dancroak-clearance 0.1.2 → 0.1.3

data/README.textile

@@ -62,12 +62,12 @@ In app/controllers/users_controller.rb:
 
 h2. Routes
 
-  map.root # :controller => 'sessions'
+  map.root # '/', :controller => 'sessions', :action => 'new'
   map.with_options :controller => 'sessions'  do |m|
     m.login  '/login',  :action => 'new'
     m.logout '/logout', :action => 'destroy'
   end
-  map.resource :sessions
+  map.resource :session
 
 h2. Tests
 

data/clearance.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "clearance"
-  s.version = "0.1.2"
+  s.version = "0.1.3"
   s.date = "2008-09-16"
   s.summary = "Simple, complete Rails authentication."
   s.email = "dcroak@thoughtbot.com"
@@ -14,8 +14,8 @@ Gem::Specification.new do |s|
     "lib/clearance/app/models/model.rb", 
     "lib/clearance/app/controllers/sessions_controller.rb", 
     "lib/clearance/test/functionals/sessions_controller_test.rb", 
-    "lib/clearance/test_helper.rb", 
+    "lib/clearance/test/test_helper.rb", 
     "lib/clearance/test/units/user_test.rb", 
     "lib/clearance/app/controllers/users_controller.rb", 
-    "lib/clearance/test/controllers/users_controller_test.rb"]
-end
+    "lib/clearance/test/functionals/users_controller_test.rb"]
+end

data/lib/clearance/app/controllers/users_controller.rb

@@ -65,7 +65,7 @@ module Clearance
     module PrivateInstanceMethods
       def ensure_user_is_accessing_self
         return if current_user and current_user.respond_to?(:admin?) and current_user.admin?
-        deny_access 'You cannot edit that user.' unless current_user.id.to_i == params[:id].to_i
+        deny_access('You cannot edit that user.', :redirect => root_url) unless current_user.id.to_i == params[:id].to_i
       end
     end
 

data/lib/clearance/test/functionals/sessions_controller_test.rb

@@ -4,9 +4,7 @@ module Clearance
     def self.included(base)
       base.class_eval do
         context "Given a user" do
-          setup do
-            @user = Factory(:user)
-          end
+          setup { @user = Factory :user }
 
           should_filter :password
 
@@ -32,7 +30,7 @@ module Clearance
 
             should_set_the_flash_to /success/i
             should_redirect_to 'root_url'
-            # should set session
+            # TODO: should set session
           end
 
           context "a POST to #create with bad credentials" do
@@ -42,10 +40,10 @@ module Clearance
 
             should_set_the_flash_to /bad/i
             should_render_template :new
-            # should not set session
+            # TODO: should not set session
           end
           
-          # two tests for remember me - success and failure
+          # TODO: two tests for remember me - success and failure
         end
 
         context "While logged out" do

data/lib/clearance/test/functionals/users_controller_test.rb

@@ -0,0 +1,84 @@
+module Clearance
+  module UsersControllerTest
+  
+    def self.included(base)
+      base.class_eval do
+        public_context do
+          
+          should_deny_access_on "get :new", :redirect => "login_url"
+          should_deny_access_on "post :create, :user => {}", :redirect => "login_url"
+          should_deny_access_on "get :edit, :id => 1", :redirect => "login_url"
+          should_deny_access_on "put :update, :id => 1", :redirect => "login_url"
+          should_deny_access_on "get :show, :id => 1", :redirect => "login_url"
+          should_deny_access_on "delete :destroy, :id => 1", :redirect => "login_url"
+          
+        end
+        
+        logged_in_user_context do
+
+          should_deny_access_on "get :new"
+          should_deny_access_on "post :create, :user => {}" 
+          should_filter :password
+
+          context "viewing their account" do
+            context "on GET to /users/:id/show" do
+              setup { get :show, :id => @user.to_param }
+              should_respond_with :success
+              should_render_template :show
+              should_not_set_the_flash
+              
+              should 'assign to @user' do
+                assert_equal @user, assigns(:user)
+              end
+            end
+
+            should_deny_access_on "delete :destroy, :id => @user.to_param"
+
+            context "on GET to /users/:id/edit" do
+              setup { get :edit, :id => @user.to_param }
+
+              should_respond_with :success
+              should_render_template :edit
+              should_not_set_the_flash
+              should_assign_to :user
+              should_have_user_form
+            end
+
+            context "on PUT to /users/:id" do
+              setup do
+                put :update, 
+                  :id => @user.to_param, 
+                  :user => { :email => "none@example.com" }
+              end
+              should_set_the_flash_to /updated/i
+              should_redirect_to "root_url"
+              should_assign_to :user
+              should "update the user's attributes" do
+                assert_equal "none@example.com", assigns(:user).email
+              end
+            end
+
+            context "on PUT to /users/:id with invalid attributes" do
+              setup { put :update, :id => @user.to_param, :user => {:email => ''} }
+              should_not_set_the_flash
+              should_assign_to :user
+              should_render_template 'edit'
+              should "display errors" do
+                assert_select '#errorExplanation'
+              end
+            end
+          end
+
+          context "trying to access another user's account" do
+            setup { @user = Factory :user }
+
+            should_deny_access_on "get :show, :id => @user.to_param",                :flash => /cannot edit/i
+            should_deny_access_on "get :edit, :id => @user.to_param",                :flash => /cannot edit/i
+            should_deny_access_on "put :update, :id => @user.to_param, :user => {}", :flash => /cannot edit/i
+          end
+        end
+      end
+    end
+
+  end
+end

data/lib/clearance/test/test_helper.rb

@@ -0,0 +1,79 @@
+module Clearance 
+  module TestHelper
+    
+    def self.included(base)
+      base.class_eval do
+        include InstanceMethods
+        extend ClassMethods
+      end
+    end
+
+    module InstanceMethods
+      def login_as(user = nil)
+        user ||= Factory(:user)
+        @request.session[:user_id] = user.id
+        return user
+      end
+
+      def logout 
+        @request.session[:user_id] = nil
+      end
+    end
+    
+    module ClassMethods
+      def should_deny_access_on(command, opts = {})
+        opts[:redirect] ||= "root_url"
+
+        context "on #{command}" do
+          setup { eval command }
+          should_redirect_to opts[:redirect]
+          if opts[:flash]
+            should_set_the_flash_to opts[:flash]
+          else
+            should_not_set_the_flash
+          end
+        end
+      end
+      
+      def should_filter(*keys)
+        keys.each do |key|
+          should "filter #{key}" do
+            assert @controller.respond_to?(:filter_parameters),
+              "The key #{key} is not filtered"
+            filtered = @controller.send(:filter_parameters, {key.to_s => key.to_s})
+            assert_equal '[FILTERED]', filtered[key.to_s],
+              "The key #{key} is not filtered"
+          end
+        end
+      end
+      
+      def should_have_user_form
+        should "have user form" do
+          assert_select "form" do
+            assert_select "input[type=text][name=?]", "user[email]"
+            assert_select "input[type=password][name=?]", "user[password]"
+            assert_select "input[type=password][name=?]", "user[password_confirmation]"
+          end
+        end
+      end
+      
+      def logged_in_user_context(&blk)
+        context "A logged in user" do
+          setup do
+            @user = Factory :user
+            login_as @user
+          end
+          merge_block(&blk)
+        end
+      end
+      
+      def public_context(&blk)
+        context "The public" do
+          setup { logout }
+          merge_block(&blk)
+        end
+      end
+    end
+  
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: dancroak-clearance
 version: !ruby/object:Gem::Version 
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors: 
 - thoughtbot, inc.
@@ -32,10 +32,10 @@ files:
 - lib/clearance/app/models/model.rb
 - lib/clearance/app/controllers/sessions_controller.rb
 - lib/clearance/test/functionals/sessions_controller_test.rb
-- lib/clearance/test_helper.rb
+- lib/clearance/test/test_helper.rb
 - lib/clearance/test/units/user_test.rb
 - lib/clearance/app/controllers/users_controller.rb
-- lib/clearance/test/controllers/users_controller_test.rb
+- lib/clearance/test/functionals/users_controller_test.rb
 has_rdoc: false
 homepage: http://github.com/dancroak/clearance
 post_install_message: