Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

admin check for the admin page #66

Merged
3 commits merged into from

1 participant

@matthewvermaak
Collaborator

Non-admins should not be in the admin interface

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 19, 2010
  1. @matthewvermaak
  2. @matthewvermaak

    use admin?

    matthewvermaak authored
  3. @matthewvermaak

    active member is active

    matthewvermaak authored
This page is out of date. Refresh to see the latest.
View
5 app/controllers/admin/base_controller.rb
@@ -8,6 +8,9 @@ class Admin::BaseController < ApplicationController
private
def admin_required
- current_member.is_admin?
+ unless admin?
+ flash[:notice] = "Can not access that area."
+ redirect_to motions_path
+ end
end
end
View
2  features/admin_manages_members.feature
@@ -4,7 +4,7 @@ Feature: Admin manages members
Must manage user accounts for the governance tool
Background:
- Given I am signed in as an active member called "Yehuda Katz"
+ Given I am signed in as an active admin member called "Yehuda Katz"
Scenario: View all users
Given these other members exist:
View
2  features/admin_sees_dashboard.feature
@@ -4,7 +4,7 @@ Feature: Admin has a dashboard
Must have a dashboard
Background:
- Given I am signed in as an active member called "Yehuda Katz"
+ Given I am signed in as an active admin member called "Yehuda Katz"
Scenario: See available actions
Given I am on the admin page
View
24 features/admin_signs_in.feature
@@ -0,0 +1,24 @@
+Feature: Admin Member signs in
+ As an active admin member
+ I want to sign in
+ So that I can do things normal active members are not allowed to
+
+ Background:
+ Given there is an active admin member with email "theman@example.com" and password "theman"
+ And there is an active member with email "someone@example.com" and password "someone"
+
+ Scenario: I attempt to log into the admin page with admin credentials
+ When I go to the admin page
+ And I fill in "Email" with "theman@example.com"
+ And I fill in "Password" with "theman"
+ And I press "Sign in"
+ Then I should be on the admin page
+ And I should see "Signed in successfully."
+
+ Scenario: I attempt to log into the admin page with member credentials
+ When I go to the admin page
+ And I fill in "Email" with "someone@example.com"
+ And I fill in "Password" with "someone"
+ And I press "Sign in"
+ Then I should be on the motions page
+ And I should see "Can not access that area."
View
2  features/member_signs_in.feature
@@ -17,4 +17,4 @@ Feature: Member signs in
When I fill in "Email" with "TestMan41@example.com"
And I fill in "Password" with "fail"
And I press "Sign in"
- Then I should not see "Signed in successfully."
+ Then I should not see "Signed in successfully."
View
9 features/step_definitions/member_steps.rb
@@ -16,13 +16,14 @@
Given "I am signed in as \"#{member.email}\""
end
-Given /^I am signed in as an active member called "([^"]*)"$/ do |name|
- member = Factory.create(:member, :name => name)
+Given /^I am signed in as an active(:? admin)? member called "([^"]*)"$/ do |admin, name|
+ member = Factory.create(:member, :name => name, :is_admin => admin.present?)
+ Factory.create(:active_membership, :member => member)
Given "I am signed in as \"#{member.email}\""
end
-Given /^there is an active member with email "([^"]*)" and password "([^"]*)"$/ do |email, password|
- member = Factory.create(:member, email: email, password: password)
+Given /^there is an active(:? admin)? member with email "([^"]*)" and password "([^"]*)"$/ do |admin, email, password|
+ member = Factory.create(:member, email: email, password: password, is_admin: admin.present?)
Factory(:active_membership, member: member)
end
Something went wrong with that request. Please try again.