Make first baby steps towards an authentication procedure through rub…

…ycas-server * Add the rubycas-client gem * Initialize rubycas-client * Add admin namespace for admin post actions * Change the rubycas-server logger preventing it for a deprication warning * Test that admin_post_controller needs login * Create user model * Add admin boolean to users * Add current user helper
mrDoktar · May 12, 2010 · 0a61740 · 0a61740
1 parent b4a86c6
commit 0a61740
Show file tree

Hide file tree

Showing 15 changed files with 176 additions and 42 deletions.
diff --git a/Gemfile b/Gemfile
@@ -11,6 +11,8 @@ gem 'acts-as-taggable-on'
 
 gem 'sqlite3-ruby', :require => 'sqlite3'
 
+gem 'rubycas-client'
+
 group :test do
   gem "rspec-rails", ">= 2.0.0.beta.8"
   gem 'factory_girl', :git => 'git://github.com/thoughtbot/factory_girl.git', :branch => 'rails3'

diff --git a/app/controllers/admin/posts_controller.rb b/app/controllers/admin/posts_controller.rb
@@ -0,0 +1,38 @@
+class Admin::PostsController < ApplicationController
+
+  before_filter CASClient::Frameworks::Rails::Filter
+
+  def new
+    @post = Post.new
+  end
+
+  def create
+    @post = Post.new(params[:post])
+    if @post.save
+      redirect_to post_url @post
+    else
+      render "new"
+    end
+  end
+
+  def edit
+    @post = Post.find_by_id(params[:id])
+  end
+
+  def update
+    @post = Post.find_by_id(params[:id])
+
+    if @post.update_attributes(params[:post])
+      redirect_to post_url @post
+    else
+      render "edit"
+    end
+  end
+
+  def destroy
+    @post = Post.find_by_id(params[:id])
+    @post.destroy unless @post.nil?
+    redirect_to posts_url
+  end
+
+end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,4 +1,17 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
   layout 'application'
+  helper_method :current_user
+
+  private
+
+  def current_user
+    return nil unless session[:cas_email].present?
+    @current_user ||= User.find_or_create_by_email(session[:cas_email])
+  end
+
+  def require_admin
+    return current_user.present?
+  end
+
 end
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
@@ -1,45 +1,12 @@
 class PostsController < ApplicationController
-  
+
   def index
     @posts = Post.latest
   end
-
-  def new
-    @post = Post.new
-  end
-
-  def create
-    @post = Post.new(params[:post])
-    if @post.save
-      redirect_to @post
-    else
-      render "new"
-    end
-  end
-
+
   def show
     @post = Post.find_by_id(params[:id])
     @posts = Post.latest - [@post]
   end
 
-  def edit
-    @post = Post.find_by_id(params[:id])
-  end
-
-  def update
-    @post = Post.find_by_id(params[:id])
-
-    if @post.update_attributes(params[:post])
-      redirect_to @post
-    else
-      render "edit"
-    end
-  end
-
-  def destroy
-    @post = Post.find_by_id(params[:id])
-    @post.destroy unless @post.nil?
-    redirect_to posts_path
-  end
-
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -0,0 +1,2 @@
+class User < ActiveRecord::Base
+end
diff --git a/app/views/posts/_form.html.haml → app/views/admin/posts/_form.html.haml b/app/views/posts/_form.html.haml → app/views/admin/posts/_form.html.haml
@@ -1,4 +1,4 @@
-= form_for @post do |f|
+= form_for [:admin, @post] do |f|
   = f.label :title
   %br
   = f.text_field :title

diff --git a/app/views/posts/edit.html.haml → app/views/admin/posts/edit.html.haml b/app/views/posts/edit.html.haml → app/views/admin/posts/edit.html.haml
diff --git a/app/views/posts/new.html.haml → app/views/admin/posts/new.html.haml b/app/views/posts/new.html.haml → app/views/admin/posts/new.html.haml
diff --git a/app/views/posts/_post.html.haml b/app/views/posts/_post.html.haml
@@ -2,11 +2,11 @@
 
 - content_for(:menu) do
   %p
-    = link_to "Write a new post", new_post_path, :class => "button in_menu"
+    = link_to "Write a new post", [:new, :admin, :post], :class => "button in_menu"
     %br
-    = link_to "Edit this one", [:edit, post], :class => "button in_menu"
+    = link_to "Edit this one", [:edit, :admin, post], :class => "button in_menu"
     %br
-    = link_to "Delete this one", post, :method => :delete, :confirm => "Are you sure?", :class => "button red in_menu"
+    = link_to "Delete this one", [:admin, post], :method => :delete, :confirm => "Are you sure?", :class => "button red in_menu"
 
 #title
   = image_tag "http://www.gravatar.com/avatar/eb8c26db448303abe1d2f5df15c2a0a5?s=70", :class => "profile_image"

diff --git a/config/initializers/rubycas_client.rb b/config/initializers/rubycas_client.rb
@@ -0,0 +1,8 @@
+require 'casclient'
+require 'casclient/frameworks/rails/filter'
+
+CASClient::Frameworks::Rails::Filter.configure(
+    :cas_base_url => "https://67.23.79.76/",
+    :username_session_key => :cas_email,
+    :logger => Rails.logger
+) 
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,6 +1,10 @@
 BlogIn15::Application.routes.draw do |map|
-  resources :posts
-
+  resources :posts, :only => [:index, :show]
+
+  namespace :admin do
+    resources :posts, :only => [:new, :create, :edit, :update, :destroy]
+  end
+
   # The priority is based upon order of creation:
   # first created -> highest priority.
 

diff --git a/db/migrate/20100512102416_create_users.rb b/db/migrate/20100512102416_create_users.rb
@@ -0,0 +1,16 @@
+class CreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string :email
+      t.string :full_name
+      t.boolean :admin, :default => false
+      t.timestamps
+    end
+
+    add_index :users, :email
+  end
+
+  def self.down
+    drop_table :users
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -9,7 +9,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20100511125151) do
+ActiveRecord::Schema.define(:version => 20100512102416) do
 
   create_table "posts", :force => true do |t|
     t.string "title"
@@ -34,4 +34,14 @@
     t.string "name"
   end
 
+  create_table "users", :force => true do |t|
+    t.string   "email"
+    t.string   "full_name"
+    t.boolean  "admin",      :default => false
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "users", ["email"], :name => "index_users_on_email"
+
 end
diff --git a/spec/controllers/admin/posts_controller_spec.rb b/spec/controllers/admin/posts_controller_spec.rb
@@ -0,0 +1,69 @@
+require 'spec_helper'
+
+describe Admin::PostsController do
+  before do
+    @user = mock("User", :email => "john.doe@example.com")
+    @post = mock_model(Post, :null_object => true)
+    Post.stub(:find_by_id).and_return(@post)    
+  end
+
+  describe "as admin" do
+    before do
+      CASClient::Frameworks::Rails::Filter.stub(:filter).and_return(true)
+    end
+
+    it "should be able to visit the new page" do
+      get :new
+      response.should render_template(:new)
+    end
+
+    it "should be able to use the create action" do
+      post :create
+      response.should render_template(:new)
+    end
+
+    it "should be able to visit the edit page" do
+      get :edit, :id => 1
+      response.should render_template(:edit)
+    end
+
+    it "should be able to use the update action" do
+      put :update, :id => 1
+      response.should redirect_to(post_path(@post))    
+    end
+
+    it "should be able to use the destroy action" do
+      delete :destroy, :id => 1
+      response.should redirect_to(posts_path)
+    end
+  end
+
+  describe "as guest" do
+
+    it "should not be able to visite the new page" do
+      get :new
+      response.should_not render_template(:new)
+    end
+
+    it "should not be able to use the create action" do
+      post :create
+      response.should_not render_template(:new)
+    end
+
+    it "should not be able to visit the edit page" do
+      get :edit, :id => 1
+      response.should_not render_template(:edit)
+    end
+
+    it "should not be able to use the update action" do
+      put :update, :id => 1
+      response.should_not redirect_to(post_path(@post))    
+    end
+
+    it "should not be able to use the destroy action" do
+      delete :destroy, :id => 1
+      response.should_not redirect_to(posts_path)
+    end
+
+  end 
+end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe User do
+  pending "add some examples to (or delete) #{__FILE__}"
+end