managers can login to /management

2016-05-10 19:10:02 +02:00
parent 9ed3fa2a22
commit d1e50d70d6
8 changed files with 51 additions and 9 deletions
--- a/spec/controllers/management/sessions_controller_spec.rb
+++ b/spec/controllers/management/sessions_controller_spec.rb
@@ -6,31 +6,44 @@ describe Management::SessionsController do
    it "should deny access if wrong manager credentials" do
      allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(false)
      expect { get :create, login: "nonexistent" , clave_usuario: "wrong"}.to raise_error CanCan::AccessDenied
+      expect(session[:manager]).to be_nil
    end

-    it "should redirect to management root path if right credentials" do
+    it "should redirect to management root path if authorized manager with right credentials" do
      manager = {login: "JJB033", user_key: "31415926" , date: "20151031135905"}
      allow_any_instance_of(ManagerAuthenticator).to receive(:auth).and_return(manager)

      get :create, login: "JJB033" , clave_usuario: "31415926", fecha_conexion: "20151031135905"
      expect(response).to be_redirect
+      expect(session[:manager][:login]).to eq "JJB033"
    end

    it "should redirect to management root path if user is admin" do
-      sign_in create(:administrator).user
+      user = create(:administrator).user
+      sign_in user
      get :create
      expect(response).to be_redirect
+      expect(session[:manager][:login]).to eq "admin_user_#{user.id}"
    end

-    it "should deny access if user is not admin" do
+    it "should redirect to management root path if user is manager" do
+      user = create(:manager).user
+      sign_in user
+      get :create
+      expect(response).to be_redirect
+      expect(session[:manager][:login]).to eq "manager_user_#{user.id}"
+    end
+
+    it "should deny access if user is not admin or manager" do
      sign_in create(:user)
      expect { get :create}.to raise_error CanCan::AccessDenied
+      expect(session[:manager]).to be_nil
    end
  end

  describe 'Sign out' do
    it "should destroy the session data and redirect" do
-      session[:manager] = {user_key: "31415926" , date: "20151031135905", login: "JJB033"}
+      session[:manager] = {user_key: "31415926", date: "20151031135905", login: "JJB033"}
      session[:document_type] =  "1"
      session[:document_number] = "12345678Z"