Skip to content
Permalink
Browse files

authorization with cancan

  • Loading branch information...
patshaughnessy committed Dec 17, 2010
1 parent efd9754 commit ab3c373da2f459dd588435beaa6842ba64e5b272
@@ -60,7 +60,7 @@ GEM
rack (>= 1.0.0)
rack-test (>= 0.5.4)
selenium-webdriver (>= 0.0.3)
code_buddy (0.0.4)
code_buddy (0.0.6)
coderay (~> 0.9.6)
json_pure (~> 1.4.6)
rack
@@ -1,5 +1,6 @@
class Admin::OrganizationsController < ApplicationController
layout 'admin'
load_and_authorize_resource

def index
@organizations = Organization.all
@@ -1,7 +1,7 @@
class Admin::ProjectsController < ApplicationController
layout 'admin'

before_filter :organization, :except => [:index]
load_and_authorize_resource

def index
@projects = Project.all
@@ -3,6 +3,6 @@ class Admin::UsersController < ApplicationController
load_and_authorize_resource

def index
@users = User.all
@users = User.ascending.paginate :page => params[:page], :per_page => 10
end
end
@@ -26,4 +26,9 @@ def sign_out_path
destroy_user_session_path
end
helper_method :sign_out_path

rescue_from CanCan::AccessDenied do |exception|
redirect_to page_path(current_user.nil? ? 'access_denied_anonymous' : 'access_denied')
end

end
@@ -2,7 +2,7 @@ class Ability
include CanCan::Ability

def initialize(user)
if user && user.is?('site_admin')
if user && user.is?('admin')
can :manage, :all
end
end
@@ -13,10 +13,14 @@ class User < ActiveRecord::Base
validates_presence_of :first_name
validates_presence_of :last_name

ROLES =%w[site_admin field_operator organization_manager visitor]
scope :ascending, order('last_name, first_name')

# http://github.com/ryanb/cancan/wiki/role-based-authorization

ROLES =%w[admin field_operator organization_manager]

def roles=(roles)
roles = roles.split if roles.is_a? String
self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) }.sum
end

@@ -1,6 +1,6 @@
%tr
%td= user.created_at.strftime('%b %d %Y')
%td= user.created_at.strftime("%m/%d/%Y")
%td= user.display_name
%td= display_if_is?(user, 'field_operator')
%td= display_if_is?(user, 'organization_manager')
%td= display_if_is?(user, 'site_admin')
%td= display_if_is?(user, 'admin')
@@ -1,8 +1,5 @@
%h1.left
Users

-#.right
-#%h2.create-button= link_to "Create", new_admin_organization_path
%table
%tr.header
%th Created
@@ -11,3 +8,6 @@
%th Orphanage Manager
%th Site Administrator
= render @users
.pagination
%ul=will_paginate @users
.clear
@@ -0,0 +1,6 @@
#body_wrap
#access_denied
%h1=t '.access_denied'
=t('.access_denied_text1')
= link_to t('.access_denied_sign_out'), sign_out_path
=t('.access_denied_text2')
@@ -0,0 +1,5 @@
#body_wrap
#access_denied
%h1=t '.access_denied'
=t('.access_denied_text')
= link_to t('.access_denied_sign_in'), sign_in_path
@@ -10,7 +10,8 @@
%ul
- if user_signed_in?
%li= link_to t('.logout'), destroy_user_session_url
%li= link_to 'Admin', admin_organizations_path
- if current_user.is?('admin')
%li= link_to 'Admin', admin_organizations_path
- else
%li= link_to t('.login'), user_session_url
%li= link_to 'Blog', 'http://blog.reliefhub.org/'
@@ -22,4 +23,4 @@
#lang
=link_to_language image_tag('/images/francais.png'), :fr
=link_to_language image_tag('/images/english.jpg'), :en
.clear
.clear
@@ -32,6 +32,16 @@ en:
donation_error:
were_sorry: "We're sorry"
there_was_a_problem: "There was a problem with your donation. Please try again."
access_denied:
access_denied: "Access Denied"
access_denied_text1: "You don't have access to this page. Please"
access_denied_sign_out: "sign out"
access_denied_sign_in: "sign in"
access_denied_text2: "and sign in as a different user."
access_denied_anonymous:
access_denied: "Access Denied"
access_denied_text: "You don't have access to this page. Please"
access_denied_sign_in: "sign in."
shared:
header:
home: Home
@@ -33,6 +33,16 @@ fr:
donation_error:
were_sorry: "[TRANSLATE ME!] We're sorry"
there_was_a_problem: "[TRANSLATE ME!] There was a problem with your donation. Please try again."
access_denied:
access_denied: "[TRANSLATE ME!]Access Denied"
access_denied_text1: "[TRANSLATE ME!]You don't have access to this page. Please"
access_denied_sign_out: "[TRANSLATE ME!]sign out"
access_denied_sign_in: "[TRANSLATE ME!]sign in"
access_denied_text2: "[TRANSLATE ME!]and sign in as a different user."
access_denied_anonymous:
access_denied: "[TRANSLATE ME!]Access Denied"
access_denied_text: "[TRANSLATE ME!]You don't have access to this page. Please"
access_denied_sign_in: "[TRANSLATE ME!]sign in."
shared:
header:
home: Accueille
@@ -3,6 +3,11 @@ Feature: Add/Edit a new organization
As an admin
I want to be able to Add/Edit/List an organization

Background:
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Admin | User | admin@test.com | secret | secret | admin |

Scenario: View organizations
Given the following organizations exist:
| name | street1 | street2 | city | state | zip | contact person |
@@ -14,6 +19,7 @@ Feature: Add/Edit a new organization
| relief 1 | name: fred's ngo |
| relief 2 | name: fred's ngo |
| relief 3 | name: oscar's ngo |
And I sign in as "admin@test.com/secret"
Given I go to the admin organizations page
Then I should see "Organizations" within "h1"
And I should see "Organizations" within "#right-menu"
@@ -28,7 +34,8 @@ Feature: Add/Edit a new organization
And I should see "Created" column following the format "[0-9]{1,2}/[0-9]{1,2}/[0-9]{4}"

Scenario: Create a new organization
Given I go to the admin organizations page
Given I sign in as "admin@test.com/secret"
And I go to the admin organizations page
When I follow "Create"
When I fill in "Name" with "my orphanage"
And I fill in "Street1" with "123 main st"
@@ -51,6 +58,7 @@ Feature: Add/Edit a new organization
| oliver's orphanage | 123 main st | alex |
| oscar's orphanage | 455 fifth avenue | alex |
| olivia's orphanage | 131 first st | yan |
And I sign in as "admin@test.com/secret"
Given I go to the admin organizations page
And I follow "oliver's orphanage"
And I follow "Edit"
@@ -69,7 +77,8 @@ Feature: Add/Edit a new organization
And I should see "Yan"

Scenario: Create a new organization
Given I go to the admin organizations page
Given I sign in as "admin@test.com/secret"
And I go to the admin organizations page
When I follow "Create"
When I fill in "Name" with "my orphanage"
And I fill in "Street1" with "123 main st"
@@ -93,8 +102,35 @@ Feature: Add/Edit a new organization
| Project A | name: Some Org |
| Project B | name: Some Org |
| Project C | name: Some Org |
And I sign in as "admin@test.com/secret"
And I go to the admin organizations page
And I follow "Some Org"
Then I should see "Project A"
And I should see "Project B"
And I should see "Project C"

Scenario: Anonymous user attempts to view admin organizations page
Given I go to the admin organizations page
Then I should see "Access Denied" within "h1"
And I follow "sign in"
Then I should see "Sign in" within "h2"

Scenario: Field operator attempts to view admin organizations page
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Garret | Schuster | garret@test.com | secret | secret | field_operator |
And I sign in as "garret@test.com/secret"
And I go to the admin organizations page
Then I should see "Access Denied" within "h1"
And I follow "sign out"
Then I should see "Signed out."

Scenario: Organization manager attempts to view admin organizations page
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Lue | Ankunding | lue@test.com | secret | secret | organization_manager |
And I sign in as "lue@test.com/secret"
And I go to the admin organizations page
Then I should see "Access Denied" within "h1"
And I follow "sign out"
Then I should see "Signed out."
@@ -3,12 +3,18 @@ Feature: Create a project
In order to collect donations
An admin should be able to create a project

Background:
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Admin | User | admin@test.com | secret | secret | admin |

Scenario: View all projects for an organization
Given the following projects exist:
| name | organization |
| Project A | name: Some Org |
| Project B | name: Some Org |
| Project C | name: Some Org |
And I sign in as "admin@test.com/secret"
And I go to the admin page for organization "Some Org"
Then I should see "Project A"
And I should see "Project B"
@@ -31,6 +37,7 @@ Feature: Create a project
| name: relief 1 | 100 |
| name: relief 2 | 700 |
| name: relief 2 | 300 |
And I sign in as "admin@test.com/secret"
Given I go to the admin projects page
Then I should see "Projects" within "h1"
And I should see "Organizations" within "#right-menu"
@@ -48,6 +55,7 @@ Feature: Create a project
Given the following organization exists:
| name |
| Some Org |
And I sign in as "admin@test.com/secret"
And I go to the admin organizations page
And I follow "Some Org"
When I follow "Create Project"
@@ -59,9 +67,36 @@ Feature: Create a project
Given the following project exists:
| name | organization |
| Project A | name: Some Org |
And I sign in as "admin@test.com/secret"
And I go to the admin organizations page
And I follow "Some Org"
When I follow "Project A"
When I fill in "Name" with "Test Project 2"
And I press "Save Project"
Then I should see "Successfully saved changes"

Scenario: Anonymous user attempts to view admin projects page
Given I go to the admin projects page
Then I should see "Access Denied" within "h1"
And I follow "sign in"
Then I should see "Sign in" within "h2"

Scenario: Field operator attempts to view admin projects page
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Garret | Schuster | garret@test.com | secret | secret | field_operator |
And I sign in as "garret@test.com/secret"
And I go to the admin projects page
Then I should see "Access Denied" within "h1"
And I follow "sign out"
Then I should see "Signed out."

Scenario: Organization manager attempts to view admin projects page
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Lue | Ankunding | lue@test.com | secret | secret | organization_manager |
And I sign in as "lue@test.com/secret"
And I go to the admin projects page
Then I should see "Access Denied" within "h1"
And I follow "sign out"
Then I should see "Signed out."
@@ -0,0 +1,13 @@
Feature: Admin visits home page

In order to manage the ReliefHub site
As an admin
I want to see the "Admin" link on the home page.

Scenario: Admin visits home page
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Admin | User | admin@test.com | secret | secret | admin |
And I sign in as "admin@test.com/secret"
And I am on the homepage
And I should see "Admin"
@@ -0,0 +1,53 @@
Feature: View ReliefHub user list
As a ReliefHub admin user
I want to be able to view all existing user accounts

Scenario: View users
Given the following users exist:
| first_name | last_name | email | password | password_confirmation | roles |
| Julio | Kulas | julio@test.com | secret | secret | |
| Garret | Schuster | garret@test.com | secret | secret | field_operator |
| Lue | Ankunding | lue@test.com | secret | secret | organization_manager |
| Cassandra | Goodwin | cassandra@test.com | secret | secret | organization_manager field_operator |
| Admin | User | admin@test.com | secret | secret | admin |
And I sign in as "admin@test.com/secret"
And I go to the admin users page
Then I should see "Users" within "h1"
And I should see "Organizations" within "#right-menu"
And I should see "Projects" within "#right-menu"
And I should see "Users" within "#right-menu"
And I should see "Users" tab ".selected" within "#right-menu"
And I should see the following users table:
| User Name | Field Operator | Orphanage Manager | Site Administrator |
| Lue Ankunding | Disabled | Enabled | Disabled |
| Cassandra Goodwin | Enabled | Enabled | Disabled |
| Julio Kulas | Disabled | Disabled | Disabled |
| Garret Schuster | Enabled | Disabled | Disabled |
| Admin User | Disabled | Disabled | Enabled |
And I should see "Created" column following the format "[0-9]{1,2}/[0-9]{1,2}/[0-9]{4}"

Scenario: Anonymous user attempts to view users
Given I go to the admin users page
Then I should see "Access Denied" within "h1"
And I follow "sign in"
Then I should see "Sign in" within "h2"

Scenario: Field operator user attempts to view admin users page
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Garret | Schuster | garret@test.com | secret | secret | field_operator |
And I sign in as "garret@test.com/secret"
And I go to the admin users page
Then I should see "Access Denied" within "h1"
And I follow "sign out"
Then I should see "Signed out."

Scenario: Organziation manager user attempts to view admin users page
Given the following user exists:
| first_name | last_name | email | password | password_confirmation | roles |
| Lue | Ankunding | lue@test.com | secret | secret | organization_manager |
And I sign in as "lue@test.com/secret"
And I go to the admin users page
Then I should see "Access Denied" within "h1"
And I follow "sign out"
Then I should see "Signed out."
@@ -33,6 +33,10 @@ def path_to(page_name)
# ADMIN
when /the admin organizations page/i
admin_organizations_path
when /the admin projects page/i
admin_projects_path
when /the admin projects page/i
admin_users_path
when /the admin page for organization \"(.*)\"/i
admin_organization_path(:id => Organization.where(:name => $1).first)

@@ -13,3 +13,4 @@ Feature: Visitor visits home page
And I should see blog posts on the page
And I should see recent press on the page
And I should see "Christmas Toy Drive"
And I should not see "Admin"

0 comments on commit ab3c373

Please sign in to comment.
You can’t perform that action at this time.