Merge pull request #497 from shingara/features/#456

Improve user management

Merge pull request #497 from shingara/features/#456
Improve user management
Cyril Mougel
2 parents ea727cfc f2409444
Showing 21 changed files with 317 additions and 181 deletions Show diff stats
CHANGELOG.md
Gemfile
Gemfile.lock
app/controllers/application_controller.rb
app/controllers/users_controller.rb
app/interactors/user_destroy.rb
app/models/user.rb
app/views/users/_fields.html.haml
app/views/users/edit.html.haml
app/views/users/index.html.haml
app/views/users/new.html.haml
app/views/users/show.html.haml
config/locales/en.yml
spec/controllers/users_controller_spec.rb
spec/fabricators/app_fabricator.rb
spec/interactors/user_destroy_spec.rb
spec/models/user_spec.rb
spec/views/users/edit.html.haml_spec.rb
spec/views/users/index.html.haml_spec.rb
spec/views/users/new.html.haml_spec.rb
@@ -5,6 +5,8 @@
 - Update some gems ([@shingara][])
 - [#492][] Improve some Pjax call ([@nfedyashev][])
 - [#428][] Add the support of Unfuddle Tracker ([@parallel588][])
+- Avoid to delete his own user ([@shingara][])
+- [#456] Avoid to delete admin access of current user logged ([@shingara][])
 ### Bug Fixes
@@ -48,6 +50,7 @@
 [#428]: https://github.com/errbit/errbit/issues/428
 [#453]: https://github.com/errbit/errbit/issues/453
 [#455]: https://github.com/errbit/errbit/issues/455
+[#456]: https://github.com/errbit/errbit/issues/456
 [#457]: https://github.com/errbit/errbit/issues/457
 [#460]: https://github.com/errbit/errbit/issues/460
 [#466]: https://github.com/errbit/errbit/issues/466
@@ -2,7 +2,9 @@ source &#39;http://rubygems.org&#39;
 gem 'rails', '3.2.13'
 gem 'mongoid', '~> 2.7.1'
-gem 'mongoid_rails_migrations'
+
+# Mongoid rails migration > 0.0.14 is not compatible to Mongoid 2.x
+gem 'mongoid_rails_migrations', '~> 0.0.14'
 gem 'devise', '~> 1.5.4'
 gem 'haml'
 gem 'htmlentities'
@@ -10,6 +12,8 @@ gem &#39;rack-ssl&#39;, :require =&gt; &#39;rack/ssl&#39;   # force SSL
 gem 'useragent'
 gem 'inherited_resources'
+gem 'decent_exposure'
+gem 'strong_parameters'
 gem 'SystemTimer', :platform => :ruby_18
 gem 'actionmailer_inline_css', "~> 1.3.0"
 gem 'kaminari', '>= 0.14.1'
 GIT
   remote: https://github.com/NARKOZ/gitlab.git
-  revision: f2ba111dba70eca5346a880c541dafaf35d3332a
+  revision: 53d7a8a86dfed63e56eeb16ea496bb7a82de337e
   specs:
     gitlab (2.2.0)
       httparty
@@ -91,9 +91,8 @@ GEM
       simplecov (>= 0.7)
       thor
     crack (0.3.2)
-    css_parser (1.2.6)
+    css_parser (1.3.4)
       addressable
-      rdoc
     daemons (1.1.9)
     database_cleaner (0.9.1)
     debug_inspector (0.0.2)
@@ -103,6 +102,7 @@ GEM
       debugger-ruby_core_source (~> 1.2.1)
     debugger-linecache (1.2.0)
     debugger-ruby_core_source (1.2.2)
+    decent_exposure (2.2.0)
     devise (1.5.4)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
@@ -135,6 +135,7 @@ GEM
     hike (1.2.2)
     hipchat (0.9.0)
       httparty
+      httparty
     hoi (0.0.6)
       httparty (> 0.6.0)
       json (> 1.4.0)
@@ -151,9 +152,9 @@ GEM
       has_scope (~> 0.5.0)
       responders (~> 0.9)
     journey (1.0.4)
-    jquery-rails (2.1.3)
-      railties (>= 3.1.0, < 5.0)
-      thor (~> 0.14)
+    jquery-rails (3.0.0)
+      railties (>= 3.0, < 5.0)
+      thor (>= 0.14, < 2.0)
     json (1.8.0)
     jwt (0.1.8)
       multi_json (>= 1.5)
@@ -229,12 +230,14 @@ GEM
       activeresource (>= 2.3.0)
     pivotal-tracker (0.5.10)
       builder
+      builder
       crack
       happymapper (>= 0.3.2)
       nokogiri (>= 1.4.3)
       nokogiri (>= 1.5.5)
       nokogiri-happymapper (>= 0.5.4)
       rest-client (~> 1.6.0)
+      rest-client (~> 1.6.0)
     pjax_rails (0.3.4)
       jquery-rails
     polyglot (0.3.3)
@@ -279,7 +282,7 @@ GEM
     rbx-require-relative (0.0.9)
     rdoc (3.12.2)
       json (~> 1.4)
-    ref (1.0.4)
+    ref (1.0.5)
     responders (0.9.3)
       railties (~> 3.1)
     rest-client (1.6.7)
@@ -323,6 +326,10 @@ GEM
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
+    strong_parameters (0.2.1)
+      actionpack (~> 3.0)
+      activemodel (~> 3.0)
+      railties (~> 3.0)
     taskmapper (0.8.0)
       activeresource (~> 3.0)
       activesupport (~> 3.0)
@@ -385,6 +392,7 @@ DEPENDENCIES
   coveralls
   database_cleaner (~> 0.9.0)
   debugger
+  decent_exposure
   devise (~> 1.5.4)
   email_spec
   execjs
@@ -405,7 +413,7 @@ DEPENDENCIES
   meta_request
   mongo
   mongoid (~> 2.7.1)
-  mongoid_rails_migrations
+  mongoid_rails_migrations (~> 0.0.14)
   octokit
   omniauth-github
   oruen_redmine_client
@@ -421,6 +429,7 @@ DEPENDENCIES
   ruby-debug
   ruby-fogbugz
   rushover
+  strong_parameters
   taskmapper (~> 0.8.0)
   taskmapper-unfuddle (~> 0.7.0)
   therubyracer
@@ -17,6 +17,9 @@ class ApplicationController &lt; ActionController::Base
 protected
+  ##
+  # Check if the current_user is admin or not and redirect to root url if not
+  #
   def require_admin!
     unless user_signed_in? && current_user.admin?
       flash[:error] = "Sorry, you don't have permission to do that"
@@ -2,71 +2,78 @@ class UsersController &lt; ApplicationController
   respond_to :html
   before_filter :require_admin!, :except => [:edit, :update]
-  before_filter :find_user, :only => [:show, :edit, :update, :destroy, :unlink_github]
   before_filter :require_user_edit_priviledges, :only => [:edit, :update]
-  def index
-    @users = User.all.page(params[:page]).per(current_user.per_page)
-  end
+  expose(:user) {
+    params[:id] ? User.find(params[:id]) : User.new(user_params)
+  }
+  expose(:users) {
+    User.all.page(params[:page]).per(current_user.per_page)
+  }
-  def new
-    @user = User.new
-  end
+  def index; end
+  def new; end
+  def show; end
   def create
-    @user = User.new(params[:user])
-
-    # Set protected attributes
-    @user.admin = params[:user].try(:[], :admin) if current_user.admin?
-
-    if @user.save
-      flash[:success] = "#{@user.name} is now part of the team. Be sure to add them as a project watcher."
-      redirect_to user_path(@user)
+    if user.save
+      flash[:success] = "#{user.name} is now part of the team. Be sure to add them as a project watcher."
+      redirect_to user_path(user)
     else
       render :new
     end
   end
   def update
-    # Devise Hack
-    if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
-      params[:user].delete(:password)
-      params[:user].delete(:password_confirmation)
-    end
-
-    # Set protected attributes
-    @user.admin = params[:user][:admin] if current_user.admin?
-
-    if @user.update_attributes(params[:user])
-      flash[:success] = "#{@user.name}'s information was successfully updated"
-      redirect_to user_path(@user)
+    if user.update_attributes(user_params)
+      flash[:success] = I18n.t('controllers.users.flash.update.success', :name => user.name)
+      redirect_to user_path(user)
     else
       render :edit
     end
   end
+  ##
+  # Destroy the user pass in args
+  #
+  # @param [ String ] id the id of user we want delete
+  #
   def destroy
-    @user.destroy
-
-    flash[:success] = "That's sad. #{@user.name} is no longer part of your team."
+    if user == current_user
+      flash[:error] = I18n.t('controllers.users.flash.destroy.error')
+    else
+      UserDestroy.new(user).destroy
+      flash[:success] = I18n.t('controllers.users.flash.destroy.success', :name => user.name)
+    end
     redirect_to users_path
   end
   def unlink_github
-    @user.update_attributes :github_login => nil, :github_oauth_token => nil
-    redirect_to user_path(@user)
+    user.update_attributes :github_login => nil, :github_oauth_token => nil
+    redirect_to user_path(user)
   end
   protected
-    def find_user
-      @user = User.find(params[:id])
-    end
-
     def require_user_edit_priviledges
-      can_edit = current_user == @user || current_user.admin?
+      can_edit = current_user == user || current_user.admin?
       redirect_to(root_path) and return(false) unless can_edit
     end
+  def user_params
+    @user_params ||= params[:user] ? params.require(:user).permit(*user_permit_params) : {}
+  end
+
+  def user_permit_params
+    @user_permit_params ||= [:name,:username, :email, :github_login, :per_page, :time_zone]
+    @user_permit_params << :admin if current_user.admin? && current_user.id != params[:id]
+    @user_permit_params |= [:password, :password_confirmation] if user_password_params.values.all?{|pa| !pa.blank? }
+    @user_permit_params
+  end
+
+  def user_password_params
+    @user_password_params ||= params[:user] ? params.require(:user).permit(:password, :password_confirmation) : {}
+  end
+
 end
@@ -0,0 +1,11 @@
+class UserDestroy
+  def initialize(user)
+    @user = user
+  end
+
+  def destroy
+    @user.destroy
+    @user.watchers.each(&:destroy)
+  end
+
+end
@@ -13,14 +13,11 @@ class User
   field :per_page, :type => Fixnum, :default => PER_PAGE
   field :time_zone, :default => "UTC"
-  after_destroy :destroy_watchers
   before_save :ensure_authentication_token
   validates_presence_of :name
   validates_uniqueness_of :github_login, :allow_nil => true
-  attr_protected :admin
-
   has_many :apps, :foreign_key => 'watchers.user_id'
   if Errbit::Config.user_has_username
@@ -59,10 +56,5 @@ class User
     self[:github_login] = login
   end
-  protected
-
-    def destroy_watchers
-      watchers.each(&:destroy)
-    end
 end
-= errors_for @user
+= errors_for user
 .required
   = f.label :name
-- content_for :title, "Edit #{@user.name}"
+- content_for :title, "Edit #{user.name}"
 - content_for :action_bar do
-  = render 'shared/link_github_account', :user => @user
-  = link_to('cancel', user_path(@user), :class => 'button')
+  = render 'shared/link_github_account', :user => user
+  = link_to('cancel', user_path(user), :class => 'button')
-= form_for @user, :html => {:autocomplete => "off"} do |f|
-  = @user.errors.full_messages.to_sentence
+= form_for user, :html => {:autocomplete => "off"} do |f|
+  = user.errors.full_messages.to_sentence
   = render 'fields', :f => f
   %div.buttons= f.submit 'Update User'
@@ -13,8 +13,8 @@
       %th.main Email
       %th Admin?
   %tbody
-    - @users.each do |user|
-      %tr
+    - users.each do |user|
+      %tr.user_list
         - if Errbit::Config.use_gravatar
           %td= gravatar_tag user.email, :s => 24
         %td.nowrap= link_to user.name, user_path(user)
@@ -22,5 +22,5 @@
           %td= user.username
         %td= user.email
         %td= user.admin? ? 'Y' : 'N'
-= paginate @users
+= paginate users
 - content_for :title, 'New User'
 - content_for :action_bar, link_to('cancel', users_path, :class => 'button')
-= form_for @user do |f|
-  
+= form_for user do |f|
+
   = render 'fields', :f => f
-    
-  %div.buttons= f.submit 'Add User'
 \ No newline at end of file
+
+  %div.buttons= f.submit 'Add User'
-- content_for :title, @user.name
-- if Errbit::Config.use_gravatar && gravatar = gravatar_url(@user.email, :s => 86)
+- content_for :title, user.name
+
+- if Errbit::Config.use_gravatar && gravatar = gravatar_url(user.email, :s => 86)
   - content_for :title_style do
     background: url('#{gravatar}') no-repeat;
     padding-left: 106px;
 - content_for :action_bar do
-  = render 'shared/link_github_account', :user => @user
+  = render 'shared/link_github_account'
   %span= link_to('Add a New User', new_user_path, :class => 'add')
-  = link_to 'edit', edit_user_path(@user), :class => 'button'
-  = link_to 'destroy', user_path(@user), :method => :delete, :data => { :confirm => 'Seriously?' }, :class => 'button'
+  = link_to 'edit', edit_user_path(user), :class => 'button'
+  = link_to 'destroy', user_path(user), :method => :delete, :data => { :confirm => 'Seriously?' }, :class => 'button'
 %table.single_user
   %tr
     %th Email
-    %td.main= @user.email
+    %td.main= user.email
   - if Errbit::Config.user_has_username
     %tr
       %th Username
-      %td.main= @user.username
-  - if Errbit::Config.github_authentication && @user.github_login.present?
+      %td.main= user.username
+  - if Errbit::Config.github_authentication && user.github_login.present?
     %tr
       %th GitHub Login
-      %td.main= link_to @user.github_login, "https://github.com/#{@user.github_login}"
+      %td.main= link_to user.github_login, "https://github.com/#{user.github_login}"
   %tr
     %th Admin?
-    %td= @user.admin? ? 'Y' : 'N'
+    %td= user.admin? ? 'Y' : 'N'
   %tr
     %th Created
-    %td= @user.created_at.to_s(:micro)
+    %td= user.created_at.to_s(:micro)
@@ -14,3 +14,13 @@ en:
   n_errs_have:
     one:   "%{count} err has"
     other: "%{count} errs have"
+
+
+  controllers:
+    users:
+      flash:
+        destroy:
+          success: "That's sad. %{name} is no longer part of your team."
+          error: "You can't delete yourself"
+        update:
+          success: "%{name}'s information was successfully updated."
 require 'spec_helper'
 describe UsersController do
-  render_views
   it_requires_authentication
   it_requires_admin_privileges :for => {
@@ -12,42 +11,39 @@ describe UsersController do
     :destroy  => :delete
   }
+  let(:admin) { Fabricate(:admin) }
+  let(:user) { Fabricate(:user) }
+  let(:other_user) { Fabricate(:user) }
+
   context 'Signed in as a regular user' do
+
     before do
-      sign_in @user = Fabricate(:user)
+      sign_in user
     end
     it "should set a time zone" do
-      Time.zone.should.to_s == @user.time_zone
+      Time.zone.should.to_s == user.time_zone
     end
     context "GET /users/:other_id/edit" do
       it "redirects to the home page" do
-        get :edit, :id => Fabricate(:user).id
+        get :edit, :id => other_user.id
         response.should redirect_to(root_path)
       end
     end
     context "GET /users/:my_id/edit" do
       it 'finds the user' do
-        get :edit, :id => @user.id
-        assigns(:user).should == @user
-      end
-
-      it "should have per_page option" do
-        get :edit, :id => @user.id
-        response.body.should match(/id="user_per_page"/)
+        get :edit, :id => user.id
+        controller.user.should == user
+        expect(response).to render_template 'edit'
       end
-      it "should have time_zone option" do
-        get :edit, :id => @user.id
-        response.body.should match(/id="user_time_zone"/)
-      end
     end
     context "PUT /users/:other_id" do
       it "redirects to the home page" do
-        put :update, :id => Fabricate(:user).id
+        put :update, :id => other_user.id
         response.should redirect_to(root_path)
       end
     end
@@ -55,44 +51,47 @@ describe UsersController do
     context "PUT /users/:my_id/id" do
       context "when the update is successful" do
         it "sets a message to display" do
-          put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
+          put :update, :id => user.to_param, :user => {:name => 'Kermit'}
           request.flash[:success].should include('updated')
         end
         it "redirects to the user's page" do
-          put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
-          response.should redirect_to(user_path(@user))
+          put :update, :id => user.to_param, :user => {:name => 'Kermit'}
+          response.should redirect_to(user_path(user))
         end
         it "should not be able to become an admin" do
-          put :update, :id => @user.to_param, :user => {:admin => true}
-          @user.reload.admin.should be_false
+          expect {
+            put :update, :id => user.to_param, :user => {:admin => true}
+          }.to_not change {
+            user.reload.admin
+          }.from(false)
         end
         it "should be able to set per_page option" do
-          put :update, :id => @user.to_param, :user => {:per_page => 555}
-          @user.reload.per_page.should == 555
+          put :update, :id => user.to_param, :user => {:per_page => 555}
+          user.reload.per_page.should == 555
         end
         it "should be able to set time_zone option" do
-          put :update, :id => @user.to_param, :user => {:time_zone => "Warsaw"}
-          @user.reload.time_zone.should == "Warsaw"
+          put :update, :id => user.to_param, :user => {:time_zone => "Warsaw"}
+          user.reload.time_zone.should == "Warsaw"
         end
         it "should be able to not set github_login option" do
-          put :update, :id => @user.to_param, :user => {:github_login => " "}
-          @user.reload.github_login.should == nil
+          put :update, :id => user.to_param, :user => {:github_login => " "}
+          user.reload.github_login.should == nil
         end
         it "should be able to set github_login option" do
-          put :update, :id => @user.to_param, :user => {:github_login => "awesome_name"}
-          @user.reload.github_login.should == "awesome_name"
+          put :update, :id => user.to_param, :user => {:github_login => "awesome_name"}
+          user.reload.github_login.should == "awesome_name"
         end
       end
       context "when the update is unsuccessful" do
         it "renders the edit page" do
-          put :update, :id => @user.to_param, :user => {:name => nil}
+          put :update, :id => user.to_param, :user => {:name => nil}
           response.should render_template(:edit)
         end
       end
@@ -101,81 +100,82 @@ describe UsersController do
   context 'Signed in as an admin' do
     before do
-      @user = Fabricate(:admin)
-      sign_in @user
+      sign_in admin
     end
     context "GET /users" do
+
       it 'paginates all users' do
-        @user.update_attribute :per_page, 2
-        users = 3.times { Fabricate(:user) }
+        admin.update_attribute :per_page, 2
+        users = 3.times {
+          Fabricate(:user)
+        }
         get :index
-        assigns(:users).to_a.size.should == 2
+        controller.users.to_a.size.should == 2
       end
+
     end
     context "GET /users/:id" do
       it 'finds the user' do
-        user = Fabricate(:user)
         get :show, :id => user.id
-        assigns(:user).should == user
+        controller.user.should == user
       end
     end
     context "GET /users/new" do
       it 'assigns a new user' do
         get :new
-        assigns(:user).should be_a(User)
-        assigns(:user).should be_new_record
+        controller.user.should be_a(User)
+        controller.user.should be_new_record
       end
     end
     context "GET /users/:id/edit" do
       it 'finds the user' do
-        user = Fabricate(:user)
         get :edit, :id => user.id
-        assigns(:user).should == user
+        controller.user.should == user
       end
     end
     context "POST /users" do
       context "when the create is successful" do
-        before do
-          @attrs = {:user => Fabricate.attributes_for(:user)}
-        end
+        let(:attrs) { {:user => Fabricate.attributes_for(:user)} }
         it "sets a message to display" do
-          post :create, @attrs
+          post :create, attrs
           request.flash[:success].should include('part of the team')
         end
         it "redirects to the user's page" do
-          post :create, @attrs
-          response.should redirect_to(user_path(assigns(:user)))
+          post :create, attrs
+          response.should redirect_to(user_path(controller.user))
         end
         it "should be able to create admin" do
-          @attrs[:user][:admin] = true
-          post :create, @attrs
+          attrs[:user][:admin] = true
+          post :create, attrs
           response.should be_redirect
-          User.find(assigns(:user).to_param).admin.should be_true
+          User.find(controller.user.to_param).admin.should be_true
         end
         it "should has auth token" do
-          post :create, @attrs
+          post :create, attrs
           User.last.authentication_token.should_not be_blank
         end
       end
       context "when the create is unsuccessful" do
+        let(:user) {
+          Struct.new(:admin, :attributes).new(true, {})
+        }
         before do
-          @user = Fabricate(:user)
-          User.should_receive(:new).and_return(@user)
-          @user.should_receive(:save).and_return(false)
+          User.should_receive(:new).and_return(user)
+          user.should_receive(:save).and_return(false)
         end
         it "renders the new page" do
-          post :create
+          post :create, :user => { :username => 'foo' }
           response.should render_template(:new)
         end
       end
@@ -183,59 +183,85 @@ describe UsersController do
     context "PUT /users/:id" do
       context "when the update is successful" do
-        before do
-          @user = Fabricate(:user)
-        end
-
-        it "sets a message to display" do
-          put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
-          request.flash[:success].should include('updated')
-        end
-
-        it "redirects to the user's page" do
-          put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
-          response.should redirect_to(user_path(@user))
-        end
-
-        it "should be able to make user an admin" do
-          put :update, :id => @user.to_param, :user => {:admin => true}
-          response.should be_redirect
-          User.find(assigns(:user).to_param).admin.should be_true
+        before {
+          put :update, :id => user.to_param, :user => user_params
+        }
+
+        context "with normal params" do
+          let(:user_params) { {:name => 'Kermit'} }
+          it "sets a message to display" do
+            expect(request.flash[:success]).to eq I18n.t('controllers.users.flash.update.success', :name => user.name)
+            expect(response).to redirect_to(user_path(user))
+          end
         end
       end
-
       context "when the update is unsuccessful" do
-        before do
-          @user = Fabricate(:user)
-        end
         it "renders the edit page" do
-          put :update, :id => @user.to_param, :user => {:name => nil}
+          put :update, :id => user.to_param, :user => {:name => nil}
           response.should render_template(:edit)
         end
       end
     end
     context "DELETE /users/:id" do
-      before do
-        @user = Fabricate(:user)
+
+      context "with a destroy success" do
+        let(:user_destroy) { mock(:destroy => true) }
+
+        before {
+          UserDestroy.should_receive(:new).with(user).and_return(user_destroy)
+          delete :destroy, :id => user.id
+        }
+
+        it 'should destroy user' do
+          expect(request.flash[:success]).to eq I18n.t('controllers.users.flash.destroy.success', :name => user.name)
+          response.should redirect_to(users_path)
+        end
       end
-      it "destroys the user" do
-        delete :destroy, :id => @user.id
-        User.where(:id => @user.id).first.should be_nil
+      context "with trying destroy himself" do
+        before {
+          UserDestroy.should_not_receive(:new)
+          delete :destroy, :id => admin.id
+        }
+
+        it 'should not destroy user' do
+          response.should redirect_to(users_path)
+          expect(request.flash[:error]).to eq I18n.t('controllers.users.flash.destroy.error')
+        end
       end
+    end
-      it "redirects to the users index page" do
-        delete :destroy, :id => @user.id
-        response.should redirect_to(users_path)
+    describe "#user_params" do
+      context "with current user not admin" do
+        before {
+          controller.stub(:current_user).and_return(user)
+          controller.stub(:params).and_return(ActionController::Parameters.new(user_param))
+        }
+        let(:user_param) { {'user' => { :name => 'foo', :admin => true }} }
+        it 'not have admin field' do
+          expect(controller.send(:user_params)).to eq ({'name' => 'foo'})
+        end
+        context "with password and password_confirmation empty?" do
+          let(:user_param) { {'user' => { :name => 'foo', 'password' => '', 'password_confirmation' => '' }} }
+          it 'not have password and password_confirmation field' do
+            expect(controller.send(:user_params)).to eq ({'name' => 'foo'})
+          end
+        end
       end
-      it "sets a message to display" do
-        delete :destroy, :id => @user.id
-        request.flash[:success].should include('no longer part of your team')
+      context "with current user admin" do
+        it 'have admin field'
+        context "with password and password_confirmation empty?" do
+          it 'not have password and password_confirmation field'
+        end
+        context "on his own user" do
+          it 'not have admin field'
+        end
       end
     end
+
   end
 end
@@ -4,7 +4,9 @@ Fabricator(:app) do
 end
 Fabricator(:app_with_watcher, :from => :app) do
-  watchers(:count => 1) { |parent, i| Fabricate.build(:watcher, :app => parent) }
+  watchers(:count => 1) { |parent, i|
+    Fabricate.build(:watcher, :app => parent)
+  }
 end
 Fabricator(:watcher) do
@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe UserDestroy do
+  let(:app) { Fabricate(
+    :app,
+    :watchers => [
+      Fabricate.build(:user_watcher, :user => user)
+    ])
+  }
+
+  describe "#destroy" do
+    let!(:user) { Fabricate(:user) }
+    it 'should delete user' do
+      expect {
+        UserDestroy.new(user).destroy
+      }.to change(User, :count)
+    end
+
+    it 'should delete watcher' do
+      expect {
+        UserDestroy.new(user).destroy
+      }.to change{
+        app.reload.watchers.where(:user_id => user.id).count
+      }.from(1).to(0)
+    end
+  end
+end
@@ -49,15 +49,6 @@ describe User do
       user.watchers.should include(watcher)
     end
-    it "destroys any related watchers when it is destroyed" do
-      user = Fabricate(:user)
-      app  = Fabricate(:app)
-      watcher = Fabricate(:user_watcher, :app => app, :user => user)
-      user.watchers.should_not be_empty
-      user.destroy
-      app.reload.watchers.should_not include(watcher)
-    end
-
     it "has many apps through watchers" do
       user = Fabricate(:user)
       watched_app  = Fabricate(:app)
@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+describe 'users/edit.html.haml' do
+  let(:user) { stub_model(User, :name => 'shingara') }
+  before {
+    view.stub(:current_user).and_return(user)
+    view.stub(:user).and_return(user)
+  }
+  it 'should have per_page option' do
+    render
+    expect(rendered).to match(/id="user_per_page"/)
+  end
+
+  it 'should have time_zone option' do
+    render
+    expect(rendered).to match(/id="user_time_zone"/)
+  end
+end
@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe 'users/index.html.haml' do
+  let(:user) { stub_model(User) }
+  before {
+    view.stub(:current_user).and_return(user)
+    view.stub(:users).and_return(
+      Kaminari.paginate_array([user], :total_count => 1).page(1)
+    )
+  }
+  it 'should see users option' do
+    render
+    expect(rendered).to match(/class='user_list'/)
+  end
+
+end
@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+describe 'users/new.html.haml' do
+  let(:user) { stub_model(User) }
+  before {
+    view.stub(:current_user).and_return(user)
+    view.stub(:user).and_return(user)
+  }
+  it 'should have per_page option' do
+    render
+    expect(rendered).to match(/id="user_per_page"/)
+  end
+
+  it 'should have time_zone option' do
+    render
+    expect(rendered).to match(/id="user_time_zone"/)
+  end
+end
 require 'spec_helper'
 describe 'users/show.html.haml' do
+
   let(:user) do
     stub_model(User, :created_at => Time.now, :email => "test@example.com")
   end
@@ -8,12 +9,12 @@ describe &#39;users/show.html.haml&#39; do
   before do
     Errbit::Config.stub(:github_authentication) { true }
     controller.stub(:current_user) { stub_model(User) }
+    view.stub(:user) { user }
   end
   context 'with GitHub authentication' do
     it 'shows github login' do
       user.github_login = 'test_user'
-      assign :user, user
       render
       rendered.should match(/GitHub/)
       rendered.should match(/test_user/)
@@ -21,7 +22,6 @@ describe &#39;users/show.html.haml&#39; do
     it 'does not show github if blank' do
       user.github_login = ' '
-      assign :user, user
       render
       rendered.should_not match(/GitHub/)
     end
@@ -30,7 +30,6 @@ describe &#39;users/show.html.haml&#39; do
   context "Linking GitHub account" do
     context 'viewing another user page' do
       it "doesn't show and github linking buttons if user is not current user" do
-        assign :user, user
         render
         view.content_for(:action_bar).should_not include('Link GitHub account')
         view.content_for(:action_bar).should_not include('Unlink GitHub account')
@@ -40,7 +39,6 @@ describe &#39;users/show.html.haml&#39; do
     context 'viewing own user page' do
       before do
         controller.stub(:current_user) { user }
-        assign :user, user
       end
       it 'shows link github button when no login or token' do
1	GIT	1	GIT
2	remote: https://github.com/NARKOZ/gitlab.git	2	remote: https://github.com/NARKOZ/gitlab.git
3	- revision: f2ba111dba70eca5346a880c541dafaf35d3332a	3	+ revision: 53d7a8a86dfed63e56eeb16ea496bb7a82de337e
4	specs:	4	specs:
5	gitlab (2.2.0)	5	gitlab (2.2.0)
6	httparty	6	httparty
	@@ -91,9 +91,8 @@ GEM		@@ -91,9 +91,8 @@ GEM
91	simplecov (>= 0.7)	91	simplecov (>= 0.7)
92	thor	92	thor
93	crack (0.3.2)	93	crack (0.3.2)
94	- css_parser (1.2.6)	94	+ css_parser (1.3.4)
95	addressable	95	addressable
96	- rdoc
97	daemons (1.1.9)	96	daemons (1.1.9)
98	database_cleaner (0.9.1)	97	database_cleaner (0.9.1)
99	debug_inspector (0.0.2)	98	debug_inspector (0.0.2)
	@@ -103,6 +102,7 @@ GEM		@@ -103,6 +102,7 @@ GEM
103	debugger-ruby_core_source (~> 1.2.1)	102	debugger-ruby_core_source (~> 1.2.1)
104	debugger-linecache (1.2.0)	103	debugger-linecache (1.2.0)
105	debugger-ruby_core_source (1.2.2)	104	debugger-ruby_core_source (1.2.2)
		105	+ decent_exposure (2.2.0)
106	devise (1.5.4)	106	devise (1.5.4)
107	bcrypt-ruby (~> 3.0)	107	bcrypt-ruby (~> 3.0)
108	orm_adapter (~> 0.0.3)	108	orm_adapter (~> 0.0.3)
	@@ -135,6 +135,7 @@ GEM		@@ -135,6 +135,7 @@ GEM
135	hike (1.2.2)	135	hike (1.2.2)
136	hipchat (0.9.0)	136	hipchat (0.9.0)
137	httparty	137	httparty
		138	+ httparty
138	hoi (0.0.6)	139	hoi (0.0.6)
139	httparty (> 0.6.0)	140	httparty (> 0.6.0)
140	json (> 1.4.0)	141	json (> 1.4.0)
	@@ -151,9 +152,9 @@ GEM		@@ -151,9 +152,9 @@ GEM
151	has_scope (~> 0.5.0)	152	has_scope (~> 0.5.0)
152	responders (~> 0.9)	153	responders (~> 0.9)
153	journey (1.0.4)	154	journey (1.0.4)
154	- jquery-rails (2.1.3)
155	- railties (>= 3.1.0, < 5.0)
156	- thor (~> 0.14)	155	+ jquery-rails (3.0.0)
		156	+ railties (>= 3.0, < 5.0)
		157	+ thor (>= 0.14, < 2.0)
157	json (1.8.0)	158	json (1.8.0)
158	jwt (0.1.8)	159	jwt (0.1.8)
159	multi_json (>= 1.5)	160	multi_json (>= 1.5)
	@@ -229,12 +230,14 @@ GEM		@@ -229,12 +230,14 @@ GEM
229	activeresource (>= 2.3.0)	230	activeresource (>= 2.3.0)
230	pivotal-tracker (0.5.10)	231	pivotal-tracker (0.5.10)
231	builder	232	builder
		233	+ builder
232	crack	234	crack
233	happymapper (>= 0.3.2)	235	happymapper (>= 0.3.2)
234	nokogiri (>= 1.4.3)	236	nokogiri (>= 1.4.3)
235	nokogiri (>= 1.5.5)	237	nokogiri (>= 1.5.5)
236	nokogiri-happymapper (>= 0.5.4)	238	nokogiri-happymapper (>= 0.5.4)
237	rest-client (~> 1.6.0)	239	rest-client (~> 1.6.0)
		240	+ rest-client (~> 1.6.0)
238	pjax_rails (0.3.4)	241	pjax_rails (0.3.4)
239	jquery-rails	242	jquery-rails
240	polyglot (0.3.3)	243	polyglot (0.3.3)
	@@ -279,7 +282,7 @@ GEM		@@ -279,7 +282,7 @@ GEM
279	rbx-require-relative (0.0.9)	282	rbx-require-relative (0.0.9)
280	rdoc (3.12.2)	283	rdoc (3.12.2)
281	json (~> 1.4)	284	json (~> 1.4)
282	- ref (1.0.4)	285	+ ref (1.0.5)
283	responders (0.9.3)	286	responders (0.9.3)
284	railties (~> 3.1)	287	railties (~> 3.1)
285	rest-client (1.6.7)	288	rest-client (1.6.7)
	@@ -323,6 +326,10 @@ GEM		@@ -323,6 +326,10 @@ GEM
323	multi_json (~> 1.0)	326	multi_json (~> 1.0)
324	rack (~> 1.0)	327	rack (~> 1.0)
325	tilt (~> 1.1, != 1.3.0)	328	tilt (~> 1.1, != 1.3.0)
		329	+ strong_parameters (0.2.1)
		330	+ actionpack (~> 3.0)
		331	+ activemodel (~> 3.0)
		332	+ railties (~> 3.0)
326	taskmapper (0.8.0)	333	taskmapper (0.8.0)
327	activeresource (~> 3.0)	334	activeresource (~> 3.0)
328	activesupport (~> 3.0)	335	activesupport (~> 3.0)
	@@ -385,6 +392,7 @@ DEPENDENCIES		@@ -385,6 +392,7 @@ DEPENDENCIES
385	coveralls	392	coveralls
386	database_cleaner (~> 0.9.0)	393	database_cleaner (~> 0.9.0)
387	debugger	394	debugger
		395	+ decent_exposure
388	devise (~> 1.5.4)	396	devise (~> 1.5.4)
389	email_spec	397	email_spec
390	execjs	398	execjs
	@@ -405,7 +413,7 @@ DEPENDENCIES		@@ -405,7 +413,7 @@ DEPENDENCIES
405	meta_request	413	meta_request
406	mongo	414	mongo
407	mongoid (~> 2.7.1)	415	mongoid (~> 2.7.1)
408	- mongoid_rails_migrations	416	+ mongoid_rails_migrations (~> 0.0.14)
409	octokit	417	octokit
410	omniauth-github	418	omniauth-github
411	oruen_redmine_client	419	oruen_redmine_client
	@@ -421,6 +429,7 @@ DEPENDENCIES		@@ -421,6 +429,7 @@ DEPENDENCIES
421	ruby-debug	429	ruby-debug
422	ruby-fogbugz	430	ruby-fogbugz
423	rushover	431	rushover
		432	+ strong_parameters
424	taskmapper (~> 0.8.0)	433	taskmapper (~> 0.8.0)
425	taskmapper-unfuddle (~> 0.7.0)	434	taskmapper-unfuddle (~> 0.7.0)
426	therubyracer	435	therubyracer
@@ -0,0 +1,11 @@		@@ -0,0 +1,11 @@
	1	+class UserDestroy
	2	+ def initialize(user)
	3	+ @user = user
	4	+ end
	5	+
	6	+ def destroy
	7	+ @user.destroy
	8	+ @user.watchers.each(&:destroy)
	9	+ end
	10	+
	11	+end
1	-= errors_for @user	1	+= errors_for user
2		2
3	.required	3	.required
4	= f.label :name	4	= f.label :name
	@@ -14,3 +14,13 @@ en:		@@ -14,3 +14,13 @@ en:
14	n_errs_have:	14	n_errs_have:
15	one: "%{count} err has"	15	one: "%{count} err has"
16	other: "%{count} errs have"	16	other: "%{count} errs have"
		17	+
		18	+
		19	+ controllers:
		20	+ users:
		21	+ flash:
		22	+ destroy:
		23	+ success: "That's sad. %{name} is no longer part of your team."
		24	+ error: "You can't delete yourself"
		25	+ update:
		26	+ success: "%{name}'s information was successfully updated."
@@ -0,0 +1,27 @@		@@ -0,0 +1,27 @@
	1	+require 'spec_helper'
	2	+
	3	+describe UserDestroy do
	4	+ let(:app) { Fabricate(
	5	+ :app,
	6	+ :watchers => [
	7	+ Fabricate.build(:user_watcher, :user => user)
	8	+ ])
	9	+ }
	10	+
	11	+ describe "#destroy" do
	12	+ let!(:user) { Fabricate(:user) }
	13	+ it 'should delete user' do
	14	+ expect {
	15	+ UserDestroy.new(user).destroy
	16	+ }.to change(User, :count)
	17	+ end
	18	+
	19	+ it 'should delete watcher' do
	20	+ expect {
	21	+ UserDestroy.new(user).destroy
	22	+ }.to change{
	23	+ app.reload.watchers.where(:user_id => user.id).count
	24	+ }.from(1).to(0)
	25	+ end
	26	+ end
	27	+end
	@@ -49,15 +49,6 @@ describe User do		@@ -49,15 +49,6 @@ describe User do
49	user.watchers.should include(watcher)	49	user.watchers.should include(watcher)
50	end	50	end
51		51
52	- it "destroys any related watchers when it is destroyed" do
53	- user = Fabricate(:user)
54	- app = Fabricate(:app)
55	- watcher = Fabricate(:user_watcher, :app => app, :user => user)
56	- user.watchers.should_not be_empty
57	- user.destroy
58	- app.reload.watchers.should_not include(watcher)
59	- end
60	-
61	it "has many apps through watchers" do	52	it "has many apps through watchers" do
62	user = Fabricate(:user)	53	user = Fabricate(:user)
63	watched_app = Fabricate(:app)	54	watched_app = Fabricate(:app)
@@ -0,0 +1,18 @@		@@ -0,0 +1,18 @@
	1	+require 'spec_helper'
	2	+
	3	+describe 'users/edit.html.haml' do
	4	+ let(:user) { stub_model(User, :name => 'shingara') }
	5	+ before {
	6	+ view.stub(:current_user).and_return(user)
	7	+ view.stub(:user).and_return(user)
	8	+ }
	9	+ it 'should have per_page option' do
	10	+ render
	11	+ expect(rendered).to match(/id="user_per_page"/)
	12	+ end
	13	+
	14	+ it 'should have time_zone option' do
	15	+ render
	16	+ expect(rendered).to match(/id="user_time_zone"/)
	17	+ end
	18	+end
@@ -0,0 +1,16 @@		@@ -0,0 +1,16 @@
	1	+require 'spec_helper'
	2	+
	3	+describe 'users/index.html.haml' do
	4	+ let(:user) { stub_model(User) }
	5	+ before {
	6	+ view.stub(:current_user).and_return(user)
	7	+ view.stub(:users).and_return(
	8	+ Kaminari.paginate_array([user], :total_count => 1).page(1)
	9	+ )
	10	+ }
	11	+ it 'should see users option' do
	12	+ render
	13	+ expect(rendered).to match(/class='user_list'/)
	14	+ end
	15	+
	16	+end