update action added, screen non-users

tritchie · Jul 12, 2011 · 16cd9e2 · 16cd9e2
1 parent 754704a
commit 16cd9e2
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 0 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+  before_filter :authenticate, :only => [ :edit, :update ]
 
   def show
     @user = User.find(params[:id])
@@ -31,4 +32,19 @@ def edit
     @button_name = 'Update'
   end
 
+  def update
+    @user = User.find(params[:id])
+    if @user.update_attributes(params[:user])
+      flash[:success] = "User has been updated"
+      redirect_to @user
+    else
+      @title = "Edit User"
+      render 'edit'
+    end
+  end
+
+  private
+  def authenticate
+    deny_access unless signed_in?
+  end
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -21,6 +21,9 @@ def signed_in?
     !current_user.nil?
   end
 
+  def deny_access
+    redirect_to signin_path, :notice => "Please sign in to access this page"
+  end
   def user_from_remember_token
     User.authenticate_with_salt(*remember_token)
   end

diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
@@ -146,4 +146,64 @@
       response.should have_selector("a", :href => link, :content => 'change')
     end
   end
+
+  describe "PUT 'update'" do
+    before(:each) do
+      @user = Factory(:user)
+      test_sign_in(@user)
+    end
+
+    describe "failure" do
+      before(:each) do
+        @attr = { :name => "", :email => "", :password => "",
+                  :password_confirmation => "" }
+      end
+      it "should render the 'edit' page" do
+        put :update, :id => @user, :user => @attr
+        response.should render_template('edit')
+      end
+      it "should have the right title" do
+        put :update, :id => @user, :user => @attr
+        response.should have_selector("title", :content => "Edit User")
+      end
+    end
+
+    describe "success" do
+      before(:each) do
+        @attr = { :name => "New Name", :email => "user@example.org",
+                  :password => "barbaz", :password_confirmation => "barbaz" }
+      end
+      it "should change the user's attributes" do
+        put :update, :id => @user, :user => @attr
+        @user.reload
+        @user.name.should  == @attr[:name]
+        @user.email.should == @attr[:email]
+      end
+      it "should redirect_to the 'show' page" do
+        put :update, :id => @user, :user => @attr
+        response.should redirect_to(user_path(@user))
+      end
+      it "should have a flash message" do
+        put :update, :id => @user, :user => @attr
+        flash[:success].should =~ /updated/
+      end
+    end
+  end
+
+  describe "Authentication of edit/update pages" do
+      before(:each) do
+        @user = Factory(:user)
+      end
+
+    describe "For non-signed-in users" do
+      it "should deny access to 'edit'" do
+        get :edit, :id => @user
+        response.should redirect_to signin_path
+      end
+      it "should deny access to 'update'" do
+        get :edit, :id => @user, :user => {}
+        response.should redirect_to signin_path
+      end
+    end
+  end
 end