# admin_controller_spec:
require 'spec_helper'
describe "should be authenticated if we managed to log in" do
before(:all) do
@controller = logout_user( nil ) # just to show this method doesn't blow up if noone's home
@controller = AdminController.new # created just for this test - shows how to use authlogic
end
before(:each) do
Authlogic::Session::Base.controller = Authlogic::ControllerAdapters::RailsAdapter.new(self)
@controller = logout_user( @controller )
end
it "should succeed on index and new for an admin user" do
@admin = create_admin
get :index
response.should be_success
get :new
response.should be_success
end
it "should fail on new for an ordinary user" do
@user = create_user
@controller = AdminController.new # created just for this test - shows how to use authlogic
get :index
response.should be_success
get :new
response.should_not be_success
end
end
# application_controller.rb:
helper_method :current_user_session, :current_user
private
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.user
end
def require_user
unless current_user
store_location
flash[:notice] = "You must be logged in to access this page"
redirect_to new_user_session_url
return false
end
end
def require_admin
user = (! current_user.nil?)
admin = false
if user
current_user.roles.each { |role| admin = true if role.name =~ /admin/i }
end
unless admin
store_location
flash[:notice] = "You must be an administrator to access this page"
redirect_to new_user_session_url
end
admin
end
# assets_controller.rb:
before_filter :require_user
# admin_controller.rb:
before_filter :require_admin, :only => :new
def index
@objects = []
respond_to do |format|
format.html { render :xml => @objects, :layout => false }
format.xml { render :xml => @objects, :layout => false }
end
end
def new
@object = Object.new
respond_to do |format|
format.html { render :xml => @object, :layout => false }
format.xml { render :xml => @object, :layout => false }
end
end
end
# factories.rb:
Factory.define :valid_user , :class => User do |u|
u.password "Mathieu1!"
u.password_confirmation "Mathieu1!"
u.email "mathieu.rousseau.32@gmail.com"
u.single_access_token "k3cFzLIQnZ4MHRmJvJzg"
end
Factory.define :role, :class => Role do |f|
f.sequence(:name) {|n| "role#{n}" }
end
Factory.define :admin, :parent => :role, :class => Role do |f|
f.sequence(:name) { "administrator" }
end
Factory.define :permission, :class => Permission do |f|
end
# user.rb:
class User < ActiveRecord::Base
acts_as_authentic do |c|
end
attr_accessible :email, :password, :password_confirmation
has_many :permissions
def roles
arr = []
permissions.each { |perm| arr << perm.role }
arr.uniq
end
end
# permission.rb:
class Permission < ActiveRecord::Base
belongs_to :user
belongs_to :role
validates_presence_of :user_id
validates_presence_of :role_id
end
# role.rb:
class Role < ActiveRecord::Base
has_and_belongs_to_many :users
end
# user_sessions_controller.rb:
def create
@user_session = UserSession.new(params[:user_session])
if @user_session.save
flash[:notice] = "Login successful"
redirect_to '/'
else
redirect_to '/'
end
end
# user_session.rb:
class UserSession < Authlogic::Session::Base
end
# spec_test_helper.rb:
module SpecTestHelper # used in specs and tests
def logout_user( old_controller )
return nil if old_controller.nil?
@controller = UserSessionsController.new
put :destroy
@controller = old_controller
@controller
end
def create_user
Authlogic::Session::Base.controller = Authlogic::ControllerAdapters::RailsAdapter.new(self)
user = Factory.build(:valid_user)
UserSession.create user
user
end
def create_admin
perm = Factory.build(:permission)
role = Factory.build(:admin)
role.save
perm.role = role
admin = create_user
perm.user = admin
perm.save!
admin
end
end
# test_helper.rb:
require File.expand_path('../../spec/spec_test_helper', __FILE__)
include SpecTestHelper
#spec_helper.rb:
require File.dirname( __FILE__ ) + '/spec_test_helper'
include SpecTestHelper
# routes.rb:
resources :user_sessions
resources :accounts, :controller => "users"
resources :users
resources :admin
match 'login' => "user_sessions#new", :as => :login
match 'logout' => "user_sessions#destroy", :as => :logout
# application.html.erb:
<% if current_user_session %>
| <%= link_to "logout", "/logout" %>
<% else %>
| <%= link_to "log in", "/user_sessions/new/" %>
<% end %>
|
