Require authentication for most actions
Some checks failed
Ruby CI / test (pull_request) Failing after 40s
Some checks failed
Ruby CI / test (pull_request) Failing after 40s
This commit is contained in:
parent
d0b4d000eb
commit
108959f2b0
14 changed files with 73 additions and 5 deletions
|
@ -1,3 +1,4 @@
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
include Authenticatable
|
include Authenticatable
|
||||||
|
include Authorizable
|
||||||
end
|
end
|
||||||
|
|
37
app/controllers/concerns/authorizable.rb
Normal file
37
app/controllers/concerns/authorizable.rb
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
module Authorizable
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
included do
|
||||||
|
before_action :require_registered_user
|
||||||
|
end
|
||||||
|
|
||||||
|
class_methods do
|
||||||
|
def allow_unregistered_user(**args)
|
||||||
|
skip_before_action :require_registered_user, **args
|
||||||
|
end
|
||||||
|
|
||||||
|
def require_unregistered_user(**args)
|
||||||
|
skip_before_action :require_registered_user, **args
|
||||||
|
before_action :require_unregistered_user, **args
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def require_registered_user
|
||||||
|
Current.user.registered? || redirect_to_sign_in
|
||||||
|
end
|
||||||
|
|
||||||
|
def require_unregistered_user
|
||||||
|
Current.user.unregistered? || redirect_to_dashboard
|
||||||
|
end
|
||||||
|
|
||||||
|
def redirect_to_sign_in
|
||||||
|
session[:return_url] = request.url
|
||||||
|
redirect_to new_session_url, alert: "You must be logged in to continue."
|
||||||
|
end
|
||||||
|
|
||||||
|
def redirect_to_dashboard
|
||||||
|
redirect_to root_url, alert: "You are already logged in."
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,4 +1,5 @@
|
||||||
class SessionsController < ApplicationController
|
class SessionsController < ApplicationController
|
||||||
|
require_unregistered_user only: %i[new create]
|
||||||
# GET /sessions/new
|
# GET /sessions/new
|
||||||
def new
|
def new
|
||||||
@session = Session.new
|
@session = Session.new
|
||||||
|
@ -11,7 +12,6 @@ class SessionsController < ApplicationController
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
if @session.save
|
if @session.save
|
||||||
session[:current_user_id] = @session.user_id
|
session[:current_user_id] = @session.user_id
|
||||||
Rails.logger.info("ID: #{@session.user_id}")
|
|
||||||
|
|
||||||
format.html { redirect_to root_url, notice: "Session was successfully created." }
|
format.html { redirect_to root_url, notice: "Session was successfully created." }
|
||||||
format.json { render :show, status: :created, location: @session }
|
format.json { render :show, status: :created, location: @session }
|
||||||
|
@ -27,7 +27,7 @@ class SessionsController < ApplicationController
|
||||||
session[:current_user_id] = nil
|
session[:current_user_id] = nil
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
format.html { redirect_to root_url, notice: "Session was successfully destroyed." }
|
format.html { redirect_to new_session_url, notice: "Session was successfully destroyed." }
|
||||||
format.json { head :no_content }
|
format.json { head :no_content }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
class UsersController < ApplicationController
|
class UsersController < ApplicationController
|
||||||
|
require_unregistered_user only: %i[new create]
|
||||||
|
|
||||||
before_action :set_user, only: %i[ show edit update destroy ]
|
before_action :set_user, only: %i[ show edit update destroy ]
|
||||||
|
|
||||||
# GET /users or /users.json
|
# GET /users or /users.json
|
||||||
|
@ -25,6 +27,9 @@ class UsersController < ApplicationController
|
||||||
|
|
||||||
respond_to do |format|
|
respond_to do |format|
|
||||||
if @user.save
|
if @user.save
|
||||||
|
@session = Session.new(session_params).save
|
||||||
|
session[:current_user_id] = @session.user_id
|
||||||
|
|
||||||
format.html { redirect_to user_url(@user), notice: "User was successfully created." }
|
format.html { redirect_to user_url(@user), notice: "User was successfully created." }
|
||||||
format.json { render :show, status: :created, location: @user }
|
format.json { render :show, status: :created, location: @user }
|
||||||
else
|
else
|
||||||
|
@ -67,4 +72,8 @@ class UsersController < ApplicationController
|
||||||
def user_params
|
def user_params
|
||||||
params.require(:user).permit(:email, :password, :password_confirmation)
|
params.require(:user).permit(:email, :password, :password_confirmation)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def session_params
|
||||||
|
user_params.slice(:email, :password)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
class GuestUser
|
class GuestUser
|
||||||
def registered? = false
|
def registered? = false
|
||||||
|
|
||||||
|
def unregistered? = true
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,4 +2,6 @@ class User < ApplicationRecord
|
||||||
has_secure_password
|
has_secure_password
|
||||||
|
|
||||||
def registered? = true
|
def registered? = true
|
||||||
|
|
||||||
|
def unregistered? = false
|
||||||
end
|
end
|
||||||
|
|
|
@ -20,8 +20,9 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should destroy session" do
|
test "should destroy session" do
|
||||||
|
login(users(:one).email)
|
||||||
delete session_url(@session)
|
delete session_url(@session)
|
||||||
|
|
||||||
assert_redirected_to root_url
|
assert_redirected_to new_session_url
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,6 +6,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should get index" do
|
test "should get index" do
|
||||||
|
login(@user.email)
|
||||||
get users_url
|
get users_url
|
||||||
assert_response :success
|
assert_response :success
|
||||||
end
|
end
|
||||||
|
@ -31,21 +32,25 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should show user" do
|
test "should show user" do
|
||||||
|
login(@user.email)
|
||||||
get user_url(@user)
|
get user_url(@user)
|
||||||
assert_response :success
|
assert_response :success
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should get edit" do
|
test "should get edit" do
|
||||||
|
login(@user.email)
|
||||||
get edit_user_url(@user)
|
get edit_user_url(@user)
|
||||||
assert_response :success
|
assert_response :success
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should update user" do
|
test "should update user" do
|
||||||
|
login(@user.email)
|
||||||
patch user_url(@user), params: { user: { email: @user.email, password: "secret", password_confirmation: "secret" } }
|
patch user_url(@user), params: { user: { email: @user.email, password: "secret", password_confirmation: "secret" } }
|
||||||
assert_redirected_to user_url(@user)
|
assert_redirected_to user_url(@user)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should destroy user" do
|
test "should destroy user" do
|
||||||
|
login(@user.email)
|
||||||
assert_difference("User.count", -1) do
|
assert_difference("User.count", -1) do
|
||||||
delete user_url(@user)
|
delete user_url(@user)
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
||||||
class CreditCardBillsTest < ApplicationSystemTestCase
|
class CreditCardBillsTest < ApplicationSystemTestCase
|
||||||
setup do
|
setup do
|
||||||
@credit_card_bill = credit_card_bills(:one)
|
@credit_card_bill = credit_card_bills(:one)
|
||||||
|
login(users(:one).email)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "visiting the index" do
|
test "visiting the index" do
|
||||||
|
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
||||||
class ExpensesTest < ApplicationSystemTestCase
|
class ExpensesTest < ApplicationSystemTestCase
|
||||||
setup do
|
setup do
|
||||||
@expense = expenses(:monthly_expense)
|
@expense = expenses(:monthly_expense)
|
||||||
|
login(users(:one).email)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "visiting the index" do
|
test "visiting the index" do
|
||||||
|
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
||||||
class IncomesTest < ApplicationSystemTestCase
|
class IncomesTest < ApplicationSystemTestCase
|
||||||
setup do
|
setup do
|
||||||
@income = incomes(:included_1)
|
@income = incomes(:included_1)
|
||||||
|
login(users(:one).email)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "visiting the index" do
|
test "visiting the index" do
|
||||||
|
|
|
@ -3,6 +3,7 @@ require "application_system_test_case"
|
||||||
class MembersTest < ApplicationSystemTestCase
|
class MembersTest < ApplicationSystemTestCase
|
||||||
setup do
|
setup do
|
||||||
@member = members(:one)
|
@member = members(:one)
|
||||||
|
login(users(:one).email)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "visiting the index" do
|
test "visiting the index" do
|
||||||
|
|
|
@ -6,13 +6,14 @@ class UsersTest < ApplicationSystemTestCase
|
||||||
end
|
end
|
||||||
|
|
||||||
test "visiting the index" do
|
test "visiting the index" do
|
||||||
|
login(@user.email)
|
||||||
visit users_url
|
visit users_url
|
||||||
assert_selector "h1", text: "Users"
|
assert_selector "h1", text: "Users"
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should create user" do
|
test "should create user" do
|
||||||
visit users_url
|
visit users_url
|
||||||
click_on "New user"
|
click_on "Sign up"
|
||||||
|
|
||||||
fill_in "Email", with: "userthree@example.local"
|
fill_in "Email", with: "userthree@example.local"
|
||||||
fill_in "Password", with: "secret"
|
fill_in "Password", with: "secret"
|
||||||
|
@ -24,6 +25,7 @@ class UsersTest < ApplicationSystemTestCase
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should update User" do
|
test "should update User" do
|
||||||
|
login(@user.email)
|
||||||
visit user_url(@user)
|
visit user_url(@user)
|
||||||
click_on "Edit this user", match: :first
|
click_on "Edit this user", match: :first
|
||||||
|
|
||||||
|
@ -37,7 +39,8 @@ class UsersTest < ApplicationSystemTestCase
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should destroy User" do
|
test "should destroy User" do
|
||||||
visit user_url(@user)
|
login(@user.email)
|
||||||
|
visit user_url(users(:two))
|
||||||
click_on "Destroy this user", match: :first
|
click_on "Destroy this user", match: :first
|
||||||
|
|
||||||
assert_text "User was successfully destroyed"
|
assert_text "User was successfully destroyed"
|
||||||
|
|
|
@ -10,4 +10,8 @@ class ActiveSupport::TestCase
|
||||||
fixtures :all
|
fixtures :all
|
||||||
|
|
||||||
# Add more helper methods to be used by all tests here...
|
# Add more helper methods to be used by all tests here...
|
||||||
|
def login(email, password = "secret")
|
||||||
|
post sessions_url, params: { session: { email: email, password: password } }
|
||||||
|
assert session[:current_user_id].present?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue