diff --git a/app/views/shared/_footer.html.erb b/app/views/shared/_footer.html.erb
index e3e861dd1..289c43abe 100644
--- a/app/views/shared/_footer.html.erb
+++ b/app/views/shared/_footer.html.erb
@@ -8,7 +8,10 @@
<%= link_to "Legal", page_path("legal") %>
<%= link_to "Researchers", page_path("researchers") %>
<% if user_signed_in? %>
- <%= link_to "Admin", rails_admin_path %>
+ <% if current_user.has_role?(Role.admin) %>
+ <%= link_to "Admin", rails_admin_path %>
+ <% end %>
+ <%= link_to "Sign Out", destroy_user_session_path %>
<% else %>
<%= link_to "Sign In", new_user_session_path %>
<% end %>
diff --git a/spec/views/shared/_footer.html.erb_spec.rb b/spec/views/shared/_footer.html.erb_spec.rb
index ce0562800..a868f5af8 100644
--- a/spec/views/shared/_footer.html.erb_spec.rb
+++ b/spec/views/shared/_footer.html.erb_spec.rb
@@ -4,14 +4,51 @@
include Devise::TestHelpers
context 'signed in' do
- it 'gives a link to the admin' do
+ it 'gives a link to the admin for admin users' do
allow(controller).to receive_messages(user_signed_in?: true)
+ allow(controller.current_user).to receive(:has_role?)
+ .with(Role.admin)
+ .and_return(true)
render
expect(rendered).to have_css('a', text: 'Admin')
end
+ it 'does not give a link to the admin for non-admin users' do
+ allow(controller).to receive_messages(user_signed_in?: true)
+ allow(controller.current_user).to receive(:has_role?)
+ .with(Role.admin)
+ .and_return(false)
+
+ render
+
+ expect(rendered).not_to have_css('a', text: 'Admin')
+ end
+
+ it 'gives a link to sign out' do
+ allow(controller).to receive_messages(user_signed_in?: true)
+
+ # It doesn't matter what we return here, but we do need to define the
+ # behavior or the spec will fail when the template tries to call
+ # current_user.has_role?
+ allow(controller.current_user).to receive(:has_role?)
+ .with(Role.admin)
+ .and_return(false)
+
+ render
+
+ expect(rendered).to have_css('a', text: 'Sign Out')
+
+ # Make sure admins see the link also.
+ allow(controller.current_user).to receive(:has_role?)
+ .with(Role.admin)
+ .and_return(true)
+
+ render
+
+ expect(rendered).to have_css('a', text: 'Sign Out')
+ end
end
context 'signed out' do
@@ -20,6 +57,5 @@
expect(rendered).to have_css('a', text: 'Sign In')
end
-
end
end