diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0b078c31..167f87e8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,3 +1,12 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception, prepend: true + + + def verify_admin + return true if current_user.admin?(@school) + + redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.' + return false + end + end diff --git a/app/controllers/recipient_lists_controller.rb b/app/controllers/recipient_lists_controller.rb index 1b7a9465..3a976af9 100644 --- a/app/controllers/recipient_lists_controller.rb +++ b/app/controllers/recipient_lists_controller.rb @@ -1,5 +1,7 @@ class RecipientListsController < ApplicationController + before_action :authenticate_user! before_action :set_school + before_action :verify_admin before_action :set_recipient_list, only: [:show, :edit, :update, :destroy] # GET schools/1/recipient_lists diff --git a/app/controllers/recipients_controller.rb b/app/controllers/recipients_controller.rb index 8206f9e7..cb54e318 100644 --- a/app/controllers/recipients_controller.rb +++ b/app/controllers/recipients_controller.rb @@ -1,5 +1,7 @@ class RecipientsController < ApplicationController + before_action :authenticate_user! before_action :set_school + before_action :verify_admin before_action :set_recipient, only: [:show, :edit, :update, :destroy] # GET /recipients diff --git a/app/controllers/schedules_controller.rb b/app/controllers/schedules_controller.rb index 8d44948a..bf2f104e 100644 --- a/app/controllers/schedules_controller.rb +++ b/app/controllers/schedules_controller.rb @@ -59,10 +59,4 @@ class SchedulesController < ApplicationController params.require(:schedule).permit(:name, :description, :school_id, :frequency_hours, :start_date, :end_date, :active, :random, :recipient_list_id, :question_list_id) end - def verify_admin - return true if current_user.admin?(@school) - - redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.' - return false - end end diff --git a/app/controllers/schools_controller.rb b/app/controllers/schools_controller.rb index ddf29410..26c2829d 100644 --- a/app/controllers/schools_controller.rb +++ b/app/controllers/schools_controller.rb @@ -73,10 +73,4 @@ class SchoolsController < ApplicationController params.require(:school).permit(:name, :district_id) end - def verify_admin - return true if current_user.admin?(@school) - - redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.' - return false - end end diff --git a/spec/controllers/recipient_lists_controller_spec.rb b/spec/controllers/recipient_lists_controller_spec.rb index 9178053a..35aedd7b 100644 --- a/spec/controllers/recipient_lists_controller_spec.rb +++ b/spec/controllers/recipient_lists_controller_spec.rb @@ -20,6 +20,7 @@ require 'rails_helper' RSpec.describe RecipientListsController, type: :controller do + let!(:user) { User.create(email: 'test@test.com', password: '123456') } let(:school) { School.create!(name: 'School') } # This should return the minimal set of attributes required to create a valid @@ -43,6 +44,11 @@ RSpec.describe RecipientListsController, type: :controller do # RecipientListsController. Be sure to keep this updated too. let(:valid_session) { {} } + before :each do + user.user_schools.create(school: school) + sign_in user + end + describe "GET #index" do it "assigns all recipient_lists as @recipient_lists" do recipient_list = RecipientList.create! valid_attributes diff --git a/spec/controllers/recipients_controller_spec.rb b/spec/controllers/recipients_controller_spec.rb index 81fb7772..2cef9e72 100644 --- a/spec/controllers/recipients_controller_spec.rb +++ b/spec/controllers/recipients_controller_spec.rb @@ -20,6 +20,7 @@ require 'rails_helper' RSpec.describe RecipientsController, type: :controller do + let!(:user) { User.create(email: 'test@test.com', password: '123456') } let(:school) { School.create!(name: 'School') } # This should return the minimal set of attributes required to create a valid @@ -40,6 +41,11 @@ RSpec.describe RecipientsController, type: :controller do # RecipientsController. Be sure to keep this updated too. let(:valid_session) { {} } + before :each do + user.user_schools.create(school: school) + sign_in user + end + describe "GET #index" do it "assigns all recipients as @recipients" do recipient = Recipient.create! valid_attributes