diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index 25f55006..8f532c42 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -62,7 +62,7 @@ module Admin # overwrite default update def update - user = User.find(params[:user][:id]) + user = User.find(params[:id]) if params[:user][:password].empty? user.assign_attributes(user_params.except(:password)) diff --git a/app/dashboards/user_dashboard.rb b/app/dashboards/user_dashboard.rb index 98a2eaac..22d025f8 100644 --- a/app/dashboards/user_dashboard.rb +++ b/app/dashboards/user_dashboard.rb @@ -8,7 +8,7 @@ class UserDashboard < Administrate::BaseDashboard # which determines how the attribute is displayed # on pages throughout the dashboard. ATTRIBUTE_TYPES = { - id: IdField, + id: Field::Number, email: Field::String, password: Field::Password, encrypted_password: Field::String, @@ -55,7 +55,6 @@ class UserDashboard < Administrate::BaseDashboard # an array of attributes that will be displayed # on the model's form (`new` and `edit`) pages. FORM_ATTRIBUTES = %i[ - id full_name email role diff --git a/app/views/fields/id_field/_form.html.erb b/app/views/fields/id_field/_form.html.erb deleted file mode 100644 index bb387ecd..00000000 --- a/app/views/fields/id_field/_form.html.erb +++ /dev/null @@ -1 +0,0 @@ -<%= f.text_field field.attribute, hidden: :true %> diff --git a/app/views/fields/id_field/_index.html.erb b/app/views/fields/id_field/_index.html.erb deleted file mode 100644 index 6d9dbc90..00000000 --- a/app/views/fields/id_field/_index.html.erb +++ /dev/null @@ -1 +0,0 @@ -<%= field.to_s %> diff --git a/app/views/fields/id_field/_show.html.erb b/app/views/fields/id_field/_show.html.erb deleted file mode 100644 index 6d9dbc90..00000000 --- a/app/views/fields/id_field/_show.html.erb +++ /dev/null @@ -1 +0,0 @@ -<%= field.to_s %> diff --git a/spec/requests/admin_panel_boards_spec.rb b/spec/requests/admin_panel_boards_spec.rb new file mode 100644 index 00000000..49d7a129 --- /dev/null +++ b/spec/requests/admin_panel_boards_spec.rb @@ -0,0 +1,148 @@ +require 'rails_helper' + +RSpec.describe 'requests to boards in the admin panel', :admin_panel, type: :request do + let(:user) { FactoryBot.create(:user) } + let(:moderator) { FactoryBot.create(:moderator) } + let(:admin) { FactoryBot.create(:admin) } + + let(:board) { FactoryBot.create(:board) } + + context 'when user is not logged in' do + it 'redirects index action' do + get admin_boards_path + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects show action' do + get admin_board_path(board) + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects new action' do + get new_admin_board_path + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects edit action' do + get edit_admin_board_path(board) + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects create action' do + post admin_boards_path, params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects update action' do + patch admin_board_path(board), params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects destroy action' do + delete admin_board_path(board) + expect(response).to redirect_to(new_user_session_path) + end + end + + context 'when user has role "user"' do + before(:each) do + user.confirm + sign_in user + end + + it 'redirects index action' do + get admin_boards_path + expect(response).to redirect_to(root_path) + end + it 'redirects show action' do + get admin_board_path(board) + expect(response).to redirect_to(root_path) + end + it 'redirects new action' do + get new_admin_board_path + expect(response).to redirect_to(root_path) + end + it 'redirects edit action' do + get edit_admin_board_path(board) + expect(response).to redirect_to(root_path) + end + it 'redirects create action' do + post admin_boards_path, params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(root_path) + end + it 'redirects update action' do + patch admin_board_path(board), params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(root_path) + end + it 'redirects destroy action' do + delete admin_board_path(board) + expect(response).to redirect_to(root_path) + end + end + + context 'when user has role "moderator"' do + before(:each) do + moderator.confirm + sign_in moderator + end + + it 'fulfills index action' do + get admin_boards_path + expect(response).to have_http_status(:success) + end + it 'fulfills show action' do + get admin_board_path(board) + expect(response).to have_http_status(:success) + end + it 'fulfills new action' do + get new_admin_board_path + expect(response).to have_http_status(:success) + end + it 'fulfills edit action' do + get edit_admin_board_path(board) + expect(response).to have_http_status(:success) + end + it 'fulfills create action' do + post admin_boards_path, params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(admin_board_path(board.id + 1)) + end + it 'fulfills update action' do + patch admin_board_path(board), params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(admin_board_path(board)) + end + it 'fulfills destroy action' do + delete admin_board_path(board) + expect(response).to redirect_to(admin_root_path) + end + end + + context 'when user has role "admin"' do + before(:each) do + admin.confirm + sign_in admin + end + + it 'fulfills index action' do + get admin_boards_path + expect(response).to have_http_status(:success) + end + it 'fulfills show action' do + get admin_board_path(board) + expect(response).to have_http_status(:success) + end + it 'fulfills new action' do + get new_admin_board_path + expect(response).to have_http_status(:success) + end + it 'fulfills edit action' do + get edit_admin_board_path(board) + expect(response).to have_http_status(:success) + end + it 'fulfills create action' do + post admin_boards_path, params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(admin_board_path(board.id + 1)) + end + it 'fulfills update action' do + patch admin_board_path(board), params: { board: { name: board.name + 'a' } } + expect(response).to redirect_to(admin_board_path(board)) + end + it 'fulfills destroy action' do + delete admin_board_path(board) + expect(response).to redirect_to(admin_root_path) + end + end +end \ No newline at end of file diff --git a/spec/requests/admin_panel_post_statuses_spec.rb b/spec/requests/admin_panel_post_statuses_spec.rb new file mode 100644 index 00000000..fe8ec93c --- /dev/null +++ b/spec/requests/admin_panel_post_statuses_spec.rb @@ -0,0 +1,148 @@ +require 'rails_helper' + +RSpec.describe 'requests to post statuses in the admin panel', :admin_panel, type: :request do + let(:user) { FactoryBot.create(:user) } + let(:moderator) { FactoryBot.create(:moderator) } + let(:admin) { FactoryBot.create(:admin) } + + let(:post_status) { FactoryBot.create(:post_status) } + + context 'when user is not logged in' do + it 'redirects index action' do + get admin_post_statuses_path + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects show action' do + get admin_post_status_path(post_status) + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects new action' do + get new_admin_post_status_path + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects edit action' do + get edit_admin_post_status_path(post_status) + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects create action' do + post admin_post_statuses_path, params: { post_status: { name: post_status.name + 'a' } } + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects update action' do + patch admin_post_status_path(post_status), params: { post_status: { name: post_status.name + 'a' } } + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects destroy action' do + delete admin_post_status_path(post_status) + expect(response).to redirect_to(new_user_session_path) + end + end + + context 'when user has role "user"' do + before(:each) do + user.confirm + sign_in user + end + + it 'redirects index action' do + get admin_post_statuses_path + expect(response).to redirect_to(root_path) + end + it 'redirects show action' do + get admin_post_status_path(post_status) + expect(response).to redirect_to(root_path) + end + it 'redirects new action' do + get new_admin_post_status_path + expect(response).to redirect_to(root_path) + end + it 'redirects edit action' do + get edit_admin_post_status_path(post_status) + expect(response).to redirect_to(root_path) + end + it 'redirects create action' do + post admin_post_statuses_path, params: { post_status: { name: post_status.name + 'a' } } + expect(response).to redirect_to(root_path) + end + it 'redirects update action' do + patch admin_post_status_path(post_status), params: { post_status: { name: post_status.name + 'a' } } + expect(response).to redirect_to(root_path) + end + it 'redirects destroy action' do + delete admin_post_status_path(post_status) + expect(response).to redirect_to(root_path) + end + end + + context 'when user has role "moderator"' do + before(:each) do + moderator.confirm + sign_in moderator + end + + it 'fulfills index action' do + get admin_post_statuses_path + expect(response).to have_http_status(:success) + end + it 'fulfills show action' do + get admin_post_status_path(post_status) + expect(response).to have_http_status(:success) + end + it 'fulfills new action' do + get new_admin_post_status_path + expect(response).to have_http_status(:success) + end + it 'fulfills edit action' do + get edit_admin_post_status_path(post_status) + expect(response).to have_http_status(:success) + end + it 'fulfills create action' do + post admin_post_statuses_path, params: { post_status: { name: post_status.name + 'a', color: post_status.color } } + expect(response).to redirect_to(admin_post_status_path(post_status.id + 1)) + end + it 'fulfills update action' do + patch admin_post_status_path(post_status), params: { post_status: { name: post_status.name + 'a' } } + expect(response).to redirect_to(admin_post_status_path(post_status)) + end + it 'fulfills destroy action' do + delete admin_post_status_path(post_status) + expect(response).to redirect_to(admin_post_statuses_path) + end + end + + context 'when user has role "admin"' do + before(:each) do + admin.confirm + sign_in admin + end + + it 'fulfills index action' do + get admin_post_statuses_path + expect(response).to have_http_status(:success) + end + it 'fulfills show action' do + get admin_post_status_path(post_status) + expect(response).to have_http_status(:success) + end + it 'fulfills new action' do + get new_admin_post_status_path + expect(response).to have_http_status(:success) + end + it 'fulfills edit action' do + get edit_admin_post_status_path(post_status) + expect(response).to have_http_status(:success) + end + it 'fulfills create action' do + post admin_post_statuses_path, params: { post_status: { name: post_status.name + 'a', color: post_status.color } } + expect(response).to redirect_to(admin_post_status_path(post_status.id + 1)) + end + it 'fulfills update action' do + patch admin_post_status_path(post_status), params: { post_status: { name: post_status.name + 'a' } } + expect(response).to redirect_to(admin_post_status_path(post_status)) + end + it 'fulfills destroy action' do + delete admin_post_status_path(post_status) + expect(response).to redirect_to(admin_post_statuses_path) + end + end +end \ No newline at end of file diff --git a/spec/requests/admin_panel_spec.rb b/spec/requests/admin_panel_spec.rb deleted file mode 100644 index 69a3a3f7..00000000 --- a/spec/requests/admin_panel_spec.rb +++ /dev/null @@ -1,64 +0,0 @@ -require 'rails_helper' - -RSpec.describe 'Requests to the admin panel', type: :request do - let(:user) { FactoryBot.create(:user) } - let(:moderator) { FactoryBot.create(:moderator) } - let(:admin) { FactoryBot.create(:admin) } - - before(:each) do - user.confirm - moderator.confirm - admin.confirm - end - - it 'requires a logged-in admin to view Users admin panel' do - get admin_users_path - expect(response).to redirect_to(new_user_session_path) - - sign_in user - get admin_users_path - expect(response).to redirect_to(root_path) - - sign_in moderator - get admin_users_path - expect(response).to redirect_to(root_path) - - sign_in admin - get admin_users_path - expect(response).to have_http_status(:success) - end - - it 'requires at least a logged-in moderator to view Boards admin panel' do - get admin_boards_path - expect(response).to redirect_to(new_user_session_path) - - sign_in user - get admin_boards_path - expect(response).to redirect_to(root_path) - - sign_in moderator - get admin_boards_path - expect(response).to have_http_status(:success) - - sign_in admin - get admin_boards_path - expect(response).to have_http_status(:success) - end - - it 'requires at least a logged-in moderator to view PostStatuses admin panel' do - get admin_post_statuses_path - expect(response).to redirect_to(new_user_session_path) - - sign_in user - get admin_post_statuses_path - expect(response).to redirect_to(root_path) - - sign_in moderator - get admin_post_statuses_path - expect(response).to have_http_status(:success) - - sign_in admin - get admin_post_statuses_path - expect(response).to have_http_status(:success) - end -end \ No newline at end of file diff --git a/spec/requests/admin_panel_users_spec.rb b/spec/requests/admin_panel_users_spec.rb new file mode 100644 index 00000000..99f7e0dc --- /dev/null +++ b/spec/requests/admin_panel_users_spec.rb @@ -0,0 +1,146 @@ +require 'rails_helper' + +RSpec.describe 'requests to users in the admin panel', :admin_panel, type: :request do + let(:user) { FactoryBot.create(:user) } + let(:moderator) { FactoryBot.create(:moderator) } + let(:admin) { FactoryBot.create(:admin) } + + context 'when user is not logged in' do + it 'redirects index action' do + get admin_users_path + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects show action' do + get admin_user_path(user) + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects new action' do + get new_admin_user_path + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects edit action' do + get edit_admin_user_path(user) + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects create action' do + post admin_users_path, params: { user: { full_name: user.full_name, email: user.email + 'a', password: user.password } } + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects update action' do + patch admin_user_path(user), params: { user: { full_name: user.full_name } } + expect(response).to redirect_to(new_user_session_path) + end + it 'redirects destroy action' do + delete admin_user_path(user) + expect(response).to redirect_to(new_user_session_path) + end + end + + context 'when user has role "user"' do + before(:each) do + user.confirm + sign_in user + end + + it 'redirects index action' do + get admin_users_path + expect(response).to redirect_to(root_path) + end + it 'redirects show action' do + get admin_user_path(user) + expect(response).to redirect_to(root_path) + end + it 'redirects new action' do + get new_admin_user_path + expect(response).to redirect_to(root_path) + end + it 'redirects edit action' do + get edit_admin_user_path(user) + expect(response).to redirect_to(root_path) + end + it 'redirects create action' do + post admin_users_path, params: { user: { full_name: user.full_name, email: user.email + 'a', password: user.password } } + expect(response).to redirect_to(root_path) + end + it 'redirects update action' do + patch admin_user_path(user), params: { user: { full_name: user.full_name } } + expect(response).to redirect_to(root_path) + end + it 'redirects destroy action' do + delete admin_user_path(user) + expect(response).to redirect_to(root_path) + end + end + + context 'when user has role "moderator"' do + before(:each) do + moderator.confirm + sign_in moderator + end + + it 'redirects index action' do + get admin_users_path + expect(response).to redirect_to(root_path) + end + it 'redirects show action' do + get admin_user_path(user) + expect(response).to redirect_to(root_path) + end + it 'redirects new action' do + get new_admin_user_path + expect(response).to redirect_to(root_path) + end + it 'redirects edit action' do + get edit_admin_user_path(user) + expect(response).to redirect_to(root_path) + end + it 'redirects create action' do + post admin_users_path, params: { user: { full_name: user.full_name, email: user.email + 'a', password: user.password } } + expect(response).to redirect_to(root_path) + end + it 'redirects update action' do + patch admin_user_path(user), params: { user: { full_name: user.full_name } } + expect(response).to redirect_to(root_path) + end + it 'redirects destroy action' do + delete admin_user_path(user) + expect(response).to redirect_to(root_path) + end + end + + context 'when user has role "admin"' do + before(:each) do + admin.confirm + sign_in admin + end + + it 'fulfills index action' do + get admin_users_path + expect(response).to have_http_status(:success) + end + it 'fulfills show action' do + get admin_user_path(user) + expect(response).to have_http_status(:success) + end + it 'fulfills new action' do + get new_admin_user_path + expect(response).to have_http_status(:success) + end + it 'fulfills edit action' do + get edit_admin_user_path(user) + expect(response).to have_http_status(:success) + end + it 'fulfills create action' do + post admin_users_path, params: { user: { full_name: user.full_name, email: user.email + 'a', password: user.password } } + expect(response).to redirect_to(admin_user_path(user.id + 1)) + end + it 'fulfills update action' do + patch admin_user_path(user), params: { user: { full_name: user.full_name + 'a', password: '' } } + expect(response).to redirect_to(admin_user_path(user)) + end + it 'fulfills destroy action' do + delete admin_user_path(user) + expect(response).to redirect_to(admin_users_path) + end + end +end \ No newline at end of file