Merge branch 'master' into project-page-redesign

Conflicts: app/views/projects/show.html.haml
ReliefHub · Dec 27, 2010 · c1d08e7 · c1d08e7
2 parents 907711f + c9a33ac
commit c1d08e7
Show file tree

Hide file tree

Showing 50 changed files with 716 additions and 135 deletions.
diff --git a/Gemfile b/Gemfile
@@ -16,6 +16,7 @@ gem 'devise_rpx_connectable'
 gem 'aws-s3'
 gem "http_accept_language", :git => 'http://github.com/iain/http_accept_language.git'
 gem 'will_paginate', '3.0.pre2' # still not release for Rails 3
+gem 'cancan'
 gem 'hassle', :git => 'git://github.com/koppen/hassle.git'
 
 # http://blog.davidchelimsky.net/2010/07/11/rspec-rails-2-generators-and-rake-tasks/
@@ -24,6 +25,7 @@ group :development, :test, :cucumber do
   gem "ruby-debug"
   gem "faker"
   gem "factory_girl_rails"
+  gem "code_buddy"
 end
 
 group :test, :cucumber do

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -52,13 +52,20 @@ GEM
     bourne (1.0)
       mocha (= 0.9.8)
     builder (2.1.2)
+    cancan (1.4.1)
     capybara (0.3.9)
       culerity (>= 0.2.4)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       selenium-webdriver (>= 0.0.3)
+    code_buddy (0.0.6)
+      coderay (~> 0.9.6)
+      json_pure (~> 1.4.6)
+      rack
+      sinatra (~> 1.1.0)
+    coderay (0.9.6)
     columnize (0.3.1)
     configuration (1.1.0)
     cucumber (0.9.2)
@@ -172,8 +179,12 @@ GEM
       json_pure
       rubyzip
     shoulda (2.11.3)
+    sinatra (1.1.0)
+      rack (~> 1.1)
+      tilt (~> 1.1)
     term-ansicolor (1.0.5)
     thor (0.14.3)
+    tilt (1.1)
     timecop (0.3.5)
     treetop (1.4.8)
       polyglot (>= 0.3.1)
@@ -189,7 +200,9 @@ PLATFORMS
 DEPENDENCIES
   aws-s3
   bourne
+  cancan
   capybara
+  code_buddy
   cucumber-rails
   database_cleaner
   devise

diff --git a/README.rdoc b/README.rdoc
@@ -31,18 +31,11 @@ http://github.com/ReliefHub/reliefhub
 Pivotal Tracker:
 
 https://www.pivotaltracker.com/projects/122363
-
-Campfire Chat Room:
-
-https://futurefridays.campfirenow.com/7f77a
-
+
 Designs:
 
 http://melissayasko.com/ReliefHub/reliefhub.html
 
-Build Machine:
-
-http://ci.reliefhub.railsmachina.com
 
 ==Development Notes
 

diff --git a/app/controllers/admin/organizations_controller.rb b/app/controllers/admin/organizations_controller.rb
@@ -1,5 +1,6 @@
 class Admin::OrganizationsController < ApplicationController
   layout 'admin'
+  load_and_authorize_resource
 
   def index
     @organizations = Organization.all

diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb
@@ -1,7 +1,7 @@
 class Admin::ProjectsController < ApplicationController
   layout 'admin'
-
   before_filter :organization, :except => [:index]
+  load_and_authorize_resource
 
   def index
     @projects = Project.all

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
@@ -0,0 +1,8 @@
+class Admin::UsersController < ApplicationController
+  layout 'admin'
+  load_and_authorize_resource
+
+  def index
+    @users = User.ascending.paginate :page => params[:page], :per_page => 10
+  end
+end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -26,4 +26,9 @@ def sign_out_path
     destroy_user_session_path
   end
   helper_method :sign_out_path
+
+  rescue_from CanCan::AccessDenied do |exception|
+    redirect_to page_path(current_user.nil? ? 'access_denied_anonymous' : 'access_denied')
+  end
+
 end
diff --git a/app/helpers/admin/users_helper.rb b/app/helpers/admin/users_helper.rb
@@ -0,0 +1,10 @@
+module Admin::UsersHelper
+  def display_if_is?(user, role)
+    if user.is? role
+      'Enabled'
+    else
+      'Disabled'
+    end
+  end
+end
+
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -0,0 +1,9 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    if user && user.is?('admin')
+      can :manage, :all
+    end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -13,6 +13,31 @@ class User < ActiveRecord::Base
   validates_presence_of :first_name
   validates_presence_of :last_name
 
+  scope :ascending, order('last_name, first_name')
+
+  # http://github.com/ryanb/cancan/wiki/role-based-authorization
+
+  ROLES =%w[admin field_operator organization_manager]
+
+  def roles=(roles)
+    roles = roles.split if roles.is_a? String
+    self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) }.sum
+  end
+
+  def roles
+    ROLES.reject do |r|
+      ((roles_mask || 0) & 2**ROLES.index(r)).zero?
+    end
+  end
+
+  def is?(role)
+    roles.include?(role.to_s)
+  end
+
+  def display_name
+    "#{first_name} #{last_name}"
+  end
+
   def unique_projects
     projects.uniq
   end

diff --git a/app/views/admin/users/_user.html.haml b/app/views/admin/users/_user.html.haml
@@ -0,0 +1,7 @@
+%tr
+  %td= user.created_at.strftime("%m/%d/%Y")
+  %td= user.display_name
+  %td= user.email
+  %td= display_if_is?(user, 'field_operator')
+  %td= display_if_is?(user, 'organization_manager')
+  %td= display_if_is?(user, 'admin')
diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml
@@ -0,0 +1,14 @@
+%h1.left
+  Users
+%table
+  %tr.header
+    %th Created
+    %th User Name
+    %th Email
+    %th Field Operator
+    %th Orphanage Manager
+    %th Site Administrator
+  = render @users
+.pagination
+  %ul=will_paginate @users
+.clear
diff --git a/app/views/layouts/admin.html.haml b/app/views/layouts/admin.html.haml
@@ -6,7 +6,7 @@
       %li{:class => "#{controller_name == 'projects' ? 'selected' : ''}"}
         %h3= link_to 'Projects', admin_projects_path
       %li{:class => "#{controller_name == 'users' ? 'selected' : ''}"}
-        %h3= link_to 'Users', '#'
+        %h3= link_to 'Users', admin_users_path
   #content.round.projects.content
     = yield
 = render :file => 'layouts/application'
diff --git a/app/views/pages/access_denied.html.haml b/app/views/pages/access_denied.html.haml
@@ -0,0 +1,6 @@
+#body_wrap
+  #access_denied
+    %h1=t '.access_denied'
+    =t('.access_denied_text1')
+    = link_to t('.access_denied_sign_out'), sign_out_path
+    =t('.access_denied_text2')
diff --git a/app/views/pages/access_denied_anonymous.html.haml b/app/views/pages/access_denied_anonymous.html.haml
@@ -0,0 +1,5 @@
+#body_wrap
+  #access_denied
+    %h1=t '.access_denied'
+    =t('.access_denied_text')
+    = link_to t('.access_denied_sign_in'), sign_in_path
diff --git a/app/views/shared/_header.html.haml b/app/views/shared/_header.html.haml
@@ -10,7 +10,8 @@
   %ul
     - if user_signed_in?
       %li= link_to t('.logout'), destroy_user_session_url
-      %li= link_to 'Admin', admin_organizations_path
+      - if current_user.is?('admin')
+        %li= link_to 'Admin', admin_organizations_path
     - else
       %li= link_to t('.login'), user_session_url
     %li= link_to 'Blog', 'http://blog.reliefhub.org/'
@@ -22,4 +23,4 @@
 #lang
   =link_to_language image_tag('/images/francais.png'), :fr
   =link_to_language image_tag('/images/english.jpg'), :en
-.clear
+.clear
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -32,6 +32,16 @@ en:
     donation_error:
       were_sorry: "We're sorry"
       there_was_a_problem: "There was a problem with your donation. Please try again."
+    access_denied:
+      access_denied: "Access Denied"
+      access_denied_text1: "You don't have access to this page. Please"
+      access_denied_sign_out: "sign out"
+      access_denied_sign_in: "sign in"
+      access_denied_text2: "and sign in as a different user."
+    access_denied_anonymous:
+      access_denied: "Access Denied"
+      access_denied_text: "You don't have access to this page. Please"
+      access_denied_sign_in: "sign in."
   shared:
     header:
       home: Home

diff --git a/config/locales/fr.yml b/config/locales/fr.yml
@@ -33,6 +33,16 @@ fr:
     donation_error:
       were_sorry: "[TRANSLATE ME!] We're sorry"
       there_was_a_problem: "[TRANSLATE ME!] There was a problem with your donation. Please try again."
+    access_denied:
+      access_denied: "[TRANSLATE ME!]Access Denied"
+      access_denied_text1: "[TRANSLATE ME!]You don't have access to this page. Please"
+      access_denied_sign_out: "[TRANSLATE ME!]sign out"
+      access_denied_sign_in: "[TRANSLATE ME!]sign in"
+      access_denied_text2: "[TRANSLATE ME!]and sign in as a different user."
+    access_denied_anonymous:
+      access_denied: "[TRANSLATE ME!]Access Denied"
+      access_denied_text: "[TRANSLATE ME!]You don't have access to this page. Please"
+      access_denied_sign_in: "[TRANSLATE ME!]sign in."
   shared:
     header:
       home: Accueille

diff --git a/config/routes.rb b/config/routes.rb
@@ -22,6 +22,7 @@
         resources :projects, :except => [:index, :destroy]
       end
       resources :projects, :only => [:index]
+      resources :users,    :only => [:index]
     end
 
     resources :emails, :only => [:create]

diff --git a/db/migrate/20101211173312_add_roles_mask_to_users.rb b/db/migrate/20101211173312_add_roles_mask_to_users.rb
@@ -0,0 +1,9 @@
+class AddRolesMaskToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :roles_mask, :integer
+  end
+
+  def self.down
+    remove_column :users, :roles_mask
+  end
+end
diff --git a/features/admin_creates_organization.feature b/features/admin_creates_organization.feature
@@ -3,6 +3,11 @@ Feature: Add/Edit a new organization
   As an admin
   I want to be able to Add/Edit/List an organization
 
+  Background:
+    Given the following user exists:
+      | first_name | last_name | email              | password | password_confirmation | roles |
+      | Admin      | User      | admin@test.com     | secret   | secret                | admin |
+
   Scenario: View organizations
     Given the following organizations exist:
       | name        | street1          | street2 | city      | state | zip   | contact person |
@@ -14,6 +19,7 @@ Feature: Add/Edit a new organization
       | relief 1  | name: fred's ngo  |
       | relief 2  | name: fred's ngo  |
       | relief 3  | name: oscar's ngo |
+    And I sign in as "admin@test.com/secret"
     Given I go to the admin organizations page
      Then I should see "Organizations" within "h1"
       And I should see "Organizations" within "#right-menu"
@@ -28,7 +34,8 @@ Feature: Add/Edit a new organization
       And I should see "Created" column following the format "[0-9]{1,2}/[0-9]{1,2}/[0-9]{4}"
 
   Scenario: Create a new organization
-    Given I go to the admin organizations page
+    Given I sign in as "admin@test.com/secret"
+      And I go to the admin organizations page
      When I follow "Create"
      When I fill in "Name" with "my orphanage"
       And I fill in "Street1" with "123 main st"
@@ -51,6 +58,7 @@ Feature: Add/Edit a new organization
       | oliver's orphanage | 123 main st      | alex           |
       | oscar's orphanage  | 455 fifth avenue | alex           |
       | olivia's orphanage | 131 first st     | yan            |
+      And I sign in as "admin@test.com/secret"
     Given I go to the admin organizations page
       And I follow "oliver's orphanage"
       And I follow "Edit"
@@ -69,7 +77,8 @@ Feature: Add/Edit a new organization
       And I should see "Yan"
 
   Scenario: Create a new organization
-    Given I go to the admin organizations page
+    Given I sign in as "admin@test.com/secret"
+      And I go to the admin organizations page
      When I follow "Create"
      When I fill in "Name" with "my orphanage"
       And I fill in "Street1" with "123 main st"
@@ -93,8 +102,35 @@ Feature: Add/Edit a new organization
       | Project A | name: Some Org |
       | Project B | name: Some Org |
       | Project C | name: Some Org |
+     And I sign in as "admin@test.com/secret"
      And I go to the admin organizations page
      And I follow "Some Org"
     Then I should see "Project A"
      And I should see "Project B"
      And I should see "Project C"
+
+  Scenario: Anonymous user attempts to view admin organizations page
+    Given I go to the admin organizations page
+    Then I should see "Access Denied" within "h1"
+    And I follow "sign in"
+    Then I should see "Sign in" within "h2"
+
+  Scenario: Field operator attempts to view admin organizations page
+    Given the following user exists:
+      | first_name | last_name | email              | password | password_confirmation | roles                               |
+      | Garret     | Schuster  | garret@test.com    | secret   | secret                | field_operator                      |
+    And I sign in as "garret@test.com/secret"
+    And I go to the admin organizations page
+    Then I should see "Access Denied" within "h1"
+    And I follow "sign out"
+    Then I should see "Signed out."
+
+  Scenario: Organization manager attempts to view admin organizations page
+    Given the following user exists:
+      | first_name | last_name | email              | password | password_confirmation | roles                               |
+      | Lue        | Ankunding | lue@test.com       | secret   | secret                | organization_manager                |
+    And I sign in as "lue@test.com/secret"
+    And I go to the admin organizations page
+    Then I should see "Access Denied" within "h1"
+    And I follow "sign out"
+    Then I should see "Signed out."