Merge branch 'master' of github.com:concerto/concerto

concerto · Jul 9, 2012 · 2ebc63d · 2ebc63d
2 parents 86f3de7 + 29a3c61
commit 2ebc63d
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 18 deletions.
diff --git a/Gemfile b/Gemfile
@@ -42,3 +42,5 @@ gem 'jquery-tools'
 
 # Test Coverage
 gem 'simplecov', :require => false, :group => :test
+
+eval File.read('Gemfile-plugins')
diff --git a/Gemfile-plugins b/Gemfile-plugins
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -32,10 +32,18 @@ def check_for_initial_install
     redirect_to root_url, :flash => { :notice => exception.message }
   end
 
-  def auth!(options = {})
-    # action
-    # object
-    # allow_empty
+  # Authenticate using the current action and instance variables.
+  # If the instance variable is an {Enumerable} or {ActiveRecord::Relation}
+  # we remove anything that we cannot? from the array.
+  # If the instance variable is a single object, we raise {CanCan::AccessDenied}
+  # if we cannot? the object.
+  #
+  # @param [Hash] opts The options to authenticate with.
+  # @option opts [Symbol] action The CanCan action to test.
+  # @option opts [Object] object The object we should be testing.
+  # @option opts [Boolean] allow_empty (true) If we should allow an empty array
+  # or raise if empty.
+  def auth!(opts = {})
     action_map = {
       'index' => :read,
       'show' => :read,
@@ -46,22 +54,29 @@ def auth!(options = {})
       'destroy' => :destroy,
     }
 
-    test_action = (options[:action] || action_map[action_name])
-    allow_empty = (options[:allow_empty] || true)
+    test_action = (opts[:action] || action_map[action_name])
+    allow_empty = (opts[:allow_empty] || true)
 
     var_name = controller_name
     if action_name != 'index'
       var_name = controller_name.singularize
     end
-    object = (options[:object] || instance_variable_get("@#{var_name}"))
+    object = (opts[:object] || instance_variable_get("@#{var_name}"))
 
-    if allow_empty && ((object.is_a? Enumerable) || (object.is_a? ActiveRecord::Relation))
-      object.delete_if {|o| cannot?(test_action, o)}
-    else
-      if cannot?(test_action, object)
-        fake_cancan = Class.new.extend(CanCan::Ability)
-        message ||= fake_cancan.unauthorized_message(test_action, object.class)
-        raise CanCan::AccessDenied.new(message, test_action, object.class)
+    unless object.nil?
+      if ((object.is_a? Enumerable) || (object.is_a? ActiveRecord::Relation))
+        object.delete_if {|o| cannot?(test_action, o)}
+        if !allow_empty && object.empty?
+          fake_cancan = Class.new.extend(CanCan::Ability)
+          message ||= fake_cancan.unauthorized_message(test_action, object.class)
+          raise CanCan::AccessDenied.new(message, test_action, object.class)
+        end
+      else
+        if cannot?(test_action, object)
+          fake_cancan = Class.new.extend(CanCan::Ability)
+          message ||= fake_cancan.unauthorized_message(test_action, object.class)
+          raise CanCan::AccessDenied.new(message, test_action, object.class)
+        end
       end
     end
   end

diff --git a/app/controllers/concerto_plugins_controller.rb b/app/controllers/concerto_plugins_controller.rb
@@ -43,7 +43,8 @@ def create
     @concerto_plugin = ConcertoPlugin.new(params[:concerto_plugin])
 
     respond_to do |format|
-      if @concerto_plugin.save
+      if @concerto_plugin.save    
+        write_Gemfile()
         format.html { redirect_to @concerto_plugin, notice: 'Concerto plugin was successfully created.' }
         format.json { render json: @concerto_plugin, status: :created, location: @concerto_plugin }
       else
@@ -60,6 +61,7 @@ def update
 
     respond_to do |format|
       if @concerto_plugin.update_attributes(params[:concerto_plugin])
+        write_Gemfile()
         format.html { redirect_to @concerto_plugin, notice: 'Concerto plugin was successfully updated.' }
         format.json { head :no_content }
       else
@@ -74,10 +76,19 @@ def update
   def destroy
     @concerto_plugin = ConcertoPlugin.find(params[:id])
     @concerto_plugin.destroy
-
+    write_Gemfile()
     respond_to do |format|
       format.html { redirect_to concerto_plugins_url }
       format.json { head :no_content }
     end
   end
+
+  def write_Gemfile
+    open('Gemfile-plugins', 'w+') { |f|
+    ConcertoPlugin.all.each do |plugin|
+      f << "\ngem \"#{plugin.gem_name}\", \"#{plugin.gem_version}\"\n"
+    end
+  }
+  end
+
 end
diff --git a/test/functional/contents_controller_test.rb b/test/functional/contents_controller_test.rb
@@ -7,6 +7,11 @@ def setup
     request.env["devise.mapping"] = Devise.mappings[:user]
   end
 
+  test "must sign in before new" do
+    get :new
+    assert_login_failure
+  end
+
   test "should get generic new" do
     sign_in users(:katie)
     get :new

diff --git a/test/functional/templates_controller_test.rb b/test/functional/templates_controller_test.rb
@@ -8,6 +8,11 @@ def setup
     request.env["devise.mapping"] = Devise.mappings[:user]
   end
 
+  test "must sign in before new" do
+    get :new
+    assert_login_failure
+  end
+
   test "should create template" do
     sign_in users(:admin)
     assert_difference('Template.count', 1) do

diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
@@ -9,8 +9,7 @@ def setup
 
   test "blank and regular user cannot list all users" do
     get :index
-    assert_response :redirect
-    assert !assigns(:users)
+    assert_login_failure
 
     sign_in users(:katie)
     get :index

diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -13,4 +13,10 @@ class ActiveSupport::TestCase
   fixtures :all
 
   # Add more helper methods to be used by all tests here...
+  def assert_login_failure
+    assert_redirected_to root_url
+    assert flash[:notice]
+    assert flash[:notice].include? 'not authorized'
+  end
+
 end