diff options
| -rw-r--r-- | app/controllers/users_controller.rb | 37 | ||||
| -rw-r--r-- | test/functional/users_controller_test.rb | 14 |
2 files changed, 35 insertions, 16 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index b15f83b..ead989d 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb | |||
| @@ -1,12 +1,13 @@ | |||
| 1 | class UsersController < ApplicationController | 1 | class UsersController < ApplicationController |
| 2 | 2 | ||
| 3 | # Private | 3 | # Private |
| 4 | 4 | ||
| 5 | before_filter :login_required | 5 | before_filter :login_required |
| 6 | before_filter :verify_admin_status, :except => [:index, :show] | 6 | before_filter :find_user, :only => [:show, :edit, :update, :destroy] |
| 7 | 7 | before_filter :verify_status, :except => [:index, :show] | |
| 8 | |||
| 8 | layout 'admin' | 9 | layout 'admin' |
| 9 | 10 | ||
| 10 | def index | 11 | def index |
| 11 | @users = User.all(:order => "login ASC") | 12 | @users = User.all(:order => "login ASC") |
| 12 | end | 13 | end |
| @@ -17,7 +18,7 @@ class UsersController < ApplicationController | |||
| 17 | 18 | ||
| 18 | def create | 19 | def create |
| 19 | @user = User.new params[:user] | 20 | @user = User.new params[:user] |
| 20 | 21 | ||
| 21 | if @user.save | 22 | if @user.save |
| 22 | redirect_to user_path(@user) | 23 | redirect_to user_path(@user) |
| 23 | else | 24 | else |
| @@ -26,12 +27,9 @@ class UsersController < ApplicationController | |||
| 26 | end | 27 | end |
| 27 | 28 | ||
| 28 | def edit | 29 | def edit |
| 29 | @user = User.find(params[:id]) | ||
| 30 | end | 30 | end |
| 31 | 31 | ||
| 32 | def update | 32 | def update |
| 33 | @user = User.find(params[:id]) | ||
| 34 | |||
| 35 | if @user.update_attributes(params[:user]) | 33 | if @user.update_attributes(params[:user]) |
| 36 | redirect_to user_path(@user) | 34 | redirect_to user_path(@user) |
| 37 | else | 35 | else |
| @@ -40,20 +38,27 @@ class UsersController < ApplicationController | |||
| 40 | end | 38 | end |
| 41 | 39 | ||
| 42 | def show | 40 | def show |
| 43 | @user = User.find(params[:id]) | ||
| 44 | end | 41 | end |
| 45 | 42 | ||
| 46 | def destroy | 43 | def destroy |
| 47 | user = User.find(params[:id]) | 44 | @user.destroy if @user |
| 48 | user.destroy if user | ||
| 49 | redirect_to users_path | 45 | redirect_to users_path |
| 50 | end | 46 | end |
| 51 | 47 | ||
| 52 | private | 48 | private |
| 53 | def verify_admin_status | 49 | def find_user |
| 54 | unless current_user.admin | 50 | @user = User.find(params[:id]) |
| 55 | flash[:notice] = "Sorry, you need to be an admin for this action" | 51 | end |
| 56 | redirect_to users_path | 52 | |
| 53 | def verify_status | ||
| 54 | @user ||= User.new | ||
| 55 | unless @user.id == current_user.id || current_user.admin | ||
| 56 | deny_user_access | ||
| 57 | end | 57 | end |
| 58 | end | 58 | end |
| 59 | |||
| 60 | def deny_user_access | ||
| 61 | flash[:notice] = "Sorry, you need to be an admin for this action" | ||
| 62 | redirect_to users_path | ||
| 63 | end | ||
| 59 | end | 64 | end |
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index a8333fe..05257fa 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb | |||
| @@ -99,6 +99,12 @@ class UsersControllerTest < ActionController::TestCase | |||
| 99 | assert_response :success | 99 | assert_response :success |
| 100 | end | 100 | end |
| 101 | 101 | ||
| 102 | test "editing own user details is allowed" do | ||
| 103 | login_as :quentin | ||
| 104 | get :edit, :id => User.find_by_login("quentin").id | ||
| 105 | assert_response :success | ||
| 106 | end | ||
| 107 | |||
| 102 | test "updating an user when being logged in as regular user wont work" do | 108 | test "updating an user when being logged in as regular user wont work" do |
| 103 | user = User.find_by_login("aaron") | 109 | user = User.find_by_login("aaron") |
| 104 | login_as :quentin | 110 | login_as :quentin |
| @@ -118,6 +124,14 @@ class UsersControllerTest < ActionController::TestCase | |||
| 118 | assert_equal "random", user.reload.login | 124 | assert_equal "random", user.reload.login |
| 119 | end | 125 | end |
| 120 | 126 | ||
| 127 | test "updating own user details is allowd" do | ||
| 128 | user = User.find_by_login("quentin") | ||
| 129 | login_as :quentin | ||
| 130 | put :update, :id => user.id, :user => {:login => "random"} | ||
| 131 | assert_redirected_to user_path(user) | ||
| 132 | assert_equal "random", user.reload.login | ||
| 133 | end | ||
| 134 | |||
| 121 | test "showing a user" do | 135 | test "showing a user" do |
| 122 | login_as :quentin | 136 | login_as :quentin |
| 123 | get :show, :id => User.find_by_login("aaron").id | 137 | get :show, :id => User.find_by_login("aaron").id |
