Download as
Browse Code »

Commit 55f2636e15ce44df9780b676794f9e79ff480cf2

Authored by Nick Recobra
1 parent 0a406eda
Exists in master and in 1 other branch production

Admin is able to make other admins on user creation.

Showing 2 changed files with 25 additions and 6 deletions   Show diff stats
app/controllers/users_controller.rb
  Diff comments   View file @55f2636
@@ -23,6 +23,9 @@ class UsersController < ApplicationController @@ -23,6 +23,9 @@ class UsersController < ApplicationController
23 def create 23 def create
24 @user = User.new(params[:user]) 24 @user = User.new(params[:user])
25 25
  26 + # Set protected attributes
  27 + @user.admin = params[:user].try(:[], :admin) if current_user.admin?
  28 +
26 if @user.save 29 if @user.save
27 flash[:success] = "#{@user.name} is now part of the team. Be sure to add them as a project watcher." 30 flash[:success] = "#{@user.name} is now part of the team. Be sure to add them as a project watcher."
28 redirect_to user_path(@user) 31 redirect_to user_path(@user)
spec/controllers/users_controller_spec.rb
  Diff comments   View file @55f2636
@@ -48,6 +48,11 @@ describe UsersController do @@ -48,6 +48,11 @@ describe UsersController do
48 put :update, :id => @user.to_param, :user => {:name => 'Kermit'} 48 put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
49 response.should redirect_to(user_path(@user)) 49 response.should redirect_to(user_path(@user))
50 end 50 end
  51 +
  52 + it "should not be able to become an admin" do
  53 + put :update, :id => @user.to_param, :user => {:admin => true}
  54 + @user.reload.admin.should be_false
  55 + end
51 end 56 end
52 57
53 context "when the update is unsuccessful" do 58 context "when the update is unsuccessful" do
@@ -100,19 +105,24 @@ describe UsersController do @@ -100,19 +105,24 @@ describe UsersController do
100 context "POST /users" do 105 context "POST /users" do
101 context "when the create is successful" do 106 context "when the create is successful" do
102 before do 107 before do
103 - @user = Factory(:user)  
104 - User.should_receive(:new).and_return(@user)  
105 - @user.should_receive(:save).and_return(true) 108 + @attrs = {:user => Factory.attributes_for(:user)}
106 end 109 end
107 110
108 it "sets a message to display" do 111 it "sets a message to display" do
109 - post :create 112 + post :create, @attrs
110 request.flash[:success].should include('part of the team') 113 request.flash[:success].should include('part of the team')
111 end 114 end
112 115
113 it "redirects to the user's page" do 116 it "redirects to the user's page" do
114 - post :create  
115 - response.should redirect_to(user_path(@user)) 117 + post :create, @attrs
  118 + response.should redirect_to(user_path(assigns(:user)))
  119 + end
  120 +
  121 + it "should be able to create admin" do
  122 + @attrs[:user][:admin] = true
  123 + post :create, @attrs
  124 + response.should be_redirect
  125 + User.find(assigns(:user).to_param).admin.should be_true
116 end 126 end
117 end 127 end
118 128
@@ -145,6 +155,12 @@ describe UsersController do @@ -145,6 +155,12 @@ describe UsersController do
145 put :update, :id => @user.to_param, :user => {:name => 'Kermit'} 155 put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
146 response.should redirect_to(user_path(@user)) 156 response.should redirect_to(user_path(@user))
147 end 157 end
  158 +
  159 + it "should be able to make user an admin" do
  160 + put :update, :id => @user.to_param, :user => {:admin => true}
  161 + response.should be_redirect
  162 + User.find(assigns(:user).to_param).admin.should be_true
  163 + end
148 end 164 end
149 165
150 context "when the update is unsuccessful" do 166 context "when the update is unsuccessful" do