fixed bug that let users change other users statuses

CharlesMassry · Oct 15, 2013 · 8618b55 · 8618b55
1 parent 1db3b9e
commit 8618b55
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 10 deletions.
diff --git a/README.rdoc b/README.rdoc
@@ -2,6 +2,6 @@
 
 A social network for bounty hunters to help find and catch criminals and fugitives.
 
-Ruby version - ruby 1.9.3p194 (2012-04-20 revision 35410) [i686-linux]
+Ruby version - ruby 2.0.0p247 (2013-06-27 revision 41674) [i686-linux]
 
 Rails version - 3.2.6
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
@@ -41,7 +41,7 @@ def edit
   # POST /statuses
   # POST /statuses.json
   def create
-    @status = Status.new(params[:status])
+    @status = current_user.statuses.new(params[:status])
 
     respond_to do |format|
       if @status.save
@@ -57,8 +57,10 @@ def create
   # PUT /statuses/1
   # PUT /statuses/1.json
   def update
-    @status = Status.find(params[:id])
-
+    @status = current_user.statuses.find(params[:id])
+    if params[:status] && params[:status].has_key?(:user_id)
+      params[:status].delete(:user_id)
+    end
     respond_to do |format|
       if @status.update_attributes(params[:status])
         format.html { redirect_to @status, notice: 'Status was successfully updated.' }

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -2,7 +2,7 @@ module ApplicationHelper
 	def flash_class(type)
 		case type
 		when :alert
-			 "alert-error"
+			 "alert-danger"
 		when :notice
 			 "alert-success"
 		else

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -4,14 +4,12 @@
   <title>BountyHunterNetwork</title>
   <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
   <%= stylesheet_link_tag    "application", "bootstrap.min", "statuses", "profiles" %>
-  <%= javascript_include_tag "application", "jquery.min", "bootstrap.min", "statuses", "profiles" %>
   <%= favicon_link_tag 'favicon.ico' %>
   <%= favicon_link_tag 'touch-icon-iphone-114.png', :rel => 'apple-touch-icon', :type => 'image/png' %>
   <%= favicon_link_tag 'touch-icon-ipad-144.png', :rel => 'apple-touch-icon', :type => 'image/png' %>
   <%= csrf_meta_tags %>
 </head>
 <body>
-
 <header class="navbar navbar-inverse navbar-fixed-top" role="banner">
     <div class="container">
       <div class="row">
@@ -51,18 +49,29 @@
     <div class="col-md-8">
       <% flash.each do |type, message| %>
         <div class="alert <%= flash_class type %>">
-          <button class="close" data-dismiss="alert">x</button>
+          <button class="close" data-dismiss="alert">&times</button>
           <%= message %>
         </div>
       <% end %>
       <%= yield %>
       <br>
       <footer class="footer">
         <br>
-          <p><a href="http://www.massindustries.org">&copy Mass Industries</a></p>
+          <p><a href="http://www.massindustries.org">&copy 2013 Mass Industries</a></p>
+          <%= javascript_include_tag "application", "jquery.min", "bootstrap.min", "statuses", "profiles" %>
+          <script>
+            (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+            (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+            m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+            })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+            ga('create', 'UA-44853592-1', 'bountyhunternetwork.com');
+            ga('send', 'pageview');
+          </script>
       </footer>
     </div>
   </div>
 </div>
+
 </body>
 </html>
diff --git a/app/views/statuses/_form.html.erb b/app/views/statuses/_form.html.erb
@@ -11,9 +11,9 @@
     </div>
   <% end %>
 
-    <%= f.input :user_id, collection: User.all, label_method: :full_name %>
     <%= f.input :content %>
   <div class="form-actions">
+    <br>
       <%= f.button :submit, "New Status", :class => 'btn-danger' %>
   </div>
 <% end %>
diff --git a/test/functional/statuses_controller_test.rb b/test/functional/statuses_controller_test.rb
@@ -39,6 +39,17 @@ class StatusesControllerTest < ActionController::TestCase
     assert_redirected_to status_path(assigns(:status))
   end
 
+  test "should create status for the current user when logged in" do
+    sign_in users(:charlie)
+
+    assert_difference('Status.count') do
+      post :create, status: { content: @status.content, user_id: users(:charles).id }
+    end
+
+    assert_redirected_to status_path(assigns(:status))
+    assert_equal assigns(:status).user_id, users(:charlie).id
+  end
+
   test "should show status" do
     get :show, id: @status
     assert_response :success
@@ -63,6 +74,22 @@ class StatusesControllerTest < ActionController::TestCase
     assert_redirected_to status_path(assigns(:status))
   end
 
+  test "should update status for the current user when logged in" do
+    sign_in users(:charlie)
+    put :update, id: @status, status: { content: @status.content, user_id: users(:charles).id }
+    assert_response :redirect
+    assert_redirected_to status_path(assigns(:status))
+    assert_equal assigns(:status).user_id, users(:charlie).id
+  end
+
+  test "should not update the status if nothing has changed" do
+    sign_in users(:charlie)
+    put :update, id: @status
+    assert_response :redirect
+    assert_redirected_to status_path(assigns(:status))
+    assert_equal assigns(:status).user_id, users(:charlie).id
+  end
+
   test "should destroy status" do
     assert_difference('Status.count', -1) do
       delete :destroy, id: @status