Ruby on Rails

On 11 December 2015 at 17:54, Jason Hsu, Ruby on High Speed Rails
<jhsu802701@gmail.com> wrote:
> Back story:
> I'm developing a new Rails site for the local Ruby user group. I'm using
> Devise to provide authentication for separate user and admin classes.
>
> Current task:
> I'm working on the create/new function for the sponsor class. Sponsors are
> an independent class and are not tied to users, admins, or other classes.
> However, only admins should be allowed to create sponsors.
>
> The problem:
> In my sponsor controller tests, I'm unable to prevent users and
> unauthenticated visitors from creating new sponsors without also preventing
> admins from doing so. Troubleshooting with the puts command reveals that
> the admin_signed_in? value is false EVEN AFTER loggin in.

You do not appear to have shown us the admin_signed_in? method.

Colin

>
> The source code of this app is at
> https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller .
>
> Excerpt from test/controllers/sponsors_controller_test.rb:
>
> test 'superadmin can create a new sponsor' do
> login_as @a1
>
> assert_difference 'Sponsor.count', 1 do
> add_past
> end
>
> assert_difference 'Sponsor.count', 1 do
> add_current
> end
>
> logout :admin
> end
>
> test 'regular admin can create a new sponsor' do
> login_as @a3
>
> assert_difference 'Sponsor.count', 1 do
> add_past
> end
>
> assert_difference 'Sponsor.count', 1 do
> add_current
> end
>
> logout :admin
> end
>
> test 'user cannot create a new sponsor' do
> login_as @u1
>
> assert_no_difference 'Sponsor.count' do
> add_past
> end
>
> assert_no_difference 'Sponsor.count' do
> add_current
> end
>
> logout :user
> end
>
> test 'an unregistered visitor cannot create a new sponsor' do
> assert_no_difference 'Sponsor.count' do
> add_past
> end
>
> assert_no_difference 'Sponsor.count' do
> add_current
> end
> end
>
>
> app/controllers/sponsors_controller.rb
>
> #
> class SponsorsController < ApplicationController
> before_filter :admin_signed_in?, except: [:index, :show]
>
> def index
> @sponsors_current = Sponsor.where('current=?', true)
> @sponsors_past = Sponsor.where('current!=?', true)
> end
>
> def show
> @sponsor = Sponsor.find(params[:id])
> end
>
> def new
> @sponsor = Sponsor.new
> end
>
> def create
> puts admin_signed_in?
> if admin_signed_in?
> @sponsor = Sponsor.new(sponsor_params)
> if @sponsor.save
> flash[:info] = "Sponsor added."
> redirect_to sponsors_path
> else
> render 'new'
> end
> else
> redirect_to root_path
> end
> end
>
> private
> def sponsor_params
> params.require(:sponsor).permit(:name, :phone, :description,
> :contact_email, :contact_url,
> :current)
> end
> end
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-talk+unsubscribe@googlegroups.com.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/d4243b93-82b0-490c-941d-a07dcf0d137c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLvqh7BvW5yU%2BLkhufzEVohcis13MsxF0e%2B5nydB4umQew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.