diff options
| -rw-r--r-- | app/controllers/users_controller.rb | 30 | ||||
| -rw-r--r-- | app/helpers/users_helper.rb | 7 | ||||
| -rw-r--r-- | app/models/user.rb | 2 | ||||
| -rw-r--r-- | app/views/users/_admin_user_item.html.erb | 12 | ||||
| -rw-r--r-- | app/views/users/_user_item.html.erb | 4 | ||||
| -rw-r--r-- | app/views/users/create.html.erb | 2 | ||||
| -rw-r--r-- | app/views/users/destroy.html.erb | 2 | ||||
| -rw-r--r-- | app/views/users/edit.html.erb | 32 | ||||
| -rw-r--r-- | app/views/users/index.html.erb | 15 | ||||
| -rw-r--r-- | app/views/users/new.html.erb | 32 | ||||
| -rw-r--r-- | app/views/users/show.html.erb | 22 | ||||
| -rw-r--r-- | app/views/users/update.html.erb | 2 | ||||
| -rw-r--r-- | public/stylesheets/admin.css | 4 | ||||
| -rw-r--r-- | test/fixtures/users.yml | 1 | ||||
| -rw-r--r-- | test/functional/nodes_controller_test.rb | 2 | ||||
| -rw-r--r-- | test/functional/users_controller_test.rb | 146 | ||||
| -rw-r--r-- | test/test_helper.rb | 3 |
17 files changed, 292 insertions, 26 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 19f6b2d..b15f83b 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb | |||
| @@ -3,29 +3,57 @@ class UsersController < ApplicationController | |||
| 3 | # Private | 3 | # Private |
| 4 | 4 | ||
| 5 | before_filter :login_required | 5 | before_filter :login_required |
| 6 | before_filter :verify_admin_status, :except => [:index, :show] | ||
| 6 | 7 | ||
| 7 | layout 'admin' | 8 | layout 'admin' |
| 8 | 9 | ||
| 9 | def index | 10 | def index |
| 10 | @users = User.all | 11 | @users = User.all(:order => "login ASC") |
| 11 | end | 12 | end |
| 12 | 13 | ||
| 13 | def new | 14 | def new |
| 15 | @user = User.new( params[:user] ) | ||
| 14 | end | 16 | end |
| 15 | 17 | ||
| 16 | def create | 18 | def create |
| 19 | @user = User.new params[:user] | ||
| 20 | |||
| 21 | if @user.save | ||
| 22 | redirect_to user_path(@user) | ||
| 23 | else | ||
| 24 | render :new | ||
| 25 | end | ||
| 17 | end | 26 | end |
| 18 | 27 | ||
| 19 | def edit | 28 | def edit |
| 29 | @user = User.find(params[:id]) | ||
| 20 | end | 30 | end |
| 21 | 31 | ||
| 22 | def update | 32 | def update |
| 33 | @user = User.find(params[:id]) | ||
| 34 | |||
| 35 | if @user.update_attributes(params[:user]) | ||
| 36 | redirect_to user_path(@user) | ||
| 37 | else | ||
| 38 | render :edit | ||
| 39 | end | ||
| 23 | end | 40 | end |
| 24 | 41 | ||
| 25 | def show | 42 | def show |
| 43 | @user = User.find(params[:id]) | ||
| 26 | end | 44 | end |
| 27 | 45 | ||
| 28 | def destroy | 46 | def destroy |
| 47 | user = User.find(params[:id]) | ||
| 48 | user.destroy if user | ||
| 49 | redirect_to users_path | ||
| 29 | end | 50 | end |
| 30 | 51 | ||
| 52 | private | ||
| 53 | def verify_admin_status | ||
| 54 | unless current_user.admin | ||
| 55 | flash[:notice] = "Sorry, you need to be an admin for this action" | ||
| 56 | redirect_to users_path | ||
| 57 | end | ||
| 58 | end | ||
| 31 | end | 59 | end |
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb index 2310a24..ff03138 100644 --- a/app/helpers/users_helper.rb +++ b/app/helpers/users_helper.rb | |||
| @@ -1,2 +1,9 @@ | |||
| 1 | module UsersHelper | 1 | module UsersHelper |
| 2 | def user_list_by_admin_status | ||
| 3 | if current_user && current_user.admin | ||
| 4 | render :partial => 'admin_user_item', :collection => @users | ||
| 5 | else | ||
| 6 | render :partial => 'user_item', :collection => @users | ||
| 7 | end | ||
| 8 | end | ||
| 2 | end | 9 | end |
diff --git a/app/models/user.rb b/app/models/user.rb index 26ebf45..035a145 100644 --- a/app/models/user.rb +++ b/app/models/user.rb | |||
| @@ -21,7 +21,7 @@ class User < ActiveRecord::Base | |||
| 21 | validates_format_of :email, :with => Authentication.email_regex, | 21 | validates_format_of :email, :with => Authentication.email_regex, |
| 22 | :message => Authentication.bad_email_message | 22 | :message => Authentication.bad_email_message |
| 23 | 23 | ||
| 24 | attr_accessible :login, :email, :password, :password_confirmation | 24 | attr_accessible :login, :email, :password, :password_confirmation, :admin |
| 25 | 25 | ||
| 26 | # Authenticates a user by their login name and unencrypted password. Returns the user or nil. | 26 | # Authenticates a user by their login name and unencrypted password. Returns the user or nil. |
| 27 | def self.authenticate(login, password) | 27 | def self.authenticate(login, password) |
diff --git a/app/views/users/_admin_user_item.html.erb b/app/views/users/_admin_user_item.html.erb new file mode 100644 index 0000000..d882dc4 --- /dev/null +++ b/app/views/users/_admin_user_item.html.erb | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | <tr> | ||
| 2 | <td><%= admin_user_item.login %></td> | ||
| 3 | <td> | ||
| 4 | <%= link_to "Show", user_path(admin_user_item) %> | ||
| 5 | <%= link_to( | ||
| 6 | "Destroy", | ||
| 7 | user_path(admin_user_item), | ||
| 8 | :method => "delete", | ||
| 9 | :confirm => "Are you sure to delete user: #{admin_user_item.login}?" | ||
| 10 | ) %> | ||
| 11 | </td> | ||
| 12 | </tr> \ No newline at end of file | ||
diff --git a/app/views/users/_user_item.html.erb b/app/views/users/_user_item.html.erb new file mode 100644 index 0000000..c3389ba --- /dev/null +++ b/app/views/users/_user_item.html.erb | |||
| @@ -0,0 +1,4 @@ | |||
| 1 | <tr> | ||
| 2 | <td><%= user_item.login %></td> | ||
| 3 | <td></td> | ||
| 4 | </tr> \ No newline at end of file | ||
diff --git a/app/views/users/create.html.erb b/app/views/users/create.html.erb deleted file mode 100644 index 48ea02e..0000000 --- a/app/views/users/create.html.erb +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | <h1>Users#create</h1> | ||
| 2 | <p>Find me in app/views/users/create.html.erb</p> | ||
diff --git a/app/views/users/destroy.html.erb b/app/views/users/destroy.html.erb deleted file mode 100644 index de4bd26..0000000 --- a/app/views/users/destroy.html.erb +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | <h1>Users#destroy</h1> | ||
| 2 | <p>Find me in app/views/users/destroy.html.erb</p> | ||
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index 1881fbd..5b73242 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb | |||
| @@ -1,2 +1,30 @@ | |||
| 1 | <h1>Users#edit</h1> | 1 | <h1>Edit existing user</h1> |
| 2 | <p>Find me in app/views/users/edit.html.erb</p> | 2 | |
| 3 | <% form_for @user do |f| %> | ||
| 4 | <table id="new_node"> | ||
| 5 | <tr> | ||
| 6 | <td class="description">Login</td> | ||
| 7 | <td><%= f.text_field :login %></td> | ||
| 8 | </tr> | ||
| 9 | <tr> | ||
| 10 | <td class="description">E-Mail</td> | ||
| 11 | <td><%= f.text_field :email %></td> | ||
| 12 | </tr> | ||
| 13 | <tr> | ||
| 14 | <td class="description">Password</td> | ||
| 15 | <td><%= f.text_field :password %></td> | ||
| 16 | </tr> | ||
| 17 | <tr> | ||
| 18 | <td class="description">Confirm</td> | ||
| 19 | <td><%= f.text_field :password_confirmation %></td> | ||
| 20 | </tr> | ||
| 21 | <tr> | ||
| 22 | <td class="description">Admin?</td> | ||
| 23 | <td><%= f.check_box :admin %></td> | ||
| 24 | </tr> | ||
| 25 | <tr> | ||
| 26 | <td class="description"></td> | ||
| 27 | <td class="right"><%= f.submit "Create" %></td> | ||
| 28 | </tr> | ||
| 29 | </table> | ||
| 30 | <% end %> \ No newline at end of file | ||
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb index f0b5b28..8526d84 100644 --- a/app/views/users/index.html.erb +++ b/app/views/users/index.html.erb | |||
| @@ -1,12 +1,13 @@ | |||
| 1 | <h1>Users</h1> | 1 | <h1>Users</h1> |
| 2 | 2 | ||
| 3 | <table> | 3 | <table id="user_list"> |
| 4 | <tr> | 4 | <tr> |
| 5 | <td>login</td> | 5 | <td>login</td> |
| 6 | </tr> | 6 | </tr> |
| 7 | <% @users.each do |user| %> | 7 | <%= user_list_by_admin_status %> |
| 8 | <tr> | 8 | </table> |
| 9 | <td><%= user.login %></td> | 9 | |
| 10 | </tr> | 10 | |
| 11 | <% end %> | 11 | <% content_for :subnavigation do %> |
| 12 | </table> \ No newline at end of file | 12 | <%= link_to "create", new_user_path %> |
| 13 | <% end %> \ No newline at end of file | ||
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index c21a1ad..0629641 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb | |||
| @@ -1,2 +1,30 @@ | |||
| 1 | <h1>Users#new</h1> | 1 | <h1>Create new user</h1> |
| 2 | <p>Find me in app/views/users/new.html.erb</p> | 2 | |
| 3 | <% form_for @user do |f| %> | ||
| 4 | <table id="new_node"> | ||
| 5 | <tr> | ||
| 6 | <td class="description">Login</td> | ||
| 7 | <td><%= f.text_field :login %></td> | ||
| 8 | </tr> | ||
| 9 | <tr> | ||
| 10 | <td class="description">E-Mail</td> | ||
| 11 | <td><%= f.text_field :email %></td> | ||
| 12 | </tr> | ||
| 13 | <tr> | ||
| 14 | <td class="description">Password</td> | ||
| 15 | <td><%= f.text_field :password %></td> | ||
| 16 | </tr> | ||
| 17 | <tr> | ||
| 18 | <td class="description">Confirm</td> | ||
| 19 | <td><%= f.text_field :password_confirmation %></td> | ||
| 20 | </tr> | ||
| 21 | <tr> | ||
| 22 | <td class="description">Admin?</td> | ||
| 23 | <td><%= f.check_box :admin %></td> | ||
| 24 | </tr> | ||
| 25 | <tr> | ||
| 26 | <td class="description"></td> | ||
| 27 | <td class="right"><%= f.submit "Create" %></td> | ||
| 28 | </tr> | ||
| 29 | </table> | ||
| 30 | <% end %> \ No newline at end of file | ||
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index e5fa3ad..3055d24 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb | |||
| @@ -1,2 +1,20 @@ | |||
| 1 | <h1>Users#show</h1> | 1 | <h1>User: <%= @user.login %></h1> |
| 2 | <p>Find me in app/views/users/show.html.erb</p> | 2 | |
| 3 | <table id="new_node"> | ||
| 4 | <tr> | ||
| 5 | <td class="description">Login</td> | ||
| 6 | <td><%= @user.login %></td> | ||
| 7 | </tr> | ||
| 8 | <tr> | ||
| 9 | <td class="description">E-Mail</td> | ||
| 10 | <td><%= @user.email %></td> | ||
| 11 | </tr> | ||
| 12 | <tr> | ||
| 13 | <td class="description">Admin?</td> | ||
| 14 | <td><%= @user.admin ? "yes" : "no" %></td> | ||
| 15 | </tr> | ||
| 16 | </table> | ||
| 17 | |||
| 18 | <% content_for :subnavigation do %> | ||
| 19 | <%= link_to 'Edit', edit_user_path(@user) %> | ||
| 20 | <% end %> | ||
diff --git a/app/views/users/update.html.erb b/app/views/users/update.html.erb deleted file mode 100644 index cabbde1..0000000 --- a/app/views/users/update.html.erb +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | <h1>Users#update</h1> | ||
| 2 | <p>Find me in app/views/users/update.html.erb</p> | ||
diff --git a/public/stylesheets/admin.css b/public/stylesheets/admin.css index d74632b..1822ed1 100644 --- a/public/stylesheets/admin.css +++ b/public/stylesheets/admin.css | |||
| @@ -439,3 +439,7 @@ input#move_to_search_term, input#node_staged_slug { | |||
| 439 | width: 680px; | 439 | width: 680px; |
| 440 | } | 440 | } |
| 441 | 441 | ||
| 442 | table#user_list td { | ||
| 443 | padding-right: 30px; | ||
| 444 | } | ||
| 445 | |||
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 5b32afc..a62b350 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml | |||
| @@ -13,4 +13,5 @@ aaron: | |||
| 13 | salt: 5be6f9cdd04fd7ab3c91cd32a5334ba2339b8005 | 13 | salt: 5be6f9cdd04fd7ab3c91cd32a5334ba2339b8005 |
| 14 | crypted_password: 740a48caf7dd5ff11318d812d57c0a0928cfbc12 # 'monkey' | 14 | crypted_password: 740a48caf7dd5ff11318d812d57c0a0928cfbc12 # 'monkey' |
| 15 | created_at: <%= 1.days.ago.to_s :db %> | 15 | created_at: <%= 1.days.ago.to_s :db %> |
| 16 | admin: true | ||
| 16 | 17 | ||
diff --git a/test/functional/nodes_controller_test.rb b/test/functional/nodes_controller_test.rb index 3293f42..3dae9db 100644 --- a/test/functional/nodes_controller_test.rb +++ b/test/functional/nodes_controller_test.rb | |||
| @@ -2,8 +2,6 @@ require 'test_helper' | |||
| 2 | 2 | ||
| 3 | class NodesControllerTest < ActionController::TestCase | 3 | class NodesControllerTest < ActionController::TestCase |
| 4 | 4 | ||
| 5 | include AuthenticatedTestHelper | ||
| 6 | |||
| 7 | def test_get_index | 5 | def test_get_index |
| 8 | Node.root.descendants.delete_all | 6 | Node.root.descendants.delete_all |
| 9 | test_node = Node.create :slug => "foo" | 7 | test_node = Node.create :slug => "foo" |
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index c3db123..a8333fe 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb | |||
| @@ -1,8 +1,148 @@ | |||
| 1 | require 'test_helper' | 1 | require 'test_helper' |
| 2 | 2 | ||
| 3 | class UsersControllerTest < ActionController::TestCase | 3 | class UsersControllerTest < ActionController::TestCase |
| 4 | # Replace this with your real tests. | 4 | |
| 5 | test "the truth" do | 5 | test "get index as regular user renders stripped partial" do |
| 6 | assert true | 6 | login_as :quentin |
| 7 | get :index | ||
| 8 | assert_response :success | ||
| 9 | assert_select "a", { :count => 0, :text => "Destroy" } | ||
| 7 | end | 10 | end |
| 11 | |||
| 12 | test "get index as admin user renders admin partial" do | ||
| 13 | login_as :aaron | ||
| 14 | get :index | ||
| 15 | assert_response :success | ||
| 16 | assert_select "a", "Destroy" | ||
| 17 | assert_select "a", "Show", "Edit Link is missing" | ||
| 18 | end | ||
| 19 | |||
| 20 | test "get new when logged in as admin" do | ||
| 21 | login_as :aaron | ||
| 22 | get :new | ||
| 23 | assert_response :success | ||
| 24 | end | ||
| 25 | |||
| 26 | test "get new without being logged in as admin redirects back to index" do | ||
| 27 | login_as :quentin | ||
| 28 | get :new | ||
| 29 | assert_response :redirect | ||
| 30 | assert_redirected_to users_path | ||
| 31 | assert_equal( | ||
| 32 | "Sorry, you need to be an admin for this action", | ||
| 33 | @response.flash[:notice] | ||
| 34 | ) | ||
| 35 | end | ||
| 36 | |||
| 37 | test "creating new users being logged in as admin" do | ||
| 38 | login_as :aaron | ||
| 39 | assert_difference "User.count", +1 do | ||
| 40 | post :create, :user => { | ||
| 41 | :login => "peter", | ||
| 42 | :email => "foo@bar.com", | ||
| 43 | :password => "xxxzzz", | ||
| 44 | :password_confirmation => "xxxzzz" | ||
| 45 | } | ||
| 46 | end | ||
| 47 | |||
| 48 | assert_redirected_to user_path(User.last) | ||
| 49 | assert !User.last.admin | ||
| 50 | end | ||
| 51 | |||
| 52 | test "creating new admin users being logged in as admin" do | ||
| 53 | login_as :aaron | ||
| 54 | assert_difference "User.count", +1 do | ||
| 55 | post :create, :user => { | ||
| 56 | :login => "peter", | ||
| 57 | :email => "foo@bar.com", | ||
| 58 | :password => "xxxzzz", | ||
| 59 | :password_confirmation => "xxxzzz", | ||
| 60 | :admin => true | ||
| 61 | } | ||
| 62 | end | ||
| 63 | |||
| 64 | assert_redirected_to user_path(User.last) | ||
| 65 | assert User.last.admin | ||
| 66 | end | ||
| 67 | |||
| 68 | test "creating new users not being logged as regular user wont work" do | ||
| 69 | login_as :quentin | ||
| 70 | assert_no_difference "User.count" do | ||
| 71 | post :create, :user => { | ||
| 72 | :login => "peter", | ||
| 73 | :email => "foo@bar.com", | ||
| 74 | :password => "xxxzzz", | ||
| 75 | :password_confirmation => "xxxzzz" | ||
| 76 | } | ||
| 77 | end | ||
| 78 | |||
| 79 | assert_redirected_to users_path | ||
| 80 | assert_equal( | ||
| 81 | "Sorry, you need to be an admin for this action", | ||
| 82 | @response.flash[:notice] | ||
| 83 | ) | ||
| 84 | end | ||
| 85 | |||
| 86 | test "get edit of another user being logged in as regular user wont work" do | ||
| 87 | login_as :quentin | ||
| 88 | get :edit, :id => User.find_by_login("aaron").id | ||
| 89 | assert_redirected_to users_path | ||
| 90 | assert_equal( | ||
| 91 | "Sorry, you need to be an admin for this action", | ||
| 92 | @response.flash[:notice] | ||
| 93 | ) | ||
| 94 | end | ||
| 95 | |||
| 96 | test "get edit of another user being logged in as admin user" do | ||
| 97 | login_as :aaron | ||
| 98 | get :edit, :id => User.find_by_login("quentin").id | ||
| 99 | assert_response :success | ||
| 100 | end | ||
| 101 | |||
| 102 | test "updating an user when being logged in as regular user wont work" do | ||
| 103 | user = User.find_by_login("aaron") | ||
| 104 | login_as :quentin | ||
| 105 | put :update, :id => user.id, :user => {:login => "random"} | ||
| 106 | assert_redirected_to users_path | ||
| 107 | assert_equal( | ||
| 108 | "Sorry, you need to be an admin for this action", | ||
| 109 | @response.flash[:notice] | ||
| 110 | ) | ||
| 111 | end | ||
| 112 | |||
| 113 | test "updating an user when being login in as admin user" do | ||
| 114 | user = User.find_by_login("quentin") | ||
| 115 | login_as :aaron | ||
| 116 | put :update, :id => user.id, :user => {:login => "random"} | ||
| 117 | assert_redirected_to user_path(user) | ||
| 118 | assert_equal "random", user.reload.login | ||
| 119 | end | ||
| 120 | |||
| 121 | test "showing a user" do | ||
| 122 | login_as :quentin | ||
| 123 | get :show, :id => User.find_by_login("aaron").id | ||
| 124 | assert_response :success | ||
| 125 | end | ||
| 126 | |||
| 127 | test "destroying an user being logged in as regular user wont work" do | ||
| 128 | login_as :quentin | ||
| 129 | assert_no_difference "User.count" do | ||
| 130 | delete :destroy, :id => User.find_by_login("aaron").id | ||
| 131 | end | ||
| 132 | assert_redirected_to users_path | ||
| 133 | assert_equal( | ||
| 134 | "Sorry, you need to be an admin for this action", | ||
| 135 | @response.flash[:notice] | ||
| 136 | ) | ||
| 137 | end | ||
| 138 | |||
| 139 | test "destroying an user being logged in as admin user" do | ||
| 140 | login_as :aaron | ||
| 141 | assert_difference "User.count", -1 do | ||
| 142 | delete :destroy, :id => User.find_by_login("quentin").id | ||
| 143 | end | ||
| 144 | assert_redirected_to users_path | ||
| 145 | end | ||
| 146 | |||
| 147 | |||
| 8 | end | 148 | end |
diff --git a/test/test_helper.rb b/test/test_helper.rb index b9fe251..21d4604 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb | |||
| @@ -3,6 +3,9 @@ require File.expand_path(File.dirname(__FILE__) + "/../config/environment") | |||
| 3 | require 'test_help' | 3 | require 'test_help' |
| 4 | 4 | ||
| 5 | class ActiveSupport::TestCase | 5 | class ActiveSupport::TestCase |
| 6 | |||
| 7 | include AuthenticatedTestHelper | ||
| 8 | |||
| 6 | # Transactional fixtures accelerate your tests by wrapping each test method | 9 | # Transactional fixtures accelerate your tests by wrapping each test method |
| 7 | # in a transaction that's rolled back on completion. This ensures that the | 10 | # in a transaction that's rolled back on completion. This ensures that the |
| 8 | # test database remains unchanged so your fixtures don't have to be reloaded | 11 | # test database remains unchanged so your fixtures don't have to be reloaded |
