Download as
Browse Code »

Commit 0ef8cfb9b439559c1d3d640aefab5512b38452af

Authored by Jared Pace
1 parent fa3626d5
Exists in master and in 1 other branch production

Allow users to edit their profile

Showing 7 changed files with 85 additions and 11 deletions   Show diff stats
app/controllers/users_controller.rb
  Diff comments   View file @0ef8cfb
1 class UsersController < ApplicationController 1 class UsersController < ApplicationController
2 respond_to :html 2 respond_to :html
3 3
4 - before_filter :require_admin! 4 + before_filter :require_admin!, :except => [:edit, :update]
  5 + before_filter :find_user, :only => [:show, :edit, :update, :destroy]
  6 + before_filter :require_user_edit_priviledges, :only => [:edit, :update]
5 7
6 def index 8 def index
7 @users = User.paginate(:page => params[:page]) 9 @users = User.paginate(:page => params[:page])
@@ -16,7 +18,6 @@ class UsersController &lt; ApplicationController @@ -16,7 +18,6 @@ class UsersController &lt; ApplicationController
16 end 18 end
17 19
18 def edit 20 def edit
19 - @user = User.find(params[:id])  
20 end 21 end
21 22
22 def create 23 def create
@@ -37,7 +38,8 @@ class UsersController &lt; ApplicationController @@ -37,7 +38,8 @@ class UsersController &lt; ApplicationController
37 params[:user].delete(:password_confirmation) 38 params[:user].delete(:password_confirmation)
38 end 39 end
39 40
40 - @user = User.find(params[:id]) 41 + # Set protected attributes
  42 + @user.admin = params[:user][:admin] if current_user.admin?
41 43
42 if @user.update_attributes(params[:user]) 44 if @user.update_attributes(params[:user])
43 flash[:success] = "#{@user.name}'s information was successfully updated" 45 flash[:success] = "#{@user.name}'s information was successfully updated"
@@ -48,11 +50,21 @@ class UsersController &lt; ApplicationController @@ -48,11 +50,21 @@ class UsersController &lt; ApplicationController
48 end 50 end
49 51
50 def destroy 52 def destroy
51 - @user = User.find(params[:id])  
52 @user.destroy 53 @user.destroy
53 54
54 flash[:success] = "That's sad. #{@user.name} is no longer part of your team." 55 flash[:success] = "That's sad. #{@user.name} is no longer part of your team."
55 redirect_to users_path 56 redirect_to users_path
56 end 57 end
57 58
  59 + protected
  60 +
  61 + def find_user
  62 + @user = User.find(params[:id])
  63 + end
  64 +
  65 + def require_user_edit_priviledges
  66 + can_edit = current_user == @user || current_user.admin?
  67 + redirect_to(root_path) and return(false) unless can_edit
  68 + end
  69 +
58 end 70 end
app/models/user.rb
  Diff comments   View file @0ef8cfb
@@ -13,6 +13,8 @@ class User @@ -13,6 +13,8 @@ class User
13 13
14 validates_presence_of :name 14 validates_presence_of :name
15 15
  16 + attr_protected :admin
  17 +
16 # Mongoid doesn't seem to currently support 18 # Mongoid doesn't seem to currently support
17 # referencing embedded documents 19 # referencing embedded documents
18 def watchers 20 def watchers
app/views/shared/_session.html.haml
  Diff comments   View file @0ef8cfb
1 - if current_user 1 - if current_user
2 %ul#session-links 2 %ul#session-links
3 - %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'  
4 \ No newline at end of file 3 \ No newline at end of file
  4 + %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
  5 + %li= link_to 'Edit profile', edit_user_path(current_user), :id => 'edit-profile'
5 \ No newline at end of file 6 \ No newline at end of file
app/views/users/_fields.html.haml
  Diff comments   View file @0ef8cfb
@@ -15,7 +15,8 @@ @@ -15,7 +15,8 @@
15 .required 15 .required
16 = f.label :password_confirmation 16 = f.label :password_confirmation
17 = f.password_field :password_confirmation 17 = f.password_field :password_confirmation
18 -  
19 -.checkbox  
20 - = f.check_box :admin  
21 - = f.label :admin, 'Admin?'  
22 \ No newline at end of file 18 \ No newline at end of file
  19 +
  20 +- if current_user.admin?
  21 + .checkbox
  22 + = f.check_box :admin
  23 + = f.label :admin, 'Admin?'
23 \ No newline at end of file 24 \ No newline at end of file
public/stylesheets/application.css
  Diff comments   View file @0ef8cfb
@@ -63,6 +63,7 @@ a.action { float: right; font-size: 0.9em;} @@ -63,6 +63,7 @@ a.action { float: right; font-size: 0.9em;}
63 } 63 }
64 #header #session-links li { 64 #header #session-links li {
65 float: right; 65 float: right;
  66 + margin-left: 10px;
66 color: #FFF; 67 color: #FFF;
67 background-color: #000; 68 background-color: #000;
68 border-radius: 6px; 69 border-radius: 6px;
@@ -88,6 +89,9 @@ a.action { float: right; font-size: 0.9em;} @@ -88,6 +89,9 @@ a.action { float: right; font-size: 0.9em;}
88 #header #session-links #sign-out { 89 #header #session-links #sign-out {
89 background: transparent url(images/icons/bullet-red-sm.png) 12px 50% no-repeat; 90 background: transparent url(images/icons/bullet-red-sm.png) 12px 50% no-repeat;
90 } 91 }
  92 +#header #session-links #edit-profile {
  93 + padding-left: 10px;
  94 +}
91 95
92 /* Navigation */ 96 /* Navigation */
93 #nav-bar { 97 #nav-bar {
spec/controllers/users_controller_spec.rb
  Diff comments   View file @0ef8cfb
@@ -3,7 +3,61 @@ require &#39;spec_helper&#39; @@ -3,7 +3,61 @@ require &#39;spec_helper&#39;
3 describe UsersController do 3 describe UsersController do
4 4
5 it_requires_authentication 5 it_requires_authentication
6 - it_requires_admin_privileges 6 + it_requires_admin_privileges :for => {
  7 + :index => :get,
  8 + :show => :get,
  9 + :new => :get,
  10 + :create => :post,
  11 + :destroy => :delete
  12 + }
  13 +
  14 + context 'Signed in as a regular user' do
  15 + before do
  16 + sign_in @user = Factory(:user)
  17 + end
  18 +
  19 + context "GET /users/:other_id/edit" do
  20 + it "redirects to the home page" do
  21 + get :edit, :id => Factory(:user).id
  22 + response.should redirect_to(root_path)
  23 + end
  24 + end
  25 +
  26 + context "GET /users/:my_id/edit" do
  27 + it 'finds the user' do
  28 + get :edit, :id => @user.id
  29 + assigns(:user).should == @user
  30 + end
  31 + end
  32 +
  33 + context "PUT /users/:other_id" do
  34 + it "redirects to the home page" do
  35 + put :update, :id => Factory(:user).id
  36 + response.should redirect_to(root_path)
  37 + end
  38 + end
  39 +
  40 + context "PUT /users/:my_id/id" do
  41 + context "when the update is successful" do
  42 + it "sets a message to display" do
  43 + put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
  44 + request.flash[:success].should include('updated')
  45 + end
  46 +
  47 + it "redirects to the user's page" do
  48 + put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
  49 + response.should redirect_to(user_path(@user))
  50 + end
  51 + end
  52 +
  53 + context "when the update is unsuccessful" do
  54 + it "renders the edit page" do
  55 + put :update, :id => @user.to_param, :user => {:name => nil}
  56 + response.should render_template(:edit)
  57 + end
  58 + end
  59 + end
  60 + end
7 61
8 context 'Signed in as an admin' do 62 context 'Signed in as an admin' do
9 before do 63 before do
spec/support/macros.rb
  Diff comments   View file @0ef8cfb
@@ -9,7 +9,7 @@ def it_requires_authentication(options = {}) @@ -9,7 +9,7 @@ def it_requires_authentication(options = {})
9 :update => :put, 9 :update => :put,
10 :destroy => :delete 10 :destroy => :delete
11 }, 11 },
12 - :params => {:id => 'dummyid'} 12 + :params => {:id => '4c6c760494df2a18cc000015'}
13 } 13 }
14 options.reverse_merge!(default_options) 14 options.reverse_merge!(default_options)
15 15