diff options
-rw-r--r-- | app/controllers/admin_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/application.rb | 90 | ||||
-rw-r--r-- | app/controllers/user_controller.rb | 71 | ||||
-rw-r--r-- | app/models/public_body.rb | 6 | ||||
-rw-r--r-- | spec/controllers/admin_controller_spec.rb | 10 |
5 files changed, 98 insertions, 83 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 7bb60b036..76fb8de07 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -1,10 +1,10 @@ -# app/controllers/admin_public_body_controller.rb: +# app/controllers/admin_controller.rb: # Controller for admin interface. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: admin_controller.rb,v 1.1 2007-09-03 09:39:20 francis Exp $ +# $Id: admin_controller.rb,v 1.2 2007-10-31 17:25:29 francis Exp $ class AdminController < ApplicationController layout "admin" diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 1fde074a9..d0d0fef7e 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.19 2007-10-31 12:39:58 francis Exp $ +# $Id: application.rb,v 1.20 2007-10-31 17:25:29 francis Exp $ class ApplicationController < ActionController::Base @@ -16,74 +16,6 @@ class ApplicationController < ActionController::Base # Pick a unique cookie name to distinguish our session data from others' session :session_key => '_foi_session_id' - # Login form - def signin - # The explict signin link uses this to store where it is to go back to - if params[:r] - session[:intended_uri] = params[:r] - session[:intended_params] = nil - end - - if not params[:user] - # First time page is shown - render :template => 'user_accounts/signin' and return - else - @user = User.authenticate(params[:user][:email], params[:user][:password]) - if @user - # Successful login - session[:user] = @user.id - post_redirect session[:intended_uri], session[:intended_params] and return - else - if User.find(:first, :conditions => [ "email = ?", params[:user][:email] ]) - # Failed to authenticate - flash[:error] = "Password not correct, please try again" - @user = User.new(params[:user]) - render :template => 'user_accounts/signin' and return - else - # "I am new to FOIFA" - session[:email] = params[:user][:email] - session[:password] = params[:user][:password] - session[:first_time] = true - redirect_to :action => 'signup' and return - end - end - end - end - - # Create new account form - def signup - # Default to value saved from signin form - params[:user] ||= { :email => session[:email] } - params[:user] ||= { :password => session[:password] } - - # Make the user and try to save it - @user = User.new(params[:user]) - if not @user.save - # First time get to form (e.g. from signin) , don't show errors - if session[:first_time] - @first_time = true - @user.errors.clear - session[:first_time] = false - end - # Show the form - render :template => 'user_accounts/signup' - else - # New user made, redirect back to where we were - session[:user] = @user.id - post_redirect session[:intended_uri], session[:intended_params] and return - end - end - - # Logout form - def signout - session[:user] = nil - if params[:r] - redirect_to params[:r] - else - redirect_to :action => "index" - end - end - private # Check the user is logged in @@ -102,7 +34,9 @@ class ApplicationController < ActionController::Base return User.find(session[:user]) end - # Post redirect + # Do a POST redirect. This is a nasty hack - we store the posted values to + # the controller, and when the GET redirect with "?post_redirect=1" + # happens, load them in. def post_redirect(uri, params) session[:post_redirect_params] = params # XXX what is built in Ruby URI munging function? @@ -114,6 +48,14 @@ class ApplicationController < ActionController::Base redirect_to uri end + # If we are in a faked redirect to POST request, then set post params. + before_filter :check_in_post_redirect + def check_in_post_redirect + if params[:post_redirect] and session[:post_redirect_params] + params.update(session[:post_redirect_params]) + end + end + # Default layout shows user in corner, so needs access to it before_filter :authentication_check def authentication_check @@ -122,14 +64,6 @@ class ApplicationController < ActionController::Base end end - # If we are in a redirect to POST request, then set params - before_filter :check_in_post_redirect - def check_in_post_redirect - if params[:post_redirect] and session[:post_redirect_params] - params.update(session[:post_redirect_params]) - end - end - # For administration interface, return display name of authenticated user def admin_http_auth_user if not request.env["REMOTE_USER"] diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 959630166..084bbbc81 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.6 2007-10-31 12:39:58 francis Exp $ +# $Id: user_controller.rb,v 1.7 2007-10-31 17:25:29 francis Exp $ class UserController < ApplicationController # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below @@ -12,6 +12,75 @@ class UserController < ApplicationController @display_users = User.find(:all, :conditions => [ "regexp_replace(replace(lower(name), ' ', '-'), '[^a-z0-9_-]', '', 'g') = ?", params[:simple_name] ], :order => "created_at desc") end + # Login form + def signin + # The explict signin link uses this to store where it is to go back to + if params[:r] + session[:intended_uri] = params[:r] + session[:intended_params] = nil + end + + if not params[:user] + # First time page is shown + render :template => 'user_accounts/signin' and return + else + @user = User.authenticate(params[:user][:email], params[:user][:password]) + if @user + # Successful login + session[:user] = @user.id + post_redirect session[:intended_uri], session[:intended_params] and return + else + if User.find(:first, :conditions => [ "email = ?", params[:user][:email] ]) + # Failed to authenticate + flash[:error] = "Password not correct, please try again" + @user = User.new(params[:user]) + render :template => 'user_accounts/signin' and return + else + # "I am new to FOIFA" + session[:email] = params[:user][:email] + session[:password] = params[:user][:password] + session[:first_time] = true + redirect_to :action => 'signup' and return + end + end + end + end + + # Create new account form + def signup + # Default to value saved from signin form + params[:user] ||= { :email => session[:email] } + params[:user] ||= { :password => session[:password] } + + # Make the user and try to save it + @user = User.new(params[:user]) + if not @user.save + # First time get to form (e.g. from signin) , don't show errors + if session[:first_time] + @first_time = true + @user.errors.clear + session[:first_time] = false + end + # Show the form + render :template => 'user_accounts/signup' + else + # New user made, redirect back to where we were + session[:user] = @user.id + post_redirect session[:intended_uri], session[:intended_params] and return + end + end + + # Logout form + def signout + session[:user] = nil + if params[:r] + redirect_to params[:r] + else + redirect_to :action => "index" + end + end + + private end diff --git a/app/models/public_body.rb b/app/models/public_body.rb index 5f3c4ceb3..6a5134396 100644 --- a/app/models/public_body.rb +++ b/app/models/public_body.rb @@ -1,12 +1,14 @@ -# models/info_request.rb: +# models/public_body.rb: # A public body, from which information can be requested. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: public_body.rb,v 1.8 2007-10-30 14:23:21 francis Exp $ +# $Id: public_body.rb,v 1.9 2007-10-31 17:25:29 francis Exp $ class PublicBody < ActiveRecord::Base + validates_presence_of :name + validates_presence_of :short_name validates_presence_of :request_email has_many :info_requests diff --git a/spec/controllers/admin_controller_spec.rb b/spec/controllers/admin_controller_spec.rb new file mode 100644 index 000000000..5a52d1641 --- /dev/null +++ b/spec/controllers/admin_controller_spec.rb @@ -0,0 +1,10 @@ +require File.dirname(__FILE__) + '/../spec_helper' + +describe AdminController, "when viewing front page of admin interface" do + + it "should render the front page" do + get :index + response.should render_template('index') + end + +end |