Notifies admin user about password recovery requests.

Admin is able to hide notifications.
gmotta · Aug 17, 2011 · 46fa7db · 46fa7db
1 parent 792b730
commit 46fa7db
Show file tree

Hide file tree

Showing 9 changed files with 76 additions and 8 deletions.
diff --git a/app/controllers/password_recovery_requests_controller.rb b/app/controllers/password_recovery_requests_controller.rb
@@ -13,4 +13,10 @@ def create
       render :new
     end
   end
+
+  def hide
+    PasswordRecoveryRequest.get(params[:password_recovery_request_id]).hide!
+    flash[:notice] = 'Password request notification was succefully hidden.'
+    redirect_to root_path
+  end
 end
diff --git a/app/models/password_recovery_request.rb b/app/models/password_recovery_request.rb
@@ -4,7 +4,22 @@ class PasswordRecoveryRequest < CouchRestRails::Document
   include CouchRest::Validation
 
   property :user_name
+  property :hidden, :cast_as => :boolean, :default => false
+
+  timestamps!
 
   validates_presence_of :user_name
 
+  def ==(other)
+    user_name == other.user_name
+  end
+
+  def hide!
+    self.hidden = true
+    save
+  end
+
+  def self.to_display
+    PasswordRecoveryRequest.all.select { |request| request.hidden == false }
+  end
 end
diff --git a/app/views/home/_notifications.html.erb b/app/views/home/_notifications.html.erb
@@ -0,0 +1,11 @@
+<% if is_admin? %>
+  <% @notifications = PasswordRecoveryRequest.to_display %>
+  <% unless @notifications.empty? %>
+    <p>These users requested password reset. Please contact them immediatly.<ul>
+    <ul>
+      <% @notifications.each do |notification| %>
+        <li><%= "#{notification.user_name} at #{time_ago_in_words notification.created_at} ago #{link_to("hide", hide_password_recovery_request_path(notification), :method => :delete)}" %></li>
+      <% end %>
+    </ul>
+  <% end %>
+<% end %>
diff --git a/app/views/home/index.html.erb b/app/views/home/index.html.erb
@@ -1,4 +1,7 @@
 <h2>Welcome to RapidFTR</h2>
+
+<%= render 'notifications' %>
+
 <p>
   <% form_for @user, :url => user_preference_path(current_user_name), :html => {:method => :put} do |f| %>
       <%= label_tag "user_time_zone", "Current time zone" %>

diff --git a/config/routes.rb b/config/routes.rb
@@ -24,6 +24,7 @@
   map.admin 'admin', :controller=>"admin", :action=>"index"
   map.resources :sessions, :except => :index
   map.resources :password_recovery_requests, :only => [:new, :create]
+  map.hide_password_recovery_request 'password_recovery_request/:password_recovery_request_id/hide', :controller => "password_recovery_requests", :action => "hide", :via => :delete
 
   map.login 'login', :controller=>'sessions', :action =>'new'
   map.logout 'logout', :controller=>'sessions', :action =>'destroy'

diff --git a/features/password_recovery_request.feature b/features/password_recovery_request.feature
@@ -18,3 +18,25 @@ Feature: As an user, I should be able to request my password to be recovered.
     When I press "Request Password"
 
     Then I should see "Thank you. A RapidFTR administrator will contact you shortly. If possible, contact the admin directly."
+
+
+  Scenario: An Admin user is able to see unhidden password recovery requests when he logs in 
+    Given a password recovery request for duck
+
+    Given I am logged in as an admin
+
+    Given I am on the home page
+
+    Then I should see "hide"
+
+
+  Scenario: An Admin user is able to hide notifications
+    Given a password recovery request for duck
+
+    Given I am logged in as an admin
+
+    Given I am on the home page
+
+    When I follow "hide"
+
+    Then I should not see "duck"
diff --git a/features/step_definitions/database_steps.rb b/features/step_definitions/database_steps.rb
@@ -47,6 +47,6 @@
   ContactInformation.create contact_info
 end
 
-
-
-
+Given /^a password recovery request for (.+)$/ do |username|
+  PasswordRecoveryRequest.new(:user_name => username).save
+end
diff --git a/features/support/reset_couchdb.rb b/features/support/reset_couchdb.rb
@@ -5,6 +5,7 @@
   User.all.each {|u| u.destroy }
   SuggestedField.all.each {|u| u.destroy }
   ContactInformation.all.each {|c| c.destroy }
+  PasswordRecoveryRequest.all.each {|c| c.destroy }
   RapidFTR::FormSectionSetup.reset_definitions
   Sunspot.remove_all!(Child)
   Sunspot.commit

diff --git a/spec/models/password_recovery_request_spec.rb b/spec/models/password_recovery_request_spec.rb
@@ -1,10 +1,19 @@
 require 'spec_helper'
 
-describe Login do
-  describe "validation" do
-    it "" do
-      password_recovery_request = PasswordRecoveryRequest.new :user_name => ""
-      password_recovery_request.should_not be_valid
+describe PasswordRecoveryRequest do
+  context 'a new request' do
+    before do
+      @request = PasswordRecoveryRequest.new :user_name => "duck" 
+      @request.save
+    end
+    it "should tell new requests that were not hidden" do
+      PasswordRecoveryRequest.to_display.should =~ [ @request ]
+    end
+    context 'hiding a request' do
+      before { @request.hide! } 
+      it 'should not be displayed' do
+        PasswordRecoveryRequest.to_display.should =~ []
+      end 
     end
   end
 end