Agile Web Development with Rails, Edition 4

Agile Web Development with Rails, Edition 4

15.1 Task J1: Selecting the locale 14.4 Iteration I4: Adding a Sidebar

14.5 Playtime

Verify that accessing product information requires login

edit test/functional/products_controller_test.rb
  test "should require login" do
    logout
    get :index
    assert_redirected_to login_path
  end

Verify that the test passes

rake test:functionals
Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p290/gems/rake-0.9.2.2/lib/rake/rake_test_loader
Started
................................................
Finished in 3.028409 seconds.
 
48 tests, 79 assertions, 0 failures, 0 errors, 0 skips
 
Test run options: --seed 28701

Look at the data in the database

sqlite3 db/development.sqlite3 .schema
CREATE TABLE "carts" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "created_at" datetime NOT NULL, "updated_at" datetime NOT NULL);
CREATE TABLE "line_items" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "product_id" integer, "cart_id" integer, "created_at" datetime NOT NULL, "updated_at" datetime NOT NULL, "quantity" integer DEFAULT 1, "price" decimal, "order_id" integer);
CREATE TABLE "orders" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255), "address" text, "email" varchar(255), "pay_type" varchar(255), "created_at" datetime NOT NULL, "updated_at" datetime NOT NULL);
CREATE TABLE "products" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "title" varchar(255), "description" text, "image_url" varchar(255), "price" decimal(8,2), "created_at" datetime NOT NULL, "updated_at" datetime NOT NULL);
CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL);
CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255), "password_digest" varchar(255), "created_at" datetime NOT NULL, "updated_at" datetime NOT NULL);
CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version");

Try requesting the xml... see auth failure.

curl --silent http://localhost:3000/products/2/who_bought.xml
<html><body>You are being <a href="http://localhost:3000/login">redirected</a>.</body></html>

Is this the best way to detect request format?

Enable basic auth

edit app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
  before_filter :authorize
 
    # ...
  protected
 
    def authorize
      if request.format == Mime::HTML 
        unless User.find_by_id(session[:user_id])
          redirect_to login_url, notice: "Please log in"
        end
      else
        authenticate_or_request_with_http_basic do |username, password|
          user = User.find_by_name(username)
          user && user.authenticate(password)
        end
      end
    end

Try requesting the xml... see auth succeed.

curl --silent --user dave:secret http://localhost:3000/products/2/who_bought.xml
<order_list for_product="CoffeeScript">
  <order>
    <name>Dave Thomas</name>
    <email>customer@example.com</email>
  </order>
</order_list>

15.1 Task J1: Selecting the locale 14.4 Iteration I4: Adding a Sidebar