Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add self account edit for all users

  • Loading branch information...
commit 51a80c27c00cf37f1bf0d298da391baa9df0b098 1 parent 7ce99b9
@demental demental authored
View
21 app/controllers/users_controller.rb
@@ -0,0 +1,21 @@
+class UsersController < ApplicationController
+ before_filter :authorize
+ before_filter :authorize_me
+
+ def edit
+ end
+
+ def update
+ if @user.update_attributes params[:user]
+ redirect_to edit_user_path(@user), :notice => "account updated"
+ else
+ render action: :edit
+ end
+ end
+
+ private
+ def authorize_me
+ @user = User.find(params[:id])
+ deny_access! if current_user.id != @user.id
+ end
+end
View
12 app/views/admin/users/_form.html.erb
@@ -1,15 +1,5 @@
<%= form_for [ :admin, @user ] do |f| %>
-
- <%= f.label :username %>
- <%= f.text_field :username %>
-
- <%= f.label :password %>
- <%= f.password_field :password %>
-
- <%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation %>
-
-
+ <%= render 'form_fields', f: f%>
<fieldset>
<legend>Groups <small>&mdash; <%= link_to 'new group', new_admin_group_path %></small></legend>
<%= hidden_field_tag "user[group_ids][]", nil%>
View
9 app/views/admin/users/_form_fields.html.erb
@@ -0,0 +1,9 @@
+
+ <%= f.label :username %>
+ <%= f.text_field :username %>
+
+ <%= f.label :password %>
+ <%= f.password_field :password %>
+
+ <%= f.label :password_confirmation %>
+ <%= f.password_field :password_confirmation %>
View
3  app/views/layouts/application.html.erb
@@ -16,6 +16,9 @@
<%= link_to 'users', admin_users_path %> |
<%= link_to 'groups', admin_groups_path %> |
</span>
+ <% else %>
+ <%= link_to 'My account', edit_user_path(current_user) %> |
+
<% end %>
<%= link_to 'logout', logout_path %>
</div>
View
11 app/views/users/edit.html.erb
@@ -0,0 +1,11 @@
+<div class="page-header">
+ <h3>My account</h3>
+</div>
+
+<div class="span6">
+ <%= form_for @user do |f| %>
+ <%= render 'admin/users/form_fields', f: f %>
+ <br />
+ <button type="submit" class="btn">Update</button>
+ <% end %>
+</div>
View
3  config/routes.rb
@@ -1,4 +1,5 @@
Roswell::Application.routes.draw do
+
get 'signup', :to => 'users#new'
get 'login', :to => 'sessions#new'
get 'logout', :to => 'sessions#destroy'
@@ -9,7 +10,7 @@
delete '/favorites', :to => 'favorites#destroy'
resources :sessions
- resources :users
+ resources :users, only: [ :edit, :update ]
namespace :accounts do
resources :generic_accounts, :path => 'generic'
View
41 test/controllers/users_controller_test.rb
@@ -0,0 +1,41 @@
+require "minitest_helper"
+
+describe UsersController do
+ let(:user) { FactoryGirl.create(:user) }
+ before { sign_in user }
+
+ it "refuses to edit not me" do
+ get :edit, id: FactoryGirl.create(:user)
+ assert_redirected_to login_path
+ end
+
+ it "accepts to edit me" do
+ get :edit, id: user
+ assert_response :success
+ end
+
+ it "refuses to update not me" do
+ post :update, id: FactoryGirl.create(:user), user: valid_attributes
+ assert_redirected_to login_path
+ end
+
+ it "updates me if attributes are valid" do
+ post :update, id: user, user: valid_attributes
+ user.reload
+ assert_equal 'this_is_me', user.username
+ assert_redirected_to user
+ end
+
+ it "re-renders the form if attributes are not valid" do
+ post :update, id: user, user: invalid_attributes
+ assert_response :success
+ end
+
+
+ def valid_attributes
+ { username: 'this_is_me', password: 'secret_password', password_confirmation: 'secret_password' }
+ end
+ def invalid_attributes
+ { username: 'this_is_me', password: 'secret_password', password_confirmation: 'oups...' }
+ end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.