Base controller for plugins administration

The PluginAdminController protect by default users that didn't have edit_environment_features permission against access plugin administration.

Base controller for plugins administration
The PluginAdminController protect by default users that didn't have edit_environment_features permission against access plugin administration.
Victor Costa
1 parent e9bffd38
Showing 2 changed files with 30 additions and 0 deletions Show diff stats
app/controllers/admin/plugin_admin_controller.rb
test/functional/plugin_admin_controller_test.rb
@@ -0,0 +1,5 @@
+class PluginAdminController < AdminController
+
+  protect 'edit_environment_features', :environment
+
+end
@@ -0,0 +1,25 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class PluginAdminController
+  def index
+    render :text => 'ok'
+  end
+end
+
+class PluginAdminControllerTest < ActionController::TestCase
+
+  should 'allow user with the required permission to access plugin administration page' do
+    create_user_with_permission('testuser', 'edit_environment_features', Environment.default)
+    login_as('testuser')
+    get :index
+    assert_response :success
+  end
+
+  should 'forbid access to users that did not have the required permission' do
+    create_user('testuser')
+    login_as('testuser')
+    get :index
+    assert_response :forbidden
+  end
+
+end
@@ -0,0 +1,5 @@		@@ -0,0 +1,5 @@
	1	+class PluginAdminController < AdminController
	2	+
	3	+ protect 'edit_environment_features', :environment
	4	+
	5	+end
@@ -0,0 +1,25 @@		@@ -0,0 +1,25 @@
	1	+require File.dirname(__FILE__) + '/../test_helper'
	2	+
	3	+class PluginAdminController
	4	+ def index
	5	+ render :text => 'ok'
	6	+ end
	7	+end
	8	+
	9	+class PluginAdminControllerTest < ActionController::TestCase
	10	+
	11	+ should 'allow user with the required permission to access plugin administration page' do
	12	+ create_user_with_permission('testuser', 'edit_environment_features', Environment.default)
	13	+ login_as('testuser')
	14	+ get :index
	15	+ assert_response :success
	16	+ end
	17	+
	18	+ should 'forbid access to users that did not have the required permission' do
	19	+ create_user('testuser')
	20	+ login_as('testuser')
	21	+ get :index
	22	+ assert_response :forbidden
	23	+ end
	24	+
	25	+end