From a0b41e853b535de63a399234bcda6559c6150d8f Mon Sep 17 00:00:00 2001 From: mmezher Date: Thu, 16 Jun 2016 20:08:39 -0400 Subject: [PATCH 1/6] Fixes authorization for polls --- app/controllers/polls_controller.rb | 16 ++++++++++++---- app/views/polls/index.html.haml | 8 ++++---- app/views/polls/show.html.haml | 4 ++-- spec/acceptance/lessons_spec.rb | 2 ++ spec/acceptance/polls_spec.rb | 21 +++++++++++++++++++++ 5 files changed, 41 insertions(+), 10 deletions(-) diff --git a/app/controllers/polls_controller.rb b/app/controllers/polls_controller.rb index 1a27d7d..469e238 100644 --- a/app/controllers/polls_controller.rb +++ b/app/controllers/polls_controller.rb @@ -27,12 +27,19 @@ def show # GET /polls/new # GET /polls/new.json def new - @poll = Poll.new + if !current_user.admin? + redirect_to root_path + return + + else + @poll = Poll.new + + respond_to do |format| + format.html # new.html.erb + format.json { render json: @poll } - respond_to do |format| - format.html # new.html.erb - format.json { render json: @poll } end + end # GET /polls/1/edit @@ -43,6 +50,7 @@ def edit # POST /polls # POST /polls.json def create + @poll = Poll.new(poll_params) respond_to do |format| diff --git a/app/views/polls/index.html.haml b/app/views/polls/index.html.haml index 7d98c72..9071a23 100644 --- a/app/views/polls/index.html.haml +++ b/app/views/polls/index.html.haml @@ -3,13 +3,13 @@ -@polls.each do |poll| .poll{'data-id' => poll.id} - %h2=poll.question + %h2= poll.question .publish =render :partial => "polls/publish_link", :locals => {:poll => poll} .actions = link_to 'Show', poll - = link_to 'Edit', edit_poll_path(poll) - = link_to 'Destroy', poll, method: :delete, data: { confirm: 'Are you sure?' } + = link_to 'Edit', edit_poll_path(poll) if can? :manage, :polls + = link_to 'Destroy', poll, method: :delete, data: { confirm: 'Are you sure?' } if can? :manage, :polls -= link_to 'New Poll', new_poll_path += link_to 'New Poll', new_poll_path if can? :manage, :polls diff --git a/app/views/polls/show.html.haml b/app/views/polls/show.html.haml index 8179146..5333c52 100644 --- a/app/views/polls/show.html.haml +++ b/app/views/polls/show.html.haml @@ -4,6 +4,6 @@ %b Question: = @poll.question -= link_to 'Edit', edit_poll_path(@poll) += link_to 'Edit', edit_poll_path(@poll) if can? :manage, :polls \| -= link_to 'Back', polls_path += link_to 'Back', polls_path if can? :manage, :polls diff --git a/spec/acceptance/lessons_spec.rb b/spec/acceptance/lessons_spec.rb index b858378..266585a 100644 --- a/spec/acceptance/lessons_spec.rb +++ b/spec/acceptance/lessons_spec.rb @@ -248,6 +248,8 @@ end + + feature %q{ As a teacher When I have a lesson coming up diff --git a/spec/acceptance/polls_spec.rb b/spec/acceptance/polls_spec.rb index e53ea03..e6c16d3 100644 --- a/spec/acceptance/polls_spec.rb +++ b/spec/acceptance/polls_spec.rb @@ -56,3 +56,24 @@ page.should have_css(".polls", :visible => true) end end +feature %q{ + As a website + I want to make sure, + That non-admin user + Can't create polls +} do + + background do + @user = FactoryGirl.create(:user) + venue = FactoryGirl.create(:venue) + @user.school = venue.school + sign_in_manually @user + end + + scenario "Non-admin user is trying to access polls" do + visit new_poll_path + uri = URI.parse(current_url) + uri.path.should == root_path + end + +end \ No newline at end of file From cf1446f8120e27f7c473fd14b6cd12ca92491fb7 Mon Sep 17 00:00:00 2001 From: mmezher Date: Fri, 17 Jun 2016 08:32:59 -0400 Subject: [PATCH 2/6] Fixes common hound issues with previous pull request and changes admin check --- app/controllers/polls_controller.rb | 9 ++------- app/views/polls/index.html.haml | 5 ++--- spec/acceptance/lessons_spec.rb | 3 --- spec/acceptance/polls_spec.rb | 5 +++-- 4 files changed, 7 insertions(+), 15 deletions(-) diff --git a/app/controllers/polls_controller.rb b/app/controllers/polls_controller.rb index 469e238..53fa4bd 100644 --- a/app/controllers/polls_controller.rb +++ b/app/controllers/polls_controller.rb @@ -1,5 +1,6 @@ class PollsController < ApplicationController - + + load_and_authorize_resource only: [:new, :create, :edit, :update] before_action :authenticate_user! # GET /polls @@ -27,13 +28,7 @@ def show # GET /polls/new # GET /polls/new.json def new - if !current_user.admin? - redirect_to root_path - return - - else @poll = Poll.new - respond_to do |format| format.html # new.html.erb format.json { render json: @poll } diff --git a/app/views/polls/index.html.haml b/app/views/polls/index.html.haml index 9071a23..84232c8 100644 --- a/app/views/polls/index.html.haml +++ b/app/views/polls/index.html.haml @@ -8,8 +8,7 @@ =render :partial => "polls/publish_link", :locals => {:poll => poll} .actions = link_to 'Show', poll - = link_to 'Edit', edit_poll_path(poll) if can? :manage, :polls - = link_to 'Destroy', poll, method: :delete, data: { confirm: 'Are you sure?' } if can? :manage, :polls - + = link_to 'Edit', edit_poll_path(poll) + = link_to 'Destroy', poll, method: :delete, data: { confirm: 'Are you sure?' } = link_to 'New Poll', new_poll_path if can? :manage, :polls diff --git a/spec/acceptance/lessons_spec.rb b/spec/acceptance/lessons_spec.rb index 266585a..91a4a0a 100644 --- a/spec/acceptance/lessons_spec.rb +++ b/spec/acceptance/lessons_spec.rb @@ -245,11 +245,8 @@ uri = URI.parse(current_url) uri.path.should == root_path end - end - - feature %q{ As a teacher When I have a lesson coming up diff --git a/spec/acceptance/polls_spec.rb b/spec/acceptance/polls_spec.rb index e6c16d3..a5da412 100644 --- a/spec/acceptance/polls_spec.rb +++ b/spec/acceptance/polls_spec.rb @@ -35,7 +35,6 @@ page.should have_css("p", :text => "Poll was successfully updated.", :visible => true) end - end feature %q{ @@ -55,7 +54,9 @@ save_and_open_page page.should have_css(".polls", :visible => true) end + end + feature %q{ As a website I want to make sure, @@ -70,7 +71,7 @@ sign_in_manually @user end - scenario "Non-admin user is trying to access polls" do + scenario "Non-admin user is trying to access polls", :js => true do visit new_poll_path uri = URI.parse(current_url) uri.path.should == root_path From df485c1a8a34f938f9479074831349a18d1261a5 Mon Sep 17 00:00:00 2001 From: mmezher Date: Fri, 17 Jun 2016 11:20:26 -0400 Subject: [PATCH 3/6] Fixes format of Gemfile Gemfile alternated use of single and double quotes. Unless using string interpolation, generally single quotes is a simpler choice. All Gem names are now single quoted. --- Gemfile | 48 ++++++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/Gemfile b/Gemfile index dd34a39..157ead8 100644 --- a/Gemfile +++ b/Gemfile @@ -1,33 +1,33 @@ source 'https://rubygems.org' -ruby "2.2.0" +ruby '2.2.4' gem 'rails', '~> 4.2.4' # Bundle edge Rails instead: # gem 'rails', :git => 'git://github.com/rails/rails.git' -gem "devise" -gem "cancancan" -gem "haml-rails" +gem 'devise' +gem 'cancancan' +gem 'haml-rails' gem 'coffee-rails' gem 'gmaps4rails', '~> 1.5.6' gem 'geocoder' -gem "unicorn" -gem "rack-timeout", '0.0.4' # https://github.com/heroku/rack-timeout/issues/55 -gem "sidekiq" -gem "sinatra", require: false # Required for Sidekiq web interface +# gem 'unicorn' +gem 'rack-timeout', '0.0.4' # https://github.com/heroku/rack-timeout/issues/55 +gem 'sidekiq' +gem 'sinatra', require: false # Required for Sidekiq web interface -gem "devise-async" -gem "gravatar-ultimate" +gem 'devise-async' +gem 'gravatar-ultimate' # render markdown -gem "redcarpet", "~> 1.17.2" -gem "icalendar" +gem 'redcarpet', '~> 1.17.2' +gem 'icalendar' # parse urls -gem "addressable" +gem 'addressable' -gem "twitter" +gem 'twitter' group :development do gem 'letter_opener' @@ -44,7 +44,7 @@ end gem 'sass-rails', '~> 4.0.0' # v5 breaks CI # See https://github.com/sstephenson/execjs#readme for more supported runtimes # gem 'therubyracer', :platforms => :ruby -gem "uglifier", '~> 2.1.1' +gem 'uglifier', '~> 2.1.1' gem 'httparty' @@ -64,25 +64,29 @@ gem 'socket.io-client-simple' gem 'houston' group :test do - gem "factory_girl_rails" - gem "timecop" + gem 'factory_girl_rails' + gem 'timecop' gem 'shoulda-matchers' gem 'simplecov', :require => false # code coverage tool - gem "database_cleaner" + gem 'database_cleaner' gem 'email_spec' - gem "webmock" + gem 'webmock' end group :test, :development do - gem "rspec-rails" + gem 'rspec-rails' gem 'capybara' - gem 'poltergeist' + # gem 'poltergeist' gem 'pry-rails' + gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw] gem 'sqlite3' + + end + # To use ActiveModel has_secure_password -# gem 'bcrypt-ruby', '~> 3.0.0' + gem 'bcrypt-ruby', '~> 3.0.0', :require => 'bcrypt' # To use Jbuilder templates for JSON # gem 'jbuilder' From 5da1277408829023ecce900893b7f10c4eaabc6a Mon Sep 17 00:00:00 2001 From: mmezher Date: Fri, 17 Jun 2016 11:22:13 -0400 Subject: [PATCH 4/6] Fixes format of Gemfile Gemfile alternated use of single and double quotes. Unles using string interpolation, generally single quotes are a simpler choice. All Gem names now single quoted. --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 157ead8..20f60f2 100644 --- a/Gemfile +++ b/Gemfile @@ -76,7 +76,7 @@ end group :test, :development do gem 'rspec-rails' gem 'capybara' - # gem 'poltergeist' + gem 'poltergeist' gem 'pry-rails' gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw] gem 'sqlite3' From c3462b8375689d5d3de3724d39408ad416662eac Mon Sep 17 00:00:00 2001 From: mmezher Date: Fri, 17 Jun 2016 11:28:03 -0400 Subject: [PATCH 5/6] Fixes ruby version from 2.2.4 to 2.2.0 to allow bundle install --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 20f60f2..26b321a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -ruby '2.2.4' +ruby '2.2.0' gem 'rails', '~> 4.2.4' From f05a0db6687c156957b4419e96055f333906654c Mon Sep 17 00:00:00 2001 From: mmezher Date: Fri, 17 Jun 2016 12:37:41 -0400 Subject: [PATCH 6/6] Adds back unicorn into Gemfile --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 26b321a..99b2df4 100644 --- a/Gemfile +++ b/Gemfile @@ -13,7 +13,7 @@ gem 'haml-rails' gem 'coffee-rails' gem 'gmaps4rails', '~> 1.5.6' gem 'geocoder' -# gem 'unicorn' +gem 'unicorn' gem 'rack-timeout', '0.0.4' # https://github.com/heroku/rack-timeout/issues/55 gem 'sidekiq' gem 'sinatra', require: false # Required for Sidekiq web interface