Allow users to edit their profile

Jared Pace
1 parent fa3626d5
Showing 7 changed files with 85 additions and 11 deletions Show diff stats
app/controllers/users_controller.rb
app/models/user.rb
app/views/shared/_session.html.haml
app/views/users/_fields.html.haml
public/stylesheets/application.css
spec/controllers/users_controller_spec.rb
spec/support/macros.rb
 class UsersController < ApplicationController
   respond_to :html
  
-  before_filter :require_admin!
+  before_filter :require_admin!, :except => [:edit, :update]
+  before_filter :find_user, :only => [:show, :edit, :update, :destroy]
+  before_filter :require_user_edit_priviledges, :only => [:edit, :update]
  
   def index
     @users = User.paginate(:page => params[:page])
@@ -16,7 +18,6 @@ class UsersController &lt; ApplicationController
   end
  
   def edit
-    @user = User.find(params[:id])
   end
  
   def create
@@ -37,7 +38,8 @@ class UsersController &lt; ApplicationController
       params[:user].delete(:password_confirmation)
     end
  
-    @user = User.find(params[:id])
+    # Set protected attributes
+    @user.admin = params[:user][:admin] if current_user.admin?
  
     if @user.update_attributes(params[:user])
       flash[:success] = "#{@user.name}'s information was successfully updated"
@@ -48,11 +50,21 @@ class UsersController &lt; ApplicationController
   end
  
   def destroy
-    @user = User.find(params[:id])
     @user.destroy
  
     flash[:success] = "That's sad. #{@user.name} is no longer part of your team."
     redirect_to users_path
   end
  
+  protected
+  
+    def find_user
+      @user = User.find(params[:id])
+    end
+
+    def require_user_edit_priviledges
+      can_edit = current_user == @user || current_user.admin?
+      redirect_to(root_path) and return(false) unless can_edit
+    end
+  
 end
@@ -13,6 +13,8 @@ class User
  
   validates_presence_of :name
  
+  attr_protected :admin
+  
   # Mongoid doesn't seem to currently support
   # referencing embedded documents
   def watchers
 - if current_user
   %ul#session-links
-    %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
 \ No newline at end of file
+    %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
+    %li= link_to 'Edit profile', edit_user_path(current_user), :id => 'edit-profile'
 \ No newline at end of file
@@ -15,7 +15,8 @@
 .required
   = f.label :password_confirmation
   = f.password_field :password_confirmation
-  
-.checkbox
-  = f.check_box :admin
-  = f.label :admin, 'Admin?'
 \ No newline at end of file
+
+- if current_user.admin?
+  .checkbox
+    = f.check_box :admin
+    = f.label :admin, 'Admin?'
 \ No newline at end of file
@@ -63,6 +63,7 @@ a.action  { float: right; font-size: 0.9em;}
 }
 #header #session-links li {
   float: right;
+  margin-left: 10px;
   color: #FFF;
   background-color: #000;
   border-radius: 6px;
@@ -88,6 +89,9 @@ a.action  { float: right; font-size: 0.9em;}
 #header #session-links #sign-out {
   background: transparent url(images/icons/bullet-red-sm.png) 12px 50% no-repeat;
 }
+#header #session-links #edit-profile {
+  padding-left: 10px;
+}
  
 /* Navigation */
 #nav-bar {
@@ -3,7 +3,61 @@ require &#39;spec_helper&#39;
 describe UsersController do
  
   it_requires_authentication
-   it_requires_admin_privileges
+  it_requires_admin_privileges :for => {
+    :index    => :get,
+    :show     => :get,
+    :new      => :get,
+    :create   => :post,
+    :destroy  => :delete
+  }
+  
+  context 'Signed in as a regular user' do
+    before do
+      sign_in @user = Factory(:user)
+    end
+    
+    context "GET /users/:other_id/edit" do
+      it "redirects to the home page" do
+        get :edit, :id => Factory(:user).id
+        response.should redirect_to(root_path)
+      end
+    end
+    
+    context "GET /users/:my_id/edit" do
+      it 'finds the user' do
+        get :edit, :id => @user.id
+        assigns(:user).should == @user
+      end
+    end
+    
+    context "PUT /users/:other_id" do
+      it "redirects to the home page" do
+        put :update, :id => Factory(:user).id
+        response.should redirect_to(root_path)
+      end
+    end
+    
+    context "PUT /users/:my_id/id" do
+      context "when the update is successful" do        
+        it "sets a message to display" do
+          put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
+          request.flash[:success].should include('updated')
+        end
+        
+        it "redirects to the user's page" do
+          put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
+          response.should redirect_to(user_path(@user))
+        end
+      end
+      
+      context "when the update is unsuccessful" do        
+        it "renders the edit page" do
+          put :update, :id => @user.to_param, :user => {:name => nil}
+          response.should render_template(:edit)
+        end
+      end
+    end
+  end
  
   context 'Signed in as an admin' do
     before do
@@ -9,7 +9,7 @@ def it_requires_authentication(options = {})
       :update   => :put,
       :destroy  => :delete
     },
-    :params => {:id => 'dummyid'}
+    :params => {:id => '4c6c760494df2a18cc000015'}
   }
   options.reverse_merge!(default_options)
1	1	class UsersController < ApplicationController
2	2	respond_to :html
3	3
4		- before_filter :require_admin!
	4	+ before_filter :require_admin!, :except => [:edit, :update]
	5	+ before_filter :find_user, :only => [:show, :edit, :update, :destroy]
	6	+ before_filter :require_user_edit_priviledges, :only => [:edit, :update]
5	7
6	8	def index
7	9	@users = User.paginate(:page => params[:page])
...	...	@@ -16,7 +18,6 @@ class UsersController < ApplicationController
16	18	end
17	19
18	20	def edit
19		- @user = User.find(params[:id])
20	21	end
21	22
22	23	def create
...	...	@@ -37,7 +38,8 @@ class UsersController < ApplicationController
37	38	params[:user].delete(:password_confirmation)
38	39	end
39	40
40		- @user = User.find(params[:id])
	41	+ # Set protected attributes
	42	+ @user.admin = params[:user][:admin] if current_user.admin?
41	43
42	44	if @user.update_attributes(params[:user])
43	45	flash[:success] = "#{@user.name}'s information was successfully updated"
...	...	@@ -48,11 +50,21 @@ class UsersController < ApplicationController
48	50	end
49	51
50	52	def destroy
51		- @user = User.find(params[:id])
52	53	@user.destroy
53	54
54	55	flash[:success] = "That's sad. #{@user.name} is no longer part of your team."
55	56	redirect_to users_path
56	57	end
57	58
	59	+ protected
	60	+
	61	+ def find_user
	62	+ @user = User.find(params[:id])
	63	+ end
	64	+
	65	+ def require_user_edit_priviledges
	66	+ can_edit = current_user == @user \|\| current_user.admin?
	67	+ redirect_to(root_path) and return(false) unless can_edit
	68	+ end
	69	+
58	70	end
...	...
...	...	@@ -13,6 +13,8 @@ class User
13	13
14	14	validates_presence_of :name
15	15
	16	+ attr_protected :admin
	17	+
16	18	# Mongoid doesn't seem to currently support
17	19	# referencing embedded documents
18	20	def watchers
...	...
1	1	- if current_user
2	2	%ul#session-links
3		- %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
4	3	\ No newline at end of file
	4	+ %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
	5	+ %li= link_to 'Edit profile', edit_user_path(current_user), :id => 'edit-profile'
5	6	\ No newline at end of file
...	...
...	...	@@ -15,7 +15,8 @@
15	15	.required
16	16	= f.label :password_confirmation
17	17	= f.password_field :password_confirmation
18		-
19		-.checkbox
20		- = f.check_box :admin
21		- = f.label :admin, 'Admin?'
22	18	\ No newline at end of file
	19	+
	20	+- if current_user.admin?
	21	+ .checkbox
	22	+ = f.check_box :admin
	23	+ = f.label :admin, 'Admin?'
23	24	\ No newline at end of file
...	...
...	...	@@ -63,6 +63,7 @@ a.action { float: right; font-size: 0.9em;}
63	63	}
64	64	#header #session-links li {
65	65	float: right;
	66	+ margin-left: 10px;
66	67	color: #FFF;
67	68	background-color: #000;
68	69	border-radius: 6px;
...	...	@@ -88,6 +89,9 @@ a.action { float: right; font-size: 0.9em;}
88	89	#header #session-links #sign-out {
89	90	background: transparent url(images/icons/bullet-red-sm.png) 12px 50% no-repeat;
90	91	}
	92	+#header #session-links #edit-profile {
	93	+ padding-left: 10px;
	94	+}
91	95
92	96	/* Navigation */
93	97	#nav-bar {
...	...
...	...	@@ -3,7 +3,61 @@ require 'spec_helper'
3	3	describe UsersController do
4	4
5	5	it_requires_authentication
6		- it_requires_admin_privileges
	6	+ it_requires_admin_privileges :for => {
	7	+ :index => :get,
	8	+ :show => :get,
	9	+ :new => :get,
	10	+ :create => :post,
	11	+ :destroy => :delete
	12	+ }
	13	+
	14	+ context 'Signed in as a regular user' do
	15	+ before do
	16	+ sign_in @user = Factory(:user)
	17	+ end
	18	+
	19	+ context "GET /users/:other_id/edit" do
	20	+ it "redirects to the home page" do
	21	+ get :edit, :id => Factory(:user).id
	22	+ response.should redirect_to(root_path)
	23	+ end
	24	+ end
	25	+
	26	+ context "GET /users/:my_id/edit" do
	27	+ it 'finds the user' do
	28	+ get :edit, :id => @user.id
	29	+ assigns(:user).should == @user
	30	+ end
	31	+ end
	32	+
	33	+ context "PUT /users/:other_id" do
	34	+ it "redirects to the home page" do
	35	+ put :update, :id => Factory(:user).id
	36	+ response.should redirect_to(root_path)
	37	+ end
	38	+ end
	39	+
	40	+ context "PUT /users/:my_id/id" do
	41	+ context "when the update is successful" do
	42	+ it "sets a message to display" do
	43	+ put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
	44	+ request.flash[:success].should include('updated')
	45	+ end
	46	+
	47	+ it "redirects to the user's page" do
	48	+ put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
	49	+ response.should redirect_to(user_path(@user))
	50	+ end
	51	+ end
	52	+
	53	+ context "when the update is unsuccessful" do
	54	+ it "renders the edit page" do
	55	+ put :update, :id => @user.to_param, :user => {:name => nil}
	56	+ response.should render_template(:edit)
	57	+ end
	58	+ end
	59	+ end
	60	+ end
7	61
8	62	context 'Signed in as an admin' do
9	63	before do
...	...
...	...	@@ -9,7 +9,7 @@ def it_requires_authentication(options = {})
9	9	:update => :put,
10	10	:destroy => :delete
11	11	},
12		- :params => {:id => 'dummyid'}
	12	+ :params => {:id => '4c6c760494df2a18cc000015'}
13	13	}
14	14	options.reverse_merge!(default_options)
15	15
...	...