Lock down specific projects controller

actions for admins only

app/helpers/application_helper.rb

@@ -6,4 +6,8 @@ def title(*parts)
       end
     end
   end
-end
+
+  def admins_only(&block)
+    concat(block.call) if current_user.try(:admin?)
+  end
+end

app/views/projects/index.html.erb

@@ -1,4 +1,6 @@
-<%= link_to "New Project", new_project_path %>
+<% admins_only do %>
+  <%= link_to "New Project", new_project_path %>
+<% end %>
 
 <h2>Projects</h2>
 <ul>

app/views/projects/show.html.erb

@@ -2,13 +2,13 @@
 
 <h2><%= @project.name %></h2>
 
-<%= link_to "Edit Project", edit_project_path(@project) %>
-
-<%= link_to "Delete Project",
-     project_path(@project),
+<% admins_only do %>
+  <%= link_to "Edit Project", edit_project_path(@project) %>
+  
+  <%= link_to "Delete Project", project_path(@project),
      :method => :delete,
      :confirm => "Are you sure you want to delete this project?" %>
-
+<% end %>
 
 <%= link_to "New Ticket", new_project_ticket_path(@project) %>     
 

spec/controllers/projects_controller_spec.rb

@@ -2,8 +2,8 @@
 
 describe ProjectsController do
   let(:project) { mock_model(Project, :id => 1) }
-  
-  let(:user) { Factory(:confirmed_user) }
+
+  let(:user) { FactoryGirl.create(:confirmed_user) }
 
   context "standard users" do
     before do

spec/integration/creating_projects_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 feature 'Creating Projects' do
   before do
-    sign_in_as!(Factory(:admin_user))
+    sign_in_as!(FactoryGirl.create(:admin_user))
     visit '/'
     click_link 'New Project'
   end

spec/integration/editing_tickets_spec.rb

@@ -4,7 +4,7 @@
   let!(:user) { FactoryGirl.create(:confirmed_user) }
 
   let!(:ticket) do
-    ticket = Factory.create(:ticket, :project => project)
+    ticket = FactoryGirl.create(:ticket, :project => project)
     ticket.update_attribute(:user, user)
     ticket
   end

spec/integration/hidden_links_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+feature "hidden links" do
+  let(:user) { FactoryGirl.create(:confirmed_user) }
+  let(:admin) { FactoryGirl.create(:admin_user) }
+  let(:project) { FactoryGirl.create(:project)}
+
+  context "anonymous users" do
+    scenario "cannot see the New Project link" do
+      visit '/'
+      assert_no_link_for "New Project"
+    end
+
+    scenario "cannot see the Edit Project link" do
+      visit project_path(project)
+      assert_no_link_for "Edit Project"
+    end
+
+    scenario "cannot see the Delete Project link" do
+      visit project_path(project)
+      assert_no_link_for "Delete Project"
+    end
+  end
+
+  context "regular users" do
+    before { sign_in_as!(user) }
+    scenario "cannot see the New Project link" do
+      visit '/'
+      assert_no_link_for "New Project"
+    end
+  end
+  context "admin users" do
+    before { sign_in_as!(admin) }
+    scenario "can see the New Project link" do
+      visit '/'
+      assert_link_for "New Project"
+    end
+
+    scenario "can see the Edit Project link" do
+      visit project_path(project)
+      assert_link_for "Edit Project"
+    end
+
+    scenario "can see the Delete Project link" do
+      visit project_path(project)
+      assert_link_for "Delete Project"
+    end
+  end
+end

spec/support/capybara_helpers.rb

@@ -0,0 +1,13 @@
+module CapybaraHelpers
+  def assert_no_link_for(text)
+    page.should_not(have_css("a", :text => text),
+                    "Expected not to see the #{text.inspect} link, but did.")
+  end
+  def assert_link_for(text)
+    page.should(have_css("a", :text => text),
+                "Expected to see the #{text.inspect} link, but did not.")
+  end
+end
+RSpec.configure do |config|
+  config.include CapybaraHelpers, :type => :request
+end