0
@@ -1,4 +1,5 @@
0
 class Admin::AssetsController < Admin::BaseController
0
+  member_actions.push(*%w(index new create latest search add_bucket clear_bucket))
0
   before_filter :find_asset, :except => [:index, :new, :create, :latest, :search, :upload, :clear_bucket]
0
 
0
   def index

0
@@ -1,11 +1,15 @@
0
 class Admin::BaseController < ApplicationController
0
+  class_inheritable_reader :member_actions
0
+  write_inheritable_attribute :member_actions, []
0
   include AuthenticatedSystem
0
   before_filter { |c| UserMailer.default_url_options[:host] = c.request.host_with_port }
0
   before_filter :login_from_cookie
0
   before_filter :login_required, :except => :feed
0
 
0
   protected
0
-    alias authorized? admin?
0
+    def authorized?
0
+      logged_in? && (admin? || member_actions.include?(action_name))
0
+    end
0
 
0
     def find_and_sort_templates
0
       @layouts, @templates = site.templates.partition { |t| t.dirname.to_s =~ /layouts$/ }

0
@@ -1,4 +1,5 @@
0
 class Admin::OverviewController < Admin::BaseController
0
+  member_actions << 'index' << 'feed'
0
   session :off, :only => :feed
0
   before_filter :basic_auth_required, :only => :feed
0
   caches_page :feed

0
@@ -1,5 +1,5 @@
0
 class Admin::UsersController < Admin::BaseController
0
-  MEMBER_ACTIONS = %w(show update).freeze unless const_defined?(:MEMBER_ACTIONS)
0
+  member_actions << 'show' << 'update'
0
   before_filter :find_all_users, :only => [:index, :show, :new]
0
   before_filter :find_user,      :only => [:show, :update, :enable, :admin, :destroy]
0
 
0
@@ -59,6 +59,6 @@ class Admin::UsersController < Admin::BaseController
0
     end
0
     
0
     def authorized?
0
-      logged_in? && (admin? || (current_user.id.to_s == params[:id] && MEMBER_ACTIONS.include?(action_name)))
0
+      logged_in? && (admin? || (current_user.id.to_s == params[:id] && member_actions.include?(action_name)))
0
     end
0
 end

0
@@ -2,8 +2,8 @@ quentin:
0
   id: 1
0
   login: quentin
0
   email: quentin@example.com
0
-  salt: 62a636a58d0648eadf7410aa2e4444866174c96e
0
-  crypted_password: be61f3ff72492591afe5081857a8ff17a85b21f9 # quentin
0
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
0
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
0
   created_at: <%= 5.days.ago.to_s :db %>
0
   updated_at: <%= 5.days.ago.to_s :db %>
0
   filter: textile_filter
0
@@ -14,8 +14,8 @@ arthur:
0
   id: 2
0
   login: arthur
0
   email: arthur@example.com
0
-  salt: 55bc51360864c82dcd7ff4bcfec56a8d8e79e751
0
-  crypted_password: 37ba966058c6f39162e5b537adb516af91cd1fe6 # arthur
0
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
0
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
0
   created_at: <%= 1.days.ago.to_s :db %>
0
   updated_at: <%= 1.days.ago.to_s :db %>
0
   token: arthurtoken
0
@@ -25,8 +25,8 @@ aaron:
0
   id: 3
0
   login: aaron
0
   email: aaron@example.com
0
-  salt: 55bc51360864c82dcd7ff4bcfec56a8d8e79e751
0
-  crypted_password: 37ba966058c6f39162e5b537adb516af91cd1fe6 # arthur
0
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
0
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
0
   created_at: <%= 1.days.ago.to_s :db %>
0
   updated_at: <%= 1.days.ago.to_s :db %>
0
   deleted_at: <%= 5.hours.ago.to_s :db %>
0
@@ -35,8 +35,8 @@ ben:
0
   id: 4
0
   login: ben
0
   email: ben@example.com
0
-  salt: 55bc51360864c82dcd7ff4bcfec56a8d8e79e751
0
-  crypted_password: 37ba966058c6f39162e5b537adb516af91cd1fe6 # arthur
0
+  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
0
+  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
0
   created_at: <%= 1.days.ago.to_s :db %>
0
   updated_at: <%= 1.days.ago.to_s :db %>
0
   filter: markdown_filter

0
@@ -14,14 +14,14 @@ context "Account Controller Login" do
0
   end
0
 
0
   specify "should login as mephisto admin" do
0
-    post :login, :login => 'quentin', :password => 'quentin'
0
+    post :login, :login => 'quentin', :password => 'test'
0
     assert session[:user]
0
     # quentin has User.admin true
0
     assert_redirected_to :controller => 'admin/overview', :action => 'index'
0
   end
0
 
0
   specify "should login as site member" do
0
-    post :login, :login => 'arthur', :password => 'arthur'
0
+    post :login, :login => 'arthur', :password => 'test'
0
     assert session[:user]
0
     # arthur is an admin for the site :first
0
     assert_redirected_to :controller => 'admin/overview', :action => 'index'
0
@@ -30,7 +30,7 @@ context "Account Controller Login" do
0
   end
0
 
0
   specify "should login as site user" do
0
-    post :login, :login => 'ben', :password => 'arthur'
0
+    post :login, :login => 'ben', :password => 'test'
0
     assert session[:user]
0
     # ben is not an admin so should be redirected to the front page
0
     assert_redirected_to :controller => 'mephisto', :action => 'dispatch'
0
@@ -45,7 +45,7 @@ context "Account Controller Login" do
0
   end
0
 
0
   specify "should fail login for disabled user and not redirect" do
0
-    post :login, :login => 'aaron', :password => 'arthur'
0
+    post :login, :login => 'aaron', :password => 'test'
0
     assert_nil session[:user]
0
     assert_response :success
0
   end
0
@@ -69,12 +69,12 @@ context "Account Controller Cookie" do
0
   end
0
 
0
   specify "should remember me" do
0
-    post :login, :login => 'quentin', :password => 'quentin', :remember_me => "1"
0
+    post :login, :login => 'quentin', :password => 'test', :remember_me => "1"
0
     assert_not_nil @response.cookies['token']
0
   end
0
 
0
   specify "should not remember me" do
0
-    post :login, :login => 'quentin', :password => 'quentin', :remember_me => "0"
0
+    post :login, :login => 'quentin', :password => 'test', :remember_me => "0"
0
     assert_nil cookies[:auth_token]
0
   end
0
   

0
@@ -20,6 +20,18 @@ class Admin::OverviewControllerTest < Test::Unit::TestCase
0
     end
0
   end
0
 
0
+  def test_should_allow_site_admins_to_access_site
0
+    login_as :arthur
0
+    get :index
0
+    assert_response :success
0
+  end
0
+
0
+  def test_should_allow_site_members_to_acces_overview
0
+    login_as :ben
0
+    get :index
0
+    assert_response :success
0
+  end
0
+
0
   def test_should_not_explode_on_home_page
0
     get :index
0
     assert_response :success
0
@@ -31,7 +43,7 @@ class Admin::OverviewControllerTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_should_require_http_auth_on_feed
0
-    @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("quentin:quentin")}"
0
+    @request.env['HTTP_AUTHORIZATION'] = "Basic #{Base64.encode64("quentin:test")}"
0
     get :feed
0
     assert_response :success
0
   end

0
@@ -72,7 +72,7 @@ class Admin::UsersControllerTest < Test::Unit::TestCase
0
     post :update, :id => users(:quentin).id, :user => { :email => 'foo@example.com', :password => '', :password_confirmation => '' }
0
     users(:quentin).reload
0
     assert_equal 'foo@example.com', users(:quentin).email
0
-    assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin', 'quentin')
0
+    assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin', 'test')
0
     assert_response :success
0
   end
0
 
0
@@ -81,7 +81,7 @@ class Admin::UsersControllerTest < Test::Unit::TestCase
0
     post :update, :id => users(:quentin).id, :user => { :email => 'foo@example.com', :password => 'tea', :password_confirmation => '' }
0
     users(:quentin).reload
0
     assert_equal 'quentin@example.com', users(:quentin).email
0
-    assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin', 'quentin')
0
+    assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin', 'test')
0
     assert_response :success
0
   end
0
 

0
@@ -22,14 +22,14 @@ class BackendControllerTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_meta_weblog_get_categories
0
-    args = [ 1, 'quentin', 'quentin' ]
0
+    args = [ 1, 'quentin', 'test' ]
0
 
0
     result = invoke_layered :metaWeblog, :getCategories, *args
0
     assert_equal 'Home', result.first
0
   end
0
 
0
   def test_meta_weblog_get_post
0
-    args = [ 1, 'quentin', 'quentin' ]
0
+    args = [ 1, 'quentin', 'test' ]
0
 
0
     result = invoke_layered :metaWeblog, :getPost, *args
0
     assert_equal 'Welcome to Mephisto', result['title'], result.inspect
0
@@ -37,14 +37,14 @@ class BackendControllerTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_meta_weblog_get_recent_posts
0
-    args = [ 1, 'quentin', 'quentin', 2 ]
0
+    args = [ 1, 'quentin', 'test', 2 ]
0
 
0
     articles = invoke_layered :metaWeblog, :getRecentPosts, *args
0
     assert_equal %w(test-draft article-in-the-future), articles.collect { |a| a['permaLink'] }, articles.inspect
0
   end
0
 
0
   def test_meta_weblog_delete_post
0
-    args = [ 1, 1, 'quentin', 'quentin', 1 ]
0
+    args = [ 1, 1, 'quentin', 'test', 1 ]
0
 
0
     assert_difference Article, :count, -1 do
0
       result = invoke_layered :metaWeblog, :deletePost, *args
0
@@ -60,7 +60,7 @@ class BackendControllerTest < Test::Unit::TestCase
0
     article.published_at = post_time
0
 
0
     struct = MetaWeblogService.new(@controller).article_dto_from(article)
0
-    invoke_layered :metaWeblog, :editPost, contents(:welcome).id, 'quentin', 'quentin', struct, true
0
+    invoke_layered :metaWeblog, :editPost, contents(:welcome).id, 'quentin', 'test', struct, true
0
 
0
     assert_equal post_time, struct['dateCreated']
0
 
0
@@ -79,7 +79,7 @@ class BackendControllerTest < Test::Unit::TestCase
0
       article.excerpt = "extend me"
0
       article.published_at = Time.now.midnight.utc
0
 
0
-      args = [ 1, 'quentin', 'quentin', MetaWeblogService.new(@controller).article_dto_from(article), 1 ]
0
+      args = [ 1, 'quentin', 'test', MetaWeblogService.new(@controller).article_dto_from(article), 1 ]
0
 
0
       result = invoke_layered :metaWeblog, :newPost, *args
0
       assert result
0
@@ -96,7 +96,7 @@ class BackendControllerTest < Test::Unit::TestCase
0
     now = Time.now.utc
0
     media_object = new_media_object  
0
 
0
-    args = [ 1, 'quentin', 'quentin', media_object ]
0
+    args = [ 1, 'quentin', 'test', media_object ]
0
     result = invoke_layered :metaWeblog, :newMediaObject, *args
0
     assert result['url'] =~ /#{media_object['name']}$/
0
 
0
@@ -107,7 +107,7 @@ class BackendControllerTest < Test::Unit::TestCase
0
     media_object = new_media_object 'type' => nil, :name => 'filename.gif'
0
     assert_nil media_object['type']
0
     
0
-    args = [ 1, 'quentin', 'quentin', media_object ]
0
+    args = [ 1, 'quentin', 'test', media_object ]
0
     result = invoke_layered :metaWeblog, :newMediaObject, *args
0
     
0
     new_asset = Asset.find :first, :order => 'created_at DESC'
0
@@ -118,7 +118,7 @@ class BackendControllerTest < Test::Unit::TestCase
0
     media_object = new_media_object 'type' => nil
0
     assert_nil media_object['type']
0
     
0
-    args = [ 1, 'quentin', 'quentin', media_object ]
0
+    args = [ 1, 'quentin', 'test', media_object ]
0
     result = invoke_layered :metaWeblog, :newMediaObject, *args
0
     
0
     new_asset = Asset.find :first, :order => 'created_at DESC'

0
@@ -162,7 +162,7 @@ class Test::Unit::TestCase
0
     user = user ? users(user) : nil
0
     site = sites(site || :first)
0
     host! site.host
0
-    @request.session[:user] = user ? User.authenticate_for(site, user.login, user.login) : nil
0
+    @request.session[:user] = user ? User.authenticate_for(site, user.login, 'test') : nil
0
     if block_given?
0
       yield
0
       reset!
0
@@ -287,13 +287,13 @@ end
0
 
0
 class ActionController::Integration::Session
0
   def login_as(login)
0
-    post '/account/login', :login => login, :password => login
0
+    post '/account/login', :login => login, :password => 'test'
0
     assert request.session[:user]
0
     assert redirect?
0
   end
0
 
0
   def get_with_basic(url, options = {})
0
-    get url, nil, 'authorization' => "Basic #{Base64.encode64("#{options[:login]}:#{options[:login]}")}"
0
+    get url, nil, 'authorization' => "Basic #{Base64.encode64("#{options[:login]}:test")}"
0
   end
0
 
0
   def assert_redirected_to(url)

0
@@ -70,6 +70,7 @@ end
0
 
0
 context "Site Membership" do
0
   fixtures :sites, :users, :memberships
0
+
0
   specify "should find member by token" do
0
     assert_equal users(:quentin), sites(:first).user_by_token(users(:quentin).token)
0
   end

0
@@ -34,12 +34,12 @@ class UserTest < Test::Unit::TestCase
0
 
0
   def test_should_not_rehash_password
0
     users(:quentin).update_attribute(:login, 'quentin2')
0
-    assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin2', 'quentin')
0
+    assert_equal users(:quentin), User.authenticate_for(sites(:first), 'quentin2', 'test')
0
   end
0
 
0
   def test_should_authenticate_user_admin
0
     [:first, :hostess, :garden].each do |s|
0
-      assert_equal users(:quentin), User.authenticate_for(sites(s), 'quentin', 'quentin'), "Unable to login to site: #{s}"
0
+      assert_equal users(:quentin), User.authenticate_for(sites(s), 'quentin', 'test'), "Unable to login to site: #{s}"
0
     end
0
   end
0
 
0
@@ -51,8 +51,8 @@ class UserTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_should_authenticate_member
0
-    first_member   = User.authenticate_for(sites(:first), 'arthur', 'arthur')
0
-    hostess_member = User.authenticate_for(sites(:hostess), 'arthur', 'arthur')
0
+    first_member   = User.authenticate_for(sites(:first), 'arthur', 'test')
0
+    hostess_member = User.authenticate_for(sites(:hostess), 'arthur', 'test')
0
     assert_equal users(:arthur), first_member
0
     assert_equal users(:arthur), hostess_member
0
     assert  first_member.site_admin?
0
@@ -69,11 +69,15 @@ class UserTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_should_not_authenticate_for_non_member
0
-    assert_nil User.authenticate_for(sites(:garden), 'arthur', 'arthur')
0
+    assert_nil User.authenticate_for(sites(:garden), 'arthur', 'test')
0
   end
0
 
0
   def test_should_not_authenticate_expired
0
-    assert_nil User.authenticate_for(sites(:first), 'aaron', 'aaron')
0
+    assert_nil User.authenticate_for(sites(:first), 'aaron', 'test')
0
+  end
0
+
0
+  def test_should_find_non_admin_member_of_site
0
+    assert_equal users(:ben), User.authenticate_for(sites(:first), 'ben', 'test')
0
   end
0
 
0
   def test_should_find_member_by_token