Commit 81301c44f59f466cfc2c663ec44c1472e3ad274a
1 parent
a98eadac
Exists in
master
and in
1 other branch
Regular users can only see apps which they watch
Showing
3 changed files
with
28 additions
and
7 deletions
Show diff stats
app/controllers/apps_controller.rb
| @@ -7,7 +7,7 @@ class AppsController < ApplicationController | @@ -7,7 +7,7 @@ class AppsController < ApplicationController | ||
| 7 | end | 7 | end |
| 8 | 8 | ||
| 9 | def show | 9 | def show |
| 10 | - @app = App.find(params[:id]) | 10 | + @app = current_user.admin? ? App.find(params[:id]) : current_user.apps.find_by_id!(params[:id]) |
| 11 | @errs = @app.errs.paginate | 11 | @errs = @app.errs.paginate |
| 12 | end | 12 | end |
| 13 | 13 |
app/models/app.rb
| @@ -20,6 +20,11 @@ class App | @@ -20,6 +20,11 @@ class App | ||
| 20 | accepts_nested_attributes_for :watchers, :allow_destroy => true, | 20 | accepts_nested_attributes_for :watchers, :allow_destroy => true, |
| 21 | :reject_if => proc { |attrs| attrs.all? { |k, v| v.blank? } } | 21 | :reject_if => proc { |attrs| attrs.all? { |k, v| v.blank? } } |
| 22 | 22 | ||
| 23 | + # Mongoid Bug: find(id) on association proxies returns an Enumerator | ||
| 24 | + def self.find_by_id!(app_id) | ||
| 25 | + where(:id => app_id).first || raise(Mongoid::Errors::DocumentNotFound.new(self,key)) | ||
| 26 | + end | ||
| 27 | + | ||
| 23 | def self.find_by_api_key!(key) | 28 | def self.find_by_api_key!(key) |
| 24 | where(:api_key => key).first || raise(Mongoid::Errors::DocumentNotFound.new(self,key)) | 29 | where(:api_key => key).first || raise(Mongoid::Errors::DocumentNotFound.new(self,key)) |
| 25 | end | 30 | end |
spec/controllers/apps_controller_spec.rb
| @@ -5,7 +5,7 @@ describe AppsController do | @@ -5,7 +5,7 @@ describe AppsController do | ||
| 5 | it_requires_authentication | 5 | it_requires_authentication |
| 6 | it_requires_admin_privileges :for => {:new => :get, :edit => :get, :create => :post, :update => :put, :destroy => :delete} | 6 | it_requires_admin_privileges :for => {:new => :get, :edit => :get, :create => :post, :update => :put, :destroy => :delete} |
| 7 | 7 | ||
| 8 | - describe "GET /apps", :focused => true do | 8 | + describe "GET /apps" do |
| 9 | context 'when logged in as an admin' do | 9 | context 'when logged in as an admin' do |
| 10 | it 'finds all apps' do | 10 | it 'finds all apps' do |
| 11 | sign_in Factory(:admin) | 11 | sign_in Factory(:admin) |
| @@ -32,11 +32,27 @@ describe AppsController do | @@ -32,11 +32,27 @@ describe AppsController do | ||
| 32 | end | 32 | end |
| 33 | 33 | ||
| 34 | describe "GET /apps/:id" do | 34 | describe "GET /apps/:id" do |
| 35 | - it 'finds the app' do | ||
| 36 | - sign_in Factory(:user) | ||
| 37 | - app = Factory(:app) | ||
| 38 | - get :show, :id => app.id | ||
| 39 | - assigns(:app).should == app | 35 | + context 'logged in as an admin' do |
| 36 | + it 'finds the app' do | ||
| 37 | + sign_in Factory(:admin) | ||
| 38 | + app = Factory(:app) | ||
| 39 | + get :show, :id => app.id | ||
| 40 | + assigns(:app).should == app | ||
| 41 | + end | ||
| 42 | + end | ||
| 43 | + | ||
| 44 | + context 'logged in as a user' do | ||
| 45 | + it 'finds the app if the user is watching it' do | ||
| 46 | + | ||
| 47 | + end | ||
| 48 | + | ||
| 49 | + it 'does not find the app if the user is not watching it' do | ||
| 50 | + sign_in Factory(:user) | ||
| 51 | + app = Factory(:app) | ||
| 52 | + lambda { | ||
| 53 | + get :show, :id => app.id | ||
| 54 | + }.should raise_error(Mongoid::Errors::DocumentNotFound) | ||
| 55 | + end | ||
| 40 | end | 56 | end |
| 41 | end | 57 | end |
| 42 | 58 |