete :destroy, :id => User.find_by_login("aaron").id
131 end
132 assert_redirected_to users_path
133 assert_equal(
134 "Sorry, you need to be an admin for this action",
135 @response.flash[:notice]
136 )
137 end
138
139 test "destroying an user being logged in as admin user" do
140 login_as :aaron
141 assert_difference "User.count", -1 do
142 delete :destroy, :id => User.find_by_login("quentin").id
143 end
144 assert_redirected_to users_path
145 end
146
147
8end 148end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index b9fe251..21d4604 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -3,6 +3,9 @@ require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
3require 'test_help' 3require 'test_help'
4 4
5class ActiveSupport::TestCase 5class ActiveSupport::TestCase
6
7 include AuthenticatedTestHelper
8
6 # Transactional fixtures accelerate your tests by wrapping each test method 9 # Transactional fixtures accelerate your tests by wrapping each test method
7 # in a transaction that's rolled back on completion. This ensures that the 10 # in a transaction that's rolled back on completion. This ensures that the
8 # test database remains unchanged so your fixtures don't have to be reloaded 11 # test database remains unchanged so your fixtures don't have to be reloaded