more authentication

9 years ago · 615ee36fa1
parent 42fd3edbae
commit 615ee36fa1
7 changed files with 25 additions and 12 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,3 +1,12 @@
 class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception, prepend: true
+
+
+  def verify_admin
+    return true if current_user.admin?(@school)
+
+    redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.'
+    return false
+  end
+
 end
--- a/app/controllers/recipient_lists_controller.rb
+++ b/app/controllers/recipient_lists_controller.rb
@ -1,5 +1,7 @@
 class RecipientListsController < ApplicationController
+  before_action :authenticate_user!
  before_action :set_school
+  before_action :verify_admin
  before_action :set_recipient_list, only: [:show, :edit, :update, :destroy]

  # GET schools/1/recipient_lists
--- a/app/controllers/recipients_controller.rb
+++ b/app/controllers/recipients_controller.rb
@ -1,5 +1,7 @@
 class RecipientsController < ApplicationController
+  before_action :authenticate_user!
  before_action :set_school
+  before_action :verify_admin
  before_action :set_recipient, only: [:show, :edit, :update, :destroy]

  # GET /recipients
--- a/app/controllers/schedules_controller.rb
+++ b/app/controllers/schedules_controller.rb
@ -59,10 +59,4 @@ class SchedulesController < ApplicationController
      params.require(:schedule).permit(:name, :description, :school_id, :frequency_hours, :start_date, :end_date, :active, :random, :recipient_list_id, :question_list_id)
    end

-    def verify_admin
-      return true if current_user.admin?(@school)
-
-      redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.'
-      return false
-    end
 end
--- a/app/controllers/schools_controller.rb
+++ b/app/controllers/schools_controller.rb
@ -73,10 +73,4 @@ class SchoolsController < ApplicationController
      params.require(:school).permit(:name, :district_id)
    end

-    def verify_admin
-      return true if current_user.admin?(@school)
-
-      redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.'
-      return false
-    end
 end
--- a/spec/controllers/recipient_lists_controller_spec.rb
+++ b/spec/controllers/recipient_lists_controller_spec.rb
@ -20,6 +20,7 @@ require 'rails_helper'

 RSpec.describe RecipientListsController, type: :controller do

+  let!(:user) { User.create(email: 'test@test.com', password: '123456') }
  let(:school) { School.create!(name: 'School') }

  # This should return the minimal set of attributes required to create a valid
@ -43,6 +44,11 @@ RSpec.describe RecipientListsController, type: :controller do
  # RecipientListsController. Be sure to keep this updated too.
  let(:valid_session) { {} }

+  before :each do
+    user.user_schools.create(school: school)
+    sign_in user
+  end
+
  describe "GET #index" do
    it "assigns all recipient_lists as @recipient_lists" do
      recipient_list = RecipientList.create! valid_attributes
--- a/spec/controllers/recipients_controller_spec.rb
+++ b/spec/controllers/recipients_controller_spec.rb
@ -20,6 +20,7 @@ require 'rails_helper'

 RSpec.describe RecipientsController, type: :controller do

+  let!(:user) { User.create(email: 'test@test.com', password: '123456') }
  let(:school) { School.create!(name: 'School') }

  # This should return the minimal set of attributes required to create a valid
@ -40,6 +41,11 @@ RSpec.describe RecipientsController, type: :controller do
  # RecipientsController. Be sure to keep this updated too.
  let(:valid_session) { {} }

+  before :each do
+    user.user_schools.create(school: school)
+    sign_in user
+  end
+
  describe "GET #index" do
    it "assigns all recipients as @recipients" do
      recipient = Recipient.create! valid_attributes