baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Scope user methods

pull/143/head
baarkerlounger 4 years ago
parent
b2de048183
commit
5a7d248309
3 changed files with 100 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      app/controllers/organisations_controller.rb
  2. 16
      app/controllers/users_controller.rb
  3. 100
      spec/requests/user_controller_spec.rb

4
app/controllers/organisations_controller.rb
Unescape View File

@ -1,6 +1,6 @@
class OrganisationsController < ApplicationController class OrganisationsController < ApplicationController
before_action :authenticate_user! before_action :authenticate_user!
before_action :find_organisation before_action :find_resource
before_action :authenticate_scope! before_action :authenticate_scope!
def show def show
@ -25,7 +25,7 @@ private
head :unauthorized if current_user.organisation != @organisation head :unauthorized if current_user.organisation != @organisation
end end
def find_organisation def find_resource
@organisation = Organisation.find(params[:id]) @organisation = Organisation.find(params[:id])
end end
end end

16
app/controllers/users_controller.rb
Unescape View File

@ -2,12 +2,14 @@ class UsersController < ApplicationController
include Devise::Controllers::SignInOut include Devise::Controllers::SignInOut
include Helpers::Email include Helpers::Email
before_action :authenticate_user! before_action :authenticate_user!
before_action :find_resource, except: [:new, :create]
before_action :authenticate_scope!, except: [:new, :create]
def update def update
if current_user.update(user_params) if @user.update(user_params)
bypass_sign_in current_user bypass_sign_in @user
flash[:notice] = I18n.t("devise.passwords.updated") flash[:notice] = I18n.t("devise.passwords.updated")
redirect_to user_path(current_user) redirect_to user_path(@user)
end end
end end
@ -48,4 +50,12 @@ private
def user_params def user_params
params.require(:user).permit(:email, :name, :password, :role) params.require(:user).permit(:email, :name, :password, :role)
end end
def find_resource
@user = User.find(params[:id])
end
def authenticate_scope!
head :unauthorized if current_user != @user
end
end end

100
spec/requests/user_controller_spec.rb
Unescape View File

@ -3,39 +3,109 @@ require_relative "../support/devise"
RSpec.describe UsersController, type: :request do RSpec.describe UsersController, type: :request do
let(:user) { FactoryBot.create(:user) } let(:user) { FactoryBot.create(:user) }
let(:unauthorised_user) { FactoryBot.create(:user) }
let(:headers) { { "Accept" => "text/html" } } let(:headers) { { "Accept" => "text/html" } }
let(:page) { Capybara::Node::Simple.new(response.body) } let(:page) { Capybara::Node::Simple.new(response.body) }
describe "#show" do describe "#show" do
before do context "current user is user" do
sign_in user before do
get "/users/#{user.id}", headers: headers, params: {} sign_in user
get "/users/#{user.id}", headers: headers, params: {}
end
it "show the user details" do
expect(page).to have_content("Your account")
end
end end
it "show the user details" do context "current user is another user" do
expect(page).to have_content("Your account") before do
sign_in user
get "/users/#{unauthorised_user.id}", headers: headers, params: {}
end
it "returns unauthorised 401" do
expect(response).to have_http_status(:unauthorized)
end
end end
end end
describe "#edit" do describe "#edit" do
before do context "current user is user" do
sign_in user before do
get "/users/#{user.id}/edit", headers: headers, params: {} sign_in user
get "/users/#{user.id}/edit", headers: headers, params: {}
end
it "show the edit personal details page" do
expect(page).to have_content("Change your personal details")
end
end end
it "show the edit personal details page" do context "current user is another user" do
expect(page).to have_content("Change your personal details") before do
sign_in user
get "/users/#{unauthorised_user.id}/edit", headers: headers, params: {}
end
it "returns unauthorised 401" do
expect(response).to have_http_status(:unauthorized)
end
end end
end end
describe "#edit_password" do describe "#edit_password" do
before do context "current user is user" do
sign_in user before do
get "/users/#{user.id}/password/edit", headers: headers, params: {} sign_in user
get "/users/#{user.id}/password/edit", headers: headers, params: {}
end
it "show the edit password page" do
expect(page).to have_content("Change your password")
end
end
context "current user is another user" do
before do
sign_in user
get "/users/#{unauthorised_user.id}/edit", headers: headers, params: {}
end
it "returns unauthorised 401" do
expect(response).to have_http_status(:unauthorized)
end
end end
end
describe "#update" do
let(:new_value) { "new test name" }
let(:params) { { id: user.id, user: { name: new_value } } }
context "current user is user" do
before do
sign_in user
patch "/users/#{user.id}", headers: headers, params: params
end
it "updates the user" do
user.reload
expect(user.name).to eq(new_value)
end
end
context "current user is another user" do
let(:params) { { id: unauthorised_user.id, user: { name: new_value } } }
before do
sign_in user
patch "/users/#{unauthorised_user.id}", headers: headers, params: params
end
it "show the edit password page" do it "returns unauthorised 401" do
expect(page).to have_content("Change your password") expect(response).to have_http_status(:unauthorized)
end
end end
end end
end end

Write Preview
Loading…
Cancel
Save