enju_leaf 1.1.0.rc19 → 1.1.0.rc20

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/app/assets/stylesheets/enju.css +1 -1
  3. data/app/controllers/page_controller.rb +12 -6
  4. data/app/controllers/profiles_controller.rb +1 -0
  5. data/app/controllers/roles_controller.rb +4 -1
  6. data/app/controllers/user_groups_controller.rb +2 -2
  7. data/app/controllers/user_import_files_controller.rb +1 -1
  8. data/app/models/enju_leaf/ability.rb +18 -2
  9. data/app/models/profile.rb +4 -0
  10. data/app/models/role.rb +0 -1
  11. data/app/models/user_group.rb +0 -1
  12. data/app/models/user_import_file.rb +19 -16
  13. data/app/models/user_import_result.rb +0 -1
  14. data/app/views/devise/passwords/new.html.erb +2 -3
  15. data/app/views/devise/registrations/edit.html.erb +4 -4
  16. data/app/views/my_accounts/edit.html.erb +1 -1
  17. data/app/views/my_accounts/show.html.erb +1 -1
  18. data/app/views/profiles/_edit_credential.html.erb +2 -2
  19. data/app/views/profiles/edit.html.erb +2 -4
  20. data/app/views/profiles/index.html.erb +1 -1
  21. data/app/views/user_export_files/_form.html.erb +0 -10
  22. data/config/locales/en.yml +1 -1
  23. data/config/locales/ja.yml +1 -1
  24. data/config/locales/translation_en.yml +2 -6
  25. data/config/locales/translation_ja.yml +2 -6
  26. data/lib/enju_leaf/user.rb +10 -7
  27. data/lib/enju_leaf/version.rb +1 -1
  28. data/spec/controllers/profiles_controller_spec.rb +41 -1
  29. data/spec/controllers/roles_controller_spec.rb +4 -4
  30. data/spec/controllers/user_export_files_controller_spec.rb +8 -8
  31. data/spec/controllers/user_groups_controller_spec.rb +4 -4
  32. data/spec/controllers/user_import_files_controller_spec.rb +11 -11
  33. data/spec/factories/checkout.rb +9 -0
  34. data/spec/factories/profile.rb +8 -0
  35. data/spec/factories/user.rb +3 -3
  36. data/spec/models/profile_spec.rb +7 -0
  37. data/spec/models/user_import_file_spec.rb +58 -3
  38. data/spec/spec_helper.rb +3 -0
  39. data/spec/views/profiles/edit.html.erb_spec.rb +24 -2
  40. data/spec/views/profiles/index.html.erb_spec.rb +5 -1
  41. data/spec/views/profiles/show.html.erb_spec.rb +16 -0
  42. data/spec/views/user_export_files/new.html.erb_spec.rb +19 -0
  43. metadata +37 -21
  44. data/app/views/profiles/_edit_credential.html.slim +0 -67
  45. data/app/views/profiles/_edit_profile.html.slim +0 -40
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4509e09fc31d795bc5906e2e173243a060a861f3
4
- data.tar.gz: c9fcf52a57f873fb796a1d822f13a37431a8a330
3
+ metadata.gz: 3273d500f23e9cc91fa3e7f5bb4326b487f82ece
4
+ data.tar.gz: a85ea982da6df34bc0ec54854af71dbd878e271e
5
5
  SHA512:
6
- metadata.gz: eb3daf7762e866839ed6dcbe080384e7ca3bf84d3d164a5e28419f918d9b1a6a16a814fd525c60d923d185ebe883e826caa6a434c6ea96d71995ed5daf109abc
7
- data.tar.gz: 5de411ca22b80c626f276ddf1a72ee1b04962cb5fd448996e1d59c293d4326045f5a21b32689555d7e08d3d3516da78b5c29f66e0b4b257a08c75f13fc5c7db6
6
+ metadata.gz: 3e49feb51fe8ec0fb8f99c5585f3392b0ec50e96bbee9b9b9593c6ebf0c7cbfa25182a27cc33ab62f9a64b05407e27c286492cfa1b36d3eb6df1c5b0f586e1e9
7
+ data.tar.gz: 7da97d2101393d48658fc87f380975b90087812e5df3a8075a84aa3325a655d51c185af9d16795d726383212cebfc31fcc10a38b91da719259970b47c51756ee
@@ -361,7 +361,7 @@ input.resource_url{
361
361
  width: 40em;
362
362
  }
363
363
 
364
- input.resource_isbn_issn, input.resource_identifier, input.resource_user_number, input.resource_user{
364
+ input.resource_isbn_issn, input.resource_identifier, input.resource_user_number, input.resource_user, input.resource_item_identifier{
365
365
  width: 10em;
366
366
  ime-mode: disabled;
367
367
  }
@@ -12,10 +12,15 @@ class PageController < ApplicationController
12
12
  # redirect_to new_user_agent_url(current_user); return
13
13
  #end
14
14
  if defined?(EnjuBookmark)
15
- @tags = current_user.bookmarks.tag_counts.sort{|a,b| a.count <=> b.count}.reverse
15
+ @tags = current_user.bookmarks.tag_counts.sort{|a, b|
16
+ a.count <=> b.count
17
+ }.reverse
16
18
  end
17
19
  if current_user.profile
18
- @manifestation = Manifestation.pickup(current_user.profile.keyword_list.to_s.split.sort_by{rand}.first, current_user)
20
+ @manifestation = Manifestation.pickup(
21
+ current_user.profile.keyword_list.to_s.split.sort_by{rand}.first,
22
+ current_user
23
+ )
19
24
  else
20
25
  @manifestation = nil
21
26
  end
@@ -23,7 +28,9 @@ class PageController < ApplicationController
23
28
  if defined?(EnjuBookmark)
24
29
  # TODO: タグ下限の設定
25
30
  #@tags = Tag.all(limit: 50, order: 'taggings_count DESC')
26
- @tags = Bookmark.tag_counts.sort{|a,b| a.count <=> b.count}.reverse[0..49]
31
+ @tags = Bookmark.tag_counts.sort{|a, b|
32
+ a.count <=> b.count
33
+ }.reverse[0..49]
27
34
  end
28
35
  @manifestation = Manifestation.pickup rescue nil
29
36
  end
@@ -86,8 +93,7 @@ class PageController < ApplicationController
86
93
 
87
94
  private
88
95
  def check_librarian
89
- unless current_user.has_role?('Librarian')
90
- access_denied
91
- end
96
+ return true if current_user.has_role?('Librarian')
97
+ access_denied
92
98
  end
93
99
  end
@@ -30,6 +30,7 @@ class ProfilesController < ApplicationController
30
30
  search = Profile.search
31
31
  search.build do
32
32
  fulltext query if query
33
+ with(:required_role_id).less_than_or_equal_to role.id
33
34
  order_by sort[:sort_by], sort[:order]
34
35
  end
35
36
  search.query.paginate(page.to_i, Profile.default_per_page)
@@ -1,9 +1,12 @@
1
1
  class RolesController < ApplicationController
2
- load_and_authorize_resource
2
+ load_and_authorize_resource except: :index
3
+ authorize_resource only: :index
3
4
 
4
5
  # GET /roles
5
6
  # GET /roles.json
6
7
  def index
8
+ @roles = Role.order(:position)
9
+
7
10
  respond_to do |format|
8
11
  format.html # index.html.erb
9
12
  format.json { render json: @roles }
@@ -6,7 +6,7 @@ class UserGroupsController < ApplicationController
6
6
  # GET /user_groups
7
7
  # GET /user_groups.json
8
8
  def index
9
- @user_groups = UserGroup.all
9
+ @user_groups = UserGroup.order(:position)
10
10
 
11
11
  respond_to do |format|
12
12
  format.html # index.html.erb
@@ -96,7 +96,7 @@ class UserGroupsController < ApplicationController
96
96
  # EnjuCirculation
97
97
  {:user_group_has_checkout_types_attributes => [
98
98
  :id, :checkout_type_id, :checkout_limit, :checkout_period, :checkout_renewal_limit,
99
- :reservation_limit, :reservation_expired_period, :set_due_date_before_closing_day,
99
+ :reservation_limit, :reservation_expired_period, :set_due_date_before_closing_day
100
100
  ]},
101
101
  )
102
102
  end
@@ -5,7 +5,7 @@ class UserImportFilesController < ApplicationController
5
5
  # GET /user_import_files
6
6
  # GET /user_import_files.json
7
7
  def index
8
- @user_import_files = UserImportFile.page(params[:page])
8
+ @user_import_files = UserImportFile.order('id DESC').page(params[:page])
9
9
 
10
10
  respond_to do |format|
11
11
  format.html # index.html.erb
@@ -42,7 +42,21 @@ module EnjuLeaf
42
42
  UserImportResult
43
43
  ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
44
44
  when 'Librarian'
45
- can [:read, :create, :update], Profile
45
+ can :create, Profile
46
+ can :read, Profile do |profile|
47
+ profile == user.profile or %w(Librarian User Guest).include?(profile.required_role.name)
48
+ end
49
+ can :update, Profile do |profile|
50
+ if profile == user.profile
51
+ true
52
+ else
53
+ if %w(Librarian User Guest).include?(profile.required_role.name)
54
+ unless profile.try(:user).try(:has_role?, 'Administrator')
55
+ true
56
+ end
57
+ end
58
+ end
59
+ end
46
60
  can :destroy, Profile do |profile|
47
61
  if profile.user
48
62
  if profile != user.profile && profile.user.id != 1
@@ -69,7 +83,9 @@ module EnjuLeaf
69
83
  UserImportResult
70
84
  ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
71
85
  when 'User'
72
- can :show, Profile
86
+ can :show, Profile do |profile|
87
+ profile == user.profile or %w(User Guest).include?(profile.required_role.name)
88
+ end
73
89
  can :update, Profile do |profile|
74
90
  profile == user.profile
75
91
  end
@@ -15,8 +15,11 @@ class Profile < ActiveRecord::Base
15
15
  validates_associated :user
16
16
  validates_presence_of :user_group, :library, :locale #, :user_number
17
17
  validates :user_number, uniqueness: true, format: { with: /\A[0-9A-Za-z_]+\Z/ }, allow_blank: true
18
+ validates :user_id, uniqueness: true, allow_blank: true
18
19
  validates :birth_date, format: { with: /\A\d{4}-\d{1,2}-\d{1,2}\Z/ }, allow_blank: true
19
20
 
21
+ normalize_attribute :user_number
22
+
20
23
  attr_accessor :birth_date, :locked
21
24
 
22
25
  searchable do
@@ -39,6 +42,7 @@ class Profile < ActiveRecord::Base
39
42
  boolean :active do
40
43
  user.try(:active_for_authentication?)
41
44
  end
45
+ integer :required_role_id
42
46
  end
43
47
 
44
48
  before_validation :set_role_and_agent, on: :create
data/app/models/role.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  class Role < ActiveRecord::Base
2
2
  include MasterModel
3
- default_scope { order("roles.position") }
4
3
  validates :name, presence: true, format: { with: /\A[A-Za-z][a-z_,]*[a-z]\Z/ }
5
4
  has_many :user_has_roles
6
5
  has_many :users, through: :user_has_roles
@@ -1,7 +1,6 @@
1
1
  # -*- encoding: utf-8 -*-
2
2
  class UserGroup < ActiveRecord::Base
3
3
  include MasterModel
4
- default_scope { order("user_groups.position") }
5
4
  has_many :profiles
6
5
 
7
6
  validates_numericality_of :valid_period_for_new_user,
@@ -135,14 +135,17 @@ class UserImportFile < ActiveRecord::Base
135
135
 
136
136
  username = row['username']
137
137
  new_user = User.where(username: username).first
138
- if new_user
139
- new_user.assign_attributes(set_user_params(new_user, row), as: :admin)
140
- if new_user.save
141
- num[:user_updated] += 1
142
- import_result.user = new_user
143
- import_result.save!
144
- else
145
- num[:failed] += 1
138
+ if new_user.try(:profile)
139
+ new_user.assign_attributes(set_user_params(new_user, row))
140
+ new_user.profile.assign_attributes(set_profile_params(row))
141
+ Profile.transaction do
142
+ if new_user.save and new_user.profile.save
143
+ num[:user_updated] += 1
144
+ import_result.user = new_user
145
+ import_result.save!
146
+ else
147
+ num[:failed] += 1
148
+ end
146
149
  end
147
150
  else
148
151
  num[:user_not_found] += 1
@@ -173,11 +176,11 @@ class UserImportFile < ActiveRecord::Base
173
176
  rows.each do |row|
174
177
  row_num += 1
175
178
  username = row['username'].to_s.strip
176
- user = User.where(username: username).first
177
- if user
179
+ remove_user = User.where(username: username).first
180
+ if remove_user.try(:deletable_by?, user)
178
181
  UserImportFile.transaction do
179
- user.profile.destroy
180
- user.destroy
182
+ remove_user.destroy
183
+ remove_user.profile.destroy
181
184
  end
182
185
  end
183
186
  end
@@ -263,9 +266,9 @@ class UserImportFile < ActiveRecord::Base
263
266
  end
264
267
  params[:required_role_id] = required_role.id if required_role
265
268
 
266
- params[:user_number] = row['user_number']
267
- params[:full_name] = row['full_name']
268
- params[:full_name_transcription] = row['full_name_transcription']
269
+ params[:user_number] = row['user_number'] if row['user_number']
270
+ params[:full_name] = row['full_name'] if row['full_name']
271
+ params[:full_name_transcription] = row['full_name_transcription'] if row['full_name_transcription']
269
272
 
270
273
  if row['expired_at'].present?
271
274
  params[:expired_at] = Time.zone.parse(row['expired_at']).end_of_day
@@ -275,7 +278,7 @@ class UserImportFile < ActiveRecord::Base
275
278
  params[:keyword_list] = row['keyword_list'].split('//').join("\n")
276
279
  end
277
280
 
278
- params[:note] = row['note']
281
+ params[:note] = row['note'] if row['note']
279
282
 
280
283
  if %w(t true).include?(row['locked'].to_s.downcase.strip)
281
284
  params[:locked] = true
@@ -1,5 +1,4 @@
1
1
  class UserImportResult < ActiveRecord::Base
2
- default_scope { order('user_import_results.id') }
3
2
  scope :file_id, proc{ |file_id| where(user_import_file_id: file_id) }
4
3
  scope :failed, -> { where(user_id: nil) }
5
4
 
@@ -1,4 +1,4 @@
1
- <div id="content_detail" class="ui-corner-all">
1
+ <div id="content_detail" class="ui-corner-all ui-widget-content">
2
2
  <h1 class="title"><%= t('user.forgot_your_password') %></h1>
3
3
  <div id="content_list">
4
4
 
@@ -15,6 +15,5 @@
15
15
  </div>
16
16
  </div>
17
17
 
18
- <div id="submenu" class="ui-corner-all">
19
- <%= render :partial => "devise/shared/links" %>
18
+ <div id="submenu" class="ui-corner-all ui-widget-content">
20
19
  </div>
@@ -1,19 +1,19 @@
1
1
  <div id="content_detail" class="ui-corner-all ui-widget-content">
2
- <h2 class="title"><%= t('page.password') %></h2>
2
+ <h2 class="title"><%= t('activerecord.models.registration') %></h2>
3
3
  <div id="content_list">
4
4
 
5
5
  <%= form_for(resource, :as => resource_name, :url => user_registration_path, :html => { :method => :put }) do |f| %>
6
6
  <%= devise_error_messages! %>
7
7
 
8
+ <p><%= f.label :current_password %>
9
+ <p><%= f.password_field :current_password %></p>
10
+
8
11
  <p><%= f.label :password %>
9
12
  <p><%= f.password_field :password %></p>
10
13
 
11
14
  <p><%= f.label :password_confirmation %></p>
12
15
  <p><%= f.password_field :password_confirmation %></p>
13
16
 
14
- <p><%= f.label :current_password %>
15
- <p><%= f.password_field :current_password %></p>
16
-
17
17
  <p><%= f.submit t('page.update') %></p>
18
18
  <% end %>
19
19
 
@@ -27,6 +27,6 @@
27
27
  <% if current_user.has_role?('Librarian') %>
28
28
  <li><%= link_to t('page.listing', model: t('activerecord.models.user')), profiles_path -%></li>
29
29
  <% end %>
30
- <li><%= link_to t('page.password'), edit_user_registration_path -%></li>
30
+ <li><%= link_to t('activerecord.models.registration'), edit_user_registration_path -%></li>
31
31
  </ul>
32
32
  </div>
@@ -35,7 +35,7 @@
35
35
  <% end %>
36
36
  <ul>
37
37
  <li><%= link_to t('page.edit'), edit_my_account_path -%></li>
38
- <li><%= link_to t('page.password'), edit_user_registration_path -%></li>
38
+ <li><%= link_to t('activerecord.models.registration'), edit_user_registration_path -%></li>
39
39
  <%- if can? :destroy, current_user -%>
40
40
  <li><%= link_to t('page.destroy'), curent_user, data: {confirm: t('page.are_you_sure')}, method: :delete -%></li>
41
41
  <%- end -%>
@@ -34,9 +34,9 @@
34
34
  <%= user_form.label t('activerecord.models.role') -%><br />
35
35
  <%= user_form.fields_for :user_has_role do |u| %>
36
36
  <%- if current_user.has_role?('Administrator') and current_user != profile.user -%>
37
- <%= u.select :role_id, @roles.collect{|r| [r.display_name.localize, r.id]} %>
37
+ <%= u.select :role_id, @roles.select{|r| r.name != 'Guest' }.collect{|r| [r.display_name.localize, r.id]} %>
38
38
  <% else %>
39
- <%= u.select(:role_id, @roles.collect{|r| [r.display_name.localize, r.id]}, {}, {disabled: 'disabled'}) -%>
39
+ <%= u.select :role_id, @roles.select{|r| r.name != 'Guest' }.collect{|r| [r.display_name.localize, r.id]}, {}, {disabled: 'disabled'} %>
40
40
  <% end %>
41
41
  <% end %>
42
42
  </div>
@@ -26,10 +26,8 @@
26
26
  <ul>
27
27
  <li><%= link_to t('page.show'), @profile -%></li>
28
28
  <li><%= link_to t('page.listing', model: t('activerecord.models.profile')), profiles_path -%></li>
29
- <%- if current_user.has_role?('Librarian') -%>
30
- <%- unless current_user == @profile.user -%>
31
- <li><%= link_to t('page.destroy'), @profile, data: {confirm: t('page.are_you_sure')}, method: :delete -%></li>
32
- <%- end -%>
29
+ <%- if can? :destroy, @profile -%>
30
+ <li><%= link_to t('page.destroy'), @profile, data: {confirm: t('page.are_you_sure')}, method: :delete -%></li>
33
31
  <%- end -%>
34
32
  </ul>
35
33
  </div>
@@ -44,7 +44,7 @@
44
44
  <td><%= l(profile.created_at) -%></td>
45
45
  <td>
46
46
  <%= link_to t('page.show'), profile -%>
47
- <%= link_to t('page.edit'), edit_profile_path(profile) -%>
47
+ <%= link_to t('page.edit'), edit_profile_path(profile) if can?(:edit, profile) -%>
48
48
  </td>
49
49
  </tr>
50
50
  <%- end -%>
@@ -2,16 +2,6 @@
2
2
  <%= f.error_messages %>
3
3
 
4
4
  <%= f.hidden_field :mode, value: 'export' if @user_export_file.new_record? %><br>
5
- <!--
6
- <div class="field">
7
- <%= f.label :user_id %><br>
8
- <%= @user_export_file.user.username %>
9
- </div>
10
- <div class="field">
11
- <%= f.label :user_export %><br>
12
- <%= f.text_field :user_export %>
13
- </div>
14
- -->
15
5
  <div class="actions">
16
6
  <% if @user_export_file.new_record? %>
17
7
  <%= f.submit t('page.export') %>
@@ -105,7 +105,7 @@ en:
105
105
  empty: can't be empty
106
106
  equal_to: must be equal to %{count}
107
107
  even: must be even
108
- exclusion: is reserved
108
+ exclusion: ': This %{attribute} is not allowed'
109
109
  greater_than: must be greater than %{count}
110
110
  greater_than_or_equal_to: must be greater than or equal to %{count}
111
111
  inclusion: is not included in the list
@@ -105,7 +105,7 @@ ja:
105
105
  empty: を入力してください。
106
106
  equal_to: は%{count}にしてください。
107
107
  even: は偶数にしてください。
108
- exclusion: は予約されています。
108
+ exclusion: ': この%{attribute}は使用できません。'
109
109
  greater_than: は%{count}より大きい値にしてください。
110
110
  greater_than_or_equal_to: は%{count}以上の値にしてください。
111
111
  inclusion: は一覧にありません。
@@ -9,6 +9,7 @@ en:
9
9
  user_import_result: User import result
10
10
  profile: Profile
11
11
  user_export_file: User export
12
+ registration: Change password
12
13
 
13
14
  attributes:
14
15
  user:
@@ -42,6 +43,7 @@ en:
42
43
  locale: Locale
43
44
  password_confirmation: Password confirmation
44
45
  auto_generated_password: Set auto-generated password
46
+ friendly_id: Username
45
47
  role:
46
48
  name: Name
47
49
  display_name: Display name
@@ -391,12 +393,6 @@ en:
391
393
  picture_file:
392
394
  invalid_file: Invalid file. You can upload gif, jpeg, png and svg files.
393
395
  all_picture: All pictures
394
- accept:
395
- item_not_found: "Item not found."
396
- enter_item_identifier: "Enter item identifier."
397
- already_accepted: "This item is already accepted."
398
- accept: "Accept!"
399
- successfully_accepted: "This items was successfully accepted."
400
396
  user_import_file:
401
397
  default_user_group: If "user_group" column is not set in the TSV file, this user group is set to the new user.
402
398
  default_library: If "library" column is not set in the TSV file, this library is set to the new user.
@@ -9,6 +9,7 @@ ja:
9
9
  user_import_result: 利用者インポートの結果
10
10
  profile: 利用者
11
11
  user_export_file: 利用者情報のエクスポート
12
+ registration: パスワード変更
12
13
 
13
14
  attributes:
14
15
  user:
@@ -42,6 +43,7 @@ ja:
42
43
  locale: 言語
43
44
  password_confirmation: パスワード(確認)
44
45
  auto_generated_password: パスワードの自動生成
46
+ friendly_id: ユーザ名
45
47
  role:
46
48
  name: 名前
47
49
  display_name: 表示名
@@ -373,12 +375,6 @@ ja:
373
375
  picture_file:
374
376
  invalid_file: 無効なファイルです。アップロードできるのはgif, jpeg, png, svg形式のファイルです。
375
377
  all_picture: すべての画像
376
- accept:
377
- item_not_found: "資料が見つかりません。"
378
- enter_item_identifier: "所蔵情報番号を入力してください。"
379
- already_accepted: "この資料はすでに検収されています。"
380
- accept: "検収"
381
- successfully_accepted: "この資料は正常に検収されました。"
382
378
  user_import_file:
383
379
  default_user_group: TSVファイルで"user_group"列が指定されていない場合、この利用者グループが登録されます。
384
380
  default_library: TSVファイルで"library"列が指定されていない場合、この図書館が登録されます。
@@ -170,7 +170,7 @@ module EnjuLeaf
170
170
  end
171
171
 
172
172
  def check_expiration
173
- return if self.has_role?('Administrator')
173
+ return if has_role?('Administrator')
174
174
  if expired_at
175
175
  if expired_at.beginning_of_day < Time.zone.now.beginning_of_day
176
176
  lock_access! if active_for_authentication?
@@ -179,8 +179,10 @@ module EnjuLeaf
179
179
  end
180
180
 
181
181
  def check_role_before_destroy
182
- if self.has_role?('Administrator')
183
- raise 'This is the last administrator in this system.' if Role.where(name: 'Administrator').first.users.size == 1
182
+ if has_role?('Administrator')
183
+ if Role.where(name: 'Administrator').first.users.count == 1
184
+ raise username + 'This is the last administrator in this system.'
185
+ end
184
186
  end
185
187
  end
186
188
 
@@ -197,21 +199,22 @@ module EnjuLeaf
197
199
  end
198
200
 
199
201
  def is_admin?
200
- true if self.has_role?('Administrator')
202
+ true if has_role?('Administrator')
201
203
  end
202
204
 
203
205
  def last_librarian?
204
- if self.has_role?('Librarian')
206
+ if has_role?('Librarian')
205
207
  role = Role.where(name: 'Librarian').first
206
208
  true if role.users.size == 1
207
209
  end
208
210
  end
209
211
 
210
212
  def send_confirmation_instructions
211
- Devise::Mailer.confirmation_instructions(self).deliver if self.email.present?
213
+ Devise::Mailer.confirmation_instructions(self).deliver if email.present?
212
214
  end
213
215
 
214
216
  def deletable_by?(current_user)
217
+ return nil unless current_user
215
218
  if defined?(EnjuCirculation)
216
219
  # 未返却の資料のあるユーザを削除しようとした
217
220
  if checkouts.count > 0
@@ -232,7 +235,7 @@ module EnjuLeaf
232
235
 
233
236
  # 最後の管理者を削除しようとした
234
237
  if has_role?('Administrator')
235
- if Role.where(name: 'Administrator').first.users.size == 1
238
+ if Role.where(name: 'Administrator').first.users.count == 1
236
239
  errors[:base] << I18n.t('user.last_administrator')
237
240
  end
238
241
  end
@@ -1,3 +1,3 @@
1
1
  module EnjuLeaf
2
- VERSION = "1.1.0.rc19"
2
+ VERSION = "1.1.0.rc20"
3
3
  end
@@ -75,6 +75,17 @@ describe ProfilesController do
75
75
  get :show, id: profiles(:librarian1).id
76
76
  assigns(:profile).should eq(profiles(:librarian1))
77
77
  end
78
+ it "should not assign the requested user as @admin" do
79
+ admin = FactoryGirl.create(:admin_profile)
80
+ get :show, id: admin.id
81
+ response.should be_forbidden
82
+ end
83
+ it "should assign the requested user as @librarian" do
84
+ librarian = FactoryGirl.create(:librarian_profile)
85
+ get :show, id: librarian.id
86
+ response.should_not be_forbidden
87
+ assigns(:profile).should eq librarian
88
+ end
78
89
  end
79
90
 
80
91
  describe "When logged in as User" do
@@ -93,7 +104,7 @@ describe ProfilesController do
93
104
  it "should show other user's account" do
94
105
  get :show, id: profiles(:admin).id
95
106
  assigns(:profile).should eq(profiles(:admin))
96
- response.should be_success
107
+ response.should be_forbidden
97
108
  end
98
109
  end
99
110
 
@@ -163,6 +174,29 @@ describe ProfilesController do
163
174
  get :edit, id: profile.id
164
175
  assigns(:profile).should eq(profile)
165
176
  end
177
+ it "should not get edit page for admin required user" do
178
+ admin = FactoryGirl.create(:admin_profile)
179
+ get :edit, id: admin.id
180
+ response.should be_forbidden
181
+ #assigns(:profile).should_not eq(admin)
182
+ end
183
+ it "should get edit page for other librarian user" do
184
+ librarian = FactoryGirl.create(:librarian_profile)
185
+ get :edit, id: librarian.id
186
+ response.should_not be_forbidden
187
+ assigns(:profile).should eq librarian
188
+ end
189
+ it "should get edit page for other librarian user" do
190
+ admin = FactoryGirl.create(:admin_profile, required_role_id: Role.where(name: 'Librarian').first.id)
191
+ get :edit, id: admin.id
192
+ response.should be_forbidden
193
+ assigns(:profile).should eq admin
194
+ end
195
+ it "should not be able to delete other librarian user" do
196
+ librarian = FactoryGirl.create(:librarian_profile)
197
+ ability = EnjuLeaf::Ability.new(@user, "0.0.0.0")
198
+ ability.should_not be_able_to( :destroy, librarian )
199
+ end
166
200
  end
167
201
 
168
202
  describe "When logged in as User" do
@@ -355,6 +389,11 @@ describe ProfilesController do
355
389
  response.should redirect_to profile_url(assigns(:profile))
356
390
  end
357
391
 
392
+ it "should not update other admin" do
393
+ put :update, id: profiles(:admin).id, profile: {:user_number => '00003', :locale => 'en', :user_group_id => 3, :library_id => 3, :note => 'test'}
394
+ response.should be_forbidden
395
+ end
396
+
358
397
  it "should update other user's user_group" do
359
398
  put :update, id: profiles(:user1).id, profile: {:user_group_id => 3, :library_id => 3, :locale => 'en'}
360
399
  response.should redirect_to profile_url(assigns(:profile))
@@ -475,6 +514,7 @@ describe ProfilesController do
475
514
 
476
515
  it "destroys the requested user" do
477
516
  delete :destroy, id: profiles(:user2).id
517
+ response.should redirect_to(profiles_url)
478
518
  end
479
519
 
480
520
  it "redirects to the profiles list" do
@@ -9,7 +9,7 @@ describe RolesController do
9
9
 
10
10
  it "assigns all roles as @roles" do
11
11
  get :index
12
- expect(assigns(:roles)).to eq(Role.all)
12
+ expect(assigns(:roles)).to eq(Role.order(:position))
13
13
  end
14
14
  end
15
15
 
@@ -18,7 +18,7 @@ describe RolesController do
18
18
 
19
19
  it "assigns all roles as @roles" do
20
20
  get :index
21
- expect(assigns(:roles)).to eq(Role.all)
21
+ expect(assigns(:roles)).to eq(Role.order(:position))
22
22
  end
23
23
  end
24
24
 
@@ -27,14 +27,14 @@ describe RolesController do
27
27
 
28
28
  it "assigns all roles as @roles" do
29
29
  get :index
30
- expect(assigns(:roles)).to be_empty
30
+ expect(assigns(:roles)).to be_nil
31
31
  end
32
32
  end
33
33
 
34
34
  describe "When not logged in" do
35
35
  it "assigns all roles as @roles" do
36
36
  get :index
37
- expect(assigns(:roles)).to be_empty
37
+ expect(assigns(:roles)).to be_nil
38
38
  end
39
39
  end
40
40
  end