From 42fd3edbaebc85bc60bb4e6eff4e2cb37d89c573 Mon Sep 17 00:00:00 2001 From: Jared Cosulich Date: Thu, 13 Apr 2017 11:29:56 -0400 Subject: [PATCH] adding more authentication, fixing category bug --- app/controllers/questions_controller.rb | 6 +++ app/controllers/schedules_controller.rb | 14 ++++-- app/models/attempt.rb | 2 +- app/models/category.rb | 2 +- app/models/recipient.rb | 1 + app/views/schedules/index.html.haml | 33 ------------- spec/controllers/questions_controller_spec.rb | 5 ++ spec/controllers/schedules_controller_spec.rb | 10 ++-- spec/models/attempt_spec.rb | 2 +- spec/views/schedules/index.html.erb_spec.rb | 46 ------------------- 10 files changed, 28 insertions(+), 93 deletions(-) delete mode 100644 app/views/schedules/index.html.haml delete mode 100644 spec/views/schedules/index.html.erb_spec.rb diff --git a/app/controllers/questions_controller.rb b/app/controllers/questions_controller.rb index fce8e41f..9cec82c4 100644 --- a/app/controllers/questions_controller.rb +++ b/app/controllers/questions_controller.rb @@ -1,4 +1,6 @@ class QuestionsController < ApplicationController + before_action :authenticate_user!, except: [:show] + before_action :verify_super_admin, except: [:show] before_action :set_school, only: [:show] before_action :set_question, only: [:show, :edit, :update, :destroy] @@ -78,4 +80,8 @@ class QuestionsController < ApplicationController def question_params params.require(:question).permit(:text, :option1, :option2, :option3, :option4, :option5, :category_id) end + + def verify_super_admin + user_signed_in? && current_user.super_admin? + end end diff --git a/app/controllers/schedules_controller.rb b/app/controllers/schedules_controller.rb index 9d77214b..8d44948a 100644 --- a/app/controllers/schedules_controller.rb +++ b/app/controllers/schedules_controller.rb @@ -1,12 +1,9 @@ class SchedulesController < ApplicationController + before_action :authenticate_user!, except: [:show] before_action :set_school + before_action :verify_admin before_action :set_schedule, only: [:show, :edit, :update, :destroy] - # GET schools/1/schedules - def index - @schedules = @school.schedules - end - # GET schools/1/schedules/1 def show end @@ -61,4 +58,11 @@ class SchedulesController < ApplicationController def schedule_params params.require(:schedule).permit(:name, :description, :school_id, :frequency_hours, :start_date, :end_date, :active, :random, :recipient_list_id, :question_list_id) end + + def verify_admin + return true if current_user.admin?(@school) + + redirect_to root_path, notice: 'You must be logged in as an admin of that school to access that page.' + return false + end end diff --git a/app/models/attempt.rb b/app/models/attempt.rb index a122c2d6..628fb1dc 100644 --- a/app/models/attempt.rb +++ b/app/models/attempt.rb @@ -18,7 +18,7 @@ class Attempt < ApplicationRecord def messages [ #question.text, - "#{question.text}\n#{question.option1}: Reply 1\n\r#{question.option2}: Reply 2\n\r#{question.option3}: Reply 3\n\r#{question.option4}: Reply 4\n\r#{question.option5}: Reply 5\n\rReply 'stop' to stop these messages." + "#{question.text}\n\r#{question.option1}: Reply 1\n\r#{question.option2}: Reply 2\n\r#{question.option3}: Reply 3\n\r#{question.option4}: Reply 4\n\r#{question.option5}: Reply 5\n\rReply 'stop' to stop these messages." ] end diff --git a/app/models/category.rb b/app/models/category.rb index 9077dad4..e2e7d297 100644 --- a/app/models/category.rb +++ b/app/models/category.rb @@ -30,7 +30,7 @@ class Category < ApplicationRecord "resources", "indicators-of-academic-learning", "character-and-wellbeing-outcomes", - "family-questions" + "pilot-family-questions" ].index(root_identifier) end diff --git a/app/models/recipient.rb b/app/models/recipient.rb index c5115fc7..aa3cfba6 100644 --- a/app/models/recipient.rb +++ b/app/models/recipient.rb @@ -4,6 +4,7 @@ class Recipient < ApplicationRecord belongs_to :school validates_associated :school + has_many :recipient_schedules has_many :attempts validates :name, presence: true diff --git a/app/views/schedules/index.html.haml b/app/views/schedules/index.html.haml deleted file mode 100644 index c03bf0a4..00000000 --- a/app/views/schedules/index.html.haml +++ /dev/null @@ -1,33 +0,0 @@ -%h1 Listing schedules -%table - %tr - %th Name - %th Description - %th School - %th Frequency hours - %th Start date - %th End date - %th Active - %th Random - %th Recipient list - %th Question list - %th - %th - %th - - @schedules.each do |schedule| - %tr - %td= schedule.name - %td= schedule.description - %td= schedule.school.name - %td= schedule.frequency_hours - %td= schedule.start_date - %td= schedule.end_date - %td= schedule.active - %td= schedule.random - %td= schedule.recipient_list.name - %td= schedule.question_list.name - %td= link_to 'Show', [schedule.school, schedule] - %td= link_to 'Edit', edit_school_schedule_path(schedule.school, schedule) - %td= link_to 'Destroy', [schedule.school, schedule], :confirm => 'Are you sure?', :method => :delete -%br/ -= link_to 'New Schedule', new_school_schedule_path(@school) diff --git a/spec/controllers/questions_controller_spec.rb b/spec/controllers/questions_controller_spec.rb index 63182540..41b26851 100644 --- a/spec/controllers/questions_controller_spec.rb +++ b/spec/controllers/questions_controller_spec.rb @@ -23,6 +23,7 @@ RSpec.describe QuestionsController, type: :controller do # This should return the minimal set of attributes required to create a valid # Question. As you add validations to Question, be sure to # adjust the attributes here as well. + let!(:user) { User.create(email: 'test@test.com', password: '123456') } let (:category) { Category.create!(name: 'Category') } let(:valid_attributes) { { @@ -45,6 +46,10 @@ RSpec.describe QuestionsController, type: :controller do # QuestionsController. Be sure to keep this updated too. let(:valid_session) { {} } + before :each do + sign_in user + end + describe "GET #index" do it "assigns all questions as @questions" do question = Question.create! valid_attributes diff --git a/spec/controllers/schedules_controller_spec.rb b/spec/controllers/schedules_controller_spec.rb index 9aeb1134..b2de0680 100644 --- a/spec/controllers/schedules_controller_spec.rb +++ b/spec/controllers/schedules_controller_spec.rb @@ -20,6 +20,7 @@ require 'rails_helper' RSpec.describe SchedulesController, type: :controller do + let!(:user) { User.create(email: 'test@test.com', password: '123456') } let!(:school) { School.create!(name: 'School') } let!(:recipients) { create_recipients(school, 3) } @@ -54,12 +55,9 @@ RSpec.describe SchedulesController, type: :controller do # SchedulesController. Be sure to keep this updated too. let(:valid_session) { {} } - describe "GET #index" do - it "assigns all schedules as @schedules" do - schedule = Schedule.create! valid_attributes - get :index, params: {school_id: school.id}, session: valid_session - expect(assigns(:schedules)).to eq([schedule]) - end + before :each do + user.user_schools.create(school: school) + sign_in user end describe "GET #show" do diff --git a/spec/models/attempt_spec.rb b/spec/models/attempt_spec.rb index 1481dca1..8cc5477a 100644 --- a/spec/models/attempt_spec.rb +++ b/spec/models/attempt_spec.rb @@ -93,7 +93,7 @@ RSpec.describe Attempt, type: :model do it 'should contact the Twilio API' do expect(FakeSMS.messages.length).to eq(1) - expect(FakeSMS.messages.last.body).to eq("Question 0:1\nOption 0:1 A: Reply 1\n\rOption 0:1 B: Reply 2\n\rOption 0:1 C: Reply 3\n\rOption 0:1 D: Reply 4\n\rOption 0:1 E: Reply 5\n\rReply 'stop' to stop these messages.") + expect(FakeSMS.messages.last.body).to eq("Question 0:1\n\rOption 0:1 A: Reply 1\n\rOption 0:1 B: Reply 2\n\rOption 0:1 C: Reply 3\n\rOption 0:1 D: Reply 4\n\rOption 0:1 E: Reply 5\n\rReply 'stop' to stop these messages.") expect(FakeSMS.messages.last.to).to eq('1111111111') end diff --git a/spec/views/schedules/index.html.erb_spec.rb b/spec/views/schedules/index.html.erb_spec.rb deleted file mode 100644 index 7160c0ca..00000000 --- a/spec/views/schedules/index.html.erb_spec.rb +++ /dev/null @@ -1,46 +0,0 @@ -require 'rails_helper' - -RSpec.describe "schedules/index", type: :view do - before(:each) do - @question_list = QuestionList.create!(name: 'Parents Questions', question_id_array: [1, 2, 3]) - - @school = assign(:school, School.create!(name: 'School')) - - @recipient_list = RecipientList.create!(name: 'Parents', recipient_id_array: [1, 2, 3], school: @school) - - assign(:schedules, [ - Schedule.create!( - :name => "Name", - :description => "MyText", - :school_id => @school.id, - :frequency_hours => 3, - :active => false, - :random => false, - :recipient_list_id => @recipient_list.id, - :question_list_id => @question_list.id - ), - Schedule.create!( - :name => "Name", - :description => "MyText", - :school_id => @school.id, - :frequency_hours => 3, - :active => false, - :random => true, - :recipient_list_id => @recipient_list.id, - :question_list_id => @question_list.id, - ) - ]) - end - - it "renders a list of schedules" do - render - assert_select "tr>td", :text => "Name".to_s, :count => 2 - assert_select "tr>td", :text => "MyText".to_s, :count => 2 - assert_select "tr>td", :text => @school.name, :count => 2 - assert_select "tr>td", :text => 3.to_s, :count => 2 - assert_select "tr>td", :text => false.to_s, :count => 3 - assert_select "tr>td", :text => true.to_s, :count => 1 - assert_select "tr>td", :text => @recipient_list.name, :count => 2 - assert_select "tr>td", :text => @question_list.name, :count => 2 - end -end