RubyGems - branston - Versions diffs - 0.6.1 → 0.6.2 - Mend

branston 0.6.1 → 0.6.2

Files changed (188) hide show

data/README.rdoc CHANGED Viewed

@@ -18,7 +18,7 @@ There's a bit of a dependency chain needed to get things running.  Cucumber has
 a dependency on Nokogiri, which itself has some libxml related dependencies
 including a dependency on a C compiler. On a clean Debian/Ubuntu box, this...
- sudo apt-get install libxml-ruby  libxml2-dev libxslt-ruby libxslt-dev build-essential sqlite3
+ sudo apt-get install libxml-ruby  libxml2-dev libxslt-ruby libxslt-dev build-essential sqlite3 libsqlite3-ruby libsqlite3-dev
  sudo gem install branston
 ...currently does the trick.

data/lib/branston/Gemfile ADDED Viewed

@@ -0,0 +1,25 @@
+source :gemcutter
+gem 'rails', '~> 2.3.5'
+gem 'sqlite3-ruby', :require => 'sqlite3'
+# bundler requires these gems in all environments
+gem 'calendar_date_select', '>= 1.15'
+gem 'aasm'
+gem 'googlecharts', ' ~> 1.4.0'
+group :development do
+  # bundler requires these gems in development
+  # currently nothing...
+end
+group :test do
+  gem 'cucumber', '0.4.4'
+  gem 'shoulda'
+  gem 'machinist'
+  gem 'webrat', '~> 0.5.3'
+  gem 'faker'
+  gem 'relevance-rcov'
+  gem 'ruby-prof'
+  gem 'ruby-debug'
+end

data/lib/branston/Gemfile.lock ADDED Viewed

@@ -0,0 +1,76 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    aasm (2.1.5)
+    actionmailer (2.3.11)
+      actionpack (= 2.3.11)
+    actionpack (2.3.11)
+      activesupport (= 2.3.11)
+      rack (~> 1.1.0)
+    activerecord (2.3.11)
+      activesupport (= 2.3.11)
+    activeresource (2.3.11)
+      activesupport (= 2.3.11)
+    activesupport (2.3.11)
+    builder (2.1.2)
+    calendar_date_select (1.16.1)
+    columnize (0.3.2)
+    cucumber (0.4.4)
+      builder (= 2.1.2)
+      diff-lcs (= 1.1.2)
+      polyglot (= 0.2.9)
+      term-ansicolor (= 1.0.4)
+      treetop (= 1.4.2)
+    diff-lcs (1.1.2)
+    faker (0.9.5)
+      i18n (~> 0.4)
+    googlecharts (1.4.0)
+    i18n (0.5.0)
+    linecache (0.43)
+    machinist (1.0.6)
+    nokogiri (1.4.4)
+    polyglot (0.2.9)
+    rack (1.1.0)
+    rails (2.3.11)
+      actionmailer (= 2.3.11)
+      actionpack (= 2.3.11)
+      activerecord (= 2.3.11)
+      activeresource (= 2.3.11)
+      activesupport (= 2.3.11)
+      rake (>= 0.8.3)
+    rake (0.8.7)
+    relevance-rcov (0.9.2.1)
+    ruby-debug (0.10.4)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.4.0)
+    ruby-debug-base (0.10.4)
+      linecache (>= 0.3)
+    ruby-prof (0.9.1)
+    shoulda (2.11.3)
+    sqlite3 (1.3.3)
+    sqlite3-ruby (1.3.3)
+      sqlite3 (>= 1.3.3)
+    term-ansicolor (1.0.4)
+    treetop (1.4.2)
+      polyglot (>= 0.2.5)
+    webrat (0.5.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  aasm
+  calendar_date_select (>= 1.15)
+  cucumber (= 0.4.4)
+  faker
+  googlecharts (~> 1.4.0)
+  machinist
+  rails (~> 2.3.5)
+  relevance-rcov
+  ruby-debug
+  ruby-prof
+  shoulda
+  sqlite3-ruby
+  webrat (~> 0.5.3)

data/lib/branston/app/controllers/application_controller.rb CHANGED Viewed

@@ -20,7 +20,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery # See ActionController::RequestForgeryProtection for details
   # Scrub sensitive parameters from your log
-  # filter_parameter_logging :password
+  filter_parameter_logging :password
   # RESTful authentication system
   include AuthenticatedSystem

data/lib/branston/app/controllers/outcomes_controller.rb CHANGED Viewed

@@ -109,6 +109,8 @@ class OutcomesController < ApplicationController
     end
   end
+  private
   def find_scenario
     @scenario = Scenario.find(params[:scenario_id])
   end

data/lib/branston/app/controllers/stories_controller.rb CHANGED Viewed

@@ -15,6 +15,7 @@
 class StoriesController < ApplicationController
   layout 'main'
+  before_filter :login_or_password_required, :only => [:show, :generate_feature]
   before_filter :login_required, :except => [:show, :generate_feature]
   before_filter :retrieve_iterations, :except => [:generate_feature]
   before_filter :load_iteration, :except => [:generate_feature, :show]
@@ -42,9 +43,9 @@ class StoriesController < ApplicationController
     Story.for_iteration(@iteration.id).map { |s|
       @total_assigned_points += s.points
     }
     @assignment_difference = @total_assigned_points - @iteration.velocity
     respond_to do |format|
       format.html # index.html.erb
       format.xml  { render :xml => @stories }
@@ -56,119 +57,114 @@ class StoriesController < ApplicationController
   def show
     @story = Story.find_by_slug(params[:id])
     @iteration = @story.iteration unless @story.nil?
     respond_to do |format|
       if @story
         format.html
         format.xml {
-          render :xml => (@story.to_xml :include => {
+          render :xml => (@story.to_xml :include => {
             :scenarios => { :include => [:preconditions, :outcomes] }
           })
         }
         format.js { @active = true }
-        else
-          format.html {
-            render_optional_error_file 404
-          }
-          format.all  { render :nothing => true, :status => 404 }
-        end
+      else
+        format.html { render_optional_error_file 404 }
+        format.all  { render :nothing => true, :status => 404 }
       end
     end
+  end
-    # GET /stories/new
-    # GET /stories/new.xml
-    def new
-      @story = Story.new(:iteration => @iteration)
+  # GET /stories/new
+  # GET /stories/new.xml
+  def new
+    @story = Story.new(:iteration => @iteration)
-      respond_to do |format|
-        format.html # new.html.erb
-        format.xml  { render :xml => @story }
-      end
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @story }
     end
+  end
-    # GET /stories/1/edit
-    def edit
-      @story = Story.find_by_slug(params[:id])
-    end
+  # GET /stories/1/edit
+  def edit
+    @story = Story.find_by_slug(params[:id])
+  end
+  # POST /stories
+  # POST /stories.xml
+  def create
+    @story = Story.new(params[:story])
+    @story.author = current_user
+    @story.iteration = @iteration
-    # POST /stories
-    # POST /stories.xml
-    def create
-      @story = Story.new(params[:story])
-      @story.author = current_user
-      @story.iteration = @iteration
-      respond_to do |format|
-        if @story.save
-          flash[:notice] = 'Story was successfully created.'
-          format.html { redirect_to iteration_stories_path(@iteration) }
-          format.xml  { render :xml => @story, :status => :created, :location => @story }
-        else
-          format.html { render :action => "new" }
-          format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
-        end
+    respond_to do |format|
+      if @story.save
+        flash[:notice] = 'Story was successfully created.'
+        format.html { redirect_to iteration_stories_path(@iteration) }
+        format.xml  { render :xml => @story, :status => :created, :location => @story }
+      else
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
       end
     end
+  end
-    # PUT /stories/"1
-    # PUT /stories/1.xml
-    def update
-      @story = Story.find_by_slug(params[:id])
-      if params[:story] and params[:story][:status]
-        if params[:story][:status] == 'in_progress'
-          @story.assign
-        end
-        if params[:story][:status] == 'quality_assurance'
-          @story.check_quality
-        end
-        if params[:story][:status] == 'new'
-          @story.back_to_new
-        end
+  # PUT /stories/"1
+  # PUT /stories/1.xml
+  def update
+    @story = Story.find_by_slug(params[:id])
-        if params[:story][:status] == 'completed'
-          @story.finish
-        end
-      end
+    if params[:story] and params[:story][:status]
+      @story.assign if params[:story][:status] == 'in_progress'
+      @story.check_quality if params[:story][:status] == 'quality_assurance'
+      @story.back_to_new if params[:story][:status] == 'new'
+      @story.finish if params[:story][:status] == 'completed'
+    end
-      respond_to do |format|
-        if @story.update_attributes(params[:story])
-          flash[:notice] = 'Story was successfully updated.'
-          format.html { redirect_to iteration_story_path(@iteration, @story) }
-          format.xml  { head :ok }
-          format.js { redirect_to iteration_stories_path(@iteration) }
-        else
-          format.html { render :action => "edit" }
-          format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
-        end
+    respond_to do |format|
+      if @story.update_attributes(params[:story])
+        flash[:notice] = 'Story was successfully updated.'
+        format.html { redirect_to iteration_story_path(@iteration, @story) }
+        format.xml  { head :ok }
+        format.js { redirect_to iteration_stories_path(@iteration) }
+      else
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @story.errors, :status => :unprocessable_entity }
       end
     end
+  end
-    # DELETE /stories/1
-    # DELETE /stories/1.xml
-    def destroy
-      @story = Story.find_by_slug(params[:id])
-      @story.destroy
+  # DELETE /stories/1
+  # DELETE /stories/1.xml
+  def destroy
+    @story = Story.find_by_slug(params[:id])
+    @story.destroy
-      respond_to do |format|
-        format.html { redirect_to iteration_stories_path(@iteration) }
-        format.xml  { head :ok }
-      end
+    respond_to do |format|
+      format.html { redirect_to iteration_stories_path(@iteration) }
+      format.xml  { head :ok }
     end
+  end
-    private
+  private
-    def retrieve_iterations
-      @iterations = Iteration.all
-    end
+  def retrieve_iterations
+    @iterations = Iteration.all
+  end
+  def load_iteration
+    @iteration = Iteration.find(params[:iteration_id])
+  end
-    def load_iteration
-      @iteration = Iteration.find(params[:iteration_id])
+  def login_or_password_required
+    user = User.authenticate(params[:login], params[:password])
+    if user
+      return true
+    else
+      return false
     end
   end
+end

data/lib/branston/app/controllers/users_controller.rb CHANGED Viewed

@@ -16,27 +16,85 @@ class UsersController < ApplicationController
   layout 'main'
-  # render new.rhtml
+  before_filter :login_required
+  before_filter :find_user, :only => [:suspend, :destroy, :activate]
+  before_filter :must_be_admin, :only => [:new, :create, :destroy, :suspend, :activate]
+  before_filter :must_be_admin_or_self, :only => [:edit, :update]
+  def index
+    @users = User.find(:all)
+  end
   def new
     @user = User.new
   end
   def create
-    logout_keeping_session!
     @user = User.new(params[:user])
-    success = @user && @user.save
-    if success && @user.errors.empty?
-      # Protects against session fixation attacks, causes request forgery
-      # protection if visitor resubmits an earlier form using back
-      # button. Uncomment if you understand the tradeoffs.
-      # reset session
-      self.current_user = @user # !! now logged in
-      redirect_back_or_default('/')
-      flash[:notice] = "Thanks for signing up!  We're sending you an email with your activation code."
+    @user.role = params[:user][:role] if current_user.has_role?("admin")
+    if @user && @user.valid? && @user.save!
+      redirect_to users_url
+      flash[:notice] = "User created."
     else
       flash[:error]  = "We couldn't set up that account, sorry.  Please try again, or contact an admin (link is above)."
       render :action => 'new'
     end
   end
+  def edit
+    @user = User.find(params[:id])
+  end
+  def update
+    @user = User.find(params[:id])
+    @user.role = params[:user][:role] if current_user.has_role?("admin")
+    if @user.update_attributes(params[:user])
+      redirect_to users_path
+    else
+      render :action => 'edit'
+    end
+  end
+  def suspend
+    @user.suspend!
+    redirect_to users_path
+  end
+  def activate
+    @user.activate!
+    redirect_to users_path
+  end
+  def destroy
+    @user.delete!
+    redirect_to users_path
+  end
+  protected
+  def find_user
+    @user = User.find(params[:id])
+  end
+  # A security filter which freezes out all non-admin users except the user
+  # who is the user identified by params[:id]
+  #
+  def must_be_admin_or_self
+    user = User.find(params[:id])
+    unless current_user.has_role?("admin") || current_user == user
+      flash[:error] = "You are not allowed to do that."
+      redirect_to users_path
+    end
+  end
+  # A security filter which freezes out all non-admin users.
+  #
+  def must_be_admin
+    unless current_user.has_role?("admin")
+      flash[:error] = "You are not allowed to do that."
+      redirect_to users_path
+    end
+  end
 end