Commit 55f2636e15ce44df9780b676794f9e79ff480cf2
1 parent
0a406eda
Exists in
master
and in
1 other branch
Admin is able to make other admins on user creation.
Showing
2 changed files
with
25 additions
and
6 deletions
Show diff stats
app/controllers/users_controller.rb
| ... | ... | @@ -23,6 +23,9 @@ class UsersController < ApplicationController |
| 23 | 23 | def create |
| 24 | 24 | @user = User.new(params[:user]) |
| 25 | 25 | |
| 26 | + # Set protected attributes | |
| 27 | + @user.admin = params[:user].try(:[], :admin) if current_user.admin? | |
| 28 | + | |
| 26 | 29 | if @user.save |
| 27 | 30 | flash[:success] = "#{@user.name} is now part of the team. Be sure to add them as a project watcher." |
| 28 | 31 | redirect_to user_path(@user) | ... | ... |
spec/controllers/users_controller_spec.rb
| ... | ... | @@ -48,6 +48,11 @@ describe UsersController do |
| 48 | 48 | put :update, :id => @user.to_param, :user => {:name => 'Kermit'} |
| 49 | 49 | response.should redirect_to(user_path(@user)) |
| 50 | 50 | end |
| 51 | + | |
| 52 | + it "should not be able to become an admin" do | |
| 53 | + put :update, :id => @user.to_param, :user => {:admin => true} | |
| 54 | + @user.reload.admin.should be_false | |
| 55 | + end | |
| 51 | 56 | end |
| 52 | 57 | |
| 53 | 58 | context "when the update is unsuccessful" do |
| ... | ... | @@ -100,19 +105,24 @@ describe UsersController do |
| 100 | 105 | context "POST /users" do |
| 101 | 106 | context "when the create is successful" do |
| 102 | 107 | before do |
| 103 | - @user = Factory(:user) | |
| 104 | - User.should_receive(:new).and_return(@user) | |
| 105 | - @user.should_receive(:save).and_return(true) | |
| 108 | + @attrs = {:user => Factory.attributes_for(:user)} | |
| 106 | 109 | end |
| 107 | 110 | |
| 108 | 111 | it "sets a message to display" do |
| 109 | - post :create | |
| 112 | + post :create, @attrs | |
| 110 | 113 | request.flash[:success].should include('part of the team') |
| 111 | 114 | end |
| 112 | 115 | |
| 113 | 116 | it "redirects to the user's page" do |
| 114 | - post :create | |
| 115 | - response.should redirect_to(user_path(@user)) | |
| 117 | + post :create, @attrs | |
| 118 | + response.should redirect_to(user_path(assigns(:user))) | |
| 119 | + end | |
| 120 | + | |
| 121 | + it "should be able to create admin" do | |
| 122 | + @attrs[:user][:admin] = true | |
| 123 | + post :create, @attrs | |
| 124 | + response.should be_redirect | |
| 125 | + User.find(assigns(:user).to_param).admin.should be_true | |
| 116 | 126 | end |
| 117 | 127 | end |
| 118 | 128 | |
| ... | ... | @@ -145,6 +155,12 @@ describe UsersController do |
| 145 | 155 | put :update, :id => @user.to_param, :user => {:name => 'Kermit'} |
| 146 | 156 | response.should redirect_to(user_path(@user)) |
| 147 | 157 | end |
| 158 | + | |
| 159 | + it "should be able to make user an admin" do | |
| 160 | + put :update, :id => @user.to_param, :user => {:admin => true} | |
| 161 | + response.should be_redirect | |
| 162 | + User.find(assigns(:user).to_param).admin.should be_true | |
| 163 | + end | |
| 148 | 164 | end |
| 149 | 165 | |
| 150 | 166 | context "when the update is unsuccessful" do | ... | ... |