Changeset 56

Timestamp:

11/27/07 17:47:43 (12 months ago)

Author:

jweiss

Message:

only admins can manage projects

Location:

trunk

Files:

• CHANGELOG.txt (modified) (1 diff)
• app/controllers/projects_controller.rb (modified) (1 diff)
• test/functional/projects_controller_test.rb (modified) (4 diffs)

trunk/CHANGELOG.txt

@@ -5 +5 @@
 * Introduce a 5 second sleep between mongrel stop and start while restarting'
 
-* Only admins can manage recipes, hosts, and users. Normal users can only view.
+* Only admins can manage projects, recipes, hosts, and users. Normal users can only view.
 
 * Show also all recent deployments in dashboard

trunk/app/controllers/projects_controller.rb

@@ -2 +2 @@
   
   before_filter :load_templates, :only => [:new, :create, :edit, :update]
+  before_filter :ensure_admin, :only => [:new, :edit, :destroy, :create, :update]
   
   # GET /projects/dashboard

trunk/test/functional/projects_controller_test.rb

@@ -14 +14 @@
     
     @project = create_new_project
-    @user = login
   end
 
   def test_should_get_index
+    @user = login
+    
     get :index
     assert_response :success
@@ -23 +24 @@
   end
 
-  def test_should_get_new
+  def test_non_admin_should_not_get_new
+    @user = login
+    
+    get :new
+    assert_response :redirect
+  end
+  
+  def test_admin_should_get_new
+    @user = admin_login
+    
     get :new
     assert_response :success
   end
   
-  def test_should_create_project
+  def test_non_admin_should_not_create_project
+    @user = login
+    
+    Project.delete_all
+    old_count = Project.count
+    post :create, :project => { :name => 'Project Alpha', :template => 'rails'}
+    assert_equal old_count, Project.count
+    
+    assert_response :redirect
+  end
+
+  def test_admin_should_create_project
+    @user = admin_login
+    
     Project.delete_all
     old_count = Project.count
@@ -39 +62 @@
   end
 
-  def test_should_show_project    
+  def test_should_show_project
+    @user = login
+        
     get :show, :id => @project.id
     assert_response :success
   end
 
-  def test_should_get_edit
+  def test_non_admin_should_not_get_edit
+    @user = login
+    
+    get :edit, :id => @project.id
+    assert_response :redirect
+  end
+  
+  def test_admin_should_get_edit
+    @user = admin_login
+    
     get :edit, :id => @project.id
     assert_response :success
   end
   
-  def test_should_update_project
+  def test_non_admin_should_not_update_project
+    @user = login
+    
+    put :update, :id => @project.id, :project => { :name => 'Project Jochen', :template => 'mongrel_rails'}
+    assert_response :redirect
+    @project.reload
+    assert_not_equal 'Project Jochen', @project.name
+  end
+  
+  def test_admin_should_update_project
+    @user = admin_login
+    
     put :update, :id => @project.id, :project => { :name => 'Project Jochen', :template => 'mongrel_rails'}
     assert_redirected_to project_path(assigns(:project))
@@ -56 +101 @@
   end
   
-  def test_should_destroy_project
+  def test_non_admin_should_not_destroy_project
+    @user = login
+    
+    old_count = Project.count
+    delete :destroy, :id => @project.id
+    assert_equal old_count, Project.count
+    
+    assert_response :redirect
+  end
+  
+  def test_admin_should_destroy_project
+    @user = admin_login
+    
     old_count = Project.count
     delete :destroy, :id => @project.id