14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users
require authorization before every access
edit app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
before_filter :authorize
# ...
protected
def authorize
unless User.find_by_id(session[:user_id])
redirect_to login_url, notice: "Please log in"
end
end
end
whitelist the sessions and store controllers
edit app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
skip_before_filter :authorize
edit app/controllers/store_controller.rb
class StoreController < ApplicationController
skip_before_filter :authorize
whitelist cart operations
edit app/controllers/carts_controller.rb
class CartsController < ApplicationController
skip_before_filter :authorize, only: [:create, :update, :destroy]
def invalid_cart
logger.error "Attempt to access invalid cart #{params[:id]}"
redirect_to store_url, notice: 'Invalid cart'
end
end
whitelist line_item operations
edit app/controllers/line_items_controller.rb
class LineItemsController < ApplicationController
skip_before_filter :authorize, only: :create
whitelist order operations
edit app/controllers/orders_controller.rb
class OrdersController < ApplicationController
skip_before_filter :authorize, only: [:new, :create]
Cause all tests to do an implicit login
edit test/test_helper.rb
class ActiveSupport::TestCase
# ...
# Add more helper methods to be used by all tests here...
def login_as(user)
session[:user_id] = users(user).id
end
def logout
session.delete :user_id
end
def setup
login_as :one if defined? session
end
end
Show that the now pass
rake test
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p320/gems/rake-10.1.1/lib/rake/rake_test_loader
Started
CartTest:
PASS add duplicate product (0.38s)
PASS add unique products (0.01s)
ProductTest:
PASS image url (0.02s)
PASS product attributes must not be empty (0.00s)
PASS product is not valid without a unique title (0.00s)
PASS product is not valid without a unique title - i18n (0.00s)
PASS product price must be positive (0.00s)
Finished in 0.447310 seconds.
7 tests, 28 assertions, 0 failures, 0 errors, 0 skips
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p320/gems/rake-10.1.1/lib/rake/rake_test_loader
Started
AdminControllerTest:
PASS should get index (0.30s)
CartsControllerTest:
PASS should create cart (0.01s)
PASS should destroy cart (0.05s)
PASS should get edit (0.05s)
PASS should get index (0.01s)
PASS should get new (0.01s)
PASS should show cart (0.01s)
PASS should update cart (0.01s)
LineItemsControllerTest:
PASS should create line item (0.01s)
PASS should create line item via ajax (0.10s)
PASS should destroy line item (0.01s)
PASS should get edit (0.01s)
PASS should get index (0.01s)
PASS should get new (0.01s)
PASS should show line item (0.01s)
PASS should update line item (0.01s)
OrderNotifierTest:
PASS received (0.09s)
PASS shipped (0.06s)
OrdersControllerTest:
PASS requires item in cart (0.01s)
PASS should create order (0.02s)
PASS should destroy order (0.01s)
PASS should get edit (0.04s)
PASS should get index (0.01s)
PASS should get new (0.01s)
PASS should show order (0.01s)
PASS should update order (0.01s)
ProductsControllerTest:
PASS can't delete product in cart (0.01s)
PASS should create product (0.02s)
PASS should destroy product (0.01s)
PASS should get edit (0.01s)
PASS should get index (0.04s)
PASS should get new (0.01s)
PASS should show product (0.01s)
PASS should update product (0.01s)
SessionsControllerTest:
PASS should fail login (0.09s)
PASS should get new (0.01s)
PASS should login (0.09s)
PASS should logout (0.00s)
StoreControllerTest:
PASS markup needed for store.js.coffee is in place (0.02s)
PASS should get index (0.01s)
UsersControllerTest:
PASS should create user (0.09s)
PASS should destroy user (0.01s)
PASS should get edit (0.01s)
PASS should get index (0.01s)
PASS should get new (0.01s)
PASS should show user (0.01s)
PASS should update user (0.09s)
Finished in 1.388310 seconds.
47 tests, 78 assertions, 0 failures, 0 errors, 0 skips
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p320/gems/rake-10.1.1/lib/rake/rake_test_loader
Started
DslUserStoriesTest:
PASS buying a product (0.65s)
PASS two people buying (0.13s)
UserStoriesTest:
PASS buying a product (0.06s)
Finished in 0.842397 seconds.
3 tests, 47 assertions, 0 failures, 0 errors, 0 skips
14.4 Iteration I4: Adding a Sidebar 14.2 Iteration I2: Authenticating Users