RubyGems - branston - Versions diffs - 0.6.1 → 0.6.2 - Mend

branston 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

data/README.rdoc CHANGED Viewed

@@ -18,7 +18,7 @@ There's a bit of a dependency chain needed to get things running.  Cucumber has
 a dependency on Nokogiri, which itself has some libxml related dependencies
 including a dependency on a C compiler. On a clean Debian/Ubuntu box, this...
- sudo apt-get install libxml-ruby  libxml2-dev libxslt-ruby libxslt-dev build-essential sqlite3
+ sudo apt-get install libxml-ruby  libxml2-dev libxslt-ruby libxslt-dev build-essential sqlite3 libsqlite3-ruby libsqlite3-dev
  sudo gem install branston
 ...currently does the trick.

data/lib/branston/Gemfile ADDED Viewed

@@ -0,0 +1,25 @@
+source :gemcutter
+gem 'rails', '~> 2.3.5'
+gem 'sqlite3-ruby', :require => 'sqlite3'
+# bundler requires these gems in all environments
+gem 'calendar_date_select', '>= 1.15'
+gem 'aasm'
+gem 'googlecharts', ' ~> 1.4.0'
+group :development do
+  # bundler requires these gems in development
+  # currently nothing...
+end
+group :test do
+  gem 'cucumber', '0.4.4'
+  gem 'shoulda'
+  gem 'machinist'
+  gem 'webrat', '~> 0.5.3'
+  gem 'faker'
+  gem 'relevance-rcov'
+  gem 'ruby-prof'
+  gem 'ruby-debug'
+end

data/lib/branston/Gemfile.lock ADDED Viewed

@@ -0,0 +1,76 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    aasm (2.1.5)
+    actionmailer (2.3.11)
+      actionpack (= 2.3.11)
+    actionpack (2.3.11)
+      activesupport (= 2.3.11)
+      rack (~> 1.1.0)
+    activerecord (2.3.11)
+      activesupport (= 2.3.11)
+    activeresource (2.3.11)
+      activesupport (= 2.3.11)
+    activesupport (2.3.11)
+    builder (2.1.2)
+    calendar_date_select (1.16.1)
+    columnize (0.3.2)
+    cucumber (0.4.4)
+      builder (= 2.1.2)
+      diff-lcs (= 1.1.2)
+      polyglot (= 0.2.9)
+      term-ansicolor (= 1.0.4)
+      treetop (= 1.4.2)
+    diff-lcs (1.1.2)
+    faker (0.9.5)
+      i18n (~> 0.4)
+    googlecharts (1.4.0)
+    i18n (0.5.0)
+    linecache (0.43)
+    machinist (1.0.6)
+    nokogiri (1.4.4)
+    polyglot (0.2.9)
+    rack (1.1.0)
+    rails (2.3.11)
+      actionmailer (= 2.3.11)
+      actionpack (= 2.3.11)
+      activerecord (= 2.3.11)
+      activeresource (= 2.3.11)
+      activesupport (= 2.3.11)
+      rake (>= 0.8.3)
+    rake (0.8.7)
+    relevance-rcov (0.9.2.1)
+    ruby-debug (0.10.4)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.4.0)
+    ruby-debug-base (0.10.4)
+      linecache (>= 0.3)
+    ruby-prof (0.9.1)
+    shoulda (2.11.3)
+    sqlite3 (1.3.3)
+    sqlite3-ruby (1.3.3)
+      sqlite3 (>= 1.3.3)
+    term-ansicolor (1.0.4)
+    treetop (1.4.2)
+      polyglot (>= 0.2.5)
+    webrat (0.5.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  aasm
+  calendar_date_select (>= 1.15)
+  cucumber (= 0.4.4)
+  faker
+  googlecharts (~> 1.4.0)
+  machinist
+  rails (~> 2.3.5)
+  relevance-rcov
+  ruby-debug
+  ruby-prof
+  shoulda
+  sqlite3-ruby
+  webrat (~> 0.5.3)

data/lib/branston/app/controllers/application_controller.rb CHANGED Viewed

@@ -20,7 +20,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery # See ActionController::RequestForgeryProtection for details
   # Scrub sensitive parameters from your log
-  # filter_parameter_logging :password
+  filter_parameter_logging :password
   # RESTful authentication system
   include AuthenticatedSystem

data/lib/branston/app/controllers/outcomes_controller.rb CHANGED Viewed

@@ -109,6 +109,8 @@ class OutcomesController < ApplicationController
     end
   end
+  private
   def find_scenario
     @scenario = Scenario.find(params[:scenario_id])
   end

data/lib/branston/app/controllers/stories_controller.rb CHANGED Viewed

@@ -15,6 +15,7 @@
 class StoriesController < ApplicationController
   layout 'main'
+  before_filter :login_or_password_required, :only => [:show, :generate_feature]
   before_filter :login_required, :except => [:show, :generate_feature]
   before_filter :retrieve_iterations, :except => [:generate_feature]
   before_filter :load_iteration, :except => [:generate_feature, :show]
@@ -42,9 +43,9 @@ class StoriesController < ApplicationController
     Story.for_iteration(@iteration.id).map { |s|
       @total_assigned_points += s.points
     }
     @assignment_difference = @total_assigned_points - @iteration.velocity
     respond_to do |format|
       format.html # index.html.erb
       format.xml  { render :xml => @stories }
@@ -56,119 +57,114 @@ class StoriesController < ApplicationController
   def show
     @story = Story.find_by_slug(params[:id])
     @iteration = @story.iteration unless @story.nil?
     respond_to do |format|
       if @story
         format.html
         format.xml {
-          render :xml => (@story.to_xml :include => {
+          render :xml => (@story.to_xml :include => {
             :scenarios => { :include => [:preconditions, :outcomes] }
           })
         }
         format.js { @active = true }
-        else
-          format.html {
-            render_optional_error_file 404
-          }
-          format.all  { render :nothing => true, :status => 404 }
-        end
+      else
+        format.html { render_optional_error_file 404 }
+        format.all  { render :nothing => true, :status => 404 }
       end
     end
+  end
-    # GET /stories/new
-    # GET /stories/new.xml
-    def new
-      @story = Story.new(:iteration => @iteration)
+  # GET /stories/new
+  # GET /stories/new.xml
+  def new
+    @story = Story.new(:iteration => @iteration)
-      respond_to do |format|
-        format.html # new.html.erb
-        format.xml  { render :xml => @story }
-      end
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @story }
     end
+  end
-    # GET /stories/1/edit
-    def edit
-      @story = Story.find_by_slug(params[:id])
-    end
+  # GET /stories/1/edit
+  def edit
+    @story = Story.find_by_slug(params[:id])
+  end
+  # POST /stories
+  # POST /stories.xml
+  def create
+    @story = Story.new(params[:story])
+    @story.author = current_user
+    @story.iteration = @iteration
-    # POST /stories
-    # POST /stories.xml
-    def create
-      @story = Story.new(params[:story])
-      @story.author = current_user
-      @story.iteration = @iteration
-      respond_to do |format|
-        if @story.save
-          flash[:notice] = 'Story was successfully created.'
-          format.html { redirect_to iteration_stories_path(@iteration) }
-          format.xml  { render :xml => @story, :status => :created, :location => @story }
-        else
-          format.html { render :action => "new" }
-          format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
-        end
+    respond_to do |format|
+      if @story.save
+        flash[:notice] = 'Story was successfully created.'
+        format.html { redirect_to iteration_stories_path(@iteration) }
+        format.xml  { render :xml => @story, :status => :created, :location => @story }
+      else
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
       end
     end
+  end
-    # PUT /stories/"1
-    # PUT /stories/1.xml
-    def update
-      @story = Story.find_by_slug(params[:id])
-      if params[:story] and params[:story][:status]
-        if params[:story][:status] == 'in_progress'
-          @story.assign
-        end
-        if params[:story][:status] == 'quality_assurance'
-          @story.check_quality
-        end
-        if params[:story][:status] == 'new'
-          @story.back_to_new
-        end
+  # PUT /stories/"1
+  # PUT /stories/1.xml
+  def update
+    @story = Story.find_by_slug(params[:id])
-        if params[:story][:status] == 'completed'
-          @story.finish
-        end
-      end
+    if params[:story] and params[:story][:status]
+      @story.assign if params[:story][:status] == 'in_progress'
+      @story.check_quality if params[:story][:status] == 'quality_assurance'
+      @story.back_to_new if params[:story][:status] == 'new'
+      @story.finish if params[:story][:status] == 'completed'
+    end
-      respond_to do |format|
-        if @story.update_attributes(params[:story])
-          flash[:notice] = 'Story was successfully updated.'
-          format.html { redirect_to iteration_story_path(@iteration, @story) }
-          format.xml  { head :ok }
-          format.js { redirect_to iteration_stories_path(@iteration) }
-        else
-          format.html { render :action => "edit" }
-          format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
-        end
+    respond_to do |format|
+      if @story.update_attributes(params[:story])
+        flash[:notice] = 'Story was successfully updated.'
+        format.html { redirect_to iteration_story_path(@iteration, @story) }
+        format.xml  { head :ok }
+        format.js { redirect_to iteration_stories_path(@iteration) }
+      else
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
       end
     end
+  end
-    # DELETE /stories/1
-    # DELETE /stories/1.xml
-    def destroy
-      @story = Story.find_by_slug(params[:id])
-      @story.destroy
+  # DELETE /stories/1
+  # DELETE /stories/1.xml
+  def destroy
+    @story = Story.find_by_slug(params[:id])
+    @story.destroy
-      respond_to do |format|
-        format.html { redirect_to iteration_stories_path(@iteration) }
-        format.xml  { head :ok }
-      end
+    respond_to do |format|
+      format.html { redirect_to iteration_stories_path(@iteration) }
+      format.xml  { head :ok }
     end
+  end
-    private
+  private
-    def retrieve_iterations
-      @iterations = Iteration.all
-    end
+  def retrieve_iterations
+    @iterations = Iteration.all
+  end
+  def load_iteration
+    @iteration = Iteration.find(params[:iteration_id])
+  end
-    def load_iteration
-      @iteration = Iteration.find(params[:iteration_id])
+  def login_or_password_required
+    user = User.authenticate(params[:login], params[:password])
+    if user
+      return true
+    else
+      return false
     end
   end
+end

data/lib/branston/app/controllers/users_controller.rb CHANGED Viewed

@@ -16,27 +16,85 @@ class UsersController < ApplicationController
   layout 'main'
-  # render new.rhtml
+  before_filter :login_required
+  before_filter :find_user, :only => [:suspend, :destroy, :activate]
+  before_filter :must_be_admin, :only => [:new, :create, :destroy, :suspend, :activate]
+  before_filter :must_be_admin_or_self, :only => [:edit, :update]
+  def index
+    @users = User.find(:all)
+  end
   def new
     @user = User.new
   end
   def create
-    logout_keeping_session!
     @user = User.new(params[:user])
-    success = @user && @user.save
-    if success && @user.errors.empty?
-      # Protects against session fixation attacks, causes request forgery
-      # protection if visitor resubmits an earlier form using back
-      # button. Uncomment if you understand the tradeoffs.
-      # reset session
-      self.current_user = @user # !! now logged in
-      redirect_back_or_default('/')
-      flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+    @user.role = params[:user][:role] if current_user.has_role?("admin")
+    if @user && @user.valid? && @user.save!
+      redirect_to users_url
+      flash[:notice] = "User created."
     else
       flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
       render :action => 'new'
     end
   end
+  def edit
+    @user = User.find(params[:id])
+  end
+  def update
+    @user = User.find(params[:id])
+    @user.role = params[:user][:role] if current_user.has_role?("admin")
+    if @user.update_attributes(params[:user])
+      redirect_to users_path
+    else
+      render :action => 'edit'
+    end
+  end
+  def suspend
+    @user.suspend!
+    redirect_to users_path
+  end
+  def activate
+    @user.activate!
+    redirect_to users_path
+  end
+  def destroy
+    @user.delete!
+    redirect_to users_path
+  end
+  protected
+  def find_user
+    @user = User.find(params[:id])
+  end
+  # A security filter which freezes out all non-admin users except the user
+  # who is the user identified by params[:id]
+  #
+  def must_be_admin_or_self
+    user = User.find(params[:id])
+    unless current_user.has_role?("admin") || current_user == user
+      flash[:error] = "You are not allowed to do that."
+      redirect_to users_path
+    end
+  end
+  # A security filter which freezes out all non-admin users.
+  #
+  def must_be_admin
+    unless current_user.has_role?("admin")
+      flash[:error] = "You are not allowed to do that."
+      redirect_to users_path
+    end
+  end
 end