cafe-grader-web Commit - r58:94b5b7562ca1

cafe-grader-web

Commit `r58:94b5b7562ca1` public

parent | child

Description:

[web] added graders_right_to_admin_role, added a few functional tests: main, user_admin, graders, login git-svn-id: http://theory.cpe.ku.ac.th/grader/web/trunk@131 6386c4cd-e34a-4fa8-8920-d93eb39b512e

Commit status:

[Not Reviewed]

References:

default

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r58:94b5b7562ca1 - Thu, 20 Mar 2008 00:25:42 - 14 files changed: 182 inserted, 39 deleted

db/migrate/020_add_graders_right_to_admin_role.rb created 644 ¶ +17

@@ -0,0 +1,17
	1	+ class AddGradersRightToAdminRole < ActiveRecord::Migration
	2	+ def self.up
	3	+ admin_role = Role.find_by_name('admin')
	4	+
	5	+ graders_right = Right.create(:name => 'graders_admin',
	6	+ :controller => 'graders',
	7	+ :action => 'all')
	8	+
	9	+ admin_role.rights << graders_right;
	10	+ admin_role.save
	11	+ end
	12	+
	13	+ def self.down
	14	+ graders_right = Right.find_by_name('graders_admin')
	15	+ graders_right.destroy
	16	+ end
	17	+ end

app/controllers/application.rb ¶ +1 -1

               class ApplicationController < ActionController::Base
                 # Pick a unique cookie name to distinguish our session data from others'
                 session :session_key => '_grader_session_id'
                 protected
                 def authenticate
                   unless session[:user_id]
                     redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                   return true
                 end
                 def authorization
                   return false unless authenticate
                   user = User.find(session[:user_id])
                   unless user.roles.detect { |role|
               	role.rights.detect{ |right|
               	  right.controller == self.class.controller_name and
               	    (right.action == 'all' or right.action == action_name)
               	}
                     }
                     flash[:notice] = 'You are not authorized to view the page you requested'
                     #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
-            -       redirect_to :controller => 'login'
+            +       redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                 end
               end

app/controllers/graders_controller.rb ¶ +1 -1

               class GradersController < ApplicationController
-            -   before_filter :authenticate
+            +   before_filter :authorization
                 def list
                   @grader_processes = GraderProcess.find(:all,
                                                          :order => 'updated_at desc')
                   @stalled_processes = GraderProcess.find_stalled_process
                 end
                 def clear
                   grader_proc = GraderProcess.find(params[:id])
                   grader_proc.destroy if grader_proc!=nil
                   redirect_to :action => 'list'
                 end
               end

app/models/user.rb ¶ +4 -4

               class User < ActiveRecord::Base
                 has_and_belongs_to_many :roles
                 has_many :test_requests, :order => "problem_id"
                 validates_presence_of :login
                 validates_presence_of :full_name
                 validates_length_of :full_name, :minimum => 1
                 validates_presence_of :password, :if => :password_required?
                 validates_length_of :password, :within => 4..20, :if => :password_required?
                 validates_confirmation_of :password, :if => :password_required?
                 attr_accessor :password
                 before_save :encrypt_new_password
                 def self.authenticate(login, password)
                   user = find_by_login(login)
                   return user if user && user.authenticated?(password)
                 end
                 def authenticated?(password)
-            -     hashed_password == encrypt(password,salt)
+            +     hashed_password == User.encrypt(password,self.salt)
                 end
                 def admin?
                   self.roles.detect {|r| r.name == 'admin' }
                 end
                 def email_for_editing
                   if self.email==nil
                     "(unknown)"
                   elsif self.email==''
                     "(blank)"
                   else
                     self.email
                   end
                 end
                 def email_for_editing=(e)
                   self.email=e
                 end
                 def alias_for_editing
                   if self.alias==nil
                     "(unknown)"
                   elsif self.alias==''
                     "(blank)"
                   else
                     self.alias
                   end
                 end
                 def alias_for_editing=(e)
                   self.alias=e
                 end
                 protected
                   def encrypt_new_password
                     return if password.blank?
                     self.salt = (10+rand(90)).to_s
-            -       self.hashed_password = encrypt(password,salt)
+            +       self.hashed_password = User.encrypt(self.password,self.salt)
                   end
                   def password_required?
-            -       hashed_password.blank? || !password.blank?
+            +       self.hashed_password.blank? || !self.password.blank?
                   end
-            -     def encrypt(string,salt)
+            +     def self.encrypt(string,salt)
                     Digest::SHA1.hexdigest(salt + string)
                   end
               end

db/migrate/016_add_task_to_grader_process.rb ¶ +1 -1

               class AddTaskToGraderProcess < ActiveRecord::Migration
                 def self.up
                   add_column :grader_processes, :task_id, :integer
                 end
                 def self.down
-            -     remove_column :grader_processes, :task_id, :integer
+            +     remove_column :grader_processes, :task_id
                 end
               end

db/schema.rb ¶ +1 -1

               # This file is auto-generated from the current state of the database. Instead of editing this file,
               # please use the migrations feature of ActiveRecord to incrementally modify your database, and
               # then regenerate this schema definition.
               #
               # Note that this schema.rb definition is the authoritative source for your database schema. If you need
               # to create the application database on another system, you should be using db:schema:load, not running
               # all the migrations from scratch. The latter is a flawed and unsustainable approach (the more migrations
               # you'll amass, the slower it'll run and the greater likelihood for issues).
               #
               # It's strongly recommended to check this file into your version control system.
-            - ActiveRecord::Schema.define(:version => 19) do
+            + ActiveRecord::Schema.define(:version => 20) do
                 create_table "grader_processes", :force => true do |t|
                   t.string   "host",       :limit => 20
                   t.integer  "pid"
                   t.string   "mode"
                   t.boolean  "active"
                   t.datetime "created_at"
                   t.datetime "updated_at"
                   t.integer  "task_id"
                 end
                 add_index "grader_processes", ["host", "pid"], :name => "index_grader_processes_on_ip_and_pid"
                 create_table "languages", :force => true do |t|
                   t.string "name",        :limit => 10
                   t.string "pretty_name"
                   t.string "ext",         :limit => 10
                 end
                 create_table "problems", :force => true do |t|
                   t.string  "name",       :limit => 30
                   t.string  "full_name"
                   t.integer "full_score"
                   t.date    "date_added"

test/fixtures/problems.yml ¶ +6

               # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
               one:
                 id: 1
+            +   name: add
+            +   full_name: add_full_name
+            +   available: true
               two:
                 id: 2
+            +   name: subtract
+            +   full_name: subtract_full_name
+            +   available: false

test/fixtures/rights.yml ¶ +12 -4

@@ -1,5 +1,13
1	# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html	1	# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2	- one:	2	+
3	- id: 1	3	+ graders_right:
4	- two:	4	+ controller: graders
5	- id: 2	5	+ action: all
		6	+
		7	+ user_admin_right:
		8	+ controller: user_admin
		9	+ action: all
		10	+
		11	+ problems_right:
		12	+ controller: problems
		13	+ action: all

test/fixtures/roles.yml ¶ +2 -4

@@ -1,5 +1,3
1	# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html	1	# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2	- one:	2	+ admin:
3	- id: 1	3	+ rights: graders_right, user_admin_right, problems_right No newline at end of file
4	- two:
5	- id: 2

test/fixtures/users.yml ¶ +17 -4

@@ -1,5 +1,18
1	# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html	1	# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
2	- one:	2	+
3	- id: 1	3	+ <%
4	- two:	4	+ User.public_class_method :encrypt
5	- id: 2	5	+
		6	+ SALT = "abc"
		7	+ %>
		8	+
		9	+ john:
		10	+ login: john
		11	+ hashed_password: <%= User.encrypt("hello",SALT) %>
		12	+ salt: <%= SALT %>
		13	+ mary:
		14	+ login: mary
		15	+ hashed_password: <%= User.encrypt("goodbye",SALT) %>
		16	+ salt: <%= SALT %>
		17	+ roles: admin
		18	+

test/functional/graders_controller_test.rb ¶ +21 -3

@@ -1,8 +1,26
1	require File.dirname(__FILE__) + '/../test_helper'	1	require File.dirname(__FILE__) + '/../test_helper'
2		2
3	class GradersControllerTest < ActionController::TestCase	3	class GradersControllerTest < ActionController::TestCase
4	- # Replace this with your real tests.	4	+
5	- def test_truth	5	+ fixtures :users, :roles, :rights
6	- assert true	6	+
		7	+ def test_should_not_allow_new_user_to_see
		8	+ get :list
		9	+ assert_redirected_to :controller => 'main', :action => 'login'
7	end	10	end
		11	+
		12	+ def test_should_not_allow_normal_user_to_see
		13	+ john = users(:john)
		14	+
		15	+ get :list, {}, {:user_id => john.id}
		16	+ assert_redirected_to :controller => 'main', :action => 'login'
8	end	17	end
		18	+
		19	+ def test_should_allow_admin_to_see
		20	+ mary = users(:mary)
		21	+
		22	+ get :list, {}, {:user_id => mary.id}
		23	+ assert_template 'graders/list'
		24	+ end
		25	+
		26	+ end

test/functional/login_controller_test.rb ¶ +21 -2

               require File.dirname(__FILE__) + '/../test_helper'
               require 'login_controller'
               # Re-raise errors caught by the controller.
               class LoginController; def rescue_action(e) raise e end; end
               class LoginControllerTest < Test::Unit::TestCase
+            +
+            +   fixtures :users
+            +
                 def setup
                   @controller = LoginController.new
                   @request    = ActionController::TestRequest.new
                   @response   = ActionController::TestResponse.new
                 end
                 # Replace this with your real tests.
-            -   def test_truth
+            +   def test_should_hide_index
-            -     assert true
+            +     get :index
+            +     assert_redirected_to :controller => 'main', :action => 'login'
+            +   end
+            +
+            +   def test_should_login_user_and_set_session
+            +     john = users(:john)
+            +
+            +     post :login, :login => 'john', :password => "hello"
+            +     assert_redirected_to :controller => 'main', :action => 'list'
+            +     assert_equal john.id, session[:user_id]
+            +   end
+            +
+            +   def test_should_reject_user_with_wrong_password
+            +     john = users(:john)
+            +
+            +     post :login, :login => 'john', :password => "wrong"
+            +     assert_redirected_to :controller => 'main', :action => 'login'
                 end
               end

test/functional/main_controller_test.rb ¶ +16 -2

               require File.dirname(__FILE__) + '/../test_helper'
               require 'main_controller'
               # Re-raise errors caught by the controller.
               class MainController; def rescue_action(e) raise e end; end
               class MainControllerTest < Test::Unit::TestCase
+            +
+            +   fixtures :problems
+            +   fixtures :users
+            +
                 def setup
                   @controller = MainController.new
                   @request    = ActionController::TestRequest.new
                   @response   = ActionController::TestResponse.new
                 end
                 # Replace this with your real tests.
-            -   def test_truth
+            +   def test_should_redirect_new_user_to_login
-            -     assert true
+            +     get :list
+            +     assert_redirected_to :action => 'login'
                 end
+            +
+            +   def test_should_list_available_problems_if_logged_in
+            +     john = users(:john)
+            +     get :list, {}, {:user_id => john.id}
+            +
+            +     assert_template 'main/list'
+            +     assert_select "table tr:nth-child(2)", :text => /\(add\)/
                 end
+            +
+            + end

test/functional/user_admin_controller_test.rb ¶ +62 -12

               require File.dirname(__FILE__) + '/../test_helper'
               require 'user_admin_controller'
               # Re-raise errors caught by the controller.
               class UserAdminController; def rescue_action(e) raise e end; end
               class UserAdminControllerTest < Test::Unit::TestCase
                 fixtures :users
+            +   fixtures :roles
+            +   fixtures :rights
                 def setup
                   @controller = UserAdminController.new
                   @request    = ActionController::TestRequest.new
                   @response   = ActionController::TestResponse.new
-            -     @first_id = users(:first).id
+            +     @first_id = users(:john).id
+            +     @admin_id = users(:mary).id
+            +   end
+            +
+            +   def test_should_not_allow_new_user_to_see
+            +     get :list
+            +     assert_redirected_to :controller => 'main', :action => 'login'
                 end
+            +   def test_should_not_allow_normal_user_to_see
+            +     john = users(:john)
+            +
+            +     get :list, {}, {:user_id => john.id}
+            +     assert_redirected_to :controller => 'main', :action => 'login'
+            +   end
+            +
+            +   def test_should_allow_admin_to_see
+            +     mary = users(:mary)
+            +
+            +     get :list, {}, {:user_id => mary.id}
+            +     assert_template 'user_admin/list'
+            +   end
+            +
+            +
                 def test_index
-            -     get :index
+            +     get :index, {}, {:user_id => @admin_id}
                   assert_response :success
                   assert_template 'list'
                 end
                 def test_list
-            -     get :list
+            +     get :list, {}, {:user_id => @admin_id}
                   assert_response :success
                   assert_template 'list'
                   assert_not_nil assigns(:users)
                 end
                 def test_show
-            -     get :show, :id => @first_id
+            +     get :show, {:id => @first_id}, {:user_id => @admin_id}
                   assert_response :success
                   assert_template 'show'
                   assert_not_nil assigns(:user)
-            -     assert assigns(:user).valid?
                 end
                 def test_new
-            -     get :new
+            +     get :new, {}, {:user_id => @admin_id}
                   assert_response :success
                   assert_template 'new'
                   assert_not_nil assigns(:user)
                 end
-            -   def test_create
+            +   def test_create_with_correct_confirmation_password
                   num_users = User.count
-            -     post :create, :user => {}
+            +     post :create, {:user => {
+            +         :login => 'test',
+            +         :full_name => 'hello',
+            +         :password => 'abcde',
+            +         :password_confirmation => 'abcde'
+            +       }}, {:user_id => @admin_id}
                   assert_response :redirect
                   assert_redirected_to :action => 'list'
                   assert_equal num_users + 1, User.count
                 end
+            +   def test_create_with_wrong_confirmation_password
+            +     num_users = User.count
+            +
+            +     post :create, {:user => {
+            +         :login => 'test',
+            +         :full_name => 'hello',
+            +         :password => 'abcde',
+            +         :password_confirmation => 'abcdef'
+            +       }}, {:user_id => @admin_id}
+            +
+            +     assert_response :success
+            +     assert_template 'new'
+            +
+            +     assert_equal num_users, User.count
+            +   end
+            +
                 def test_edit
-            -     get :edit, :id => @first_id
+            +     get :edit, {:id => @first_id}, {:user_id => @admin_id}
                   assert_response :success
                   assert_template 'edit'
                   assert_not_nil assigns(:user)
-            -     assert assigns(:user).valid?
                 end
                 def test_update
-            -     post :update, :id => @first_id
+            +     post :update, {
+            +       :id => @first_id,
+            +       :user => {
+            +         :login => 'test',
+            +         :full_name => 'hello',
+            +         :password => 'abcde',
+            +         :password_confirmation => 'abcde'
+            +       }
+            +     }, {:user_id => @admin_id}
                   assert_response :redirect
                   assert_redirected_to :action => 'show', :id => @first_id
                 end
                 def test_destroy
                   assert_nothing_raised {
                     User.find(@first_id)
                   }
-            -     post :destroy, :id => @first_id
+            +     post :destroy, {:id => @first_id}, {:user_id => @admin_id}
                   assert_response :redirect
                   assert_redirected_to :action => 'list'
                   assert_raise(ActiveRecord::RecordNotFound) {
                     User.find(@first_id)
                   }
                 end
               end

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r58:94b5b7562ca1 - Thu, 20 Mar 2008 00:25:42 - 14 files changed: 182 inserted, 39 deleted

Sign in to your account

Commit r58:94b5b7562ca1 public

Author

r58:94b5b7562ca1 - Thu, 20 Mar 2008 00:25:42 - 14 files changed: 182 inserted, 39 deleted

Commit `r58:94b5b7562ca1` public