diff options
author | jessib <jessib@riseup.net> | 2012-10-18 13:42:37 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2012-10-18 13:42:37 -0700 |
commit | 8b9d5235faed6c15e8ef2e2dc76aec7f24d0bb50 (patch) | |
tree | de26dada544adf1158548ef437892759504323d0 /help | |
parent | e927ad44c1f3e7e31cd393ce92a78267e4761660 (diff) |
Uses the working authentication code.
Diffstat (limited to 'help')
-rw-r--r-- | help/app/controllers/tickets_controller.rb | 21 | ||||
-rw-r--r-- | help/app/models/ticket.rb | 2 | ||||
-rw-r--r-- | help/app/models/ticket_comment.rb | 2 | ||||
-rw-r--r-- | help/app/views/tickets/index.html.haml | 3 | ||||
-rw-r--r-- | help/app/views/tickets/new.html.haml | 2 | ||||
-rw-r--r-- | help/test/functional/tickets_controller_test.rb | 28 |
6 files changed, 44 insertions, 14 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index be9a2b5..4c7415b 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -10,9 +10,13 @@ class TicketsController < ApplicationController def create @ticket = Ticket.new(params[:ticket]) - @ticket.created_by = User.current_test.id if User.current_test - @ticket.email = User.current_test.email if User.current_test.email - #instead of calling add_comment, we are using comment_attributes= from the Ticket model + if current_user + @ticket.created_by = current_user.id + @ticket.email = current_user.email if current_user.email + @ticket.comments.last.posted_by = current_user.id + else + @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set. + end flash[:notice] = 'Ticket was successfully created.' if @ticket.save respond_with(@ticket) @@ -37,8 +41,8 @@ class TicketsController < ApplicationController @ticket = Ticket.find(params[:id]) @ticket.attributes = params[:ticket] - #add_comment #or should we use ticket attributes? - # @ticket.save + @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. + if @ticket.save flash[:notice] = 'Ticket was successfully updated.' respond_with @ticket @@ -52,17 +56,18 @@ class TicketsController < ApplicationController def index # @tickets = Ticket.by_title #not actually what we will want - respond_with(@tickets = Ticket.all) + respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access end private # not using now, as we are using comment_attributes= from the Ticket model +=begin def add_comment comment = TicketComment.new(params[:comment]) - comment.posted_by = User.current_test.id if User.current_test #could be nil + comment.posted_by = User.current.id if User.current #could be nil comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model @ticket.comments << comment end - +=end end diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 76fa5c8..f38fed2 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -79,7 +79,7 @@ class Ticket < CouchRest::Model::Base def comments_attributes=(attributes) comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes) - comment.posted_by = User.current_test.id if User.current_test #should we not access User.current here? + #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller comment.posted_at = Time.now comments << comment diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index a8639a1..49e5c6c 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -2,7 +2,7 @@ class TicketComment include CouchRest::Model::Embeddable #belongs_to :ticket #is this best way to do it? will want to access all of a tickets comments, so maybe this isn't the way? - property :posted_by, String#, :protected => true #Integer#this should be current_user if that is set, meaning the user is logged in #cannot have it be protected and set via comments_attributes= + property :posted_by, String#, :protected => true #Integer#this should be current_user if that is set, meaning the user is logged in #cannot have it be protected and set via comments_attributes=. also, if it is protected and we set in the tickets_controller, it gets unset. TODO---is this okay to have it not protected and manually check it? We do not users to be able to set this. # if the current user is not set, then we could just say the comment comes from an 'unauthenticated user', which would be somebody with the secret URL property :posted_at, Time#, :protected => true #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml index f328ca2..6db2140 100644 --- a/help/app/views/tickets/index.html.haml +++ b/help/app/views/tickets/index.html.haml @@ -1,6 +1,9 @@ +%h2 tickets index (just as space) Create a = link_to "new ticket", new_ticket_path += # below shouldn't be unless logged in %h2 Tickets += # want to have selection option to see tickets, that are open, closed or all - @tickets.each do |ticket| %p = link_to ticket.title, ticket diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml index 8c660c9..537b97f 100644 --- a/help/app/views/tickets/new.html.haml +++ b/help/app/views/tickets/new.html.haml @@ -3,7 +3,7 @@ = #@ticket.errors.messages = f.input :title = #f.input :email #if there is no current_user - = f.input :email if !User.current_test #hmm--might authenticated users want to submit an alternate email? + = f.input :email if !current_user #hmm--might authenticated users want to submit an alternate email? = f.simple_fields_for :comments do |c| = c.input :body, :label => 'Comment', :as => :text diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb index 7af4c22..7a03a86 100644 --- a/help/test/functional/tickets_controller_test.rb +++ b/help/test/functional/tickets_controller_test.rb @@ -15,7 +15,7 @@ class TicketsControllerTest < ActionController::TestCase end - test "should create authenticated ticket" do + test "should create unauthenticated ticket" do params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} assert_difference('Ticket.count') do @@ -23,8 +23,30 @@ class TicketsControllerTest < ActionController::TestCase end assert_response :redirect - assert_equal assigns(:ticket).email, User.current_test.email - assert_equal User.find(assigns(:ticket).created_by).login, User.current_test.login + #assert_equal assigns(:ticket).email, User.current.email + #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login + assert_nil assigns(:ticket).created_by + + assert_equal assigns(:ticket).comments.count, 1 + end + + + test "should create authenticated ticket" do + + params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} + + #todo: should redo this and actually authorize + user = User.last + session[:user_id] = user.id + + assert_difference('Ticket.count') do + post :create, :ticket => params + end + + assert_response :redirect + assert_equal assigns(:ticket).created_by, user.id + assert_equal assigns(:ticket).email, user.email + assert_equal assigns(:ticket).comments.count, 1 end |