Skip to content

Commit

Permalink
Friendly forwarding and correct user requirement
Browse files Browse the repository at this point in the history
  • Loading branch information
mhartl committed Aug 28, 2010
1 parent eb21747 commit 7d06bcb
Show file tree
Hide file tree
Showing 5 changed files with 75 additions and 10 deletions.
2 changes: 1 addition & 1 deletion app/controllers/sessions_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ def create
render 'new'
else
sign_in user
redirect_to user
redirect_back_or user
end
end

Expand Down
6 changes: 6 additions & 0 deletions app/controllers/users_controller.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
class UsersController < ApplicationController
before_filter :authenticate, :only => [:edit, :update]
before_filter :correct_user, :only => [:edit, :update]

def show
@user = User.find(params[:id])
Expand Down Expand Up @@ -42,4 +43,9 @@ def update
def authenticate
deny_access unless signed_in?
end

def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user)
end
end
20 changes: 19 additions & 1 deletion app/helpers/sessions_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,27 @@ def sign_out
self.current_user = nil
end

def current_user?(user)
user == current_user
end

def deny_access
store_location
redirect_to signin_path, :notice => "Please sign in to access this page."
end
end

def store_location
session[:return_to] = request.fullpath
end

def redirect_back_or(default)
redirect_to(session[:return_to] || default)
clear_return_to
end

def clear_return_to
session[:return_to] = nil
end

private

Expand Down
38 changes: 30 additions & 8 deletions spec/controllers/users_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -188,15 +188,37 @@
@user = Factory(:user)
end

it "should deny access to 'edit'" do
get :edit, :id => @user
response.should redirect_to(signin_path)
flash[:notice].should =~ /sign in/i
end
describe "for non-signed-in users" do

it "should deny access to 'edit'" do
get :edit, :id => @user
response.should redirect_to(signin_path)
flash[:notice].should =~ /sign in/i
end

it "should deny access to 'update'" do
put :update, :id => @user, :user => {}
response.should redirect_to(signin_path)
it "should deny access to 'update'" do
put :update, :id => @user, :user => {}
response.should redirect_to(signin_path)
end
end

describe "for signed-in users" do

before(:each) do
wrong_user = Factory(:user, :email => "[email protected]")
test_sign_in(wrong_user)
end

it "should require matching users for 'edit'" do
get :edit, :id => @user
response.should redirect_to(root_path)
end

it "should require matching users for 'update'" do
put :update, :id => @user, :user => {}
response.should redirect_to(root_path)
end
end

end
end
19 changes: 19 additions & 0 deletions spec/requests/friendly_forwardings_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
require 'spec_helper'

describe "FriendlyForwardings" do

it "should forward to the requested page after signin" do
user = Factory(:user)
visit edit_user_path(user)
fill_in :email, :with => user.email
fill_in :password, :with => user.password
click_button
response.should render_template('users/edit')
visit signout_path
visit signin_path
fill_in :email, :with => user.email
fill_in :password, :with => user.password
click_button
response.should render_template('users/show')
end
end

0 comments on commit 7d06bcb

Please sign in to comment.