cafe-grader-web

Commit r756:aa79958f6521 public

parent | child
Description:
more test and clean up authorization
Commit status:
[Not Reviewed]
References:
algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Show whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r756:aa79958f6521 - - 13 files changed: 53 inserted, 38 deleted

Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -73,48 +73,49
73 73 bootstrap-toggle-rails (2.2.1.0)
74 74 bootstrap3-datetimepicker-rails (4.17.47)
75 75 momentjs-rails (>= 2.8.1)
76 76 builder (3.2.3)
77 77 byebug (11.0.1)
78 78 capybara (3.25.0)
79 79 addressable
80 80 mini_mime (>= 0.1.3)
81 81 nokogiri (~> 1.8)
82 82 rack (>= 1.6.0)
83 83 rack-test (>= 0.6.3)
84 84 regexp_parser (~> 1.5)
85 85 xpath (~> 3.2)
86 86 childprocess (1.0.1)
87 87 rake (< 13.0)
88 88 coffee-rails (4.2.2)
89 89 coffee-script (>= 2.2.0)
90 90 railties (>= 4.0.0)
91 91 coffee-script (2.4.1)
92 92 coffee-script-source
93 93 execjs
94 94 coffee-script-source (1.12.2)
95 95 concurrent-ruby (1.1.5)
96 96 crass (1.0.4)
97 + diff-lcs (1.3)
97 98 dynamic_form (1.1.4)
98 99 erubi (1.8.0)
99 100 erubis (2.7.0)
100 101 execjs (2.7.0)
101 102 ffi (1.11.1)
102 103 fuzzy-string-match (1.0.1)
103 104 RubyInline (>= 3.8.6)
104 105 globalid (0.4.2)
105 106 activesupport (>= 4.2.0)
106 107 haml (5.1.0)
107 108 temple (>= 0.8.0)
108 109 tilt
109 110 haml-rails (1.0.0)
110 111 actionpack (>= 4.0.1)
111 112 activesupport (>= 4.0.1)
112 113 haml (>= 4.0.6, < 6.0)
113 114 html2haml (>= 1.0.1)
114 115 railties (>= 4.0.1)
115 116 html2haml (2.2.0)
116 117 erubis (~> 2.7.0)
117 118 haml (>= 4.0, < 6)
118 119 nokogiri (>= 1.6.0)
119 120 ruby_parser (~> 3.5)
120 121 i18n (1.6.0)
@@ -189,48 +190,65
189 190 rails-controller-testing (1.0.4)
190 191 actionpack (>= 5.0.1.x)
191 192 actionview (>= 5.0.1.x)
192 193 activesupport (>= 5.0.1.x)
193 194 rails-dom-testing (2.0.3)
194 195 activesupport (>= 4.2.0)
195 196 nokogiri (>= 1.6)
196 197 rails-html-sanitizer (1.0.4)
197 198 loofah (~> 2.2, >= 2.2.2)
198 199 rails_bootstrap_sortable (2.0.6)
199 200 momentjs-rails (>= 2.8.3)
200 201 railties (5.2.3)
201 202 actionpack (= 5.2.3)
202 203 activesupport (= 5.2.3)
203 204 method_source
204 205 rake (>= 0.8.7)
205 206 thor (>= 0.19.0, < 2.0)
206 207 rake (12.3.2)
207 208 rb-fsevent (0.10.3)
208 209 rb-inotify (0.10.0)
209 210 ffi (~> 1.0)
210 211 rdiscount (2.2.0.1)
211 212 regexp_parser (1.5.1)
212 213 rouge (3.3.0)
214 + rspec-core (3.8.2)
215 + rspec-support (~> 3.8.0)
216 + rspec-expectations (3.8.4)
217 + diff-lcs (>= 1.2.0, < 2.0)
218 + rspec-support (~> 3.8.0)
219 + rspec-mocks (3.8.1)
220 + diff-lcs (>= 1.2.0, < 2.0)
221 + rspec-support (~> 3.8.0)
222 + rspec-rails (3.8.2)
223 + actionpack (>= 3.0)
224 + activesupport (>= 3.0)
225 + railties (>= 3.0)
226 + rspec-core (~> 3.8.0)
227 + rspec-expectations (~> 3.8.0)
228 + rspec-mocks (~> 3.8.0)
229 + rspec-support (~> 3.8.0)
230 + rspec-support (3.8.2)
213 231 ruby-progressbar (1.10.0)
214 232 ruby_dep (1.5.0)
215 233 ruby_parser (3.13.1)
216 234 sexp_processor (~> 4.9)
217 235 rubyzip (1.2.3)
218 236 sass (3.7.4)
219 237 sass-listen (~> 4.0.0)
220 238 sass-listen (4.0.0)
221 239 rb-fsevent (~> 0.9, >= 0.9.4)
222 240 rb-inotify (~> 0.9, >= 0.9.7)
223 241 sass-rails (5.0.7)
224 242 railties (>= 4.0.0, < 6)
225 243 sass (~> 3.1)
226 244 sprockets (>= 2.8, < 4.0)
227 245 sprockets-rails (>= 2.0, < 4.0)
228 246 tilt (>= 1.1, < 3)
229 247 sassc (2.0.1)
230 248 ffi (~> 1.9)
231 249 rake
232 250 sassc-rails (2.1.1)
233 251 railties (>= 4.0.0)
234 252 sassc (>= 2.0)
235 253 sprockets (> 3.0)
236 254 sprockets-rails
@@ -299,39 +317,40
299 317 coffee-rails
300 318 dynamic_form
301 319 fuzzy-string-match
302 320 haml
303 321 haml-rails
304 322 in_place_editing
305 323 jbuilder (~> 2.5)
306 324 jquery-countdown-rails
307 325 jquery-datatables-rails
308 326 jquery-rails
309 327 jquery-tablesorter
310 328 jquery-timepicker-addon-rails
311 329 jquery-ui-rails
312 330 listen (>= 3.0.5, < 3.2)
313 331 mail
314 332 minitest-reporters
315 333 momentjs-rails
316 334 mysql2
317 335 puma
318 336 rails (~> 5.2)
319 337 rails-controller-testing
320 338 rails_bootstrap_sortable
321 339 rdiscount
322 340 rouge
341 + rspec-rails
323 342 sassc-rails
324 343 select2-rails
325 344 selenium-webdriver
326 345 simple_form
327 346 spring
328 347 spring-watcher-listen (~> 2.0.0)
329 348 sqlite3
330 349 uglifier
331 350 web-console (>= 3.3.0)
332 351 webdriver
333 352 will_paginate (~> 3.0.7)
334 353 yaml_db
335 354
336 355 BUNDLED WITH
337 356 1.17.2
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,151 +1,150
1 1 require 'ipaddr'
2 2
3 3 class ApplicationController < ActionController::Base
4 4 protect_from_forgery
5 5
6 6 before_action :current_user
7 7
8 8 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
9 9 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
10 10 ALLOW_WHITELIST_IP_ONLY_CONF_KEY = 'right.allow_whitelist_ip_only'
11 11 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
12 12
13 13 #report and redirect for unauthorized activities
14 - def unauthorized_redirect
15 - flash[:notice] = 'You are not authorized to view the page you requested'
16 - redirect_to :controller => 'main', :action => 'login'
14 + def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
15 + flash[:notice] = notice
16 + redirect_to login_main_path
17 17 end
18 18
19 19 # Returns the current logged-in user (if any).
20 20 def current_user
21 21 return nil unless session[:user_id]
22 22 @current_user ||= User.find(session[:user_id])
23 23 end
24 24
25 25 def admin_authorization
26 - return false unless authenticate
26 + return false unless check_valid_login
27 27 user = User.includes(:roles).find(session[:user_id])
28 28 unless user.admin?
29 29 unauthorized_redirect
30 30 return false
31 31 end
32 32 return true
33 33 end
34 34
35 35 def authorization_by_roles(allowed_roles)
36 - return false unless authenticate
36 + return false unless check_valid_login
37 37 user = User.find(session[:user_id])
38 38 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
39 39 unauthorized_redirect
40 40 return false
41 41 end
42 42 end
43 43
44 44 def testcase_authorization
45 45 #admin always has privileged
46 46 if @current_user.admin?
47 47 return true
48 48 end
49 49
50 50 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
51 51 end
52 52
53 53
54 54 protected
55 55
56 56 #redirect to root (and also force logout)
57 57 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
58 - def authenticate
58 + def check_valid_login
59 + #check if logged in
59 60 unless session[:user_id]
60 - flash[:notice] = 'You need to login'
61 61 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
62 - flash[:notice] = 'You need to login but you cannot log in at this time'
62 + unauthorized_redirect('You need to login but you cannot log in at this time')
63 + else
64 + unauthorized_redirect('You need to login')
63 65 end
64 - redirect_to :controller => 'main', :action => 'login'
65 66 return false
66 67 end
67 68
68 69 # check if run in single user mode
69 70 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
70 71 if @current_user==nil || (not @current_user.admin?)
71 - flash[:notice] = 'You cannot log in at this time'
72 - redirect_to :controller => 'main', :action => 'login'
72 + unauthorized_redirect('You cannot log in at this time')
73 73 return false
74 74 end
75 75 end
76 76
77 77 # check if the user is enabled
78 78 unless @current_user.enabled? || @current_user.admin?
79 - flash[:notice] = 'Your account is disabled'
80 - redirect_to :controller => 'main', :action => 'login'
79 + unauthorized_redirect 'Your account is disabled'
81 80 return false
82 81 end
83 82
84 83 # check if user ip is allowed
85 84 unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
86 85 unless is_request_ip_allowed?
87 - flash[:notice] = 'Your IP is not allowed'
88 - redirect_to root_path
86 + unauthorized_redirect 'Your IP is not allowed'
87 + return false
89 88 end
90 89 end
91 90
92 91 if GraderConfiguration.multicontests?
93 92 return true if @current_user.admin?
94 93 begin
95 94 if @current_user.contest_stat(true).forced_logout
96 95 flash[:notice] = 'You have been automatically logged out.'
97 96 redirect_to :controller => 'main', :action => 'index'
98 97 end
99 98 rescue
100 99 end
101 100 end
102 101 return true
103 102 end
104 103
105 104 #redirect to root (and also force logout)
106 105 #if the user use different ip from the previous connection
107 106 # only applicable when MULTIPLE_IP_LOGIN options is false only
108 107 def authenticate_by_ip_address
109 108 #this assume that we have already authenticate normally
110 109 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
111 110 user = User.find(session[:user_id])
112 111 if (not @current_user.admin? && user.last_ip && user.last_ip != request.remote_ip)
113 112 flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
114 113 redirect_to :controller => 'main', :action => 'login'
115 114 puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
116 115 return false
117 116 end
118 117 unless user.last_ip
119 118 user.last_ip = request.remote_ip
120 119 user.save
121 120 end
122 121 end
123 122 return true
124 123 end
125 124
126 125 def authorization
127 - return false unless authenticate
126 + return false unless check_valid_login
128 127 user = User.find(session[:user_id])
129 128 unless user.roles.detect { |role|
130 129 role.rights.detect{ |right|
131 130 right.controller == self.class.controller_name and
132 131 (right.action == 'all' || right.action == action_name)
133 132 }
134 133 }
135 134 flash[:notice] = 'You are not authorized to view the page you requested'
136 135 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
137 136 redirect_to :controller => 'main', :action => 'login'
138 137 return false
139 138 end
140 139 end
141 140
142 141 def verify_time_limit
143 142 return true if session[:user_id]==nil
144 143 user = User.find(session[:user_id], :include => :site)
145 144 return true if user==nil || user.site == nil
146 145 if user.contest_finished?
147 146 flash[:notice] = 'Error: the contest you are participating is over.'
148 147 redirect_to :back
149 148 return false
150 149 end
151 150 return true
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,29 +1,27
1 1 class ConfigurationsController < ApplicationController
2 2
3 - before_action :authenticate
4 - before_action { |controller| controller.authorization_by_roles(['admin'])}
5 -
3 + before_action :admin_authorization
6 4
7 5 def index
8 6 @configurations = GraderConfiguration.order(:key)
9 7 @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
10 8 end
11 9
12 10 def reload
13 11 GraderConfiguration.reload
14 12 redirect_to :action => 'index'
15 13 end
16 14
17 15 def update
18 16 @config = GraderConfiguration.find(params[:id])
19 17 User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
20 18 respond_to do |format|
21 19 if @config.update_attributes(configuration_params)
22 20 format.json { head :ok }
23 21 else
24 22 format.json { respond_with_bip(@config) }
25 23 end
26 24 end
27 25 end
28 26
29 27 private
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,30 +1,30
1 1 class GroupsController < ApplicationController
2 2 before_action :set_group, only: [:show, :edit, :update, :destroy,
3 3 :add_user, :remove_user,:remove_all_user,
4 4 :add_problem, :remove_problem,:remove_all_problem,
5 5 ]
6 - before_action :authenticate, :admin_authorization
6 + before_action :admin_authorization
7 7
8 8 # GET /groups
9 9 def index
10 10 @groups = Group.all
11 11 end
12 12
13 13 # GET /groups/1
14 14 def show
15 15 end
16 16
17 17 # GET /groups/new
18 18 def new
19 19 @group = Group.new
20 20 end
21 21
22 22 # GET /groups/1/edit
23 23 def edit
24 24 end
25 25
26 26 # POST /groups
27 27 def create
28 28 @group = Group.new(group_params)
29 29
30 30 if @group.save
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,48 +1,43
1 1 class MainController < ApplicationController
2 2
3 - before_action :authenticate, :except => [:index, :login]
3 + before_action :check_valid_login, :except => [:login]
4 4 before_action :check_viewability, :except => [:index, :login]
5 5
6 6 append_before_action :confirm_and_update_start_time,
7 7 :except => [:index,
8 8 :login,
9 9 :confirm_contest_start]
10 10
11 11 # to prevent log in box to be shown when user logged out of the
12 12 # system only in some tab
13 13 prepend_before_action :reject_announcement_refresh_when_logged_out,
14 14 :only => [:announcements]
15 15
16 16 before_action :authenticate_by_ip_address, :only => [:list]
17 17
18 - # NOTE: This method is not actually needed, 'config/routes.rb' has
19 - # assigned action login as a default action.
20 - def index
21 - redirect_to :action => 'login'
22 - end
23 -
24 18 #reset login, clear session
19 + #front page
25 20 def login
26 21 saved_notice = flash[:notice]
27 22 reset_session
28 23 flash.now[:notice] = saved_notice
29 24
30 25 # EXPERIMENT:
31 26 # Hide login if in single user mode and the url does not
32 27 # explicitly specify /login
33 28 #
34 29 # logger.info "PATH: #{request.path}"
35 30 # if GraderConfiguration['system.single_user_mode'] and
36 31 # request.path!='/main/login'
37 32 # @hidelogin = true
38 33 # end
39 34
40 35 @announcements = Announcement.frontpage
41 36 render :action => 'login', :layout => 'empty'
42 37 end
43 38
44 39 def logout
45 40 reset_session
46 41 redirect_to root_path
47 42 end
48 43
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,28 +1,31
1 1 class ProblemsController < ApplicationController
2 2
3 - before_action :authenticate, :authorization
4 - before_action :testcase_authorization, only: [:show_testcase]
3 + before_action :admin_authorization
4 +
5 + #NOTE: ghost from the past?
6 + #before_action :testcase_authorization, only: [:show_testcase]
7 +
5 8
6 9 in_place_edit_for :problem, :name
7 10 in_place_edit_for :problem, :full_name
8 11 in_place_edit_for :problem, :full_score
9 12
10 13 def index
11 14 @problems = Problem.order(date_added: :desc)
12 15 end
13 16
14 17
15 18 def show
16 19 @problem = Problem.find(params[:id])
17 20 end
18 21
19 22 def new
20 23 @problem = Problem.new
21 24 @description = nil
22 25 end
23 26
24 27 def create
25 28 @problem = Problem.new(problem_params)
26 29 @description = Description.new(problem_params[:description])
27 30 if @description.body!=''
28 31 if !@description.save
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,34 +1,34
1 1 require 'csv'
2 2
3 3 class ReportController < ApplicationController
4 4
5 - before_action :authenticate
5 + before_action :check_valid_login
6 6
7 7 before_action :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize, :show_max_score, :current_score]
8 8
9 9 before_action(only: [:problem_hof]) { |c|
10 - return false unless authenticate
10 + return false unless check_valid_login
11 11
12 12 admin_authorization unless GraderConfiguration["right.user_view_submission"]
13 13 }
14 14
15 15 def max_score
16 16 end
17 17
18 18 def current_score
19 19 @problems = Problem.available_problems
20 20 @users = User.includes(:contests).includes(:contest_stat).where(enabled: true)
21 21 @scorearray = calculate_max_score(@problems, @users,0,0,true)
22 22
23 23 #rencer accordingly
24 24 if params[:button] == 'download' then
25 25 csv = gen_csv_from_scorearray(@scorearray,@problems)
26 26 send_data csv, filename: 'max_score.csv'
27 27 else
28 28 #render template: 'user_admin/user_stat'
29 29 render 'current_score'
30 30 end
31 31 end
32 32
33 33 def show_max_score
34 34 #process parameters
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,26 +1,26
1 1 class SubmissionsController < ApplicationController
2 - before_action :authenticate
2 + before_action :check_valid_login
3 3 before_action :submission_authorization, only: [:show, :download, :edit]
4 4 before_action :admin_authorization, only: [:rejudge]
5 5
6 6 # GET /submissions
7 7 # GET /submissions.json
8 8 # Show problem selection and user's submission of that problem
9 9 def index
10 10 @user = @current_user
11 11 @problems = @user.available_problems
12 12
13 13 if params[:problem_id]==nil
14 14 @problem = nil
15 15 @submissions = nil
16 16 else
17 17 @problem = Problem.find_by_id(params[:problem_id])
18 18 if (@problem == nil) or (not @problem.available)
19 19 redirect_to main_list_path
20 20 flash[:notice] = 'Error: submissions for that problem are not viewable.'
21 21 return
22 22 end
23 23 @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id).order(id: :desc)
24 24 end
25 25 end
26 26
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,25 +1,26
1 1 class TagsController < ApplicationController
2 + before_action :admin_authorization
2 3 before_action :set_tag, only: [:show, :edit, :update, :destroy]
3 4
4 5 # GET /tags
5 6 def index
6 7 @tags = Tag.all
7 8 end
8 9
9 10 # GET /tags/1
10 11 def show
11 12 end
12 13
13 14 # GET /tags/new
14 15 def new
15 16 @tag = Tag.new
16 17 end
17 18
18 19 # GET /tags/1/edit
19 20 def edit
20 21 end
21 22
22 23 # POST /tags
23 24 def create
24 25 @tag = Tag.new(tag_params)
25 26
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,27 +1,27
1 1 class TasksController < ApplicationController
2 2
3 - before_action :authenticate, :check_viewability
3 + before_action :check_valid_login, :check_viewability
4 4
5 5 def index
6 6 redirect_to :action => 'list'
7 7 end
8 8
9 9 def list
10 10 @problems = @user.available_problems
11 11 end
12 12
13 13 # this has contest-wide access control
14 14 def view
15 15 base_name = params[:file]
16 16 base_filename = File.basename("#{base_name}.#{params[:ext]}")
17 17 filename = "#{Problem.download_file_basedir}/#{base_filename}"
18 18
19 19 if !FileTest.exists?(filename)
20 20 redirect_to :action => 'index' and return
21 21 end
22 22
23 23 send_file_to_user(filename, base_filename)
24 24 end
25 25
26 26 # this has problem-level access control
27 27 def download
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,27 +1,27
1 1 class TestController < ApplicationController
2 2
3 - before_action :authenticate, :check_viewability
3 + before_action :check_valid_login, :check_viewability
4 4
5 5
6 6 def index
7 7 prepare_index_information
8 8 end
9 9
10 10 def submit
11 11 @user = User.find(session[:user_id])
12 12
13 13 @submitted_test_request = TestRequest.new_from_form_params(@user,params[:test_request])
14 14
15 15 if ! @submitted_test_request.errors.empty?
16 16 prepare_index_information
17 17 render :action => 'index' and return
18 18 end
19 19
20 20 if GraderConfiguration.time_limit_mode?
21 21 if @user.contest_finished?
22 22 @submitted_test_request.errors.add(:base,'Contest is over.')
23 23 prepare_index_information
24 24 render :action => 'index' and return
25 25 end
26 26
27 27 if !GraderConfiguration.allow_test_request(@user)
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,41 +1,41
1 1 require 'net/smtp'
2 2
3 3 class UsersController < ApplicationController
4 4
5 5 include MailHelperMethods
6 6
7 - before_action :authenticate, :except => [:new,
7 + before_action :check_valid_login, :except => [:new,
8 8 :register,
9 9 :confirm,
10 10 :forget,
11 11 :retrieve_password]
12 12
13 13 before_action :verify_online_registration, :only => [:new,
14 14 :register,
15 15 :forget,
16 16 :retrieve_password]
17 - before_action :authenticate, :profile_authorization, only: [:profile]
17 + before_action :check_valid_login, :profile_authorization, only: [:profile]
18 18
19 19 before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable]
20 20
21 21
22 22 #in_place_edit_for :user, :alias_for_editing
23 23 #in_place_edit_for :user, :email_for_editing
24 24
25 25 def index
26 26 if !GraderConfiguration['system.user_setting_enabled']
27 27 redirect_to :controller => 'main', :action => 'list'
28 28 else
29 29 @user = User.find(session[:user_id])
30 30 end
31 31 end
32 32
33 33 def chg_passwd
34 34 user = User.find(session[:user_id])
35 35 user.password = params[:passwd]
36 36 user.password_confirmation = params[:passwd_verify]
37 37 if user.save
38 38 flash[:notice] = 'password changed'
39 39 else
40 40 flash[:notice] = 'Error: password changing failed'
41 41 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -63,40 +63,40
63 63 click_on 'Users', match: :first
64 64 end
65 65
66 66 click_on "View administrator"
67 67 fill_in 'login', with: 'john'
68 68 click_on "Grant"
69 69
70 70 visit logout_main_path
71 71 login 'john','hello'
72 72 within 'header' do
73 73 click_on 'Manage'
74 74 click_on 'Problem', match: :first
75 75 end
76 76 assert_text "Turn off all problems"
77 77 end
78 78
79 79 test "try using admin from normal user" do
80 80 login 'admin','admin'
81 81 visit bulk_manage_user_admin_index_path
82 82 assert_current_path bulk_manage_user_admin_index_path
83 83 visit logout_main_path
84 84
85 85 login 'jack','morning'
86 86 visit bulk_manage_user_admin_index_path
87 - assert_current_path root_path
88 87 assert_text 'You are not authorized'
88 + assert_current_path login_main_path
89 89
90 90 login 'james','morning'
91 91 visit new_list_user_admin_index_path
92 - assert_current_path root_path
93 92 assert_text 'You are not authorized'
93 + assert_current_path login_main_path
94 94 end
95 95
96 96 def login(username,password)
97 97 visit root_path
98 98 fill_in "Login", with: username
99 99 fill_in "Password", with: password
100 100 click_on "Login"
101 101 end
102 102 end
You need to be logged in to leave comments. Login now