Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: sabman/sample-app-karachicrime
base: 2613d6be63
...
head fork: sabman/sample-app-karachicrime
compare: 2a07df0c0b
Checking mergeability… Don't worry, you can still create the pull request.
  • 16 commits
  • 13 files changed
  • 0 commit comments
  • 1 contributor
View
2  Gemfile
@@ -30,7 +30,7 @@ group :development do
gem 'guard-spork'
gem 'growl'
- gem 'annotate'
+ # gem 'annotate'
end
group :test do
View
4 Gemfile.lock
@@ -28,7 +28,6 @@ GEM
activesupport (3.2.1)
i18n (~> 0.6)
multi_json (~> 1.0)
- annotate (2.4.0)
arel (3.0.0)
bcrypt-ruby (3.0.1)
builder (3.0.0)
@@ -48,7 +47,7 @@ GEM
coffee-script-source
execjs
coffee-script-source (1.2.0)
- cucumber (1.1.7)
+ cucumber (1.1.8)
builder (>= 2.1.2)
diff-lcs (>= 1.1.2)
gherkin (~> 2.8.0)
@@ -182,7 +181,6 @@ PLATFORMS
ruby
DEPENDENCIES
- annotate
bcrypt-ruby
capybara
coffee-rails (>= 3.2.2)
View
10 app/assets/stylesheets/layout.css.scss
@@ -195,11 +195,19 @@ div.field, div.actions {
padding: 10px 5px 5px 5px;
}
- ul{
+ ul {
margin-bottom: 0px;
li {
font-size: 12px;
list-style: square;
}
}
+}
+
+ul.users {
+ margin-top: 1em;
+
+ li{
+ list-style: none;
+ }
}
View
2  app/controllers/sessions_controller.rb
@@ -6,7 +6,7 @@ def create
user = User.find_by_email(params[:session][:email])
if user && user.authenticate(params[:session][:password])
sign_in user
- redirect_to user
+ redirect_back_or user
else
flash.now[:error] = 'Invalid email/password combination' # Not quite right!
render :new
View
33 app/controllers/users_controller.rb
@@ -1,4 +1,11 @@
class UsersController < ApplicationController
+ before_filter :signed_in_user, only: [:index, :edit, :update]
+ before_filter :correct_user, only: [:edit, :update]
+
+ def index
+ @users = User.all
+ end
+
def new
@user = User.new
end
@@ -17,4 +24,30 @@ def create
render :new
end
end
+
+ def edit
+ end
+
+ def update
+ if @user.update_attributes(params[:user])
+ flash[:success] = "Profile updated"
+ sign_in @user
+ redirect_to(@user)
+ else
+ render 'edit'
+ end
+ end
+
+ private
+ def signed_in_user
+ unless signed_in?
+ store_location
+ redirect_to(signin_path, notice: "Please sign in")
+ end
+ end
+
+ def correct_user
+ @user = User.find(params[:id])
+ redirect_to(root_path) unless current_user?(@user)
+ end
end
View
17 app/helpers/sessions_helper.rb
@@ -20,9 +20,26 @@ def signed_in?
!current_user.nil?
end
+ def current_user?(user)
+ user == current_user
+ end
+
+ def redirect_back_or(default)
+ redirect_to(session[:return_to] || default)
+ clear_return_to
+ end
+
+ def store_location
+ session[:return_to] = request.fullpath
+ end
+
private
def user_from_remember_token
remember_token = cookies[:remember_token]
User.find_by_remember_token(remember_token) unless remember_token.nil?
end
+
+ def clear_return_to
+ session.delete(:return_to)
+ end
end
View
4 app/models/user.rb
@@ -32,9 +32,7 @@ class User < ActiveRecord::Base
validates :email, presence: true,
format: { with: valid_email_regex },
uniqueness: {case_sensitive: false}
- validates :password, confirmation: true,
- presence: true,
- length: { within: 6..40 }
+ validates :password, length: { within: 6..40 }
private
View
2  app/views/layouts/_header.html.haml
@@ -3,7 +3,9 @@
%ul
%li= link_to "Home", root_path
-if signed_in?
+ %li= link_to "Users", users_path
%li= link_to "Profile", current_user
+ %li= link_to "Settings", edit_user_path(current_user)
%li= link_to "Help", help_path
-if signed_in?
%li= link_to "Sign out", signout_path, method: :delete
View
27 app/views/users/edit.html.haml
@@ -0,0 +1,27 @@
+- provide :title, "Edit user"
+
+%h1 Edit user
+
+= form_for(@user) do |f|
+ = render 'shared/error_messages'
+ .field
+ = f.label :name
+ %br
+ = f.text_field :name
+ .field
+ = f.label :email
+ %br
+ = f.text_field :email
+ .field
+ = f.label :password
+ %br
+ = f.text_field :password
+ .field
+ = f.label :password_confirmation, "Confirmation"
+ %br
+ = f.text_field :password_confirmation
+ .actions
+ = f.submit "Update"
+%div
+ = gravatar_for(@user)
+ %a{href: "http://gravatar.com/emails"} change
View
9 app/views/users/index.html.haml
@@ -0,0 +1,9 @@
+- provide :title, 'All users'
+
+%h1 All users
+
+%ul.users
+ - @users.each do |user|
+ %li
+ = gravatar_for(user, size: 30)
+ = link_to user.name, user
View
63 spec/requests/authentication_pages_spec.rb
@@ -29,8 +29,12 @@
end
it { should have_selector('title', text: user.name) }
- it { should have_link('Profile', href: user_path(user)) }
- it { should have_link('Sign out', href: signout_path) }
+
+ it { should have_link('Users', href: users_path) }
+ it { should have_link('Profile', href: user_path(user)) }
+ it { should have_link('Settings', href: edit_user_path(user)) }
+ it { should have_link('Sign out', href: signout_path) }
+
it { should_not have_link('Sign in', href: signin_path) }
describe "followed by signout" do
@@ -39,4 +43,59 @@
end
end
end
+
+ describe "authorisation" do
+ describe "for non-signed-in users" do
+ let(:user) { FactoryGirl.create(:user) }
+
+ describe "when attempting to visit a protected page" do
+ before do
+ visit edit_user_path(user)
+ fill_in "Email", with: user.email
+ fill_in "Password", with: user.password
+ click_button "Sign in"
+ end
+
+ describe "after sign in" do
+ it "should the desired protected page" do
+ page.should have_selector('title', text: "Edit user")
+ end
+ end
+ end
+
+ describe "visiting user index" do
+ before { visit users_path }
+ it { should have_selector('title', text: 'Sign in') }
+ end
+
+ describe "in the Users controller" do
+
+ describe "visiting the edit page" do
+ before { visit edit_user_path(user) }
+ it { should have_selector('title', text: 'Sign in') }
+ end
+
+ describe "submitting to the update action" do
+ before { put user_path(user) }
+ specify { response.should redirect_to(signin_path) }
+ end
+ end
+ end
+
+ describe "as a wrong user" do
+ let(:user) { FactoryGirl.create(:user) }
+ let(:wrong_user) { FactoryGirl.create(:user, email: 'wrong@example.com') }
+ before { sign_in user }
+
+ describe "visiting Users#edit page" do
+ before { visit edit_user_path(wrong_user) }
+ it { should have_selector('title', text: "Home") }
+ end
+
+ describe "submitting a PUT request to Users#update action" do
+ before { put user_path(wrong_user) }
+ specify { response.should redirect_to(root_path) }
+ end
+ end
+ end
end
View
43 spec/requests/user_pages_spec.rb
@@ -4,7 +4,7 @@
subject { page }
- describe "signup" do
+ describe "signup page" do
before { visit signup_path }
describe "with invalid information" do
@@ -55,4 +55,45 @@
it { should have_selector('h1', text: user.name) }
it { should have_selector('title', text: user.name) }
end
+
+ describe "edit" do
+ let(:user) { FactoryGirl.create(:user) }
+ before do
+ sign_in user
+ visit edit_user_path(user)
+ end
+
+
+ describe "page" do
+ it { should have_selector('h1', text: "Edit user") }
+ it { should have_selector('title', text: "Edit user") }
+ it { should have_link('change', href: 'http://gravatar.com/emails') }
+ end
+
+ describe "with invalid information" do
+ let(:error) { '1 error prohibited this user from being saved' }
+ before { click_button "Update" }
+
+ it { should have_content(error) }
+ end
+
+ describe "with valid information" do
+ let(:user) { FactoryGirl.create(:user) }
+ let(:new_name) { "New Name" }
+ let(:new_email) { "new@example.com" }
+ before do
+ fill_in "Name", with: new_name
+ fill_in "Email", with: new_email
+ fill_in "Password", with: user.password
+ fill_in "Confirmation", with: user.password
+ click_button "Update"
+ end
+
+ it { should have_selector('title', text: new_name) }
+ it { should have_selector('div.flash.success') }
+ it { should have_link('Sign out', href: signout_path) }
+ specify { user.reload.name.should == new_name }
+ specify { user.reload.email.should == new_email }
+ end
+ end
end
View
9 spec/support/utilities.rb
@@ -6,3 +6,12 @@ def full_title(page_title)
"#{base_title} | #{page_title}"
end
end
+
+def sign_in(user)
+ visit signin_path
+ fill_in "Email", with: user.email
+ fill_in "Password", with: user.password
+ click_button "Sign in"
+ # Sign in when not using Capybara as well.
+ cookies[:remember_token] = user.remember_token
+end

No commit comments for this range

Something went wrong with that request. Please try again.