diff options
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 7 | ||||
| -rw-r--r-- | config/initializers/load_config.rb | 1 | ||||
| -rw-r--r-- | help/app/controllers/tickets_controller.rb | 73 | ||||
| -rw-r--r-- | help/app/models/ticket.rb | 36 | ||||
| -rw-r--r-- | help/app/models/ticket_comment.rb | 14 | ||||
| -rw-r--r-- | help/app/views/tickets/_comment.html.haml | 13 | ||||
| -rw-r--r-- | help/app/views/tickets/_new_comment.html.haml | 3 | ||||
| -rw-r--r-- | help/app/views/tickets/index.html.haml | 10 | ||||
| -rw-r--r-- | help/app/views/tickets/new.html.haml | 16 | ||||
| -rw-r--r-- | help/app/views/tickets/show.html.haml | 26 | ||||
| -rw-r--r-- | help/config/routes.rb | 3 | ||||
| -rw-r--r-- | help/test/functional/tickets_controller_test.rb | 63 | ||||
| -rw-r--r-- | help/test/unit/ticket_comment_test.rb | 11 | ||||
| -rw-r--r-- | help/test/unit/ticket_test.rb | 8 | ||||
| -rw-r--r-- | test/dummy/app/controllers/application_controller.rb | 3 | ||||
| -rw-r--r-- | users/app/models/user.rb | 9 | ||||
| -rw-r--r-- | users/test/functional/application_controller_test.rb | 29 | ||||
| -rw-r--r-- | users/test/functional/helper_methods_test.rb | 42 | ||||
| -rw-r--r-- | users/test/support/auth_test_helper.rb | 25 | ||||
| -rw-r--r-- | users/test/test_helper.rb | 3 |
21 files changed, 121 insertions, 276 deletions
@@ -9,7 +9,7 @@ eval(File.read(File.dirname(__FILE__) + '/ui_dependencies.rb')) gem "leap_web_core", :path => 'core' gem 'leap_web_users', :path => 'users' gem 'leap_web_certs', :path => 'certs' -gem 'leap_web_help', :path => 'help' +# gem 'leap_web_help', :path => 'help' # To use debugger gem 'ruby-debug' diff --git a/Gemfile.lock b/Gemfile.lock index 86cb8e8..a982c2a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,12 +15,6 @@ PATH rails (~> 3.2.8) PATH - remote: help - specs: - leap_web_help (0.1.0) - leap_web_core (= 0.1.0) - -PATH remote: users specs: leap_web_users (0.1.0) @@ -179,7 +173,6 @@ DEPENDENCIES jquery-rails leap_web_certs! leap_web_core! - leap_web_help! leap_web_users! mocha ruby-debug diff --git a/config/initializers/load_config.rb b/config/initializers/load_config.rb new file mode 100644 index 0000000..e687429 --- /dev/null +++ b/config/initializers/load_config.rb @@ -0,0 +1 @@ +APP_CONFIG = YAML.load_file("#{Rails.root}/config/config.yml")[Rails.env] diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb deleted file mode 100644 index 4c7415b..0000000 --- a/help/app/controllers/tickets_controller.rb +++ /dev/null @@ -1,73 +0,0 @@ -class TicketsController < ApplicationController - - respond_to :html #, :json - #has_scope :open, :type => boolean - - def new - @ticket = Ticket.new - @ticket.comments.build - end - - def create - @ticket = Ticket.new(params[:ticket]) - if current_user - @ticket.created_by = current_user.id - @ticket.email = current_user.email if current_user.email - @ticket.comments.last.posted_by = current_user.id - else - @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set. - end - - flash[:notice] = 'Ticket was successfully created.' if @ticket.save - respond_with(@ticket) - - end - -=begin - def edit - @ticket = Ticket.find(params[:id]) - @ticket.comments.build - # build ticket comments? - end -=end - - def show - @ticket = Ticket.find(params[:id]) - # @ticket.comments.build - # build ticket comments? - end - - def update - @ticket = Ticket.find(params[:id]) - @ticket.attributes = params[:ticket] - - @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. - - if @ticket.save - flash[:notice] = 'Ticket was successfully updated.' - respond_with @ticket - else - #redirect_to [:show, @ticket] # - flash[:alert] = 'Ticket has not been changed' - redirect_to @ticket - #respond_with(@ticket) # why does this go to edit?? redirect??? - end - end - - def index - # @tickets = Ticket.by_title #not actually what we will want - respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access - end - - private - - # not using now, as we are using comment_attributes= from the Ticket model -=begin - def add_comment - comment = TicketComment.new(params[:comment]) - comment.posted_by = User.current.id if User.current #could be nil - comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model - @ticket.comments << comment - end -=end -end diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index f38fed2..784d7ef 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -15,8 +15,8 @@ class Ticket < CouchRest::Model::Base =end #belongs_to :user #from leap_web_users. doesn't necessarily belong to a user though - property :created_by, String, :protected => true #Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set - #property :regarding_user, String#Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? + property :created_by, Integer #nil unless user was authenticated for ticket creation, #THIS should not be changed after being set + property :regarding_user, Integer # form cannot be submitted if they type in a username w/out corresponding ID. this field can be nil. for authenticated ticket creation by non-admins, should this just automatically be set to be same as created_by? or maybe we don't use this field unless created_by is nil? #also, both created_by and regarding_user could be nil---say user forgets username, or has general question property :title, String property :email, String #verify @@ -29,27 +29,18 @@ class Ticket < CouchRest::Model::Base timestamps! - #before_validation :set_created_by, :set_code, :set_email, :on => :create - before_validation :set_code, :set_email, :on => :create - - - #named_scope :open, :conditions => {:is_open => true} #?? + before_validation :set_created_by, :set_code, :on => :create design do view :by_title end - validates :title, :presence => true - #validates :comments, :presence => true #do we want it like this? - - # html5 has built-in validation which isn't ideal, as it says 'please enter an email address' for invalid email addresses, which implies an email address is required, and it is not. validates :email, :format => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/, :if => :email #email address is optional - #TODO: - #def set_created_by - # self.created_by = User.current if User.current - #end + def set_created_by + self.created_by = User.current if User.current + end def is_creator_validated? !!created_by @@ -60,12 +51,6 @@ class Ticket < CouchRest::Model::Base self.code = SecureRandom.hex(8) if !is_creator_validated? end - - def set_email - self.email = nil if self.email == "" - # in controller set to be current users email if that exists - end - def close self.is_open = false save @@ -76,15 +61,6 @@ class Ticket < CouchRest::Model::Base save end - def comments_attributes=(attributes) - - comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes) - #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller - comment.posted_at = Time.now - comments << comment - - end - =begin def validate if email_address and not email_address.strip =~ RFC822::EmailAddress diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index 49e5c6c..652133a 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -2,15 +2,13 @@ class TicketComment include CouchRest::Model::Embeddable #belongs_to :ticket #is this best way to do it? will want to access all of a tickets comments, so maybe this isn't the way? - property :posted_by, String#, :protected => true #Integer#this should be current_user if that is set, meaning the user is logged in #cannot have it be protected and set via comments_attributes=. also, if it is protected and we set in the tickets_controller, it gets unset. TODO---is this okay to have it not protected and manually check it? We do not users to be able to set this. + property :posted_by, Integer, :protected => true# maybe this should be current_user if that is set, meaning the user is logged in #String # user?? # if the current user is not set, then we could just say the comment comes from an 'unauthenticated user', which would be somebody with the secret URL - property :posted_at, Time#, :protected => true + property :posted_at, Time, :protected => true #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created property :body, String - # ? timestamps! - validates :body, :presence => true - #before_validation :set_time#, :set_posted_by + before_validation :set_time#, :set_posted_by #design do # view :by_posted_at @@ -20,14 +18,10 @@ class TicketComment def is_comment_validated? !!posted_by end - -=begin - #TODO. - #this is resetting all comments associated with the ticket: + def set_time self.posted_at = Time.now end -=end =begin def set_posted_by diff --git a/help/app/views/tickets/_comment.html.haml b/help/app/views/tickets/_comment.html.haml deleted file mode 100644 index 1ba3bd1..0000000 --- a/help/app/views/tickets/_comment.html.haml +++ /dev/null @@ -1,13 +0,0 @@ -- # style is super ugly but just for now -%div{:style => "border: solid 1px"} - - if User.find(comment.posted_by) - Posted by - = User.find(comment.posted_by).login - - else - Unauthenticated post - %p - Posted at - = comment.posted_at - %p - = comment.body - %p
\ No newline at end of file diff --git a/help/app/views/tickets/_new_comment.html.haml b/help/app/views/tickets/_new_comment.html.haml deleted file mode 100644 index a924dfd..0000000 --- a/help/app/views/tickets/_new_comment.html.haml +++ /dev/null @@ -1,3 +0,0 @@ -= #do we want this partial? not using it now -= simple_fields_for :comment do |c| - = c.input :body, :label => 'Comment', :as => :text diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml deleted file mode 100644 index 6db2140..0000000 --- a/help/app/views/tickets/index.html.haml +++ /dev/null @@ -1,10 +0,0 @@ -%h2 tickets index (just as space) -Create a -= link_to "new ticket", new_ticket_path -= # below shouldn't be unless logged in -%h2 Tickets -= # want to have selection option to see tickets, that are open, closed or all -- @tickets.each do |ticket| - %p - = link_to ticket.title, ticket -= #render(:partial => "ticket", :collection => @tickets) diff --git a/help/app/views/tickets/new.html.haml b/help/app/views/tickets/new.html.haml deleted file mode 100644 index 537b97f..0000000 --- a/help/app/views/tickets/new.html.haml +++ /dev/null @@ -1,16 +0,0 @@ -%h2=t :new_ticket -= simple_form_for(@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test - = #@ticket.errors.messages - = f.input :title - = #f.input :email #if there is no current_user - = f.input :email if !current_user #hmm--might authenticated users want to submit an alternate email? - - = f.simple_fields_for :comments do |c| - = c.input :body, :label => 'Comment', :as => :text - - = #render :partial => 'new_comment' #what we were using - = # regarding_user if not logged in - = # email if not logged in - = #f.button :submit, :value => t(:submit), :class => 'btn-primary' - = f.button :submit - = link_to t(:cancel), tickets_path, :class => :btn diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml deleted file mode 100644 index a9b994e..0000000 --- a/help/app/views/tickets/show.html.haml +++ /dev/null @@ -1,26 +0,0 @@ -- if flash[:notice] - =flash[:notice] -- if flash[:alert] - =flash[:alert] -%h2= @ticket.title -is open? -= @ticket.is_open -- if @ticket.code - code: - = @ticket.code -- if @ticket.email - email: - = @ticket.email -- if User.find(@ticket.created_by) - Created by - = User.find(@ticket.created_by).login -- else - Unauthenticated ticket creator -= render(:partial => "comment", :collection => @ticket.comments) - -= simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test - = f.simple_fields_for :comments, TicketComment.new do |c| - = c.input :body, :label => 'Comment', :as => :text - = #render :partial => 'new_comment' - = f.button :submit - = link_to t(:cancel), tickets_path, :class => :btn
\ No newline at end of file diff --git a/help/config/routes.rb b/help/config/routes.rb index 5e57e02..1daf9a4 100644 --- a/help/config/routes.rb +++ b/help/config/routes.rb @@ -1,5 +1,2 @@ Rails.application.routes.draw do - - resources :tickets, :only => [:new, :create, :index, :show, :update] - #resources :ticket, :only => [:show] end diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb deleted file mode 100644 index 7a03a86..0000000 --- a/help/test/functional/tickets_controller_test.rb +++ /dev/null @@ -1,63 +0,0 @@ -require 'test_helper' - -class TicketsControllerTest < ActionController::TestCase - - test "should get index" do - get :index - assert_response :success - assert_not_nil assigns(:tickets) - end - - test "should get new" do - get :new - assert_equal Ticket, assigns(:ticket).class - assert_response :success - end - - - test "should create unauthenticated ticket" do - params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} - - assert_difference('Ticket.count') do - post :create, :ticket => params - end - - assert_response :redirect - #assert_equal assigns(:ticket).email, User.current.email - #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login - assert_nil assigns(:ticket).created_by - - assert_equal assigns(:ticket).comments.count, 1 - end - - - test "should create authenticated ticket" do - - params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}} - - #todo: should redo this and actually authorize - user = User.last - session[:user_id] = user.id - - assert_difference('Ticket.count') do - post :create, :ticket => params - end - - assert_response :redirect - assert_equal assigns(:ticket).created_by, user.id - assert_equal assigns(:ticket).email, user.email - - assert_equal assigns(:ticket).comments.count, 1 - end - - test "add comment to ticket" do - - t = Ticket.last - comment_count = t.comments.count - put :update, :id => t.id, :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} } - assert_equal(comment_count + 1, assigns(:ticket).comments.count) - #assert_difference block isn't working - - end - -end diff --git a/help/test/unit/ticket_comment_test.rb b/help/test/unit/ticket_comment_test.rb index 1fe1fe2..883720f 100644 --- a/help/test/unit/ticket_comment_test.rb +++ b/help/test/unit/ticket_comment_test.rb @@ -16,8 +16,8 @@ class TicketCommentTest < ActiveSupport::TestCase comment2 = TicketComment.new :body => "help my email is broken!" assert comment2.valid? - #assert_not_nil comment2.posted_at #? - #assert_nil comment2.posted_by #if not logged in #TODO + assert_not_nil comment2.posted_at + assert_nil comment2.posted_by #if not logged in #comment.ticket = testticket #Ticket.find_by_title("testing") #assert_equal testticket.title, comment.ticket.title @@ -49,10 +49,9 @@ class TicketCommentTest < ActiveSupport::TestCase testticket.comments << comment2 #this should validate comment2 testticket.valid? assert_equal testticket.comments.count, 2 - # where should posted_at be set? - #assert_not_nil comment.posted_at - #assert_not_nil testticket.comments.last.posted_at - #assert testticket.comments.first.posted_at < testticket.comments.last.posted_at + assert_not_nil comment.posted_at + assert_not_nil testticket.comments.last.posted_at + assert testticket.comments.first.posted_at < testticket.comments.last.posted_at end end diff --git a/help/test/unit/ticket_test.rb b/help/test/unit/ticket_test.rb index 6b63a23..c3a4759 100644 --- a/help/test/unit/ticket_test.rb +++ b/help/test/unit/ticket_test.rb @@ -41,20 +41,18 @@ class TicketTest < ActiveSupport::TestCase assert @sample.is_creator_validated? end -=begin -# TODO: do once have current_user stuff in order test "code if & only if not creator-validated" do - User.current_test = nil t1 = Ticket.create :title => 'test title' assert_not_nil t1.code assert_nil t1.created_by - User.current_test = 4 + User.current = 4 t2 = Ticket.create :title => 'test title' assert_nil t2.code assert_not_nil t2.created_by + + end -=end end diff --git a/test/dummy/app/controllers/application_controller.rb b/test/dummy/app/controllers/application_controller.rb deleted file mode 100644 index e8065d9..0000000 --- a/test/dummy/app/controllers/application_controller.rb +++ /dev/null @@ -1,3 +0,0 @@ -class ApplicationController < ActionController::Base - protect_from_forgery -end diff --git a/users/app/models/user.rb b/users/app/models/user.rb index a06893f..2b8ead7 100644 --- a/users/app/models/user.rb +++ b/users/app/models/user.rb @@ -66,13 +66,8 @@ class User < CouchRest::Model::Base login end -=begin - def self.current - Thread.current[:user] + def is_admin? + APP_CONFIG['admins'].include? self.id end - def self.current=(user) - Thread.current[:user] = user - end -=end end diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb new file mode 100644 index 0000000..69bcb2f --- /dev/null +++ b/users/test/functional/application_controller_test.rb @@ -0,0 +1,29 @@ +require 'test_helper' + +class ApplicationControllerTest < ActionController::TestCase + + def setup + # so we can test the effect on the response + @controller.response = @response + end + + def test_authorize_redirect + stub_logged_out + @controller.send(:authorize) + assert_access_denied + end + + def test_authorized + @user = stub_logged_in + @controller.send(:authorize) + assert_access_denied(false) + end + + def test_authorize_admin + @user = stub_logged_in + @user.expects(:is_admin?).returns(false) + @controller.send(:authorize_admin) + assert_access_denied + end + +end diff --git a/users/test/functional/helper_methods_test.rb b/users/test/functional/helper_methods_test.rb new file mode 100644 index 0000000..c0eaf61 --- /dev/null +++ b/users/test/functional/helper_methods_test.rb @@ -0,0 +1,42 @@ +# +# Testing and documenting the helper methods available from +# ApplicationController +# + +require 'test_helper' + +class HelperMethodsTest < ActionController::TestCase + tests ApplicationController + + # we test them right in here... + include ApplicationController._helpers + + # they all reference the controller. + def controller + @controller + end + + def test_current_user_with_caching + @user = stub_logged_in + assert_equal @user, current_user + assert_equal @user, current_user # tests caching + end + + def test_logged_in + @user = stub_logged_in + assert logged_in? + end + + def test_logged_out + stub_logged_out + assert !logged_in? + end + + def test_admin + bool = stub + @user = stub_logged_in + @user.expects(:is_admin?).returns(bool) + assert_equal bool, admin? + end + +end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb new file mode 100644 index 0000000..d5d52b1 --- /dev/null +++ b/users/test/support/auth_test_helper.rb @@ -0,0 +1,25 @@ +module AuthTestHelper + + def stub_logged_in + @user_id = stub + @user = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(@user) + return @user + end + + def stub_logged_out + @user_id = stub + session[:user_id] = @user_id + User.expects(:find).once.with(@user_id).returns(nil) + end + + def assert_access_denied(denied = true) + if denied + assert_equal({:alert => "Not authorized"}, flash.to_hash) + assert_redirected_to login_path + else + assert flash[:alert].blank? + end + end +end diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb index 08d4d41..ae6a35c 100644 --- a/users/test/test_helper.rb +++ b/users/test/test_helper.rb @@ -8,3 +8,6 @@ Rails.backtrace_cleaner.remove_silencers! # Load support files Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } +class ActionController::TestCase + include AuthTestHelper +end |