# HG changeset patch # User jittat # Date 2008-03-20 00:25:42 # Node ID 94b5b7562ca1ec60c3105a8f11122404962decf0 # Parent 45a526b9fbd312af1dd84be66756fcde621233a6 [web] added graders_right_to_admin_role, added a few functional tests: main, user_admin, graders, login git-svn-id: http://theory.cpe.ku.ac.th/grader/web/trunk@131 6386c4cd-e34a-4fa8-8920-d93eb39b512e diff --git a/app/controllers/application.rb b/app/controllers/application.rb --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -25,7 +25,7 @@ } flash[:notice] = 'You are not authorized to view the page you requested' #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login') - redirect_to :controller => 'login' + redirect_to :controller => 'main', :action => 'login' return false end end diff --git a/app/controllers/graders_controller.rb b/app/controllers/graders_controller.rb --- a/app/controllers/graders_controller.rb +++ b/app/controllers/graders_controller.rb @@ -1,7 +1,7 @@ class GradersController < ApplicationController - before_filter :authenticate + before_filter :authorization def list @grader_processes = GraderProcess.find(:all, diff --git a/app/models/user.rb b/app/models/user.rb --- a/app/models/user.rb +++ b/app/models/user.rb @@ -24,7 +24,7 @@ end def authenticated?(password) - hashed_password == encrypt(password,salt) + hashed_password == User.encrypt(password,self.salt) end def admin? @@ -63,14 +63,14 @@ def encrypt_new_password return if password.blank? self.salt = (10+rand(90)).to_s - self.hashed_password = encrypt(password,salt) + self.hashed_password = User.encrypt(self.password,self.salt) end def password_required? - hashed_password.blank? || !password.blank? + self.hashed_password.blank? || !self.password.blank? end - def encrypt(string,salt) + def self.encrypt(string,salt) Digest::SHA1.hexdigest(salt + string) end end diff --git a/db/migrate/016_add_task_to_grader_process.rb b/db/migrate/016_add_task_to_grader_process.rb --- a/db/migrate/016_add_task_to_grader_process.rb +++ b/db/migrate/016_add_task_to_grader_process.rb @@ -4,6 +4,6 @@ end def self.down - remove_column :grader_processes, :task_id, :integer + remove_column :grader_processes, :task_id end end diff --git a/db/migrate/020_add_graders_right_to_admin_role.rb b/db/migrate/020_add_graders_right_to_admin_role.rb new file mode 100644 --- /dev/null +++ b/db/migrate/020_add_graders_right_to_admin_role.rb @@ -0,0 +1,17 @@ +class AddGradersRightToAdminRole < ActiveRecord::Migration + def self.up + admin_role = Role.find_by_name('admin') + + graders_right = Right.create(:name => 'graders_admin', + :controller => 'graders', + :action => 'all') + + admin_role.rights << graders_right; + admin_role.save + end + + def self.down + graders_right = Right.find_by_name('graders_admin') + graders_right.destroy + end +end diff --git a/db/schema.rb b/db/schema.rb --- a/db/schema.rb +++ b/db/schema.rb @@ -9,7 +9,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 19) do +ActiveRecord::Schema.define(:version => 20) do create_table "grader_processes", :force => true do |t| t.string "host", :limit => 20 diff --git a/test/fixtures/problems.yml b/test/fixtures/problems.yml --- a/test/fixtures/problems.yml +++ b/test/fixtures/problems.yml @@ -1,5 +1,11 @@ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html one: id: 1 + name: add + full_name: add_full_name + available: true two: id: 2 + name: subtract + full_name: subtract_full_name + available: false diff --git a/test/fixtures/rights.yml b/test/fixtures/rights.yml --- a/test/fixtures/rights.yml +++ b/test/fixtures/rights.yml @@ -1,5 +1,13 @@ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html -one: - id: 1 -two: - id: 2 + +graders_right: + controller: graders + action: all + +user_admin_right: + controller: user_admin + action: all + +problems_right: + controller: problems + action: all diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml --- a/test/fixtures/roles.yml +++ b/test/fixtures/roles.yml @@ -1,5 +1,3 @@ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html -one: - id: 1 -two: - id: 2 +admin: + rights: graders_right, user_admin_right, problems_right \ No newline at end of file diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -1,5 +1,18 @@ # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html -one: - id: 1 -two: - id: 2 + +<% +User.public_class_method :encrypt + +SALT = "abc" +%> + +john: + login: john + hashed_password: <%= User.encrypt("hello",SALT) %> + salt: <%= SALT %> +mary: + login: mary + hashed_password: <%= User.encrypt("goodbye",SALT) %> + salt: <%= SALT %> + roles: admin + diff --git a/test/functional/graders_controller_test.rb b/test/functional/graders_controller_test.rb --- a/test/functional/graders_controller_test.rb +++ b/test/functional/graders_controller_test.rb @@ -1,8 +1,26 @@ require File.dirname(__FILE__) + '/../test_helper' class GradersControllerTest < ActionController::TestCase - # Replace this with your real tests. - def test_truth - assert true + + fixtures :users, :roles, :rights + + def test_should_not_allow_new_user_to_see + get :list + assert_redirected_to :controller => 'main', :action => 'login' end + + def test_should_not_allow_normal_user_to_see + john = users(:john) + + get :list, {}, {:user_id => john.id} + assert_redirected_to :controller => 'main', :action => 'login' + end + + def test_should_allow_admin_to_see + mary = users(:mary) + + get :list, {}, {:user_id => mary.id} + assert_template 'graders/list' + end + end diff --git a/test/functional/login_controller_test.rb b/test/functional/login_controller_test.rb --- a/test/functional/login_controller_test.rb +++ b/test/functional/login_controller_test.rb @@ -5,6 +5,9 @@ class LoginController; def rescue_action(e) raise e end; end class LoginControllerTest < Test::Unit::TestCase + + fixtures :users + def setup @controller = LoginController.new @request = ActionController::TestRequest.new @@ -12,7 +15,23 @@ end # Replace this with your real tests. - def test_truth - assert true + def test_should_hide_index + get :index + assert_redirected_to :controller => 'main', :action => 'login' + end + + def test_should_login_user_and_set_session + john = users(:john) + + post :login, :login => 'john', :password => "hello" + assert_redirected_to :controller => 'main', :action => 'list' + assert_equal john.id, session[:user_id] + end + + def test_should_reject_user_with_wrong_password + john = users(:john) + + post :login, :login => 'john', :password => "wrong" + assert_redirected_to :controller => 'main', :action => 'login' end end diff --git a/test/functional/main_controller_test.rb b/test/functional/main_controller_test.rb --- a/test/functional/main_controller_test.rb +++ b/test/functional/main_controller_test.rb @@ -5,6 +5,10 @@ class MainController; def rescue_action(e) raise e end; end class MainControllerTest < Test::Unit::TestCase + + fixtures :problems + fixtures :users + def setup @controller = MainController.new @request = ActionController::TestRequest.new @@ -12,7 +16,17 @@ end # Replace this with your real tests. - def test_truth - assert true + def test_should_redirect_new_user_to_login + get :list + assert_redirected_to :action => 'login' end + + def test_should_list_available_problems_if_logged_in + john = users(:john) + get :list, {}, {:user_id => john.id} + + assert_template 'main/list' + assert_select "table tr:nth-child(2)", :text => /\(add\)/ + end + end diff --git a/test/functional/user_admin_controller_test.rb b/test/functional/user_admin_controller_test.rb --- a/test/functional/user_admin_controller_test.rb +++ b/test/functional/user_admin_controller_test.rb @@ -6,23 +6,46 @@ class UserAdminControllerTest < Test::Unit::TestCase fixtures :users + fixtures :roles + fixtures :rights def setup @controller = UserAdminController.new @request = ActionController::TestRequest.new @response = ActionController::TestResponse.new - @first_id = users(:first).id + @first_id = users(:john).id + @admin_id = users(:mary).id + end + + def test_should_not_allow_new_user_to_see + get :list + assert_redirected_to :controller => 'main', :action => 'login' end + def test_should_not_allow_normal_user_to_see + john = users(:john) + + get :list, {}, {:user_id => john.id} + assert_redirected_to :controller => 'main', :action => 'login' + end + + def test_should_allow_admin_to_see + mary = users(:mary) + + get :list, {}, {:user_id => mary.id} + assert_template 'user_admin/list' + end + + def test_index - get :index + get :index, {}, {:user_id => @admin_id} assert_response :success assert_template 'list' end def test_list - get :list + get :list, {}, {:user_id => @admin_id} assert_response :success assert_template 'list' @@ -31,17 +54,16 @@ end def test_show - get :show, :id => @first_id + get :show, {:id => @first_id}, {:user_id => @admin_id} assert_response :success assert_template 'show' assert_not_nil assigns(:user) - assert assigns(:user).valid? end def test_new - get :new + get :new, {}, {:user_id => @admin_id} assert_response :success assert_template 'new' @@ -49,10 +71,15 @@ assert_not_nil assigns(:user) end - def test_create + def test_create_with_correct_confirmation_password num_users = User.count - post :create, :user => {} + post :create, {:user => { + :login => 'test', + :full_name => 'hello', + :password => 'abcde', + :password_confirmation => 'abcde' + }}, {:user_id => @admin_id} assert_response :redirect assert_redirected_to :action => 'list' @@ -60,18 +87,41 @@ assert_equal num_users + 1, User.count end + def test_create_with_wrong_confirmation_password + num_users = User.count + + post :create, {:user => { + :login => 'test', + :full_name => 'hello', + :password => 'abcde', + :password_confirmation => 'abcdef' + }}, {:user_id => @admin_id} + + assert_response :success + assert_template 'new' + + assert_equal num_users, User.count + end + def test_edit - get :edit, :id => @first_id + get :edit, {:id => @first_id}, {:user_id => @admin_id} assert_response :success assert_template 'edit' assert_not_nil assigns(:user) - assert assigns(:user).valid? end def test_update - post :update, :id => @first_id + post :update, { + :id => @first_id, + :user => { + :login => 'test', + :full_name => 'hello', + :password => 'abcde', + :password_confirmation => 'abcde' + } + }, {:user_id => @admin_id} assert_response :redirect assert_redirected_to :action => 'show', :id => @first_id end @@ -81,7 +131,7 @@ User.find(@first_id) } - post :destroy, :id => @first_id + post :destroy, {:id => @first_id}, {:user_id => @admin_id} assert_response :redirect assert_redirected_to :action => 'list'