Don't show regular users links to manage apps

Jared Pace
1 parent 3977fd27
Showing 6 changed files with 95 additions and 87 deletions Show diff stats
app/controllers/apps_controller.rb
app/views/apps/index.html.haml
app/views/apps/show.html.haml
spec/controllers/apps_controller_spec.rb
spec/controllers/users_controller_spec.rb
spec/support/macros.rb
 class AppsController < ApplicationController
+  before_filter :require_admin!, :except => [:index, :show]
+  
   def index
     @apps = App.all
   end
 - content_for :title, 'Apps'
 - content_for :action_bar do
-  %span= link_to('Add a New App', new_app_path, :class => 'add')
+  %span= link_to('Add a New App', new_app_path, :class => 'add') if current_user.admin?
 %table.apps
   %thead
@@ -5,9 +5,10 @@
   %strong API Key:
   = @app.api_key
 - content_for :action_bar do
-  = link_to 'edit', edit_app_path(@app)
-  |
-  = link_to 'destroy', app_path(@app), :method => :delete, :confirm => 'Seriously?'
+  - if current_user.admin?
+    = link_to 'edit', edit_app_path(@app)
+    |
+    = link_to 'destroy', app_path(@app), :method => :delete, :confirm => 'Seriously?'
 - if @app.errs.none?
   %h3 Setup your app
 require 'spec_helper'
-describe AppsController do
+describe AppsController, :focused => true do
   it_requires_authentication
-  
-  before do
-    sign_in Factory(:user)
-  end
+  it_requires_admin_privileges :for => {:new => :get, :edit => :get, :create => :post, :update => :put, :destroy => :delete}
   describe "GET /apps" do
     it 'finds all apps' do
+      sign_in Factory(:user)
       3.times { Factory(:app) }
       apps = App.all
       get :index
@@ -19,115 +17,122 @@ describe AppsController do
   describe "GET /apps/:id" do
     it 'finds the app' do
+      sign_in Factory(:user)
       app = Factory(:app)
       get :show, :id => app.id
       assigns(:app).should == app
     end
   end
-  describe "GET /apps/new" do
-    it 'instantiates a new app with a prebuilt watcher' do
-      get :new
-      assigns(:app).should be_a(App)
-      assigns(:app).should be_new_record
-      assigns(:app).watchers.should_not be_empty
+  context 'logged in as an admin' do
+    before do
+      sign_in Factory(:admin)
     end
-  end
-  describe "GET /apps/:id/edit" do
-    it 'finds the correct app' do
-      app = Factory(:app)
-      get :edit, :id => app.id
-      assigns(:app).should == app
+    describe "GET /apps/new" do
+      it 'instantiates a new app with a prebuilt watcher' do
+        get :new
+        assigns(:app).should be_a(App)
+        assigns(:app).should be_new_record
+        assigns(:app).watchers.should_not be_empty
+      end
     end
-  end
-  describe "POST /apps" do
-    before do
-      @app = Factory(:app)
-      App.stub(:new).and_return(@app)
+    describe "GET /apps/:id/edit" do
+      it 'finds the correct app' do
+        app = Factory(:app)
+        get :edit, :id => app.id
+        assigns(:app).should == app
+      end
     end
-    
-    context "when the create is successful" do
+  
+    describe "POST /apps" do
       before do
-        @app.should_receive(:save).and_return(true)
+        @app = Factory(:app)
+        App.stub(:new).and_return(@app)
       end
+    
+      context "when the create is successful" do
+        before do
+          @app.should_receive(:save).and_return(true)
+        end
-      it "should redirect to the app page" do
-        post :create, :app => {}
-        response.should redirect_to(app_path(@app))
-      end
+        it "should redirect to the app page" do
+          post :create, :app => {}
+          response.should redirect_to(app_path(@app))
+        end
-      it "should display a message" do
-        post :create, :app => {}
-        request.flash[:success].should match(/success/)
+        it "should display a message" do
+          post :create, :app => {}
+          request.flash[:success].should match(/success/)
+        end
       end
-    end
-    context "when the create is unsuccessful" do
-      it "should render the new page" do
-        @app.should_receive(:save).and_return(false)
-        post :create, :app => {}
-        response.should render_template(:new)
+      context "when the create is unsuccessful" do
+        it "should render the new page" do
+          @app.should_receive(:save).and_return(false)
+          post :create, :app => {}
+          response.should render_template(:new)
+        end
       end
     end
-  end
-  describe "PUT /apps/:id" do
-    before do
-      @app = Factory(:app)
-      App.stub(:find).with(@app.id).and_return(@app)
-    end
-    
-    context "when the update is successful" do
+    describe "PUT /apps/:id" do
       before do
-        @app.should_receive(:update_attributes).and_return(true)
+        @app = Factory(:app)
+        App.stub(:find).with(@app.id).and_return(@app)
       end
+    
+      context "when the update is successful" do
+        before do
+          @app.should_receive(:update_attributes).and_return(true)
+        end
-      it "should redirect to the app page" do
-        put :update, :id => @app.id, :app => {}
-        response.should redirect_to(app_path(@app))
-      end
+        it "should redirect to the app page" do
+          put :update, :id => @app.id, :app => {}
+          response.should redirect_to(app_path(@app))
+        end
-      it "should display a message" do
-        put :update, :id => @app.id, :app => {}
-        request.flash[:success].should match(/success/)
+        it "should display a message" do
+          put :update, :id => @app.id, :app => {}
+          request.flash[:success].should match(/success/)
+        end
       end
-    end
-    context "when the update is unsuccessful" do
-      it "should render the edit page" do
-        @app.should_receive(:update_attributes).and_return(false)
-        put :update, :id => @app.id, :app => {}
-        response.should render_template(:edit)
+      context "when the update is unsuccessful" do
+        it "should render the edit page" do
+          @app.should_receive(:update_attributes).and_return(false)
+          put :update, :id => @app.id, :app => {}
+          response.should render_template(:edit)
+        end
       end
     end
-  end
-  describe "DELETE /apps/:id" do
-    before do
-      @app = Factory(:app)
-      App.stub(:find).with(@app.id).and_return(@app)
-    end
+    describe "DELETE /apps/:id" do
+      before do
+        @app = Factory(:app)
+        App.stub(:find).with(@app.id).and_return(@app)
+      end
-    it "should find the app" do
-      delete :destroy, :id => @app.id
-      assigns(:app).should == @app
-    end
+      it "should find the app" do
+        delete :destroy, :id => @app.id
+        assigns(:app).should == @app
+      end
-    it "should destroy the app" do
-      @app.should_receive(:destroy)
-      delete :destroy, :id => @app.id
-    end
+      it "should destroy the app" do
+        @app.should_receive(:destroy)
+        delete :destroy, :id => @app.id
+      end
-    it "should display a message" do
-      delete :destroy, :id => @app.id
-      request.flash[:success].should match(/success/)
-    end
+      it "should display a message" do
+        delete :destroy, :id => @app.id
+        request.flash[:success].should match(/success/)
+      end
-    it "should redirect to the apps page" do
-      delete :destroy, :id => @app.id
-      response.should redirect_to(apps_path)
+      it "should redirect to the apps page" do
+        delete :destroy, :id => @app.id
+        response.should redirect_to(apps_path)
+      end
     end
   end
@@ -3,7 +3,7 @@ require &#39;spec_helper&#39;
 describe UsersController do
   it_requires_authentication
-  it_requires_admin
+   it_requires_admin_privileges
   context 'Signed in as an admin' do
     before do
@@ -27,7 +27,7 @@ def it_requires_authentication(options = {})
   end
 end
-def it_requires_admin(options = {})
+def  it_requires_admin_privileges(options = {})
   default_options = {
     :for => {
       :index    => :get,
1	class AppsController < ApplicationController	1	class AppsController < ApplicationController
2		2
		3	+ before_filter :require_admin!, :except => [:index, :show]
		4	+
3	def index	5	def index
4	@apps = App.all	6	@apps = App.all
5	end	7	end
1	- content_for :title, 'Apps'	1	- content_for :title, 'Apps'
2	- content_for :action_bar do	2	- content_for :action_bar do
3	- %span= link_to('Add a New App', new_app_path, :class => 'add')	3	+ %span= link_to('Add a New App', new_app_path, :class => 'add') if current_user.admin?
4		4
5	%table.apps	5	%table.apps
6	%thead	6	%thead
	@@ -3,7 +3,7 @@ require 'spec_helper'		@@ -3,7 +3,7 @@ require 'spec_helper'
3	describe UsersController do	3	describe UsersController do
4		4
5	it_requires_authentication	5	it_requires_authentication
6	- it_requires_admin	6	+ it_requires_admin_privileges
7		7
8	context 'Signed in as an admin' do	8	context 'Signed in as an admin' do
9	before do	9	before do
	@@ -27,7 +27,7 @@ def it_requires_authentication(options = {})		@@ -27,7 +27,7 @@ def it_requires_authentication(options = {})
27	end	27	end
28	end	28	end
29		29
30	-def it_requires_admin(options = {})	30	+def it_requires_admin_privileges(options = {})
31	default_options = {	31	default_options = {
32	:for => {	32	:for => {
33	:index => :get,	33	:index => :get,