Too many changes to list individually: all current features and specs…

… pass. Removed most autogenerated specs (controller, helper, views). User authentication is in place as well.

.gitmodules

@@ -10,3 +10,9 @@
 [submodule "vendor/plugins/jrails"]
 	path = vendor/plugins/jrails
 	url = git://github.com/aaronchi/jrails.git
+[submodule "vendor/plugins/thoughtbot-clearance"]
+	path = vendor/plugins/thoughtbot-clearance
+	url = http://github.com/thoughtbot/clearance.git
+[submodule "vendor/plugins/cucumber"]
+	path = vendor/plugins/cucumber
+	url = git://github.com/aslakhellesoy/cucumber.git

app/controllers/admin_controller.rb

@@ -1,8 +1,7 @@
 class  AdminController < ApplicationController
   layout "application"
   def index
-	  @admin = true
-    @open_leave_requests=LeaveRequest.open
+    @pending_leave_requests=LeaveRequest.pending
   end
 
 end

app/controllers/application_controller.rb

@@ -2,8 +2,10 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
+  include Clearance::Authentication
   helper :all # include all helpers, all the time  
 
+  before_filter :login_required
   # See ActionController::RequestForgeryProtection for details
   # Uncomment the :secret if you're not using the cookie session store
   protect_from_forgery # :secret => '8d1e4319f25c223f9c763263607102d0'
@@ -13,4 +15,31 @@ class ApplicationController < ActionController::Base
   # from your application log (in this case, all fields with names like "password"). 
   # filter_parameter_logging :password
   require 'open-uri'
+#  before_filter :login_required
+  protected
+      def login_required
+        store_location
+        unless signed_in?
+          redirect_to sign_in_path
+          false
+        end
+	      true
+      end
+
+      def admin_required
+        unless current_user.admin? 
+          flash[:notice] = "That resource does not exist or you do not have access to it"
+          redirect_to root_path
+          false
+        end
+      end
+
+			def admin_or_self_required
+				unless current_user.admin? || params[:id] == current_user.id.to_s
+					flash[:notice] = "You are not authorized to view this resource.  You must be an admin or a user with permission to view the requested page."
+					redirect_to root_path
+					false
+				end
+			end
+
 end

app/controllers/clearance/confirmations_controller.rb

@@ -0,0 +1,52 @@
+class Clearance::ConfirmationsController < ApplicationController
+  unloadable
+
+  before_filter :forbid_confirmed_user,    :only => [:new, :create]
+  before_filter :forbid_missing_token,     :only => [:new, :create]
+  before_filter :forbid_non_existent_user, :only => [:new, :create]
+  filter_parameter_logging :token
+
+  def new
+    create
+  end
+
+  def create
+    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+    @user.confirm_email!
+
+    sign_in(@user)
+    flash_success_after_create
+    redirect_to(url_after_create)
+  end
+
+  private
+
+  def forbid_confirmed_user
+    user = ::User.find_by_id(params[:user_id])
+    if user && user.email_confirmed?
+      raise ActionController::Forbidden, "confirmed user"
+    end
+  end
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:confirmed_email,
+      :scope   => [:clearance, :controllers, :confirmations],
+      :default => "Confirmed email and signed in.")
+  end
+
+  def url_after_create
+    root_url
+  end
+end

app/controllers/clearance/passwords_controller.rb

@@ -0,0 +1,81 @@
+class Clearance::PasswordsController < ApplicationController
+  unloadable
+
+  before_filter :forbid_missing_token,     :only => [:edit, :update]
+  before_filter :forbid_non_existent_user, :only => [:edit, :update]
+  filter_parameter_logging :password, :password_confirmation
+
+  def new
+    render :template => 'passwords/new'
+  end
+
+  def create
+    if user = ::User.find_by_email(params[:password][:email])
+      user.forgot_password!
+      ::ClearanceMailer.deliver_change_password user
+      flash_notice_after_create
+      redirect_to(url_after_create)
+    else
+      flash_failure_after_create
+      render :template => 'passwords/new'
+    end
+  end
+
+  def edit
+    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+    render :template => 'passwords/edit'
+  end
+
+  def update
+    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+
+    if @user.update_password(params[:user][:password],
+                             params[:user][:password_confirmation])
+      @user.confirm_email!
+      sign_in(@user)
+      flash_success_after_update
+      redirect_to(url_after_update)
+    else
+      render :template => 'passwords/edit'
+    end
+  end
+
+  private
+
+  def forbid_missing_token
+    if params[:token].blank?
+      raise ActionController::Forbidden, "missing token"
+    end
+  end
+
+  def forbid_non_existent_user
+    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
+      raise ActionController::Forbidden, "non-existent user"
+    end
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:deliver_change_password,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "You will receive an email within the next few minutes. " <<
+                  "It contains instructions for changing your password.")
+  end
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:unknown_email,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "Unknown email.")
+  end
+
+  def url_after_create
+    new_session_url
+  end
+
+  def flash_success_after_update
+    flash[:success] = translate(:signed_in, :default => "Signed in.")
+  end
+
+  def url_after_update
+    root_url
+  end
+end

app/controllers/clearance/sessions_controller.rb

@@ -0,0 +1,68 @@
+class Clearance::SessionsController < ApplicationController
+  unloadable
+
+  protect_from_forgery :except => :create
+  filter_parameter_logging :password
+  skip_before_filter :login_required
+
+  def new
+    render :template => 'sessions/new'
+  end
+
+  def create
+    @user = ::User.authenticate(params[:session][:email],
+                                params[:session][:password])
+    if @user.nil?
+      flash_failure_after_create
+      render :template => 'sessions/new', :status => :unauthorized
+    else
+      if @user.email_confirmed?
+        sign_in(@user)
+        remember(@user) if remember?
+        flash_success_after_create
+        redirect_back_or(url_after_create)
+      else
+        ::ClearanceMailer.deliver_confirmation(@user)
+        flash_notice_after_create
+        redirect_to(new_session_url)
+      end
+    end
+  end
+
+  def destroy
+    forget(current_user)
+    flash_success_after_destroy
+    redirect_to(url_after_destroy)
+  end
+
+  private
+
+  def flash_failure_after_create
+    flash.now[:failure] = translate(:bad_email_or_password,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "Bad email or password.")
+  end
+
+  def flash_success_after_create
+    flash[:success] = translate(:signed_in, :default =>  "Signed in.")
+  end
+
+  def flash_notice_after_create
+    flash[:notice] = translate(:unconfirmed_email,
+      :scope   => [:clearance, :controllers, :sessions],
+      :default => "User has not confirmed email. " <<
+                  "Confirmation email will be resent.")
+  end
+
+  def url_after_create
+    root_url
+  end
+
+  def flash_success_after_destroy
+    flash[:success] = translate(:signed_out, :default =>  "Signed out.")
+  end
+
+  def url_after_destroy
+    new_session_url
+  end
+end

app/controllers/leave_requests_controller.rb

@@ -42,14 +42,15 @@ def edit
   # POST /leave_requests
   # POST /leave_requests.xml
   def create
-    @leave_request = LeaveRequest.new(params[:leave_request])
+    @leave_request = current_user.leave_requests.build(params[:leave_request])
 
     respond_to do |format|
       if @leave_request.save
         flash[:notice] = 'LeaveRequest was successfully created.'
-        format.html { redirect_to(@leave_request) }
+        format.html { redirect_to(current_user) }
         format.xml  { render :xml => @leave_request, :status => :created, :location => @leave_request }
       else
+	      debugger
         format.html { render :action => "new" }
         format.xml  { render :xml => @leave_request.errors, :status => :unprocessable_entity }
       end

app/controllers/main_controller.rb

@@ -1,6 +1,7 @@
 require 'rfeedparser'
 
 class MainController < ApplicationController
+	skip_before_filter :login_required
   def index
     @clocked_in_users=User.clocked_in
     @clocked_out_users=User.clocked_out

app/controllers/users_controller.rb

@@ -1,7 +1,10 @@
 class UsersController < ApplicationController
+	skip_before_filter :login_required, :only => [:clockin, :clockout, :toggle]
   active_scaffold :user
   cache_sweeper :work_period_sweeper, :only => [:toggle, :clockin, :clockout]
-
+  before_filter :admin_required, :only => [:index, :delete]
+  before_filter :admin_or_self_required, :only => [:update, :show]
+
   # GET /users
   # GET /users.xml
   def index

app/mailers/leave_request_mailer.rb

@@ -0,0 +1,7 @@
+class LeaveRequestMailer < ActionMailer::Base
+	def leave_request(request)
+		subject "Leave request from #{request.employee}"
+		recipients User.admins.map(&:email)
+		body :request => request
+	end
+end

app/models/accrual.rb

@@ -1,17 +1,18 @@
 # == Schema Information
-# Schema version: 20090603200000
+# Schema version: 20090805190920
 #
 # Table name: accruals
 #
-#  id             :integer(4)      not null, primary key
-#  vacation_hours :float
-#  holiday_hours  :float
-#  sick_hours     :float
-#  created_at     :datetime
-#  updated_at     :datetime
-#  effective_date :datetime
-#  discriminator  :string(255)
-#  timesheet_id   :integer(4)
+#  id                     :integer(4)      not null, primary key
+#  vacation_hours         :float
+#  holiday_hours          :float
+#  sick_hours             :float
+#  created_at             :datetime
+#  updated_at             :datetime
+#  effective_date         :datetime
+#  discriminator          :string(255)
+#  timesheet_id           :integer(4)
+#  holiday_time_in_period :float           default(0.0)
 #
 
 class Accrual < ActiveRecord::Base

app/models/leave_period.rb

@@ -1,22 +1,18 @@
 # == Schema Information
-# Schema version: 20090529235331
+# Schema version: 20090805190920
 #
 # Table name: leave_periods
 #
 #  id               :integer(4)      not null, primary key
 #  leave_request_id :integer(4)
-#  from_date        :date
-#  until_date       :date
-#  from_time        :time
-#  until_time       :time
+#  from_date        :datetime
+#  until_date       :datetime
 #  created_at       :datetime
 #  updated_at       :datetime
+#  all_day          :boolean(1)
 #
 
 class LeavePeriod < ActiveRecord::Base
   belongs_to :leave_request
-  validate :check_valid
-  def check_valid
-
-  end
+#  validates_presence_of :leave_request
 end