From 3c2c93dc316180dc7598c5b0222eb73a0ffc751c Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 31 Jan 2013 15:44:00 -0800 Subject: [PATCH] add User resource, restrict generic resource pages to admin users --- app/assets/javascripts/users.js.coffee | 3 +++ app/assets/stylesheets/users.css.scss | 3 +++ app/controllers/application_controller.rb | 11 +++++++++++ app/controllers/collections_controller.rb | 2 ++ app/controllers/links_controller.rb | 1 + app/controllers/logs_controller.rb | 1 + app/controllers/pipeline_invocations_controller.rb | 1 + app/controllers/pipelines_controller.rb | 1 + app/controllers/projects_controller.rb | 1 + app/controllers/specimens_controller.rb | 1 + app/controllers/users_controller.rb | 3 +++ app/helpers/users_helper.rb | 2 ++ app/models/user.rb | 6 ++++++ config/routes.rb | 3 +++ test/fixtures/users.yml | 11 +++++++++++ test/functional/users_controller_test.rb | 7 +++++++ test/unit/helpers/users_helper_test.rb | 4 ++++ test/unit/user_test.rb | 7 +++++++ 18 files changed, 68 insertions(+) create mode 100644 app/assets/javascripts/users.js.coffee create mode 100644 app/assets/stylesheets/users.css.scss create mode 100644 app/controllers/users_controller.rb create mode 100644 app/helpers/users_helper.rb create mode 100644 app/models/user.rb create mode 100644 test/fixtures/users.yml create mode 100644 test/functional/users_controller_test.rb create mode 100644 test/unit/helpers/users_helper_test.rb create mode 100644 test/unit/user_test.rb diff --git a/app/assets/javascripts/users.js.coffee b/app/assets/javascripts/users.js.coffee new file mode 100644 index 0000000000..761567942f --- /dev/null +++ b/app/assets/javascripts/users.js.coffee @@ -0,0 +1,3 @@ +# Place all the behaviors and hooks related to the matching controller here. +# All this logic will automatically be available in application.js. +# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ diff --git a/app/assets/stylesheets/users.css.scss b/app/assets/stylesheets/users.css.scss new file mode 100644 index 0000000000..31a2eacb84 --- /dev/null +++ b/app/assets/stylesheets/users.css.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the Users controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3dda0b08c0..0ec378ed6c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -136,4 +136,15 @@ class ApplicationController < ActionController::Base false end end + + def current_user + @current_user ||= User.current + end + + def ensure_current_user_is_admin + unless current_user and current_user.is_admin + @errors = ['Permission denied'] + self.render_error status: 401 + end + end end diff --git a/app/controllers/collections_controller.rb b/app/controllers/collections_controller.rb index 7180e85733..335dc30649 100644 --- a/app/controllers/collections_controller.rb +++ b/app/controllers/collections_controller.rb @@ -1,4 +1,6 @@ class CollectionsController < ApplicationController + before_filter :ensure_current_user_is_admin + def index @links = Link.where(head_kind: 'orvos#collection') | Link.where(tail_kind: 'orvos#collection') diff --git a/app/controllers/links_controller.rb b/app/controllers/links_controller.rb index 78529c149a..35a5dbc2e8 100644 --- a/app/controllers/links_controller.rb +++ b/app/controllers/links_controller.rb @@ -1,2 +1,3 @@ class LinksController < ApplicationController + before_filter :ensure_current_user_is_admin end diff --git a/app/controllers/logs_controller.rb b/app/controllers/logs_controller.rb index 0beaf56561..48ad4edf08 100644 --- a/app/controllers/logs_controller.rb +++ b/app/controllers/logs_controller.rb @@ -1,2 +1,3 @@ class LogsController < ApplicationController + before_filter :ensure_current_user_is_admin end diff --git a/app/controllers/pipeline_invocations_controller.rb b/app/controllers/pipeline_invocations_controller.rb index 4982ed7d5e..2f1dc79b66 100644 --- a/app/controllers/pipeline_invocations_controller.rb +++ b/app/controllers/pipeline_invocations_controller.rb @@ -1,2 +1,3 @@ class PipelineInvocationsController < ApplicationController + before_filter :ensure_current_user_is_admin end diff --git a/app/controllers/pipelines_controller.rb b/app/controllers/pipelines_controller.rb index 61e5b2446b..2af4d424ff 100644 --- a/app/controllers/pipelines_controller.rb +++ b/app/controllers/pipelines_controller.rb @@ -1,2 +1,3 @@ class PipelinesController < ApplicationController + before_filter :ensure_current_user_is_admin end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 60b4a9e373..bd290c4e2b 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -1,2 +1,3 @@ class ProjectsController < ApplicationController + before_filter :ensure_current_user_is_admin end diff --git a/app/controllers/specimens_controller.rb b/app/controllers/specimens_controller.rb index 47dd8a2358..748985347d 100644 --- a/app/controllers/specimens_controller.rb +++ b/app/controllers/specimens_controller.rb @@ -1,2 +1,3 @@ class SpecimensController < ApplicationController + before_filter :ensure_current_user_is_admin end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb new file mode 100644 index 0000000000..1594def111 --- /dev/null +++ b/app/controllers/users_controller.rb @@ -0,0 +1,3 @@ +class UsersController < ApplicationController + before_filter :ensure_current_user_is_admin +end diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb new file mode 100644 index 0000000000..2310a240d7 --- /dev/null +++ b/app/helpers/users_helper.rb @@ -0,0 +1,2 @@ +module UsersHelper +end diff --git a/app/models/user.rb b/app/models/user.rb new file mode 100644 index 0000000000..3c85c2d952 --- /dev/null +++ b/app/models/user.rb @@ -0,0 +1,6 @@ +class User < OrvosBase + def self.current + res = $orvos_api_client.api self, '/current' + $orvos_api_client.unpack_api_response(res) + end +end diff --git a/config/routes.rb b/config/routes.rb index 77f116801c..a24da46c36 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,4 +1,7 @@ Vcffarm::Application.routes.draw do + resources :users + + resources :logs diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml new file mode 100644 index 0000000000..c63aac0b60 --- /dev/null +++ b/test/fixtures/users.yml @@ -0,0 +1,11 @@ +# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html + +# This model initially had no columns defined. If you add columns to the +# model remove the '{}' from the fixture names and add the columns immediately +# below each fixture, per the syntax in the comments below +# +one: {} +# column: value +# +two: {} +# column: value diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb new file mode 100644 index 0000000000..d23f182948 --- /dev/null +++ b/test/functional/users_controller_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class UsersControllerTest < ActionController::TestCase + # test "the truth" do + # assert true + # end +end diff --git a/test/unit/helpers/users_helper_test.rb b/test/unit/helpers/users_helper_test.rb new file mode 100644 index 0000000000..96af37a821 --- /dev/null +++ b/test/unit/helpers/users_helper_test.rb @@ -0,0 +1,4 @@ +require 'test_helper' + +class UsersHelperTest < ActionView::TestCase +end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb new file mode 100644 index 0000000000..82f61e0109 --- /dev/null +++ b/test/unit/user_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class UserTest < ActiveSupport::TestCase + # test "the truth" do + # assert true + # end +end -- 2.39.5