Added Admin functionallity

davidhalldor · Apr 10, 2009 · cfbdfa9 · cfbdfa9
1 parent 0c70941
commit cfbdfa9
Show file tree

Hide file tree

Showing 18 changed files with 190 additions and 22 deletions.
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
@@ -0,0 +1,27 @@
+class AdminController < ApplicationController
+  def login
+    session[:user_id] = nil
+    if request.post?
+      user = User.authenticate(params[:name], params[:password])
+      if user
+        session[:user_id] = user.id
+        uri = session[:original_uri]
+        session[:original_uri] = nil
+        redirect_to(:action => "index")
+      else
+        flash.now[:notice] = "Invalid user/password combination"
+      end
+    end
+  end
+
+  def logout
+    session[:user_id] = nil
+    flash[:notice] = "Logged out"
+    redirect_to(:action => "login")
+  end
+
+  def index
+    @user = User.find(session[:user_id])
+    @time = Time.now
+  end
+end
diff --git a/app/controllers/application.rb b/app/controllers/application.rb
@@ -2,14 +2,24 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
+  before_filter :authorize, :except => :login
   helper :all # include all helpers, all the time
 
   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
-  protect_from_forgery # :secret => 'b87f90d2c51e7f2d846cd1fe2becec2e'
+  protect_from_forgery :secret => 'b87f90d2c51e7f2d846cd1fe2becec2e'
 
   # See ActionController::Base for details 
   # Uncomment this to filter the contents of submitted sensitive data parameters
   # from your application log (in this case, all fields with names like "password"). 
   # filter_parameter_logging :password
+
+protected
+  def authorize
+    unless User.find_by_id(session[:user_id])
+      session[:orginal_uri] = request.request_uri
+      flash[:notice] = "Please log in"
+      redirect_to :controller => 'admin', :action => 'login'
+    end
+  end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -12,6 +12,7 @@ def index
 
   # GET /users/1
   # GET /users/1.xml
+
   def show
     @user = User.find(params[:id])
 
@@ -23,6 +24,7 @@ def show
 
   # GET /users/new
   # GET /users/new.xml
+
   def new
     @user = User.new
 
@@ -33,12 +35,15 @@ def new
   end
 
   # GET /users/1/edit
+
   def edit
     @user = User.find(params[:id])
+
   end
 
   # POST /users
   # POST /users.xml
+
   def create
     @user = User.new(params[:user])
 
@@ -56,6 +61,7 @@ def create
 
   # PUT /users/1
   # PUT /users/1.xml
+
   def update
     @user = User.find(params[:id])
 
@@ -73,9 +79,10 @@ def update
 
   # DELETE /users/1
   # DELETE /users/1.xml
+
   def destroy
     @user = User.find(params[:id])
-    @user.destroy  
+    @user.destroy
 
     respond_to do |format|
       format.html { redirect_to(users_url) }

diff --git a/app/helpers/admin_helper.rb b/app/helpers/admin_helper.rb
@@ -0,0 +1,2 @@
+module AdminHelper
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -6,7 +6,7 @@ class User < ActiveRecord::Base
   validates_uniqueness_of :name
   attr_accessor :password_confirmation
   validates_confirmation_of :password
-  validate :password_non_blank 
+  validate :password_non_blank
   validates_format_of :email, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i
 
   def self.authenticate(name, password)
@@ -33,8 +33,8 @@ def password=(pwd)
 
 
   def password_non_blank
-     errors.add(:password, "missing") if hashed_password.blank?
-     errors.add(:password_confirmation, "missing") if password_confirmation.blank?
+    errors.add(:password, "missing") if hashed_password.blank?
+    errors.add(:password_confirmation, "missing") if password_confirmation.blank?    
   end
 
   private

diff --git a/app/views/admin/index.html.erb b/app/views/admin/index.html.erb
@@ -0,0 +1,9 @@
+<h1>Velkominn <%= @user.name %></h1>
+
+<%= @time %>
+
+<br />
+
+<%= link_to 'Users', :controller => 'users' %><br />
+
+<%= link_to 'logout', :action => 'logout' %>
diff --git a/app/views/admin/login.html.erb b/app/views/admin/login.html.erb
@@ -0,0 +1,22 @@
+<div class="rskrif-form">
+    <% if flash[:notice] -%>
+        <div id="notice"><%= flash[:notice] %></div>
+    <% end -%>
+    <% form_tag do %>
+        <fieldset>
+            <legend>Please Log In</legend>
+            <div>
+                <label for="name">Name:</label>
+                <%= text_field_tag :name, params[:name] %>
+            </div>
+            <div>
+                <label for="password">Password:</label>
+                <%= password_field_tag :password, params[:password] %>
+            </div>
+            <div>
+                <%= submit_tag "Login" %>
+            </div>
+        </fieldset>
+    <% end %>
+</div>
+
diff --git a/app/views/layouts/admin.html.erb b/app/views/layouts/admin.html.erb
@@ -0,0 +1,15 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+  <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
+  <title>Admin: <%= controller.action_name %></title>
+  <%= stylesheet_link_tag 'scaffold' %>
+</head>
+<body>
+
+<%= yield  %>
+
+</body>
+</html>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
@@ -12,12 +12,12 @@
     <%= f.text_field :email %>
   </p>
   <p>
-    <%= f.label :hashed_password %><br />
-    <%= f.text_field :hashed_password %>
+    <%= f.label :password %><br />
+    <%= f.text_field :password %>
   </p>
   <p>
-    <%= f.label :salt %><br />
-    <%= f.text_field :salt %>
+    <%= f.label :user_password_confirmation %><br />
+    <%= f.text_field :password_confirmation %>
   </p>
   <p>
     <%= f.submit "Update" %>

diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
@@ -20,3 +20,7 @@
 <br />
 
 <%= link_to 'New user', new_user_path %>
+
+<%= link_to 'Admin', :controller => 'admin' %>
+
+<%= link_to 'Logout', :controller => 'admin', :action => 'logout' %> 
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
@@ -18,6 +18,5 @@
   <%=h @user.salt %>
 </p>
 
-
 <%= link_to 'Edit', edit_user_path(@user) %> |
 <%= link_to 'Back', users_path %>
diff --git a/config/environment.rb b/config/environment.rb
@@ -62,7 +62,7 @@
   # Use the database for sessions instead of the cookie-based default,
   # which shouldn't be used to store highly confidential information
   # (create the session table with "rake db:sessions:create")
-  # config.action_controller.session_store = :active_record_store
+  config.action_controller.session_store = :active_record_store
 
   # Use SQL instead of Active Record's schema dumper when creating the test database.
   # This is necessary if your schema can't be completely dumped by the schema dumper,

diff --git a/db/migrate/20090409004707_create_sessions.rb b/db/migrate/20090409004707_create_sessions.rb
@@ -0,0 +1,16 @@
+class CreateSessions < ActiveRecord::Migration
+  def self.up
+    create_table :sessions do |t|
+      t.string :session_id, :null => false
+      t.text :data
+      t.timestamps
+    end
+
+    add_index :sessions, :session_id
+    add_index :sessions, :updated_at
+  end
+
+  def self.down
+    drop_table :sessions
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -9,7 +9,17 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20090312174058) do
+ActiveRecord::Schema.define(:version => 20090409004707) do
+
+  create_table "sessions", :force => true do |t|
+    t.string   "session_id", :null => false
+    t.text     "data"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "sessions", ["session_id"], :name => "index_sessions_on_session_id"
+  add_index "sessions", ["updated_at"], :name => "index_sessions_on_updated_at"
 
   create_table "users", :force => true do |t|
     t.string   "name",            :limit => 128, :null => false

diff --git a/public/stylesheets/scaffold.css b/public/stylesheets/scaffold.css
@@ -52,3 +52,14 @@ a:hover { color: #fff; background-color:#000; }
   list-style: square;
 }
 
+/* START:notice */
+#notice {
+  border: 2px solid red;
+  padding: 1em;
+  margin-bottom: 2em;
+  background-color: #f0f0f0;
+  font: bold smaller sans-serif;
+}
+/* END:notice */
+
+
diff --git a/test/functional/admin_controller_test.rb b/test/functional/admin_controller_test.rb
@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class AdminControllerTest < ActionController::TestCase
+  # Replace this with your real tests.
+  test "the truth" do
+    assert true
+  end
+end
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
@@ -3,48 +3,55 @@
 class UsersControllerTest < ActionController::TestCase
   fixtures :users
 
-  test "should get index" do
+  test "index with out user" do
     get :index
+    assert_redirected_to :action => "login"
+    assert_equal "Please log in", flash[:notice]
+  end
+
+  test "should get index" do
+    get :index, {}, { :user_id => users(:valid_user).id }
     assert_response :success
     assert_not_nil assigns(:users)
   end
 
   test "should get new" do
-    get :new
+    get :new, {}, { :user_id => users(:valid_user).id }
     assert_response :success
   end
 
   test "should create user" do
+    get :index, {}, { :user_id => users(:valid_user).id }
     assert_difference('User.count') do
       post :create, :user => { :name => 'siggi', :email => 'siggi@example.com',
             :password => 'abc123', :password_confirmation => 'abc123'}
     end
-
-    #assert_redirected_to users_path(assigns(:user))
     assert_response :found
   end
 
   test "should show user" do
+    get :index, {}, { :user_id => users(:valid_user).id }
     get :show, :id => users(:one).id
     assert_response :success
   end
 
   test "should get edit" do
+    get :index, {}, { :user_id => users(:valid_user).id }
     get :edit, :id => users(:one).id
     assert_response :success
   end
 
   test "should update user" do
+    get :index, {}, { :user_id => users(:valid_user).id }
     put :update, :id => users(:one).id, :user => { }
-    #assert_redirected_to user_path(assigns(:user))
     assert_response :success
   end
 
   test "should destroy user" do
+    get :index, {}, { :user_id => users(:valid_user).id }
     assert_difference('User.count', -1) do
       delete :destroy, :id => users(:one).id
     end
-
     assert_redirected_to users_path
   end
 end
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
@@ -3,11 +3,11 @@
 class UserTest < ActiveSupport::TestCase
   fixtures :users
 
-  # Replace this with your real tests.
-
   test "create valid user" do
-    user = User.new(:name => 'siggi', :email => 'siggi@example.com',
-            :password => 'abc123', :password_confirmation => 'abc123')
+    user = User.new(:name => 'siggi',
+                    :email => 'siggi@example.com',
+                    :password => 'abc123',
+                    :password_confirmation => 'abc123')
     assert user.save
   end
 
@@ -19,4 +19,25 @@ class UserTest < ActiveSupport::TestCase
     assert user.errors.invalid?(:password)
     assert user.errors.invalid?(:password_confirmation)
   end
+
+  test "valid email" do
+    valid = %w{ dabbi@dabbi.is }
+    invalid = %w{ dabbi dabbi@dabbi @dabbi.is dabbi@ @.is}
+
+    valid.each do |email|
+      user = User.new(:name => 'siggi',
+                      :password => 'abc123',
+                      :password_confirmation => 'abc123',
+                      :email => email)
+      assert user.valid?, user.errors.full_messages
+    end
+
+    invalid.each do |email|
+      user = User.new(:name => 'siggi',
+                      :password => 'abc123',
+                      :password_confirmation => 'abc123',
+                      :email => email)
+      assert !user.valid?, "saving #{email}"
+    end  
+  end
 end