diff options
| -rw-r--r-- | app/controllers/user_controller.rb | 43 | ||||
| -rw-r--r-- | app/models/user.rb | 4 | ||||
| -rw-r--r-- | app/views/user/profile_photo.rhtml | 30 | ||||
| -rw-r--r-- | app/views/user/show.rhtml | 66 | ||||
| -rw-r--r-- | config/routes.rb | 1 | ||||
| -rw-r--r-- | spec/controllers/user_controller_spec.rb | 26 | ||||
| -rw-r--r-- | spec/models/profile_photo_spec.rb | 3 |
7 files changed, 132 insertions, 41 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 77508e0c6..b3f9511b5 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -107,7 +107,7 @@ class UserController < ApplicationController # Make the user and try to save it @user_signup = User.new(params[:user_signup]) - if not @user_signup.valid? + if !@user_signup.valid? # Show the form render :action => 'sign' else @@ -342,6 +342,42 @@ class UserController < ApplicationController }.flatten.sort { |a,b| b[:model].created_at <=> a[:model].created_at }.first(20) end + def profile_photo + # check they are logged in (the upload photo option is anyway only available when logged in) + if authenticated_user.nil? + flash[:error] = "You need to be logged in to change your profile photo." + redirect_to frontpage_url + return + end + if params[:submitted_profile_photo].nil? + # default page + return + end + + # check for uploaded image + file_name = nil + file_content = nil + if !params[:file].nil? + file_name = params[:file].original_filename + file_content = params[:file].read + end + if file_name.nil? + flash[:error] = "Please choose a file containing your photo" + return + end + + # change user's photo + @profile_photo = ProfilePhoto.new(:data => file_content) + @user.set_profile_photo(@profile_photo) + if !@profile_photo.valid? + # error page (uses @profile_photo's error fields in view to show errors) + return + end + + flash[:notice] = "Thank you for updating your profile photo" + redirect_to user_url(@user) + end + private # Decide where we are going to redirect back to after signin/signup, and record that @@ -388,10 +424,5 @@ class UserController < ApplicationController render :action => 'confirm' # must be same as for send_confirmation_mail above to avoid leak of presence of email in db end - def set_profile_photo - @photo_user = User.find(params[:id]) - new_profile_photo = ProfilePhoto.new(:data => data) - @photo_user.set_profile_photo(new_profile_photo) - end end diff --git a/app/models/user.rb b/app/models/user.rb index b27677d6e..eb8089cf1 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -279,7 +279,9 @@ class User < ActiveRecord::Base def set_profile_photo(new_profile_photo) ActiveRecord::Base.transaction do if !self.profile_photo.nil? - self.profile_photo.destroy + old_profile_photo = self.profile_photo + self.profile_photo = nil + old_profile_photo.destroy end new_profile_photo.user = self self.profile_photo = new_profile_photo diff --git a/app/views/user/profile_photo.rhtml b/app/views/user/profile_photo.rhtml new file mode 100644 index 000000000..3b227e6c2 --- /dev/null +++ b/app/views/user/profile_photo.rhtml @@ -0,0 +1,30 @@ +<% @title = "Change profile photo" %> + +<pre><%= params.to_yaml %></pre> + +<% raise "internal error" if not @user %> + +<h2>Change your profile photo</h2> + +<%= foi_error_messages_for :profile_photo %> + +<div id="profile_photo"> + +<% form_tag 'profile_photo', :html => { :id => 'profile_photo_form' }, :multipart => true do %> + <p> + <label class="form_label" for="file_1">Photo of you:</label> + <%= file_field_tag :file, :size => 35 %> + </p> + + <p><strong>Privacy note:</strong> Your photo will be shown in public on the Internet, + wherever you do something on WhatDoTheyKnow. + + <p> + <%= hidden_field_tag 'submitted_profile_photo', 1 %> + <%= submit_tag "Change profile photo" %> + </p> + +<% end %> + + +</div> diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml index eb547d953..4d2020cdc 100644 --- a/app/views/user/show.rhtml +++ b/app/views/user/show.rhtml @@ -51,7 +51,8 @@ <% if @is_you %> (just to see how it works) <br><%= link_to "Change your password", signchangepassword_url() %> | - <%= link_to "Change your email", signchangeemail_url() %> + <br><%= link_to "Change your email", signchangeemail_url() %> | + <br><%= link_to "Set profile photo", profile_photo_url() %> <% end %> </p> @@ -109,9 +110,12 @@ <% end %> <% end %> - <% if @is_you and not @track_things.empty? %> - <h2 id="email_subscriptions"> - Your <%=pluralize(@track_things.size, "email subscription") %> + <% if @is_you %> + <% if @track_things.empty? %> + <h2 id="email_subscriptions"> Your email subscriptions</h2> + <p>None made.</p> + <% else %> + <h2 id="email_subscriptions"> Your <%=pluralize(@track_things.size, "email subscription") %> </h2> <% if @track_things_grouped.size == 1 %> <% form_tag :controller => 'track', :action => 'delete_all_type' do %> <h3> @@ -125,36 +129,36 @@ </h3> <% end %> <% end %> - </h2> - <% for track_type, track_things in @track_things_grouped %> - <% if @track_things_grouped.size > 1 %> - <% form_tag :controller => 'track', :action => 'delete_all_type' do %> - <h3> - <%=TrackThing.track_type_description(track_type)%> - <%= hidden_field_tag 'track_type', track_type %> - <%= hidden_field_tag 'user', @display_user.id %> - <%= hidden_field_tag 'r', request.request_uri %> - <% if track_things.size > 1 %> - <%= submit_tag "unsubscribe all" %> - <% end %> - </h3> + <% for track_type, track_things in @track_things_grouped %> + <% if @track_things_grouped.size > 1 %> + <% form_tag :controller => 'track', :action => 'delete_all_type' do %> + <h3> + <%=TrackThing.track_type_description(track_type)%> + <%= hidden_field_tag 'track_type', track_type %> + <%= hidden_field_tag 'user', @display_user.id %> + <%= hidden_field_tag 'r', request.request_uri %> + <% if track_things.size > 1 %> + <%= submit_tag "unsubscribe all" %> + <% end %> + </h3> + <% end %> <% end %> - <% end %> - <ul> - <% for track_thing in track_things %> - <li> - <% form_tag :controller => 'track', :action => 'update', :track_id => track_thing.id do %> - <div> - <%= track_thing.params[:list_description] %> - <%= hidden_field_tag 'track_medium', "delete", { :id => 'track_medium_' + track_thing.id.to_s } %> - <%= hidden_field_tag 'r', request.request_uri, { :id => 'r_' + track_thing.id.to_s } %> - <%= submit_tag "unsubscribe" %> - </div> - <% end %> - </li> + <ul> + <% for track_thing in track_things %> + <li> + <% form_tag :controller => 'track', :action => 'update', :track_id => track_thing.id do %> + <div> + <%= track_thing.params[:list_description] %> + <%= hidden_field_tag 'track_medium', "delete", { :id => 'track_medium_' + track_thing.id.to_s } %> + <%= hidden_field_tag 'r', request.request_uri, { :id => 'r_' + track_thing.id.to_s } %> + <%= submit_tag "unsubscribe" %> + </div> + <% end %> + </li> + <% end %> + </ul> <% end %> - </ul> <% end %> <% end %> diff --git a/config/routes.rb b/config/routes.rb index 78252df91..65858f9df 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -62,6 +62,7 @@ ActionController::Routing::Routes.draw do |map| user.show_user '/user/:url_name', :action => 'show' user.contact_user '/user/contact/:id', :action => 'contact' user.river '/river', :action => 'river' + user.profile_photo '/profile_photo', :action => 'profile_photo' end map.with_options :controller => 'public_body' do |body| diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 193cf476c..7fc9dbf98 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -283,9 +283,25 @@ describe UserController, "when changing password" do end it "should not change the password, if you're not logged in" do + session[:user_circumstance] = "change_password" + + old_hash = users(:bob_smith_user).hashed_password + post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' }, + :submitted_signchange_password => 1 + } + users(:bob_smith_user).hashed_password.should == old_hash end it "should not change the password, if you're just logged in normally" do + session[:user_id] = users(:bob_smith_user).id + session[:user_circumstance] = nil + + old_hash = users(:bob_smith_user).hashed_password + post :signchange, { :user => { :password => 'ooo', :password_confirmation => 'ooo' }, + :submitted_signchange_password => 1 + } + + users(:bob_smith_user).hashed_password.should == old_hash end end @@ -437,4 +453,14 @@ describe UserController, "when changing email address" do end end +describe UserController, "when using profile photos" do + integrate_views + fixtures :users + + it "should not let you change profile photo if you're not logged in as the user" do + user = users(:bob_smith_user) + data = load_file_fixture("parrot.png") + post :profile_photo, { :id => user.id, :data => data } + end +end diff --git a/spec/models/profile_photo_spec.rb b/spec/models/profile_photo_spec.rb index 51de45928..af58d0274 100644 --- a/spec/models/profile_photo_spec.rb +++ b/spec/models/profile_photo_spec.rb @@ -3,9 +3,6 @@ require File.dirname(__FILE__) + '/../spec_helper' describe ProfilePhoto, "when constructing a new photo" do before do - #@request_event = mock_model(InfoRequestEvent, :xapian_mark_needs_index => true) - #@request = mock_model(InfoRequest, :info_request_events => [@request_event]) - #@user = mock_model(User) end it 'should take no image as invalid' do |