Friday, December 11, 2015
Back story:
I'm developing a new Rails site for the local Ruby user group. I'm using Devise to provide authentication for separate user and admin classes.
Current task:
I'm working on the create/new function for the sponsor class. Sponsors are an independent class and are not tied to users, admins, or other classes. However, only admins should be allowed to create sponsors.
-- I'm developing a new Rails site for the local Ruby user group. I'm using Devise to provide authentication for separate user and admin classes.
Current task:
I'm working on the create/new function for the sponsor class. Sponsors are an independent class and are not tied to users, admins, or other classes. However, only admins should be allowed to create sponsors.
The problem:
In my sponsor controller tests, I'm unable to prevent users and unauthenticated visitors from creating new sponsors without also preventing admins from doing so. Troubleshooting with the puts command reveals that the admin_signed_in? value is false EVEN AFTER loggin in.
The source code of this app is at https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller .
Excerpt from test/controllers/sponsors_controller_test.rb:
app/controllers/sponsors_controller.rb
In my sponsor controller tests, I'm unable to prevent users and unauthenticated visitors from creating new sponsors without also preventing admins from doing so. Troubleshooting with the puts command reveals that the admin_signed_in? value is false EVEN AFTER loggin in.
The source code of this app is at https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller .
Excerpt from test/controllers/sponsors_controller_test.rb:
test 'superadmin can create a new sponsor' do
login_as @a1
assert_difference 'Sponsor.count', 1 do
add_past
end
assert_difference 'Sponsor.count', 1 do
add_current
end
logout :admin
end
test 'regular admin can create a new sponsor' do
login_as @a3
assert_difference 'Sponsor.count', 1 do
add_past
end
assert_difference 'Sponsor.count', 1 do
add_current
end
logout :admin
end
test 'user cannot create a new sponsor' do
login_as @u1
assert_no_difference 'Sponsor.count' do
add_past
end
assert_no_difference 'Sponsor.count' do
add_current
end
logout :user
end
test 'an unregistered visitor cannot create a new sponsor' do
assert_no_difference 'Sponsor.count' do
add_past
end
assert_no_difference 'Sponsor.count' do
add_current
end
end
app/controllers/sponsors_controller.rb
#
class SponsorsController < ApplicationController
before_filter :admin_signed_in?, except: [:index, :show]
def index
@sponsors_current = Sponsor.where('current=?', true)
@sponsors_past = Sponsor.where('current!=?', true)
end
def show
@sponsor = Sponsor.find(params[:id])
end
def new
@sponsor = Sponsor.new
end
def create
puts admin_signed_in?
if admin_signed_in?
@sponsor = Sponsor.new(sponsor_params)
if @sponsor.save
flash[:info] = "Sponsor added."
redirect_to sponsors_path
else
render 'new'
end
else
redirect_to root_path
end
end
private
def sponsor_params
params.require(:sponsor).permit(:name, :phone, :description,
:contact_email, :contact_url,
:current)
end
end
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/d4243b93-82b0-490c-941d-a07dcf0d137c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment