Skip to content

Commit

Permalink
Can now destroy users (as admins)
Browse files Browse the repository at this point in the history
  • Loading branch information
mhartl committed Aug 29, 2010
1 parent 3212b97 commit 3771808
Show file tree
Hide file tree
Showing 9 changed files with 119 additions and 10 deletions.
17 changes: 13 additions & 4 deletions app/controllers/users_controller.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
class UsersController < ApplicationController
before_filter :authenticate, :only => [:index, :edit, :update]
before_filter :authenticate, :only => [:index, :edit, :update, :destroy]
before_filter :correct_user, :only => [:edit, :update]
before_filter :admin_user, :only => :destroy

def index
@users = User.paginate(:page => params[:page])
Expand Down Expand Up @@ -29,20 +30,23 @@ def create
end

def edit
@user = User.find(params[:id])
@title = "Edit user"
end

def update
@user = User.find(params[:id])
if @user.update_attributes(params[:user])
redirect_to @user, :flash => { :success => "Profile updated." }
else
@title = "Edit user"
render 'edit'
end
end


def destroy
User.find(params[:id]).destroy
redirect_to users_path, :flash => { :success => "User destroyed." }
end

private

def authenticate
Expand All @@ -53,4 +57,9 @@ def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end

def admin_user
user = User.find(params[:id])
redirect_to(root_path) if !current_user.admin? || current_user?(user)
end
end
3 changes: 2 additions & 1 deletion app/models/user.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# == Schema Information
# Schema version: 20100822233125
# Schema version: 20100829021049
#
# Table name: users
#
Expand All @@ -10,6 +10,7 @@
# updated_at :datetime
# encrypted_password :string(255)
# salt :string(255)
# admin :boolean
#

class User < ActiveRecord::Base
Expand Down
1 change: 1 addition & 0 deletions app/views/layouts/application.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
<title><%= title %></title>
<%= csrf_meta_tag %>
<%= render 'layouts/stylesheets' %>
<%= javascript_include_tag :defaults %>
</head>
<body>
<div class="container">
Expand Down
5 changes: 5 additions & 0 deletions app/views/users/_user.html.erb
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
<li>
<%= gravatar_for user, :size => 30 %>
<%= link_to user.name, user %>
<% if current_user.admin? %>
|
<%= link_to "delete", user, :method => :delete, :confirm => "You sure?",
:title => "Delete #{user.name}" %>
<% end %>
</li>
9 changes: 9 additions & 0 deletions db/migrate/20100829021049_add_admin_to_users.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
class AddAdminToUsers < ActiveRecord::Migration
def self.up
add_column :users, :admin, :boolean, :default => false
end

def self.down
remove_column :users, :admin
end
end
3 changes: 2 additions & 1 deletion db/schema.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#
# It's strongly recommended to check this file into your version control system.

ActiveRecord::Schema.define(:version => 20100822233125) do
ActiveRecord::Schema.define(:version => 20100829021049) do

create_table "users", :force => true do |t|
t.string "name"
Expand All @@ -19,6 +19,7 @@
t.datetime "updated_at"
t.string "encrypted_password"
t.string "salt"
t.boolean "admin", :default => false
end

add_index "users", ["email"], :name => "index_users_on_email", :unique => true
Expand Down
9 changes: 5 additions & 4 deletions lib/tasks/sample_data.rake
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ namespace :db do
desc "Fill database with sample data"
task :populate => :environment do
Rake::Task['db:reset'].invoke
User.create!(:name => "Example User",
:email => "[email protected]",
:password => "foobar",
:password_confirmation => "foobar")
admin = User.create!(:name => "Example User",
:email => "[email protected]",
:password => "foobar",
:password_confirmation => "foobar")
admin.toggle!(:admin)
99.times do |n|
name = Faker::Name.name
email = "example-#{n+1}@railstutorial.org"
Expand Down
62 changes: 62 additions & 0 deletions spec/controllers/users_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,21 @@
response.should have_selector('a', :href => "/users?page=2",
:content => "Next")
end

it "should have delete links for admins" do
@user.toggle!(:admin)
other_user = User.all.second
get :index
response.should have_selector('a', :href => user_path(other_user),
:content => "delete")
end

it "should not have delete links for non-admins" do
other_user = User.all.second
get :index
response.should_not have_selector('a', :href => user_path(other_user),
:content => "delete")
end
end
end

Expand Down Expand Up @@ -269,6 +284,53 @@
response.should redirect_to(root_path)
end
end
end

describe "DELETE 'destroy'" do

before(:each) do
@user = Factory(:user)
end

describe "as a non-signed-in user" do
it "should deny access" do
delete :destroy, :id => @user
response.should redirect_to(signin_path)
end
end

describe "as non-admin user" do
it "should protect the action" do
test_sign_in(@user)
delete :destroy, :id => @user
response.should redirect_to(root_path)
end
end

describe "as an admin user" do

before(:each) do
@admin = Factory(:user, :email => "[email protected]", :admin => true)
test_sign_in(@admin)
end

it "should destroy the user" do
lambda do
delete :destroy, :id => @user
end.should change(User, :count).by(-1)
end

it "should redirect to the users page" do
delete :destroy, :id => @user
flash[:success].should =~ /destroyed/i
response.should redirect_to(users_path)
end

it "should not be able to destroy itself" do
lambda do
delete :destroy, :id => @admin
end.should_not change(User, :count)
end
end
end
end
20 changes: 20 additions & 0 deletions spec/models/user_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -152,4 +152,24 @@
end
end
end

describe "admin attribute" do

before(:each) do
@user = User.create!(@attr)
end

it "should respond to admin" do
@user.should respond_to(:admin)
end

it "should not be an admin by default" do
@user.should_not be_admin
end

it "should be convertible to an admin" do
@user.toggle!(:admin)
@user.should be_admin
end
end
end

0 comments on commit 3771808

Please sign in to comment.