diff options
| author | Fabio Akita <fabio.akita@gmail.com> | 2009-01-09 01:02:42 -0200 |
|---|---|---|
| committer | Fabio Akita <fabio.akita@gmail.com> | 2009-01-09 01:02:42 -0200 |
| commit | 73c09912b1201ea61631fe617589c58dfbaf51b3 (patch) | |
| tree | 32d5065d0430dbd6857b202cf485b18e058e70b9 | |
| parent | a5c13f4fdac7dfb0bec83ff19fdda5ca21efde81 (diff) | |
| download | gitorious-mainline-outdated-73c09912b1201ea61631fe617589c58dfbaf51b3.zip gitorious-mainline-outdated-73c09912b1201ea61631fe617589c58dfbaf51b3.tar.gz gitorious-mainline-outdated-73c09912b1201ea61631fe617589c58dfbaf51b3.tar.bz2 | |
Implemented Private Mode - now you can have a locked down Gitorious. Also an option to create a super user and an User Administration interface to control user registration
30 files changed, 429 insertions, 51 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb new file mode 100644 index 0000000..66d29c7 --- /dev/null +++ b/app/controllers/admin/users_controller.rb @@ -0,0 +1,66 @@ +class Admin::UsersController < ApplicationController + before_filter :login_required + before_filter :check_admin + + def index + @users = User.all :order => 'suspended_at, login' + respond_to do |wants| + wants.html + end + end + + def new + @user = User.new + respond_to do |wants| + wants.html + end + end + + def create + @user = User.new(params[:user]) + @user.login = params[:user][:login] + @user.is_admin = params[:user][:is_admin] == "1" + respond_to do |wants| + if @user.save + flash[:notice] = 'User was successfully created.' + wants.html { redirect_to(admin_users_path) } + wants.xml { render :xml => @user, :status => :created, :location => @user } + else + wants.html { render :action => "new" } + wants.xml { render :xml => @user.errors, :status => :unprocessable_entity } + end + end + end + + + def suspend + @user = User.find_by_login!(params[:id]) + @user.suspended_at = Time.now + if @user.save + flash[:notice] = "User #{@user.login} was successfully suspended." + else + flash[:error] = "Unable to suspend user #{@user.login}." + end + redirect_to admin_users_url() + end + + def unsuspend + @user = User.find_by_login!(params[:id]) + @user.suspended_at = nil + if @user.save + flash[:notice] = "User #{@user.login} was successfully unsuspended." + else + flash[:error] = "Unable to unsuspend user #{@user.login}." + end + redirect_to admin_users_url() + end + + private + + def check_admin + unless current_user.admin? + flash[:error] = "For Administrators Only" + redirect_to root_path + end + end +end diff --git a/app/controllers/application.rb b/app/controllers/application.rb index bf80913..3944e7b 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base session :session_key => '_ks1_session_id', :secret => YAML::load_file(File.join(Rails.root, "config/gitorious.yml"))["cookie_secret"] include AuthenticatedSystem include ExceptionNotifiable + before_filter :public_and_logged_in rescue_from ActiveRecord::RecordNotFound, :with => :render_not_found rescue_from ActionController::UnknownController, :with => :render_not_found @@ -68,4 +69,8 @@ class ApplicationController < ActionController::Base def render_not_found render :file => "#{RAILS_ROOT}/public/404.html", :status => 404 end + + def public_and_logged_in + login_required unless GitoriousConfig['gitorious_public_registration'] + end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index d78b1e3..43c2c76 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -21,6 +21,8 @@ require "yadis" # This controller handles the login/logout function of the site. class SessionsController < ApplicationController + skip_before_filter :public_and_logged_in + # render new.rhtml def new end diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb index 47e9648..3e9c471 100644 --- a/app/controllers/site_controller.rb +++ b/app/controllers/site_controller.rb @@ -17,10 +17,15 @@ #++ class SiteController < ApplicationController + skip_before_filter :public_and_logged_in, :only => [:index, :about, :faq] before_filter :login_required, :only => [:dashboard] def index - @projects = Project.find(:all, :limit => 10, :order => "id desc") + @projects = if GitoriousConfig['gitorious_public_registration'] || logged_in? + Project.find(:all, :limit => 10, :order => "id desc") + else + [] + end end def dashboard diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1837ea6..786e8c5 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -17,6 +17,8 @@ #++ class UsersController < ApplicationController + skip_before_filter :public_and_logged_in, :only => [:activate, :forgot_password, :reset_password] + # render new.rhtml def new end diff --git a/app/helpers/admin/users_helper.rb b/app/helpers/admin/users_helper.rb new file mode 100644 index 0000000..5995c2a --- /dev/null +++ b/app/helpers/admin/users_helper.rb @@ -0,0 +1,2 @@ +module Admin::UsersHelper +end diff --git a/app/models/user.rb b/app/models/user.rb index 671fcf5..618e877 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -30,7 +30,7 @@ class User < ActiveRecord::Base # Virtual attribute for the unencrypted password attr_accessor :password, :current_password - attr_protected :login + attr_protected :login, :is_admin validates_presence_of :login, :email, :if => :password_required? validates_format_of :login, :with => /^[a-z0-9\-_\.]+$/i @@ -53,7 +53,7 @@ class User < ActiveRecord::Base # Authenticates a user by their login name and unencrypted password. Returns the user or nil. def self.authenticate(email, password) - u = find :first, :conditions => ['email = ? and activated_at IS NOT NULL', email] # need to get the salt + u = find :first, :conditions => ['email = ? and activated_at IS NOT NULL and suspended_at IS NULL', email] # need to get the salt u && u.authenticated?(password) ? u : nil end @@ -153,6 +153,14 @@ class User < ActiveRecord::Base def is_openid_only? self.crypted_password.nil? end + + def suspended? + !suspended_at.nil? + end + + def admin? + is_admin + end protected # before filter diff --git a/app/views/admin/users/index.html.erb b/app/views/admin/users/index.html.erb new file mode 100644 index 0000000..56bd9c1 --- /dev/null +++ b/app/views/admin/users/index.html.erb @@ -0,0 +1,28 @@ +<table class="listing tree"> + <tr> + <td>Login</td> + <td>E-mail</td> + <td>Created At</td> + <td>Activated?</td> + <td>Suspended?</td> + <td>Admin?</td> + <td></td> + </tr> + <% @users.each do |user| -%> + <tr class="<%= cycle("odd", "even") -%>"> + <td><%= h user.login %></td> + <td><%= link_to user.email, "mailto:#{user.email}" %></td> + <td><%= user.created_at.to_s(:short) %></td> + <td><%= user.activated? ? user.activated_at.to_s(:short) : 'No' %></td> + <td><%= user.suspended? ? user.suspended_at.to_s(:short) : 'No' %></td> + <td><%= user.admin? ? "Yes" : "No" %></td> + <% if user.suspended? -%> + <td><%= link_to "Unsuspend", unsuspend_admin_user_path(user), :confirm => "Confirm unsuspend?", :method => :put %></td> + <% else -%> + <td><%= link_to "Suspend", suspend_admin_user_path(user), :confirm => "Confirm suspend?", :method => :put %></td> + <% end -%> + </tr> + <% end -%> +</table> + +<p><%= link_to "Create New User", new_admin_user_path %></p>
\ No newline at end of file diff --git a/app/views/admin/users/new.html.erb b/app/views/admin/users/new.html.erb new file mode 100644 index 0000000..0532037 --- /dev/null +++ b/app/views/admin/users/new.html.erb @@ -0,0 +1,12 @@ +<h1>Create new user</h1> + +<%= error_messages_for :user %> +<% form_for :user, :url => admin_users_path do |f| -%> + <%= render :partial => 'users/form', :locals => { :f => f } %> + + <p> + <%= f.check_box :is_admin, {}, "1", "0" %> <%= f.label :is_admin, "Is Administrator?" -%> + </p> + + <p><%= f.submit 'Create' %> <%= link_to "Back", admin_users_path %></p> +<% end -%>
\ No newline at end of file diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 1982cd6..373af6b 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -50,9 +50,14 @@ <% end -%> <% if logged_in? -%> <li><%= link_to "Dashboard", dashboard_path -%></li> + <% if current_user.admin? -%> + <li><%= link_to "Administration", admin_users_path -%></li> + <% end -%> <% end -%> + <% if GitoriousConfig['gitorious_public_registration'] || logged_in? -%> <li><%= link_to "Projects", projects_path -%></li> <li><%= link_to "Search", search_path -%></li> + <% end -%> <% if logged_in? -%> <li><%= link_to "FAQ", faq_path -%></li> <% else -%> @@ -62,7 +67,9 @@ <li class="secondary">( <%= link_to "My account", account_path -%></li> <li class="secondary"><%= link_to "Logout", logout_path -%> )</li> <%- else -%> - <li class="secondary"><%= link_to "Register", new_user_path -%></li> + <% if GitoriousConfig['gitorious_public_registration'] -%> + <li class="secondary"><%= link_to "Register", new_user_path -%></li> + <% end -%> <li class="secondary"><%= link_to "Login", login_path -%></li> <%- end -%> </ul> @@ -79,6 +86,15 @@ </li> </ul> <% end -%> + <% if controller.is_a? Admin::UsersController -%> + <h2 id="project_title"><%= link_to "Administration", '' %></h2> + <ul id="submenu" class="white"> + <li class="selected"> + <%= link_to "User Management", + '', :class => "round-top-5" -%> + </li> + </ul> + <% end -%> </div> <% unless @content_for_submenu.blank? -%> <ul id="contextmenu"> diff --git a/app/views/site/index.html.erb b/app/views/site/index.html.erb index d92c9d0..a8508f6 100644 --- a/app/views/site/index.html.erb +++ b/app/views/site/index.html.erb @@ -24,7 +24,9 @@ <strong>Gitorious</strong> aims to provide a great way of doing distributed opensource code collaboration </p> -<%= render :partial => "searches/search_box" -%> +<% if GitoriousConfig['gitorious_public_registration'] || logged_in? -%> + <%= render :partial => "searches/search_box" -%> +<% end -%> </div> <div id="site_overview"> @@ -40,13 +42,16 @@ </tr> </table> - <p class="hint create_account_hint"> - <%= link_to "Creating a user account", new_user_path -%> allows you to create - your own project or participate in the development of any project. - </p> + <% if GitoriousConfig['gitorious_public_registration'] || logged_in? -%> + <p class="hint create_account_hint"> + <%= link_to "Creating a user account", new_user_path -%> allows you to create + your own project or participate in the development of any project. + </p> + <% end -%> <% end -%> </div> +<% if GitoriousConfig['gitorious_public_registration'] || logged_in? -%> <div id="newest_projects"> <h2>Newest projects</h2> <ul> @@ -59,3 +64,4 @@ </ul> <p><%= link_to "View more »", projects_path -%></p> </div> +<% end -%> diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb new file mode 100644 index 0000000..b795948 --- /dev/null +++ b/app/views/users/_form.html.erb @@ -0,0 +1,19 @@ + <p> + <%= f.label :login -%><br/> + <%= f.text_field :login, :class => "text" -%> + </p> + + <p> + <%= f.label :email -%><br/> + <%= f.text_field :email, :class => "text" -%> + </p> + + <p> + <%= f.label :password -%><br/> + <%= f.password_field :password, :class => "text" -%> + </p> + + <p> + <%= f.label :password_confirmation -%><br/> + <%= f.password_field :password_confirmation, :class => "text" %> + </p>
\ No newline at end of file diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index 2149426..bd13662 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb @@ -27,25 +27,6 @@ <%= error_messages_for :user %> <% form_for :user, :url => users_path do |f| -%> - <p> - <%= f.label :login -%><br/> - <%= f.text_field :login, :class => "text" -%> - </p> - - <p> - <%= f.label :email -%><br/> - <%= f.text_field :email, :class => "text" -%> - </p> - - <p> - <%= f.label :password -%><br/> - <%= f.password_field :password, :class => "text" -%> - </p> - - <p> - <%= f.label :password_confirmation -%><br/> - <%= f.password_field :password_confirmation, :class => "text" %> - </p> - + <%= render :partial => 'form', :locals => { :f => f } %> <p><%= f.submit 'Sign up' %></p> <% end -%> diff --git a/config/gitorious.sample.yml b/config/gitorious.sample.yml index dec3122..514c539 100644 --- a/config/gitorious.sample.yml +++ b/config/gitorious.sample.yml @@ -29,3 +29,5 @@ exception_notification_emails: # Mangle visible e-mail addresses (spam protection) mangle_email_addresses: true +# Enable or Disable Public Mode (true) or Private Mode (false) +gitorious_public_registration: true
\ No newline at end of file diff --git a/config/initializers/gitorious_config.rb b/config/initializers/gitorious_config.rb index 5ee38d8..1830ef9 100644 --- a/config/initializers/gitorious_config.rb +++ b/config/initializers/gitorious_config.rb @@ -1 +1,6 @@ -GitoriousConfig = YAML::load_file(File.join(Rails.root, "config/gitorious.yml")) +GitoriousConfig = YAML::load_file(File.join(Rails.root, + ENV['RAILS_ENV'] == 'test' ? "config/gitorious.sample.yml" : "config/gitorious.yml")) +if GitoriousConfig['gitorious_public_registration'].nil? + # make the default be publicly open + GitoriousConfig['gitorious_public_registration'] = true +end
\ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index ce785dd..ec68d46 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -72,6 +72,10 @@ ActionController::Routing::Routes.draw do |map| map.about "about", :controller => "site", :action => "about" map.faq "about/faq", :controller => "site", :action => "faq" + map.namespace :admin do |admin| + admin.resources :users, :member => { :suspend => :put, :unsuspend => :put } + end + # Install the default route as the lowest priority. map.connect ':controller/:action/:id.:format' map.connect ':controller/:action/:id' diff --git a/db/migrate/20090109005102_add_new_flags_to_user.rb b/db/migrate/20090109005102_add_new_flags_to_user.rb new file mode 100644 index 0000000..a6a82b7 --- /dev/null +++ b/db/migrate/20090109005102_add_new_flags_to_user.rb @@ -0,0 +1,11 @@ +class AddNewFlagsToUser < ActiveRecord::Migration + def self.up + add_column :users, :is_admin, :boolean, :default => false + add_column :users, :suspended_at, :datetime + end + + def self.down + remove_column :users, :is_admin + remove_column :users, :suspended_at + end +end @@ -133,6 +133,29 @@ graph on commits frequency through the days. When you run it, it will generate a PNG static image. If you don't run it, Gitorious will simply ignore it. It is very cumbersome to make this component work correctly. +== PRIVATE MODE == + +The original intent of Gitorious is for an open source public website where every +project is open to the public. + +But as Gitorious itself is an open source project, people can choose to have their +own installation (as you will, as you're reading this documentation). + +Sometimes people want to install their own private Gitorious in a VPS server. And +then host their company's internal projects, for example. But in this scenario, their +private Gitorious would be publicly exposed to the Internet. + +Now you can change your config/gitorious.yml file and change this: + + gitorious_public_registration: false + +The default mode is 'true', which make your Gitorious public. But if you want your +own private server, change it to 'false'. + +In private mode, the 'Register' page is also locked and you need to create a super +user manually. Do this in the server running the task 'script/create_admin'. It will +ask for the administrator's email and password and will create it for you. + == SUMMARY == So, the shopping list goes like this: diff --git a/doc/WISHLIST b/doc/WISHLIST index 0ceb09e..8d60bf0 100644 --- a/doc/WISHLIST +++ b/doc/WISHLIST @@ -1,9 +1,9 @@ == IDEAS FOR NEW FEATURES == -- set up an Admin profile - superuser installed by default -- set up an Admin interface - manage users, daemon status +- set up an Admin profile - superuser installed by default [DONE!] +- set up an Admin interface - manage users, daemon status [DONE!] - make it more configurable (logo, basic color theme at least) -- make it private (enforce login instead of being always open) +- make it private (enforce login instead of being always open) [DONE!] - maybe not mix public and private but an option to choose between them - i18n/l10n - Watcher's List/Favorite projects diff --git a/doc/recipes/install-centos.txt b/doc/recipes/install-centos.txt index 6723a60..d863a4e 100644 --- a/doc/recipes/install-centos.txt +++ b/doc/recipes/install-centos.txt @@ -175,6 +175,9 @@ cp config/gitorious.sample.yml config/gitorious.yml # Mangle visible e-mail addresses (spam protection) mangle_email_addresses: true + # Enable or Disable Public Mode (true) or Private Mode (false) + gitorious_public_registration: false + 7.3.1 Remarks on gitorious.yml - run apg -m 64 diff --git a/doc/recipes/install-ubuntu.txt b/doc/recipes/install-ubuntu.txt index 77b5b36..55a5bb4 100644 --- a/doc/recipes/install-ubuntu.txt +++ b/doc/recipes/install-ubuntu.txt @@ -169,6 +169,9 @@ cp config/gitorious.sample.yml config/gitorious.yml # Mangle visible e-mail addresses (spam protection) mangle_email_addresses: true + # Enable or Disable Public Mode (true) or Private Mode (false) + gitorious_public_registration: false + 7.3.1 Remarks on gitorious.yml xz- run apg -m 64 diff --git a/lib/authenticated_system.rb b/lib/authenticated_system.rb index 25e1dcc..da0f347 100644 --- a/lib/authenticated_system.rb +++ b/lib/authenticated_system.rb @@ -65,7 +65,11 @@ module AuthenticatedSystem accepts.html do store_location flash[:error] = "Action requires login" - redirect_to :controller => '/sessions', :action => 'new' + if GitoriousConfig['gitorious_public_registration'] + redirect_to :controller => '/sessions', :action => 'new' + else + redirect_to root_path + end end accepts.xml do headers["Status"] = "Unauthorized" diff --git a/lib/tasks/misc.rake b/lib/tasks/misc.rake index 1a34e25..4225c45 100644 --- a/lib/tasks/misc.rake +++ b/lib/tasks/misc.rake @@ -6,4 +6,4 @@ task :routes => :environment do name = name.ljust(name_col_width + 1) puts "#{name}#{route}" end -end
\ No newline at end of file +end diff --git a/script/create_admin b/script/create_admin new file mode 100755 index 0000000..a2fa9d8 --- /dev/null +++ b/script/create_admin @@ -0,0 +1,24 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__)+'/../config/environment' +ActionMailer::Base.raise_delivery_errors = false +ActionMailer::Base.delivery_method = :test + +if User.find_by_is_admin(true) + puts "You already have an Administrator" + exit! +end + +puts "Type in Administrator's e-mail: " +email = gets.strip +puts "Type in Administrator's password: " +password = gets.strip + +user = User.new :password => password, :password_confirmation => password, :email => email +user.login = 'admin' +user.is_admin = true +if user.save + user.activate + puts "Admin user created successfully." +else + puts "Failed creating Admin user." +end
\ No newline at end of file diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb new file mode 100644 index 0000000..6194973 --- /dev/null +++ b/spec/controllers/admin/users_controller_spec.rb @@ -0,0 +1,64 @@ +require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper') + +describe Admin::UsersController do + integrate_views + + before(:each) do + login_as :johan + end + + it "GET /admin/users" do + get :index + response.should be_success + response.body.should match(/Create New User/) + end + + it "GET /admin/users/new" do + get :new + response.should be_success + response.body.should match(/Is Administrator/) + end + + it "POST /admin/users" do + proc { + post :create, :user => valid_admin_user + }.should change(User, :count) + response.should redirect_to(admin_users_path) + flash[:error].should be(nil) + end + + it "PUT /admin/users/1/suspend" do + users(:johan).suspended_at.should be(nil) + put :suspend, :id => users(:johan).to_param + assigns(:user) == users(:johan) + users(:johan).reload + users(:johan).suspended_at.should_not be(nil) + response.should be_redirect + response.should redirect_to(admin_users_url) + end + + it "PUT /admin/users/1/unsuspend" do + users(:johan).suspended_at = Time.new + users(:johan).save + put :unsuspend, :id => users(:johan).to_param + assigns(:user) == users(:johan) + users(:johan).reload + users(:johan).suspended_at.should be(nil) + response.should be_redirect + response.should redirect_to(admin_users_url) + end + + it "should not access administrator pages if not admin" do + login_as :mike + get :index + response.should redirect_to(root_path) + flash[:error].should == "For Administrators Only" + get :new + response.should redirect_to(root_path) + flash[:error].should == "For Administrators Only" + end + + def valid_admin_user + { :login => 'johndoe', :email => 'foo@foo.com', :password => 'johndoe', :password_confirmation => 'johndoe', :is_admin => "1" } + end +end diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 55d125f..b30d929 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -166,3 +166,19 @@ describe ProjectsController do assigns[:project].should == projects(:johans) end end + +describe ProjectsController, "in Private Mode" do + before(:each) do + GitoriousConfig['gitorious_public_registration'] = false + end + + after(:each) do + GitoriousConfig['gitorious_public_registration'] = true + end + + it "GET /projects" do + get :index + response.should redirect_to(root_path) + flash[:error].should match(/Action requires login/) + end +end
\ No newline at end of file diff --git a/spec/controllers/site_controller_spec.rb b/spec/controllers/site_controller_spec.rb index 7fdcfdb..f2fb66c 100644 --- a/spec/controllers/site_controller_spec.rb +++ b/spec/controllers/site_controller_spec.rb @@ -61,3 +61,23 @@ describe SiteController do end end + + +describe SiteController, "in Private Mode" do + before(:each) do + GitoriousConfig['gitorious_public_registration'] = false + end + + after(:each) do + GitoriousConfig['gitorious_public_registration'] = true + end + + it "GET / should not show private content in the homepage" do + get :index + response.body.should_not match(/Newest projects/) + response.body.should_not match(/action\=\"\/search"/) + response.body.should_not match(/Creating a user account/) + response.body.should_not match(/\/projects/) + response.body.should_not match(/\/search/) + end +end
\ No newline at end of file diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 007a4a8..13ae790 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -18,6 +18,24 @@ require File.dirname(__FILE__) + '/../spec_helper' +describe "All Users", :shared => true do + it "should activate user" do + User.authenticate('moe', 'test').should be(nil) + get :activate, :activation_code => users(:moe).activation_code + response.should redirect_to('/') + flash[:notice].should_not be(nil) + User.authenticate('moe@example.com', 'test').should == users(:moe) + end + + it "flashes a message when the activation code is invalid" do + get :activate, :activation_code => "fubar" + response.should redirect_to('/') + flash[:notice].should be(nil) + flash[:error].should == "Invalid activation code" + User.authenticate('moe@example.com', 'test').should == nil + end +end + describe UsersController do def create_user(options = {}) @@ -25,6 +43,8 @@ describe UsersController do :password => 'quire', :password_confirmation => 'quire' }.merge(options) end + it_should_behave_like "All Users" + it "should allow signups" do proc{ create_user @@ -75,22 +95,6 @@ describe UsersController do User.authenticate('quire@example.com', 'quire').should == nil controller.send(:logged_in?).should == false end - - it "should activate user" do - User.authenticate('moe', 'test').should be(nil) - get :activate, :activation_code => users(:moe).activation_code - response.should redirect_to('/') - flash[:notice].should_not be(nil) - User.authenticate('moe@example.com', 'test').should == users(:moe) - end - - it "flashes a message when the activation code is invalid" do - get :activate, :activation_code => "fubar" - response.should redirect_to('/') - flash[:notice].should be(nil) - flash[:error].should == "Invalid activation code" - User.authenticate('moe@example.com', 'test').should == nil - end it "shows the user" do get :show, :id => users(:johan).login @@ -157,3 +161,32 @@ describe UsersController do end end end + +describe UsersController, "in Private Mode" do + before(:each) do + GitoriousConfig['gitorious_public_registration'] = false + end + + after(:each) do + GitoriousConfig['gitorious_public_registration'] = true + end + + it_should_behave_like "All Users" + + it "GET /users/new" do + get :new + response.should redirect_to(root_path) + flash[:error].should match(/Action requires login/) + end + + it "GET /users/johan" do + get :show, :id => users(:johan).to_param + response.should redirect_to(root_path) + flash[:error].should match(/Action requires login/) + end + + it "GET /users/forgot_password" do + get :forgot_password + response.should be_success + end +end
\ No newline at end of file diff --git a/spec/fixtures/users.yml b/spec/fixtures/users.yml index dcd7c14..be2544f 100644 --- a/spec/fixtures/users.yml +++ b/spec/fixtures/users.yml @@ -8,6 +8,7 @@ johan: activation_code: 8f24789ae988411ccf33ab0c30fe9106fab32e9b activated_at: <%= 5.days.ago.to_s :db %> ssh_key_id: 1 + is_admin: <%= true %> moe: id: 2 login: moe @@ -17,6 +18,7 @@ moe: created_at: <%= 1.days.ago.to_s :db %> activation_code: 8f24789ae988411ccf33ab0c30fe9106fab32e9a ssh_key_id: 2 + is_admin: <%= false %> mike: id: 3 login: mike @@ -26,3 +28,4 @@ mike: created_at: <%= 1.days.ago.to_s :db %> activation_code: 8f24789ae988411ccf33ab0c30fe9106fab32e9a ssh_key_id: 3 + is_admin: <%= false %>
\ No newline at end of file diff --git a/spec/helpers/admin/users_helper_spec.rb b/spec/helpers/admin/users_helper_spec.rb new file mode 100644 index 0000000..dded4c3 --- /dev/null +++ b/spec/helpers/admin/users_helper_spec.rb @@ -0,0 +1,11 @@ +require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper') + +describe Admin::UsersHelper do + + #Delete this example and add some real ones or delete this file + it "should be included in the object returned by #helper" do + included_modules = (class << helper; self; end).send :included_modules + included_modules.should include(Admin::UsersHelper) + end + +end |