Permalink
Browse files

Allow users to edit their profile

  • Loading branch information...
1 parent fa3626d commit 0ef8cfb9b439559c1d3d640aefab5512b38452af @jdpace jdpace committed Aug 20, 2010
@@ -1,7 +1,9 @@
class UsersController < ApplicationController
respond_to :html
- before_filter :require_admin!
+ before_filter :require_admin!, :except => [:edit, :update]
+ before_filter :find_user, :only => [:show, :edit, :update, :destroy]
+ before_filter :require_user_edit_priviledges, :only => [:edit, :update]
def index
@users = User.paginate(:page => params[:page])
@@ -16,7 +18,6 @@ def new
end
def edit
- @user = User.find(params[:id])
end
def create
@@ -37,7 +38,8 @@ def update
params[:user].delete(:password_confirmation)
end
- @user = User.find(params[:id])
+ # Set protected attributes
+ @user.admin = params[:user][:admin] if current_user.admin?
if @user.update_attributes(params[:user])
flash[:success] = "#{@user.name}'s information was successfully updated"
@@ -48,11 +50,21 @@ def update
end
def destroy
- @user = User.find(params[:id])
@user.destroy
flash[:success] = "That's sad. #{@user.name} is no longer part of your team."
redirect_to users_path
end
+ protected
+
+ def find_user
+ @user = User.find(params[:id])
+ end
+
+ def require_user_edit_priviledges
+ can_edit = current_user == @user || current_user.admin?
+ redirect_to(root_path) and return(false) unless can_edit
+ end
+
end
View
@@ -13,6 +13,8 @@ class User
validates_presence_of :name
+ attr_protected :admin
+
# Mongoid doesn't seem to currently support
# referencing embedded documents
def watchers
@@ -1,3 +1,4 @@
- if current_user
%ul#session-links
- %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
+ %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
+ %li= link_to 'Edit profile', edit_user_path(current_user), :id => 'edit-profile'
@@ -15,7 +15,8 @@
.required
= f.label :password_confirmation
= f.password_field :password_confirmation
-
-.checkbox
- = f.check_box :admin
- = f.label :admin, 'Admin?'
+
+- if current_user.admin?
+ .checkbox
+ = f.check_box :admin
+ = f.label :admin, 'Admin?'
@@ -63,6 +63,7 @@ a.action { float: right; font-size: 0.9em;}
}
#header #session-links li {
float: right;
+ margin-left: 10px;
color: #FFF;
background-color: #000;
border-radius: 6px;
@@ -88,6 +89,9 @@ a.action { float: right; font-size: 0.9em;}
#header #session-links #sign-out {
background: transparent url(images/icons/bullet-red-sm.png) 12px 50% no-repeat;
}
+#header #session-links #edit-profile {
+ padding-left: 10px;
+}
/* Navigation */
#nav-bar {
@@ -3,7 +3,61 @@
describe UsersController do
it_requires_authentication
- it_requires_admin_privileges
+ it_requires_admin_privileges :for => {
+ :index => :get,
+ :show => :get,
+ :new => :get,
+ :create => :post,
+ :destroy => :delete
+ }
+
+ context 'Signed in as a regular user' do
+ before do
+ sign_in @user = Factory(:user)
+ end
+
+ context "GET /users/:other_id/edit" do
+ it "redirects to the home page" do
+ get :edit, :id => Factory(:user).id
+ response.should redirect_to(root_path)
+ end
+ end
+
+ context "GET /users/:my_id/edit" do
+ it 'finds the user' do
+ get :edit, :id => @user.id
+ assigns(:user).should == @user
+ end
+ end
+
+ context "PUT /users/:other_id" do
+ it "redirects to the home page" do
+ put :update, :id => Factory(:user).id
+ response.should redirect_to(root_path)
+ end
+ end
+
+ context "PUT /users/:my_id/id" do
+ context "when the update is successful" do
+ it "sets a message to display" do
+ put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
+ request.flash[:success].should include('updated')
+ end
+
+ it "redirects to the user's page" do
+ put :update, :id => @user.to_param, :user => {:name => 'Kermit'}
+ response.should redirect_to(user_path(@user))
+ end
+ end
+
+ context "when the update is unsuccessful" do
+ it "renders the edit page" do
+ put :update, :id => @user.to_param, :user => {:name => nil}
+ response.should render_template(:edit)
+ end
+ end
+ end
+ end
context 'Signed in as an admin' do
before do
@@ -9,7 +9,7 @@ def it_requires_authentication(options = {})
:update => :put,
:destroy => :delete
},
- :params => {:id => 'dummyid'}
+ :params => {:id => '4c6c760494df2a18cc000015'}
}
options.reverse_merge!(default_options)

0 comments on commit 0ef8cfb

Please sign in to comment.