add self account edit for all users

app/controllers/users_controller.rb

@@ -0,0 +1,21 @@
+class UsersController < ApplicationController
+  before_filter :authorize
+  before_filter :authorize_me
+
+  def edit
+  end
+
+  def update
+    if @user.update_attributes params[:user]
+      redirect_to edit_user_path(@user), :notice => "account updated"
+    else
+      render action: :edit
+    end
+  end
+
+  private
+  def authorize_me
+    @user = User.find(params[:id])
+    deny_access! if current_user.id != @user.id
+  end
+end

app/views/admin/users/_form.html.erb

@@ -1,15 +1,5 @@
 <%= form_for [ :admin, @user ] do |f| %>
-
-  <%= f.label :username %>
-  <%= f.text_field :username %>
-
-  <%= f.label :password %>
-  <%= f.password_field :password %>
-
-  <%= f.label :password_confirmation %>
-  <%= f.password_field :password_confirmation %>
-
-
+  <%= render 'form_fields', f: f%>
   <fieldset>
     <legend>Groups <small>&mdash; <%= link_to 'new group', new_admin_group_path %></small></legend>
     <%= hidden_field_tag "user[group_ids][]", nil%>

app/views/admin/users/_form_fields.html.erb

@@ -0,0 +1,9 @@
+
+  <%= f.label :username %>
+  <%= f.text_field :username %>
+
+  <%= f.label :password %>
+  <%= f.password_field :password %>
+
+  <%= f.label :password_confirmation %>
+  <%= f.password_field :password_confirmation %>

app/views/layouts/application.html.erb

@@ -16,6 +16,9 @@
             <%= link_to 'users', admin_users_path %> |
             <%= link_to 'groups', admin_groups_path %> |
           </span>
+        <% else %>
+          <%= link_to 'My account', edit_user_path(current_user) %> |
+
         <% end %>
         <%= link_to 'logout', logout_path %>
       </div>

app/views/users/edit.html.erb

@@ -0,0 +1,11 @@
+<div class="page-header">
+  <h3>My account</h3>
+</div>
+
+<div class="span6">
+  <%= form_for @user do |f| %>
+    <%= render 'admin/users/form_fields', f: f %>
+    <br />
+    <button type="submit" class="btn">Update</button>
+  <% end %>
+</div>

config/routes.rb

@@ -1,4 +1,5 @@
 Roswell::Application.routes.draw do
+
   get 'signup', :to => 'users#new'
   get 'login', :to => 'sessions#new'
   get 'logout', :to => 'sessions#destroy'
@@ -9,7 +10,7 @@
   delete '/favorites', :to => 'favorites#destroy'
 
   resources :sessions
-  resources :users
+  resources :users, only: [ :edit, :update ]
 
   namespace :accounts do
     resources :generic_accounts, :path => 'generic'

test/controllers/users_controller_test.rb

@@ -0,0 +1,41 @@
+require "minitest_helper"
+
+describe UsersController do
+  let(:user) { FactoryGirl.create(:user) }
+  before { sign_in user }
+
+  it "refuses to edit not me" do
+    get :edit, id: FactoryGirl.create(:user)
+    assert_redirected_to login_path
+  end
+
+  it "accepts to edit me" do
+    get :edit, id: user
+    assert_response :success
+  end
+
+  it "refuses to update not me" do
+    post :update, id: FactoryGirl.create(:user), user: valid_attributes
+    assert_redirected_to login_path
+  end
+
+  it "updates me if attributes are valid" do
+    post :update, id: user, user: valid_attributes
+    user.reload
+    assert_equal 'this_is_me', user.username
+    assert_redirected_to user
+  end
+
+  it "re-renders the form if attributes are not valid" do
+    post :update, id: user, user: invalid_attributes
+    assert_response :success
+  end
+
+
+  def valid_attributes
+    { username: 'this_is_me', password: 'secret_password', password_confirmation: 'secret_password' }
+  end
+  def invalid_attributes
+    { username: 'this_is_me', password: 'secret_password', password_confirmation: 'oups...' }
+  end
+end