consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allows admin to sign in into management

Browse Source
This commit is contained in:
Juanjo Bazán
2016-04-27 17:23:58 +02:00
parent 5ec1964d30
commit 2eabab657a
2 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/controllers/management/sessions_controller.rb
View File

@@ -4,11 +4,10 @@ class Management::SessionsController < ActionController::Base
def create
destroy_session
if manager = ManagerAuthenticator.new(params).auth
session[:manager] = manager
if admin? || manager?
redirect_to management_root_path
else
raise ActionController::RoutingError.new('Not Found')
raise CanCan::AccessDenied
end
end
@@ -25,4 +24,16 @@ class Management::SessionsController < ActionController::Base
session[:document_number] = nil
end
end
def admin?
if current_user.try(:administrator?)
session[:manager] = {login: "admin_user_#{current_user.id}"}
end
end
def manager?
if manager = ManagerAuthenticator.new(params).auth
session[:manager] = manager
end
end
end

15
spec/controllers/management/sessions_controller_spec.rb
View File

@@ -3,9 +3,9 @@ require 'rails_helper'
describe Management::SessionsController do
describe 'Sign in' do
it "should return 404 if wrong credentials" do
it "should deny access if wrong manager credentials" do
allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false)
expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error "Not Found"
expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error CanCan::AccessDenied
end
it "should redirect to management root path if right credentials" do
@@ -15,6 +15,17 @@ describe Management::SessionsController do
get :create, login: "JJB033" , clave_usuario: "31415926", fecha_conexion: "20151031135905"
expect(response).to be_redirect
end
it "should redirect to management root path if user is admin" do
sign_in create(:administrator).user
get :create
expect(response).to be_redirect
end
it "should deny access if user is not admin" do
sign_in create(:user)
expect { get :create}.to raise_error CanCan::AccessDenied
end
end
describe 'Sign out' do