Permalink
Browse files

Editing of users

  • Loading branch information...
1 parent faff78d commit 411b2107196d5f67c41e7dee9fafa19468adb7df @jimbomt committed May 14, 2011
@@ -11,7 +11,7 @@ def create
render 'new'
else
sign_in user
- redirect_to user
+ redirect_back_or user
end
end
@@ -1,4 +1,8 @@
class UsersController < ApplicationController
+
+ before_filter :authenticate, :only => [:edit, :update]
+ before_filter :correct_user, :only => [:edit, :update]
+
def new
@title = "Sign up"
@user = User.new
@@ -22,5 +26,32 @@ def create
render 'new'
end
end
+
+ def edit
+ #@user = User.find(params[:id])
+ @title = "Edit user"
+ end
+
+ def update
+ @user = User.find(params[:id])
+ if @user.update_attributes(params[:user])
+ flash[:success] = "Profile updated."
+ redirect_to @user
+ else
+ @title = "Edit user"
+ render 'edit'
+ end
+ end
+
+ private
+
+ def authenticate
+ deny_access unless signed_in?
+ end
+
+ def correct_user
+ @user = User.find(params[:id])
+ redirect_to(root_path) unless current_user?(@user)
+ end
end
@@ -22,6 +22,20 @@ def sign_out
current_user = nil
end
+ def current_user?(user)
+ user == current_user
+ end
+
+ def deny_access
+ store_location
+ redirect_to signin_path, :notice => "Please sign in to access this page."
+ end
+
+ def redirect_back_or(default)
+ redirect_to(session[:return_to] || default)
+ clear_return_to
+ end
+
private
def user_from_remember_token
User.authenticate_with_salt(*remember_token)
@@ -30,4 +44,13 @@ def user_from_remember_token
def remember_token
cookies.signed[:remember_token] || [nil, nil]
end
+
+ def store_location
+ session[:return_to] = request.fullpath
+ end
+
+ def clear_return_to
+ session[:return_to] = nil
+ end
+
end
@@ -9,6 +9,9 @@
<li>
<%= link_to "Profile", current_user %>
</li>
+ <li>
+ <%= link_to "Settings", edit_user_path(current_user) %>
+ </li>
<% end %>
<li>
<%= link_to "Help", help_path %>
@@ -1,11 +1,12 @@
-<% if @user.errors.any? %>
+<% if object.errors.any? %>
<div id="error_explanation">
<h2>
- <%= pluralize(@user.errors.count, "error") %> prohibited this user from being saved:
+ <%= pluralize(object.errors.count, "error") %> prohibited this
+ <%= object.class.to_s.underscore.humanize.downcase %> from being saved:
</h2>
<p>There wer problems with the following fields:</p>
<ul>
- <% @user.errors.full_messages.each do |msg| %>
+ <% object.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
@@ -0,0 +1,17 @@
+<%= render 'shared/error_messages', :object => f.object %>
+<div class="field">
+ <%= f.label :name %><br/>
+ <%= f.text_field :name %>
+</div>
+<div class="field">
+ <%= f.label :email %><br/>
+ <%= f.text_field :email %>
+</div>
+<div class="field">
+ <%= f.label :password %><br/>
+ <%= f.password_field :password %>
+</div>
+<div class="field">
+ <%= f.label :password_confirmation, "Confirmation" %><br/>
+ <%= f.password_field :password_confirmation %>
+</div>
@@ -0,0 +1,13 @@
+<h1>Edit user</h1>
+
+<%= form_for(@user) do |f| %>
+ <%= render 'fields', :f => f %>
+ <div class="actions">
+ <%= f.submit "Update" %>
+ </div>
+<% end %>
+
+<div>
+ <%= gravatar_for @user %>
+ <a href="http://gravatar.com/emails">change</a>
+</div>
@@ -1,22 +1,6 @@
<h1>Sign up</h1>
<%= form_for(@user) do |f| %>
- <%= render 'shared/error_messages' %>
- <div class="field">
- <%= f.label :name %><br/>
- <%= f.text_field :name %>
- </div>
- <div class="field">
- <%= f.label :email %><br/>
- <%= f.text_field :email %>
- </div>
- <div class="field">
- <%= f.label :password %><br/>
- <%= f.password_field :password %>
- </div>
- <div class="field">
- <%= f.label :password_confirmation, "Confirmation" %><br/>
- <%= f.password_field :password_confirmation %>
- </div>
+ <%= render 'fields', :f => f %>
<div class="actions">
<%= f.submit "Sign Up" %>
</div>
@@ -129,7 +129,127 @@
controller.should be_signed_in
end
- end
-
+ end
end # "POST 'create'"
+
+ describe "GET 'edit'" do
+
+ before(:each) do
+ @user = Factory(:user)
+ test_sign_in(@user)
+ end
+
+ it "should be successful" do
+ get :edit, :id => @user
+ response.should be_success
+ end
+
+ it "should have the right title" do
+ get :edit, :id => @user
+ response.should have_selector("title", :content => "Edit user")
+ end
+
+ it "should have a link to change the Gravatar" do
+ get :edit, :id => @user
+ gravatar_url = "http://gravatar.com/emails"
+ response.should have_selector("a", :href => gravatar_url, :content => "change")
+ end
+
+ end
+
+ describe "PUT 'update'" do
+
+ before(:each) do
+ @user = Factory(:user)
+ test_sign_in(@user)
+ end
+
+ describe "failure" do
+
+ before(:each) do
+ @attr = { :email => "", :name => "", :password => "", :password_confirmation => "" }
+ end
+
+ it "should render the 'edit' page" do
+ put :update, :id => @user, :user => @attr
+ response.should render_template('edit')
+ end
+
+ it "should have the right title" do
+ put :update, :id => @user, :user => @attr
+ response.should have_selector("title", :content => "Edit user")
+ end
+
+ end # failure
+
+ describe "success" do
+
+ before(:each) do
+ @attr = { :name => "New Name", :email => "user@example.org",
+ :password => "barbaz", :password_confirmation => "barbaz" }
+ end
+
+ it "should change the user's attributes" do
+ put :update, :id => @user, :user => @attr
+ @user.reload
+ @user.name.should == @attr[:name]
+ @user.email.should == @attr[:email]
+ end
+
+ it "should redirect to the user show page" do
+ put :update, :id => @user, :user => @attr
+ response.should redirect_to(user_path(@user))
+ end
+
+ it "should have a flash message" do
+ put :update, :id => @user, :user => @attr
+ flash[:success].should =~ /updated/
+ end
+
+ end # success
+
+ end # PUT 'update'
+
+ describe "authentication of edit/update pages" do
+
+ before(:each) do
+ @user = Factory(:user)
+ end
+
+ describe "for non-signed-in users" do
+
+ it "should deny access to 'edit'" do
+ get :edit, :id => @user
+ response.should redirect_to(signin_path)
+ end
+
+ it "should deny access to 'update'" do
+ put :update, :id => @user, :user => {}
+ response.should redirect_to(signin_path)
+ end
+
+ end # for non-signed-in users
+
+ describe "for signed-in users" do
+
+ before(:each) do
+ wrong_user = Factory(:user, :email => "user@example.net")
+ test_sign_in(wrong_user)
+ end
+
+ it "should require matching users for 'edit'" do
+ get :edit, :id => @user
+ response.should redirect_to(root_path)
+ end
+
+ it "should require matching users for 'update'" do
+ put :update, :id => @user, :user => {}
+ response.should redirect_to(root_path)
+ end
+
+
+ end
+
+ end # authentication of edit/update pages
+
end
@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe "FriendlyForwardings" do
+
+ it "should forward to the requested page after signin" do
+ user = Factory(:user)
+ visit edit_user_path(user)
+ # The test automatically follows the redirect to the signin page.
+ fill_in :email, :with => user.email
+ fill_in :password, :with => user.password
+ click_button
+ # The test follows the redirect again, this time to users/edit
+ response.should render_template('users/edit')
+
+ end
+
+end
Oops, something went wrong.

0 comments on commit 411b210

Please sign in to comment.