RubyGems - dancroak-clearance - Versions diffs - 0.1.2 → 0.1.3 - Mend

dancroak-clearance 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/README.textile +2 -2
data/clearance.gemspec +4 -4
data/lib/clearance/app/controllers/users_controller.rb +1 -1
data/lib/clearance/test/functionals/sessions_controller_test.rb +4 -6
data/lib/clearance/test/functionals/users_controller_test.rb +84 -0
data/lib/clearance/test/test_helper.rb +79 -0
metadata +3 -3

data/README.textile CHANGED

@@ -62,12 +62,12 @@ In app/controllers/users_controller.rb:
 h2. Routes
-  map.root # :controller => 'sessions'
+  map.root # '/', :controller => 'sessions', :action => 'new'
   map.with_options :controller => 'sessions'  do |m|
     m.login  '/login',  :action => 'new'
     m.logout '/logout', :action => 'destroy'
   end
-  map.resource :sessions
+  map.resource :session
 h2. Tests

data/clearance.gemspec CHANGED

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "clearance"
-  s.version = "0.1.2"
+  s.version = "0.1.3"
   s.date = "2008-09-16"
   s.summary = "Simple, complete Rails authentication."
   s.email = "dcroak@thoughtbot.com"
@@ -14,8 +14,8 @@ Gem::Specification.new do |s|
     "lib/clearance/app/models/model.rb",
     "lib/clearance/app/controllers/sessions_controller.rb",
     "lib/clearance/test/functionals/sessions_controller_test.rb",
-    "lib/clearance/test_helper.rb",
+    "lib/clearance/test/test_helper.rb",
     "lib/clearance/test/units/user_test.rb",
     "lib/clearance/app/controllers/users_controller.rb",
-    "lib/clearance/test/controllers/users_controller_test.rb"]
-end
+    "lib/clearance/test/functionals/users_controller_test.rb"]
+end

data/lib/clearance/app/controllers/users_controller.rb CHANGED

@@ -65,7 +65,7 @@ module Clearance
     module PrivateInstanceMethods
       def ensure_user_is_accessing_self
         return if current_user and current_user.respond_to?(:admin?) and current_user.admin?
-        deny_access 'You cannot edit that user.' unless current_user.id.to_i == params[:id].to_i
+        deny_access('You cannot edit that user.', :redirect => root_url) unless current_user.id.to_i == params[:id].to_i
       end
     end

data/lib/clearance/test/functionals/sessions_controller_test.rb CHANGED

@@ -4,9 +4,7 @@ module Clearance
     def self.included(base)
       base.class_eval do
         context "Given a user" do
-          setup do
-            @user = Factory(:user)
-          end
+          setup { @user = Factory :user }
           should_filter :password
@@ -32,7 +30,7 @@ module Clearance
             should_set_the_flash_to /success/i
             should_redirect_to 'root_url'
-            # should set session
+            # TODO: should set session
           end
           context "a POST to #create with bad credentials" do
@@ -42,10 +40,10 @@ module Clearance
             should_set_the_flash_to /bad/i
             should_render_template :new
-            # should not set session
+            # TODO: should not set session
           end
-          # two tests for remember me - success and failure
+          # TODO: two tests for remember me - success and failure
         end
         context "While logged out" do

data/lib/clearance/test/functionals/users_controller_test.rb ADDED

@@ -0,0 +1,84 @@
+module Clearance
+  module UsersControllerTest
+    def self.included(base)
+      base.class_eval do
+        public_context do
+          should_deny_access_on "get :new", :redirect => "login_url"
+          should_deny_access_on "post :create, :user => {}", :redirect => "login_url"
+          should_deny_access_on "get :edit, :id => 1", :redirect => "login_url"
+          should_deny_access_on "put :update, :id => 1", :redirect => "login_url"
+          should_deny_access_on "get :show, :id => 1", :redirect => "login_url"
+          should_deny_access_on "delete :destroy, :id => 1", :redirect => "login_url"
+        end
+        logged_in_user_context do
+          should_deny_access_on "get :new"
+          should_deny_access_on "post :create, :user => {}"
+          should_filter :password
+          context "viewing their account" do
+            context "on GET to /users/:id/show" do
+              setup { get :show, :id => @user.to_param }
+              should_respond_with :success
+              should_render_template :show
+              should_not_set_the_flash
+              should 'assign to @user' do
+                assert_equal @user, assigns(:user)
+              end
+            end
+            should_deny_access_on "delete :destroy, :id => @user.to_param"
+            context "on GET to /users/:id/edit" do
+              setup { get :edit, :id => @user.to_param }
+              should_respond_with :success
+              should_render_template :edit
+              should_not_set_the_flash
+              should_assign_to :user
+              should_have_user_form
+            end
+            context "on PUT to /users/:id" do
+              setup do
+                put :update,
+                  :id => @user.to_param,
+                  :user => { :email => "none@example.com" }
+              end
+              should_set_the_flash_to /updated/i
+              should_redirect_to "root_url"
+              should_assign_to :user
+              should "update the user's attributes" do
+                assert_equal "none@example.com", assigns(:user).email
+              end
+            end
+            context "on PUT to /users/:id with invalid attributes" do
+              setup { put :update, :id => @user.to_param, :user => {:email => ''} }
+              should_not_set_the_flash
+              should_assign_to :user
+              should_render_template 'edit'
+              should "display errors" do
+                assert_select '#errorExplanation'
+              end
+            end
+          end
+          context "trying to access another user's account" do
+            setup { @user = Factory :user }
+            should_deny_access_on "get :show, :id => @user.to_param",                :flash => /cannot edit/i
+            should_deny_access_on "get :edit, :id => @user.to_param",                :flash => /cannot edit/i
+            should_deny_access_on "put :update, :id => @user.to_param, :user => {}", :flash => /cannot edit/i
+          end
+        end
+      end
+    end
+  end
+end

data/lib/clearance/test/test_helper.rb ADDED

@@ -0,0 +1,79 @@
+module Clearance
+  module TestHelper
+    def self.included(base)
+      base.class_eval do
+        include InstanceMethods
+        extend ClassMethods
+      end
+    end
+    module InstanceMethods
+      def login_as(user = nil)
+        user ||= Factory(:user)
+        @request.session[:user_id] = user.id
+        return user
+      end
+      def logout
+        @request.session[:user_id] = nil
+      end
+    end
+    module ClassMethods
+      def should_deny_access_on(command, opts = {})
+        opts[:redirect] ||= "root_url"
+        context "on #{command}" do
+          setup { eval command }
+          should_redirect_to opts[:redirect]
+          if opts[:flash]
+            should_set_the_flash_to opts[:flash]
+          else
+            should_not_set_the_flash
+          end
+        end
+      end
+      def should_filter(*keys)
+        keys.each do |key|
+          should "filter #{key}" do
+            assert @controller.respond_to?(:filter_parameters),
+              "The key #{key} is not filtered"
+            filtered = @controller.send(:filter_parameters, {key.to_s => key.to_s})
+            assert_equal '[FILTERED]', filtered[key.to_s],
+              "The key #{key} is not filtered"
+          end
+        end
+      end
+      def should_have_user_form
+        should "have user form" do
+          assert_select "form" do
+            assert_select "input[type=text][name=?]", "user[email]"
+            assert_select "input[type=password][name=?]", "user[password]"
+            assert_select "input[type=password][name=?]", "user[password_confirmation]"
+          end
+        end
+      end
+      def logged_in_user_context(&blk)
+        context "A logged in user" do
+          setup do
+            @user = Factory :user
+            login_as @user
+          end
+          merge_block(&blk)
+        end
+      end
+      def public_context(&blk)
+        context "The public" do
+          setup { logout }
+          merge_block(&blk)
+        end
+      end
+    end
+  end
+end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dancroak-clearance
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - thoughtbot, inc.
@@ -32,10 +32,10 @@ files:
 - lib/clearance/app/models/model.rb
 - lib/clearance/app/controllers/sessions_controller.rb
 - lib/clearance/test/functionals/sessions_controller_test.rb
-- lib/clearance/test_helper.rb
+- lib/clearance/test/test_helper.rb
 - lib/clearance/test/units/user_test.rb
 - lib/clearance/app/controllers/users_controller.rb
-- lib/clearance/test/controllers/users_controller_test.rb
+- lib/clearance/test/functionals/users_controller_test.rb
 has_rdoc: false
 homepage: http://github.com/dancroak/clearance
 post_install_message: