summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-12-13 14:10:41 +0100
committerAzul <azul@leap.se>2013-12-13 14:10:41 +0100
commit5ed00a63ea3da98e8dfaef88752f8afe851c81e9 (patch)
tree289200f264179c7da6412fe39f1827a53e899d01
parentb7db3e8f5d9a65ff3b83316bdd802dd40111c64d (diff)
make the possible actions for users and admins configurable
with tests
-rw-r--r--config/defaults.yml4
-rw-r--r--users/app/views/users/_edit.html.haml17
-rw-r--r--users/test/integration/browser/account_test.rb66
3 files changed, 59 insertions, 28 deletions
diff --git a/config/defaults.yml b/config/defaults.yml
index 4530d47..283f406 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -40,6 +40,10 @@ common: &common
handle_blacklist: [certmaster, ssladmin, arin-admin, administrator, www-data, maildrop]
# handles that will be allowed despite being in /etc/passwd or rfc2142
handle_whitelist: []
+ # actions enabled in the account settings
+ # see /users/app/views/users/_edit.html.haml for a list.
+ user_actions: ['destroy_account']
+ admin_actions: ['change_pgp_key', 'change_service_level', 'destroy_account']
service_levels: &service_levels
service_levels:
diff --git a/users/app/views/users/_edit.html.haml b/users/app/views/users/_edit.html.haml
index b52da3d..1d2b68a 100644
--- a/users/app/views/users/_edit.html.haml
+++ b/users/app/views/users/_edit.html.haml
@@ -1,9 +1,14 @@
-#
-# edit user form, used by both show and edit actions.
-#
-
-= render 'change_password'
-= render 'change_pgp_key'
-= render 'change_service_level'
-= render 'destroy_account'
-
+-# We render a bunch of forms here. Which we use depends upon config settings
+-# user_actions and admin_actions. They both include an array of actions
+-# allowed to users and admins.
+-# Possible forms are:
+-# 'change_password'
+-# 'change_pgp_key'
+-# 'change_service_level'
+-# 'destroy_account'
+- actions = APP_CONFIG[admin? ? :admin_actions : :user_actions] || []
+- actions.each do |action|
+ = render action
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index 3d281ae..4cefe35 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -51,35 +51,57 @@ class AccountTest < BrowserIntegrationTest
assert page.has_content?('has already been taken')
end
- test "change password" do
+ test "default user actions" do
username, password = submit_signup
click_on "Account Settings"
- within('#update_login_and_password') do
- fill_in 'Password', with: "other password"
- fill_in 'Password confirmation', with: "other password"
- click_on 'Save'
+ assert page.has_content? I18n.t('destroy_my_account')
+ assert page.has_no_css? '#update_login_and_password'
+ assert page.has_no_css? '#update_pgp_key'
+ end
+
+ test "default admin actions" do
+ username, password = submit_signup
+ with_config admins: [username] do
+ click_on "Account Settings"
+ assert page.has_content? I18n.t('destroy_my_account')
+ assert page.has_no_css? '#update_login_and_password'
+ assert page.has_css? '#update_pgp_key'
+ end
+ end
+
+ test "change password" do
+ with_config user_actions: ['change_password'] do
+ username, password = submit_signup
+ click_on "Account Settings"
+ within('#update_login_and_password') do
+ fill_in 'Password', with: "other password"
+ fill_in 'Password confirmation', with: "other password"
+ click_on 'Save'
+ end
+ click_on 'Logout'
+ attempt_login(username, "other password")
+ assert page.has_content?("Welcome #{username}")
+ User.find_by_login(username).account.destroy
end
- click_on 'Logout'
- attempt_login(username, "other password")
- assert page.has_content?("Welcome #{username}")
- User.find_by_login(username).account.destroy
end
test "change pgp key" do
- pgp_key = FactoryGirl.build :pgp_key
- username, password = submit_signup
- click_on "Account Settings"
- within('#update_pgp_key') do
- fill_in 'Public key', with: pgp_key
- click_on 'Save'
+ with_config user_actions: ['change_pgp_key'] do
+ pgp_key = FactoryGirl.build :pgp_key
+ username, password = submit_signup
+ click_on "Account Settings"
+ within('#update_pgp_key') do
+ fill_in 'Public key', with: pgp_key
+ click_on 'Save'
+ end
+ page.assert_selector 'input[value="Saving..."]'
+ # at some point we're done:
+ page.assert_no_selector 'input[value="Saving..."]'
+ assert page.has_field? 'Public key', with: pgp_key.to_s
+ user = User.find_by_login(username)
+ assert_equal pgp_key, user.public_key
+ user.account.destroy
end
- page.assert_selector 'input[value="Saving..."]'
- # at some point we're done:
- page.assert_no_selector 'input[value="Saving..."]'
- assert page.has_field? 'Public key', with: pgp_key.to_s
- user = User.find_by_login(username)
- assert_equal pgp_key, user.public_key
- user.account.destroy
end