enju_seed 0.1.1.pre12 → 0.2.0.beta.1

data/config/routes.rb

@@ -1,2 +1,7 @@
 Rails.application.routes.draw do
+  resource :profiles
+
+  resource :my_account
+
+  resources :roles, except: [:new, :create, :destroy]
 end

data/db/migrate/041_create_roles.rb

@@ -0,0 +1,13 @@
+class CreateRoles < ActiveRecord::Migration
+  def change
+    create_table "roles" do |t|
+      t.column :name, :string, :null => false
+      t.column :display_name, :string
+      t.column :note, :text
+      t.column :created_at, :datetime
+      t.column :updated_at, :datetime
+      t.integer :score, :default => 0, :null => false
+      t.integer :position
+    end
+  end
+end

data/db/migrate/20100606065209_create_user_has_roles.rb

@@ -0,0 +1,12 @@
+class CreateUserHasRoles < ActiveRecord::Migration
+  def change
+    create_table :user_has_roles do |t|
+      t.integer :user_id
+      t.integer :role_id
+
+      t.timestamps
+    end
+    add_index :user_has_roles, :user_id
+    add_index :user_has_roles, :role_id
+  end
+end

data/db/migrate/20130221154434_add_additional_attributes_to_user.rb

@@ -0,0 +1,16 @@
+class AddAdditionalAttributesToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :username, :string
+    add_column :users, :deleted_at, :datetime
+    add_column :users, :expired_at, :datetime
+
+    add_column :users, :failed_attempts, :integer, :default => 0
+    add_column :users, :unlock_token, :string
+    add_column :users, :locked_at, :datetime
+
+    add_column :users, :confirmed_at, :datetime
+
+    add_index :users, :username, :unique => true
+    add_index :users, :unlock_token,         :unique => true
+  end
+end

data/db/migrate/20140122054321_create_profiles.rb

@@ -0,0 +1,20 @@
+class CreateProfiles < ActiveRecord::Migration
+  def change
+    create_table :profiles do |t|
+      t.integer :user_id
+      t.integer :user_group_id
+      t.integer :library_id
+      t.string :locale
+      t.string :user_number
+      t.text :full_name
+      t.text :note
+      t.text :keyword_list
+      t.integer :required_role_id
+
+      t.timestamps
+    end
+
+    add_index :profiles, :user_id
+    add_index :profiles, :user_number, :unique => true
+  end
+end

data/db/migrate/20140610123439_drop_email_unique_constraint_enju_leaf_rc10.rb

@@ -0,0 +1,11 @@
+class DropEmailUniqueConstraintEnjuLeafRc10 < ActiveRecord::Migration
+  def up
+    remove_index :users, :email
+    add_index :users, :email
+  end
+
+  def down
+    remove_index :users, :email
+    add_index :users, :email, unique: true
+  end
+end

data/db/migrate/20140811031145_add_expired_at_to_profile.rb

@@ -0,0 +1,5 @@
+class AddExpiredAtToProfile < ActiveRecord::Migration
+  def change
+    add_column :profiles, :expired_at, :datetime
+  end
+end

data/db/migrate/20141003181336_add_full_name_transcription_to_profile.rb

@@ -0,0 +1,5 @@
+class AddFullNameTranscriptionToProfile < ActiveRecord::Migration
+  def change
+    add_column :profiles, :full_name_transcription, :text
+  end
+end

data/db/migrate/20141003182825_add_date_of_birth_to_profile.rb

@@ -0,0 +1,5 @@
+class AddDateOfBirthToProfile < ActiveRecord::Migration
+  def change
+    add_column :profiles, :date_of_birth, :datetime
+  end
+end

data/db/migrate/20150421023923_create_identities.rb

@@ -0,0 +1,15 @@
+class CreateIdentities < ActiveRecord::Migration
+  def change
+    create_table :identities do |t|
+      t.string :name
+      t.string :email
+      t.string :password_digest
+      t.integer :profile_id
+
+      t.timestamps null: false
+    end
+    add_index :identities, :name
+    add_index :identities, :email
+    add_index :identities, :profile_id
+  end
+end

data/db/migrate/20151126005552_add_provider_to_identity.rb

@@ -0,0 +1,5 @@
+class AddProviderToIdentity < ActiveRecord::Migration
+  def change
+    add_column :identities, :provider, :string
+  end
+end

data/lib/enju_seed/engine.rb

@@ -1,14 +1,17 @@
 require 'kaminari'
 require 'devise'
-require 'cancancan'
+require 'pundit'
 require 'acts_as_list'
-require 'attribute_normalizer'
+require 'strip_attributes'
 require 'friendly_id'
 require 'addressable/uri'
 require 'sunspot_rails'
-require 'resque/server'
-require 'settingslogic'
-require 'nested_form'
+require 'cocoon'
+require 'kramdown'
+require 'rails_autolink'
+require 'sitemap_generator'
+require 'statesman'
+require 'browser'
 
 module EnjuSeed
   class Engine < ::Rails::Engine

data/lib/enju_seed/version.rb

@@ -1,3 +1,3 @@
 module EnjuSeed
-  VERSION = "0.1.1.pre12"
+  VERSION = "0.2.0.beta.1"
 end

data/spec/controllers/my_accounts_controller_spec.rb

@@ -0,0 +1,229 @@
+# -*- encoding: utf-8 -*-
+require 'rails_helper'
+
+describe MyAccountsController do
+  fixtures :all
+
+  describe "GET show" do
+    describe "When logged in as Administrator" do
+      before(:each) do
+        sign_in User.where(username: 'enjuadmin').first
+      end
+
+      it "assigns the requested user as @user" do
+        get :show, id: 'admin'
+        expect(response).to be_success
+      end
+    end
+
+    describe "When not logged in" do
+      it "assigns the requested user as @user" do
+        get :show, id: 'admin'
+        expect(assigns(:user)).to be_nil
+        expect(response).to redirect_to(new_user_session_url)
+      end
+    end
+  end
+
+  describe "GET edit" do
+    describe "When logged in as Administrator" do
+      before(:each) do
+        profile = FactoryGirl.create(:profile)
+        @user = FactoryGirl.create(:admin)
+        @user.profile = profile
+        sign_in @user
+      end
+
+      it "assigns the requested user as @user" do
+        get :edit
+        expect(assigns(:profile)).to eq(@user.profile)
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      before(:each) do
+        profile = FactoryGirl.create(:profile)
+        @user = FactoryGirl.create(:librarian)
+        @user.profile = profile
+        sign_in @user
+      end
+
+      it "should assign the requested user as @user" do
+        get :edit
+        expect(assigns(:profile)).to eq(@user.profile)
+      end
+    end
+
+    describe "When logged in as User" do
+      before(:each) do
+        profile = FactoryGirl.create(:profile)
+        @user = FactoryGirl.create(:user)
+        @user.profile = profile
+        sign_in @user
+      end
+
+      it "should assign the requested user as @user" do
+        get :edit
+        expect(assigns(:profile)).to eq(@user.profile)
+        expect(response).to be_success
+      end
+    end
+
+    describe "When not logged in" do
+      it "should not assign the requested user as @user" do
+        get :edit
+        expect(assigns(:user)).to be_nil
+        expect(response).to redirect_to(new_user_session_url)
+      end
+    end
+  end
+
+  describe "PUT update" do
+    before(:each) do
+      @attrs = {:user_attributes => {email: 'newaddress@example.jp', :current_password => 'password'}, :locale => 'en'}
+      @invalid_attrs = {:user_attributes => {username: ''}, user_number: '日本語'}
+      @invalid_passwd_attrs = {:user_attributes => {:current_password=> ''}}
+    end
+
+    describe "When logged in as Administrator" do
+      before(:each) do
+        profile = FactoryGirl.create(:profile)
+        @user = FactoryGirl.create(:admin, :password => 'password', :password_confirmation => 'password')
+        @user.profile = profile
+        sign_in @user
+      end
+
+      describe "with valid params" do
+        it "updates the requested user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+        end
+
+        it "assigns the requested user as @user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+          expect(assigns(:profile)).to eq(@user.profile)
+        end
+
+        it "redirects to the user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+          expect(assigns(:profile)).to eq(@user.profile)
+          expect(response).to redirect_to(my_account_url)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the requested user as @user" do
+          put :update, profile: @invalid_attrs
+          expect(assigns(:profile)).to eq(@user.profile)
+        end
+
+        it "re-renders the 'edit' template" do
+          put :update, profile: @invalid_attrs
+          expect(response).to render_template("edit")
+        end
+      end
+
+      #describe "with invalid password params" do
+      #  it "assigns the requested user as @user" do
+      #    put :update, profile: @invalid_passwd_attrs
+      #    expect(assigns(:profile).errors).not_to be_blank
+      #  end
+      #end
+    end
+
+    describe "When logged in as Librarian" do
+      before(:each) do
+        profile = FactoryGirl.create(:profile)
+        @user = FactoryGirl.create(:librarian, :password => 'password', :password_confirmation => 'password')
+        @user.profile = profile
+        sign_in @user
+      end
+
+      describe "with valid params" do
+        it "updates the requested user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+        end
+
+        it "assigns the requested user as @user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+          expect(assigns(:profile)).to eq(@user.profile)
+        end
+
+        it "redirects to the user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+          expect(assigns(:profile)).to eq(@user.profile)
+          expect(response).to redirect_to(my_account_url)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the user as @user" do
+          put :update, profile: @invalid_attrs
+          expect(assigns(:profile)).to_not be_valid
+          expect(response).to be_success
+        end
+
+        it "should ignore username" do
+          put :update, profile: @invalid_attrs
+          expect(response).to render_template("edit")
+          expect(assigns(:profile).changed?).to be_truthy
+        end
+      end
+    end
+
+    describe "When logged in as User" do
+      before(:each) do
+        profile = FactoryGirl.create(:profile)
+        @user = FactoryGirl.create(:user, :password => 'password', :password_confirmation => 'password')
+        @user.profile = profile
+        sign_in @user
+      end
+
+      describe "with valid params" do
+        it "updates the requested user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+        end
+
+        it "assigns the requested user as @user" do
+          @attrs[:user_attributes][:id] = @user.id
+          put :update, profile: @attrs
+          expect(assigns(:profile)).to eq(@user.profile)
+          expect(response).to redirect_to(my_account_url)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the requested user as @user" do
+          put :update, profile: @invalid_attrs
+          expect(response).to be_success
+        end
+      end
+    end
+
+    describe "When not logged in" do
+      describe "with valid params" do
+        it "updates the requested user" do
+          put :update, profile: @attrs
+        end
+
+        it "should be forbidden" do
+          put :update, profile: @attrs
+          expect(response).to redirect_to(new_user_session_url)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the requested user as @user" do
+          put :update, profile: @invalid_attrs
+          expect(response).to redirect_to(new_user_session_url)
+        end
+      end
+    end
+  end
+end

data/spec/controllers/profiles_controller_spec.rb

@@ -0,0 +1,594 @@
+require 'rails_helper'
+
+describe ProfilesController do
+  fixtures :all
+
+  describe "GET index" do
+    describe "When logged in as Administrator" do
+      login_fixture_admin
+
+      it "assigns all profiles as @profiles" do
+        get :index
+        Sunspot.session.should be_a_search_for(Profile)
+        Sunspot.session.should have_search_params(:fulltext, '')
+        assigns(:profiles).should_not be_nil
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      login_fixture_librarian
+
+      it "assigns all profiles as @profiles" do
+        get :index
+        Sunspot.session.should be_a_search_for(Profile)
+        Sunspot.session.should have_search_params(:fulltext, '')
+        assigns(:profiles).should_not be_nil
+      end
+
+      it "should get index with query" do
+        get :index, :query => 'user1'
+        response.should be_success
+        Sunspot.session.should be_a_search_for(Profile)
+        Sunspot.session.should have_search_params(:fulltext, 'user1')
+        assigns(:profiles).should_not be_nil
+      end
+
+      it "should get sorted index" do
+        get :index, :query => 'user1', :sort_by => 'username', :order => 'desc'
+        response.should be_success
+        Sunspot.session.should be_a_search_for(Profile)
+        Sunspot.session.should have_search_params(:fulltext, 'user1')
+        Sunspot.session.should have_search_params(:order_by, :username, :desc)
+        assigns(:profiles).should_not be_nil
+      end
+    end
+
+    describe "When logged in as User" do
+      login_fixture_user
+
+      it "assigns all profiles as @profiles" do
+        get :index
+        assigns(:profiles).should be_nil
+        response.should be_forbidden
+      end
+    end
+
+    describe "When not logged in" do
+      it "assigns all profiles as @profiles" do
+        get :index
+        assigns(:profiles).should be_nil
+        response.should redirect_to(new_user_session_url)
+      end
+    end
+  end
+
+  describe "GET show" do
+    describe "When logged in as Administrator" do
+      login_fixture_admin
+
+      it "assigns the requested user as @profile" do
+        get :show, id: profiles(:admin).id
+        assigns(:profile).should eq(profiles(:admin))
+      end
+      it "assigns the another requested user as @profile" do
+        admin_profile = FactoryGirl.create :admin_profile
+        get :show, id: admin_profile.id
+        expect(response).not_to be_forbidden
+        expect(assigns(:profile)).to eq admin_profile
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      login_fixture_librarian
+
+      it "assigns the requested user as @profile" do
+        get :show, id: profiles(:librarian1).id
+        assigns(:profile).should eq(profiles(:librarian1))
+      end
+      it "should not assign the requested user as @admin" do
+        admin = FactoryGirl.create(:admin_profile)
+        get :show, id: admin.id
+        response.should be_forbidden
+      end
+      it "should assign the requested user as @librarian" do
+        librarian = FactoryGirl.create(:librarian_profile)
+        get :show, id: librarian.id
+        response.should_not be_forbidden
+        assigns(:profile).should eq librarian
+      end
+    end
+
+    describe "When logged in as User" do
+      login_fixture_user
+
+      it "assigns the requested user as @profile" do
+        get :show, id: profiles(:user1).id
+        assigns(:profile).should eq(profiles(:user1))
+      end
+
+      it "should redirect to my user account" do
+        get :show, id: profiles(:user1).id
+        assert_redirected_to my_account_url
+      end
+
+      it "should show other user's account" do
+        get :show, id: profiles(:admin).id
+        assigns(:profile).should eq(profiles(:admin))
+        response.should be_forbidden
+      end
+    end
+
+    describe "When not logged in" do
+      it "assigns the requested user as @profile" do
+        get :show, id: profiles(:admin).id
+        assigns(:profile).should eq(profiles(:admin))
+        response.should redirect_to(new_user_session_url)
+      end
+    end
+  end
+
+  describe "GET new" do
+    describe "When logged in as Administrator" do
+      login_fixture_admin
+
+      it "assigns the requested user as @profile" do
+        get :new
+        assigns(:profile).should_not be_valid
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      login_fixture_librarian
+
+      it "should not assign the requested user as @profile" do
+        get :new
+        assigns(:profile).should_not be_valid
+      end
+    end
+
+    describe "When logged in as User" do
+      login_fixture_user
+
+      it "should not assign the requested user as @profile" do
+        get :new
+        assigns(:profile).should be_nil
+        response.should be_forbidden
+      end
+    end
+
+    describe "When not logged in" do
+      it "should not assign the requested user as @profile" do
+        get :new
+        assigns(:profile).should be_nil
+        response.should redirect_to(new_user_session_url)
+      end
+    end
+  end
+
+  describe "GET edit" do
+    describe "When logged in as Administrator" do
+      login_fixture_admin
+
+      it "assigns the requested user as @profile" do
+        profile = FactoryGirl.create(:profile)
+        get :edit, id: profile.id
+        assigns(:profile).should eq(profile)
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      login_fixture_librarian
+
+      it "should assign the requested user as @profile" do
+        profile = FactoryGirl.create(:profile)
+        get :edit, id: profile.id
+        assigns(:profile).should eq(profile)
+      end
+      it "should not get edit page for admin required user" do
+        admin = FactoryGirl.create(:admin_profile)
+        get :edit, id: admin.id
+        response.should be_forbidden
+        #assigns(:profile).should_not eq(admin)
+      end
+      it "should get edit page for other librarian user" do
+        librarian = FactoryGirl.create(:librarian_profile)
+        get :edit, id: librarian.id
+        response.should_not be_forbidden
+        assigns(:profile).should eq librarian
+      end
+      it "should get edit page for other librarian user" do
+        admin = FactoryGirl.create(:admin_profile, required_role_id: Role.where(name: 'Librarian').first.id)
+        get :edit, id: admin.id
+        response.should be_forbidden
+        assigns(:profile).should eq admin
+      end
+
+      it "should show icalendar feed" do
+        get :edit, id: profiles(:user1).id, mode: 'feed_token'
+        response.should render_template("profiles/_feed_token")
+      end
+    end
+
+    describe "When logged in as User" do
+      login_fixture_user
+
+      it "should not assign the requested user as @profile" do
+        profile = FactoryGirl.create(:profile)
+        get :edit, id: profile.id
+        assigns(:profile).should eq(profile)
+        response.should be_forbidden
+      end
+
+      it "should edit myself" do
+        get :edit, id: profiles(:user1).id
+        response.should redirect_to edit_my_account_url
+      end
+    end
+
+    describe "When not logged in" do
+      it "should not assign the requested user as @profile" do
+        profile = FactoryGirl.create(:profile)
+        get :edit, id: profile.id
+        assigns(:profile).should eq(profile)
+        response.should redirect_to(new_user_session_url)
+      end
+    end
+  end
+
+  describe "POST create" do
+    before(:each) do
+      @attrs = FactoryGirl.attributes_for(:profile)
+      @invalid_attrs = {:user_group_id => '', :user_number => '日本語'}
+    end
+
+    describe "When logged in as Administrator" do
+      login_fixture_admin
+
+      describe "with valid params" do
+        it "assigns a newly created user as @profile" do
+          post :create, profile: @attrs
+          assigns(:profile).should be_valid
+        end
+
+        it "redirects to the created user" do
+          post :create, profile: @attrs
+          response.should redirect_to(profile_url(assigns(:profile)))
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns a newly created but unsaved user as @profile" do
+          post :create, profile: @invalid_attrs
+          assigns(:profile).should_not be_valid
+        end
+
+        it "re-renders the 'new' template" do
+          post :create, profile: @invalid_attrs
+          response.should render_template("new")
+        end
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      login_fixture_librarian
+
+      describe "with valid params" do
+        it "assigns a newly created user as @profile" do
+          post :create, profile: @attrs
+          assigns(:profile).should be_valid
+        end
+
+        it "redirects to the created user" do
+          post :create, profile: @attrs
+          response.should redirect_to(profile_url(assigns(:profile)))
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns a newly created but unsaved user as @profile" do
+          post :create, profile: @invalid_attrs
+          assigns(:profile).should_not be_valid
+        end
+
+        it "re-renders the 'new' template" do
+          post :create, profile: @invalid_attrs
+          response.should render_template("new")
+        end
+      end
+    end
+
+    describe "When logged in as User" do
+      login_fixture_user
+
+      it "should not create user" do
+        post :create, profile: { :username => 'test10' }
+        assigns(:profile).should be_nil
+        response.should be_forbidden
+      end
+    end
+
+    describe "When not logged in" do
+      it "should not create user" do
+        post :create, profile: { :username => 'test10' }
+        response.should redirect_to new_user_session_url
+      end
+    end
+  end
+
+  describe "PUT update" do
+    before(:each) do
+      @profile = profiles(:user1)
+      @attrs = {:user_group_id => '3', :locale => 'en'}
+      @invalid_attrs = {:user_group_id => '', :user_number => '日本語'}
+    end
+
+    describe "When logged in as Administrator" do
+      login_fixture_admin
+
+      describe "with valid params" do
+        it "updates the requested user" do
+          put :update, id: @profile.id, profile: @attrs
+        end
+
+        it "assigns the requested user as @profile" do
+          put :update, id: @profile.id, profile: @attrs
+          assigns(:profile).should eq(@profile)
+        end
+
+        it "redirects to the user" do
+          put :update, id: @profile.id, profile: @attrs
+          assigns(:profile).should eq(@profile)
+          response.should redirect_to(@profile)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the requested user as @profile" do
+          put :update, id: @profile.id, profile: @invalid_attrs
+          assigns(:profile).should eq(@profile)
+        end
+
+        it "re-renders the 'edit' template" do
+          put :update, id: @profile, profile: @invalid_attrs
+          response.should render_template("edit")
+        end
+      end
+
+      it "should update other user's role" do
+        put :update, id: profiles(:user1).id, profile: {:user_attributes => {:user_has_role_attributes => {:role_id => 4}, :email => profiles(:user1).user.email, :locale => 'en', id: profiles(:user1).user.id}}
+        response.should redirect_to profile_url(assigns(:profile))
+        assigns(:profile).reload
+        assigns(:profile).user.role.should eq Role.where(name: 'Administrator').first
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      login_fixture_librarian
+
+      describe "with valid params" do
+        it "updates the requested user" do
+          put :update, id: @profile.id, profile: @attrs
+        end
+
+        it "assigns the requested user as @profile" do
+          put :update, id: @profile.id, profile: @attrs
+          assigns(:profile).should eq(@profile)
+        end
+
+        it "redirects to the user" do
+          put :update, id: @profile.id, profile: @attrs
+          assigns(:profile).should eq(@profile)
+          response.should redirect_to(@profile)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the user as @profile" do
+          put :update, id: @profile, profile: @invalid_attrs
+          assigns(:profile).should_not be_valid
+        end
+
+        it "re-renders the 'edit' template" do
+          put :update, id: @profile, profile: @invalid_attrs
+          response.should render_template("edit")
+        end
+      end
+
+      it "should update other user" do
+        put :update, id: profiles(:user1).id, profile: {:user_number => '00003', :locale => 'en', :user_group_id => 3, :library_id => 3, :note => 'test'}
+        response.should redirect_to profile_url(assigns(:profile))
+      end
+
+      it "should not update other admin" do
+        put :update, id: profiles(:admin).id, profile: {:user_number => '00003', :locale => 'en', :user_group_id => 3, :library_id => 3, :note => 'test'}
+        response.should be_forbidden
+      end
+
+      it "should update other user's user_group" do
+        put :update, id: profiles(:user1).id, profile: {:user_group_id => 3, :library_id => 3, :locale => 'en'}
+        response.should redirect_to profile_url(assigns(:profile))
+        assigns(:profile).user_group_id.should eq 3
+      end
+
+      it "should update other user's note" do
+        put :update, id: profiles(:user1).id, profile: {:user_group_id => 3, :library_id => 3, :note => 'test', :locale => 'en'}
+        response.should redirect_to profile_url(assigns(:profile))
+        assert_equal assigns(:profile).note, 'test'
+      end
+
+      it "should update other user's locked status" do
+        put :update, id: profiles(:user1).id, profile: {:user_attributes => {:id => 3, :locked => '1', :username => 'user1'}}
+        response.should redirect_to profile_url(assigns(:profile))
+        assigns(:profile).user.locked_at.should be_truthy
+        assigns(:profile).user.access_locked?.should be_truthy
+      end
+    end
+
+    describe "When logged in as User" do
+      login_fixture_user
+
+      describe "with valid params" do
+        it "updates the requested user" do
+          put :update, id: @profile.id, profile: @attrs
+        end
+
+        it "assigns the requested user as @profile" do
+          put :update, id: @profile.id, profile: @attrs
+          assigns(:profile).should be_valid
+          response.should redirect_to profile_url(assigns(:profile))
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the requested user as @profile" do
+          put :update, id: @profile.id, profile: @invalid_attrs
+          #assigns(:profile).should_not be_valid
+          #response.should be_success
+          assigns(:profile).should be_valid
+          response.should redirect_to profile_url(assigns(:profile))
+        end
+      end
+
+      it "should update myself" do
+        put :update, id: profiles(:user1).id, profile: {keyword_list: 'test'}
+        response.should redirect_to profile_url(assigns(:profile))
+      end
+
+      it "should not update my role" do
+        put :update, id: profiles(:user1).id, profile: {:user_has_role_attributes => {:role_id => 4}}
+        response.should redirect_to profile_url(assigns(:profile))
+        assigns(:profile).user.role.should_not eq Role.where(name: 'Administrator').first
+      end
+
+      it "should not update my user_group" do
+        put :update, id: profiles(:user1).id, profile: {:user_group_id => 3, :library_id => 3}
+        response.should redirect_to profile_url(assigns(:profile))
+        assigns(:profile).user_group_id.should eq 1
+      end
+
+      it "should not update my note" do
+        put :update, id: profiles(:user1).id, profile: {:user_group_id => 3, :library_id => 3, :note => 'test'}
+        response.should redirect_to profile_url(assigns(:profile))
+        assigns(:profile).note.should be_nil
+      end
+
+      it "should update my keyword_list" do
+        put :update, id: profiles(:user1).id, profile: {:keyword_list => 'test'}
+        response.should redirect_to profile_url(assigns(:profile))
+        assigns(:profile).keyword_list.should eq 'test'
+        assigns(:profile).user.role.name.should eq 'User'
+      end
+
+      it "should not update other user" do
+        put :update, id: profiles(:user2).id, profile: { }
+        assigns(:profile).should be_valid
+        response.should be_forbidden
+      end
+    end
+
+    describe "When not logged in" do
+      describe "with valid params" do
+        it "updates the requested user" do
+          put :update, id: @profile.id, profile: @attrs
+        end
+
+        it "should be forbidden" do
+          put :update, id: @profile.id, profile: @attrs
+          response.should redirect_to(new_user_session_url)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the requested user as @profile" do
+          put :update, id: @profile.id, profile: @invalid_attrs
+          response.should redirect_to(new_user_session_url)
+        end
+      end
+    end
+  end
+
+  describe "DELETE destroy" do
+    describe "When logged in as Administrator" do
+      login_fixture_admin
+
+      it "destroys the requested user" do
+        delete :destroy, id: profiles(:user2).id
+      end
+
+      it "redirects to the profiles list" do
+        delete :destroy, id: profiles(:user2).id
+        response.should redirect_to(profiles_url)
+      end
+
+      it "should destroy librarian" do
+        delete :destroy, id: profiles(:librarian2).id
+        response.should redirect_to(profiles_url)
+      end
+    end
+
+    describe "When logged in as Librarian" do
+      login_fixture_librarian
+
+      it "destroys the requested user" do
+        delete :destroy, id: profiles(:user2).id
+        response.should redirect_to(profiles_url)
+      end
+
+      it "redirects to the profiles list" do
+        delete :destroy, id: profiles(:user2).id
+        response.should redirect_to(profiles_url)
+      end
+
+      it "should not destroy librarian" do
+        delete :destroy, id: profiles(:librarian2).id
+        response.should be_forbidden
+      end
+
+      it "should not destroy admin" do
+        delete :destroy, id: profiles(:admin).id
+        response.should be_forbidden
+      end
+
+      it "should not destroy myself" do
+        delete :destroy, id: profiles(:librarian1).id
+        response.should be_forbidden
+      end
+
+      it "should not be able to delete other librarian user" do
+        librarian = FactoryGirl.create(:librarian_profile)
+        delete :destroy, id: librarian.id
+        response.should be_forbidden
+      end
+    end
+
+    describe "When logged in as User" do
+      login_fixture_user
+
+      it "destroys the requested user" do
+        delete :destroy, id: profiles(:user2).id
+      end
+
+      it "should be forbidden" do
+        delete :destroy, id: profiles(:user2).id
+        response.should be_forbidden
+      end
+
+      it "should not destroy myself" do
+        delete :destroy, id: profiles(:user1).id
+        response.should be_forbidden
+      end
+    end
+
+    describe "When not logged in" do
+      it "destroys the requested user" do
+        delete :destroy, id: profiles(:user2).id
+        response.should redirect_to(new_user_session_url)
+      end
+
+      it "should be forbidden" do
+        delete :destroy, id: profiles(:user2).id
+        response.should redirect_to(new_user_session_url)
+      end
+    end
+  end
+end