Permalink
Browse files

update action added, screen non-users

  • Loading branch information...
1 parent 754704a commit 16cd9e28ffb708b93fd1eff8b26dc1995f44d5cc @bjeanes bjeanes committed Jul 12, 2011
Showing with 79 additions and 0 deletions.
  1. +16 −0 app/controllers/users_controller.rb
  2. +3 −0 app/helpers/sessions_helper.rb
  3. +60 −0 spec/controllers/users_controller_spec.rb
@@ -1,4 +1,5 @@
class UsersController < ApplicationController
+ before_filter :authenticate, :only => [ :edit, :update ]
def show
@user = User.find(params[:id])
@@ -31,4 +32,19 @@ def edit
@button_name = 'Update'
end
+ def update
+ @user = User.find(params[:id])
+ if @user.update_attributes(params[:user])
+ flash[:success] = "User has been updated"
+ redirect_to @user
+ else
+ @title = "Edit User"
+ render 'edit'
+ end
+ end
+
+ private
+ def authenticate
+ deny_access unless signed_in?
+ end
end
@@ -21,6 +21,9 @@ def signed_in?
!current_user.nil?
end
+ def deny_access
+ redirect_to signin_path, :notice => "Please sign in to access this page"
+ end
def user_from_remember_token
User.authenticate_with_salt(*remember_token)
end
@@ -146,4 +146,64 @@
response.should have_selector("a", :href => link, :content => 'change')
end
end
+
+ describe "PUT 'update'" do
+ before(:each) do
+ @user = Factory(:user)
+ test_sign_in(@user)
+ end
+
+ describe "failure" do
+ before(:each) do
+ @attr = { :name => "", :email => "", :password => "",
+ :password_confirmation => "" }
+ end
+ it "should render the 'edit' page" do
+ put :update, :id => @user, :user => @attr
+ response.should render_template('edit')
+ end
+ it "should have the right title" do
+ put :update, :id => @user, :user => @attr
+ response.should have_selector("title", :content => "Edit User")
+ end
+ end
+
+ describe "success" do
+ before(:each) do
+ @attr = { :name => "New Name", :email => "user@example.org",
+ :password => "barbaz", :password_confirmation => "barbaz" }
+ end
+ it "should change the user's attributes" do
+ put :update, :id => @user, :user => @attr
+ @user.reload
+ @user.name.should == @attr[:name]
+ @user.email.should == @attr[:email]
+ end
+ it "should redirect_to the 'show' page" do
+ put :update, :id => @user, :user => @attr
+ response.should redirect_to(user_path(@user))
+ end
+ it "should have a flash message" do
+ put :update, :id => @user, :user => @attr
+ flash[:success].should =~ /updated/
+ end
+ end
+ end
+
+ describe "Authentication of edit/update pages" do
+ before(:each) do
+ @user = Factory(:user)
+ end
+
+ describe "For non-signed-in users" do
+ it "should deny access to 'edit'" do
+ get :edit, :id => @user
+ response.should redirect_to signin_path
+ end
+ it "should deny access to 'update'" do
+ get :edit, :id => @user, :user => {}
+ response.should redirect_to signin_path
+ end
+ end
+ end
end

0 comments on commit 16cd9e2

Please sign in to comment.