saucy 0.2.40 → 0.2.41

data/app/views/projects/new.html.erb

@@ -10,6 +10,6 @@
                      :admins     => current_account.admins %>
   <%= form.buttons do -%>
     <%= form.commit_button %>
-    <%= link_to 'Cancel', account_projects_path(current_account) %>
+    <li><%= link_to 'Cancel', account_projects_path(current_account) %></li>
   <% end -%>
 <% end -%>

data/lib/saucy/projects_controller.rb

@@ -3,8 +3,9 @@ module Saucy
     extend ActiveSupport::Concern
 
     included do
-      before_filter :authorize_admin, :except => [:show]
-      before_filter :ensure_active_account, :only => [:show, :destroy, :index]
+      before_filter :authorize_member,      :only   => :show
+      before_filter :authorize_admin,       :except => [:show]
+      before_filter :ensure_active_account, :only   => [:show, :destroy, :index]
       layout Saucy::Layouts.to_proc
     end
 
@@ -24,12 +25,11 @@ module Saucy
       end
 
       def edit
-        @project = ::Project.find_by_keyword!(params[:id])
+        current_project
       end
 
       def update
-        @project = ::Project.find_by_keyword!(params[:id])
-        if @project.update_attributes params[:project]
+        if current_project.update_attributes params[:project]
           flash[:success] = 'Project was updated.'
           redirect_to account_projects_url(current_account)
         else
@@ -38,19 +38,24 @@ module Saucy
       end
 
       def show
-        @project = ::Project.find_by_keyword!(params[:id])
+        current_project
       end
 
       def destroy
-        @project = ::Project.find_by_keyword!(params[:id])
-        @project.destroy
+        current_project.destroy
         flash[:success] = "Project has been deleted"
-        redirect_to account_projects_url(@project.account)
+        redirect_to account_projects_url(current_project.account)
       end
 
       def index
         @projects = current_account.projects
       end
+
+      private
+
+      def current_project
+        @project ||= ::Project.find_by_keyword!(params[:id])
+      end
     end
   end
 end

data/spec/controllers/projects_controller_spec.rb

@@ -30,6 +30,19 @@ describe ProjectsController, "new", :as => :account_admin do
   end
 end
 
+describe ProjectsController, "#show as another user" do
+  let(:account) { Factory(:account) }
+  let(:user)    { Factory(:user) }
+  let(:project) { Factory(:project) }
+  before do
+    sign_in_as(user)
+    get :show, :account_id => account.to_param, :id => project.to_param
+  end
+
+  it { should respond_with(:redirect) }
+  it { should set_the_flash.to(/do not have permission/) }
+end
+
 describe ProjectsController, "create", :as => :account_admin do
   before do
     @project_count = Project.count

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: saucy
 version: !ruby/object:Gem::Version 
-  hash: 71
-  prerelease: 
+  hash: 69
+  prerelease: false
   segments: 
   - 0
   - 2
-  - 40
-  version: 0.2.40
+  - 41
+  version: 0.2.41
 platform: ruby
 authors: 
 - thoughtbot, inc.
@@ -18,11 +18,10 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-10 00:00:00 -05:00
+date: 2011-03-11 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  type: :runtime
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
@@ -33,11 +32,11 @@ dependencies:
         - 1
         - 2
         version: "1.2"
-  version_requirements: *id001
+  type: :runtime
   name: formtastic
   prerelease: false
+  version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  type: :runtime
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
@@ -49,11 +48,11 @@ dependencies:
         - 0
         - 3
         version: 3.0.3
-  version_requirements: *id002
+  type: :runtime
   name: railties
   prerelease: false
+  version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  type: :runtime
   requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
@@ -65,11 +64,11 @@ dependencies:
         - 6
         - 2
         version: 2.6.2
-  version_requirements: *id003
+  type: :runtime
   name: braintree
   prerelease: false
+  version_requirements: *id003
 - !ruby/object:Gem::Dependency 
-  type: :runtime
   requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
@@ -81,11 +80,11 @@ dependencies:
         - 3
         - 3
         version: 1.3.3
-  version_requirements: *id004
+  type: :runtime
   name: sham_rack
   prerelease: false
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  type: :runtime
   requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
@@ -97,11 +96,11 @@ dependencies:
         - 1
         - 2
         version: 1.1.2
-  version_requirements: *id005
+  type: :runtime
   name: sinatra
   prerelease: false
+  version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  type: :development
   requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
@@ -113,9 +112,10 @@ dependencies:
         - 2
         - 6
         version: 0.2.6
-  version_requirements: *id006
+  type: :development
   name: aruba
   prerelease: false
+  version_requirements: *id006
 description: Clearance-based Rails engine for Software as a Service (Saas) that provides account and project management
 email: support@thoughtbot.com
 executables: []
@@ -291,7 +291,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.6.1
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: Clearance-based Rails engine for SaaS