cody/wrestlingdev.com
1
0
Fork 0
mirror of https://github.com/jcwimer/wrestlingApp synced 2026-03-25 01:14:43 +00:00
Code Issues Releases Wiki Activity

Test protecting controller paths

Browse Source
This commit is contained in:
Jacob Cody Wimer
2015-10-30 07:51:35 -04:00
parent d1437a56af
commit 685c71ade9
9 changed files with 457 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/mats_controller.rb
View File

@@ -1,6 +1,6 @@
class MatsController < ApplicationController
before_action :set_mat, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
# GET /mats/1
# GET /mats/1.json
@@ -76,12 +76,15 @@ class MatsController < ApplicationController
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = Tournament.find(params[:tournament])
elsif params[:mat]
@mat = Mat.new(mat_params)
@tournament = Tournament.find(@mat.tournament_id)
elsif @mat
@tournament = @mat.tournament
end
if current_user != @tournament.user
redirect_to root_path
redirect_to '/static_pages/not_allowed'
end
end
end

9
app/controllers/schools_controller.rb
View File

@@ -80,12 +80,15 @@ class SchoolsController < ApplicationController
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = Tournament.find(params[:tournament])
elsif params[:school]
@school = School.new(school_params)
@tournament = Tournament.find(@school.tournament_id)
elsif @school
@tournament = @school.tournament
end
if current_user != @tournament.user
redirect_to root_path
redirect_to '/static_pages/not_allowed'
end
end

14
app/controllers/weights_controller.rb
View File

@@ -1,6 +1,6 @@
class WeightsController < ApplicationController
before_action :set_weight, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
# GET /weights/1
@@ -91,15 +91,19 @@ class WeightsController < ApplicationController
def weight_params
params.require(:weight).permit(:max, :tournament_id, :mat_id)
end
def check_access
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
@tournament = Tournament.find(params[:tournament])
elsif params[:weight]
@weight = Weight.new(weight_params)
@tournament = Tournament.find(@weight.tournament_id)
elsif @weight
@tournament = @weight.tournament
end
if current_user != @tournament.user
redirect_to root_path
redirect_to '/static_pages/not_allowed'
end
end
end

25
app/controllers/wrestlers_controller.rb
View File

@@ -1,6 +1,6 @@
class WrestlersController < ApplicationController
before_action :set_wrestler, only: [:show, :edit, :update, :destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy]
before_filter :check_access, only: [:new,:create,:update,:destroy,:edit]
# GET /wrestlers/1
@@ -39,9 +39,6 @@ class WrestlersController < ApplicationController
# POST /wrestlers.json
def create
@wrestler = Wrestler.new(wrestler_params)
if current_user != @wrestler.tournament.user
redirect_to root_path
end
@school = School.find(wrestler_params[:school_id])
respond_to do |format|
if @wrestler.save
@@ -57,9 +54,6 @@ class WrestlersController < ApplicationController
# PATCH/PUT /wrestlers/1
# PATCH/PUT /wrestlers/1.json
def update
if current_user != @wrestler.tournament.user
redirect_to root_path
end
@school = School.find(@wrestler.school_id)
respond_to do |format|
if @wrestler.update(wrestler_params)
@@ -75,9 +69,6 @@ class WrestlersController < ApplicationController
# DELETE /wrestlers/1
# DELETE /wrestlers/1.json
def destroy
if current_user != @wrestler.tournament.user
redirect_to root_path
end
@school = School.find(@wrestler.school_id)
@wrestler.destroy
respond_to do |format|
@@ -97,14 +88,18 @@ class WrestlersController < ApplicationController
params.require(:wrestler).permit(:name, :school_id, :weight_id, :seed, :original_seed, :season_win, :season_loss,:criteria,:extra,:offical_weight)
end
def check_access
if params[:tournament]
@tournament = params[:tournament]
else
if params[:school]
@school = School.find(params[:school])
@tournament = Tournament.find(@school.tournament.id)
elsif params[:wrestler]
@wrestler = Wrestler.new(wrestler_params)
@school = School.find(@wrestler.school_id)
@tournament = Tournament.find(@school.tournament.id)
elsif @wrestler
@tournament = @wrestler.tournament
end
if current_user != @tournament.user
redirect_to root_path
redirect_to '/static_pages/not_allowed'
end
end
end

110
test/controllers/mats_controller_test.rb
View File

@@ -1,11 +1,109 @@
require 'test_helper'
class MatsControllerTest < ActionController::TestCase
# setup do
# @mat = mats(:one)
# end
include Devise::TestHelpers
test "the truth" do
assert true
end
setup do
@tournament = Tournament.find(1)
@tournament.generateMatchups
@mat = mats(:one)
end
def create
post :create, mat: {name: 'Mat100', tournament_id: 1}
end
def new
get :new, tournament: @tournament.id
end
def post_update
patch :update, id: @mat.id, mat: {name: @mat.name, tournament_id: @mat.tournament_id}
end
def destroy
delete :destroy, id: @mat.id
end
def get_edit
get :edit, id: @mat.id
end
def sign_in_owner
sign_in users(:one)
end
def sign_in_non_owner
sign_in users(:two)
end
def success
assert_response :success
end
def redirect
assert_redirected_to '/static_pages/not_allowed'
end
test "logged in tournament owner should get edit mat page" do
sign_in_owner
get_edit
success
end
test "logged in user should not get edit mat page if not owner" do
sign_in_non_owner
get_edit
redirect
end
test "non logged in user should not get edit mat page" do
get_edit
redirect
end
test "non logged in user should get post update mat" do
post_update
redirect
end
test "logged in user should not post update mat if not owner" do
sign_in_non_owner
post_update
redirect
end
test "logged in tournament owner should post update mat" do
sign_in_owner
post_update
assert_redirected_to tournament_path(@mat.tournament_id)
end
test "logged in tournament owner can create a new mat" do
sign_in_owner
new
success
create
assert_redirected_to tournament_path(@mat.tournament_id)
end
test "logged in user not tournament owner cannot create a mat" do
sign_in_non_owner
new
redirect
create
redirect
end
test "logged in tournament owner can destroy a mat" do
sign_in_owner
destroy
assert_redirected_to tournament_path(@tournament.id)
end
test "logged in user not tournament owner cannot destroy mat" do
sign_in_non_owner
destroy
redirect
end
end

111
test/controllers/schools_controller_test.rb
View File

@@ -1,11 +1,110 @@
require 'test_helper'
class SchoolsControllerTest < ActionController::TestCase
# setup do
# @school = schools(:one)
# end
include Devise::TestHelpers
setup do
@tournament = Tournament.find(1)
@tournament.generateMatchups
@school = @tournament.schools.first
end
def create
post :create, school: {name: 'Testaasdf', tournament_id: 1}
end
def new
get :new, tournament: @tournament.id
end
def post_update
patch :update, id: @school.id, school: {name: @school.name, tournament_id: @school.tournament_id}
end
def destroy
delete :destroy, id: @school.id
end
def get_edit
get :edit, id: @school.id
end
def sign_in_owner
sign_in users(:one)
end
def sign_in_non_owner
sign_in users(:two)
end
def success
assert_response :success
end
def redirect
assert_redirected_to '/static_pages/not_allowed'
end
test "logged in tournament owner should get edit school page" do
sign_in_owner
get_edit
success
end
test "logged in user should not get edit school page if not owner" do
sign_in_non_owner
get_edit
redirect
end
test "non logged in user should not get edit school page" do
get_edit
redirect
end
test "non logged in user should get post update school" do
post_update
redirect
end
test "logged in user should not post update school if not owner" do
sign_in_non_owner
post_update
redirect
end
test "logged in tournament owner should post update school" do
sign_in_owner
post_update
assert_redirected_to tournament_path(@school.tournament_id)
end
test "logged in tournament owner can create a new school" do
sign_in_owner
new
success
create
assert_redirected_to tournament_path(@school.tournament_id)
end
test "logged in user not tournament owner cannot create a school" do
sign_in_non_owner
new
redirect
create
redirect
end
test "logged in tournament owner can destroy a school" do
sign_in_owner
destroy
assert_redirected_to tournament_path(@tournament.id)
end
test "logged in user not tournament owner cannot destroy school" do
sign_in_non_owner
destroy
redirect
end
test "the truth" do
assert true
end
end

112
test/controllers/weights_controller_test.rb
View File

@@ -1,11 +1,111 @@
require 'test_helper'
class WeightsControllerTest < ActionController::TestCase
# setup do
# @weight = weights(:one)
# end
include Devise::TestHelpers
setup do
@tournament = Tournament.find(1)
@tournament.generateMatchups
@weight = @tournament.weights.first
end
def create
post :create, weight: {max: 60000, tournament_id: 1}
end
def new
get :new, tournament: @tournament.id
end
def post_update
patch :update, id: @weight.id, weight: {name: @weight.max, tournament_id: @weight.tournament_id}
end
def destroy
delete :destroy, id: @weight.id
end
def get_edit
get :edit, id: @weight.id
end
def sign_in_owner
sign_in users(:one)
end
def sign_in_non_owner
sign_in users(:two)
end
def success
assert_response :success
end
def redirect
assert_redirected_to '/static_pages/not_allowed'
end
test "logged in tournament owner should get edit weight page" do
sign_in_owner
get_edit
success
end
test "logged in user should not get edit weight page if not owner" do
sign_in_non_owner
get_edit
redirect
end
test "non logged in user should not get edit weight page" do
get_edit
redirect
end
test "non logged in user should get post update weight" do
post_update
redirect
end
test "logged in user should not post update weight if not owner" do
sign_in_non_owner
post_update
redirect
end
test "logged in tournament owner should post update weight" do
sign_in_owner
post_update
assert_redirected_to tournament_path(@weight.tournament_id)
end
test "logged in tournament owner can create a new weight" do
sign_in_owner
new
success
create
assert_redirected_to tournament_path(@weight.tournament_id)
end
test "logged in user not tournament owner cannot create a weight" do
sign_in_non_owner
new
redirect
create
redirect
end
test "logged in tournament owner can destroy a weight" do
sign_in_owner
destroy
assert_redirected_to tournament_path(@tournament.id)
end
test "logged in user not tournament owner cannot destroy weight" do
sign_in_non_owner
destroy
redirect
end
test "the truth" do
assert true
end
end

114
test/controllers/wrestlers_controller_test.rb
View File

@@ -1,11 +1,113 @@
require 'test_helper'
class WrestlersControllerTest < ActionController::TestCase
# setup do
# @wrestler = wrestlers(:one)
# end
include Devise::TestHelpers
setup do
@tournament = Tournament.find(1)
@tournament.generateMatchups
@school = @tournament.schools.first
@wrestler = @school.wrestlers.first
end
def create
post :create, wrestler: {name: 'Testaasdf', weight_id: 1, school_id: 1}
end
def new
get :new, school: @wrestler.school.id
end
def post_update
patch :update, id: @wrestler.id, wrestler: {name: @wrestler.name, weight_id: 1, school_id: 1}
end
def destroy
delete :destroy, id: @wrestler.id
end
def get_edit
get :edit, id: @wrestler.id
end
def sign_in_owner
sign_in users(:one)
end
def sign_in_non_owner
sign_in users(:two)
end
def success
assert_response :success
end
def redirect
assert_redirected_to '/static_pages/not_allowed'
end
test "logged in tournament owner should get edit wrestler page" do
sign_in_owner
get_edit
success
end
test "logged in user should not get edit wrestler page if not owner" do
sign_in_non_owner
get_edit
redirect
end
test "non logged in user should not get edit wrestler page" do
get_edit
redirect
end
test "non logged in user should get post update wrestler" do
post_update
redirect
end
test "logged in user should not post update wrestler if not owner" do
sign_in_non_owner
post_update
redirect
end
test "logged in tournament owner should post update wrestler" do
sign_in_owner
post_update
assert_redirected_to school_path(@school.id)
end
test "logged in tournament owner can create a new wrestler" do
sign_in_owner
new
success
create
assert_redirected_to school_path(@school.id)
end
test "logged in user not tournament owner cannot create a wrestler" do
sign_in_non_owner
new
redirect
create
redirect
end
test "logged in tournament owner can destroy a wrestler" do
sign_in_owner
destroy
assert_redirected_to school_path(@school.id)
end
test "logged in user not tournament owner cannot destroy wrestler" do
sign_in_non_owner
destroy
redirect
end
test "the truth" do
assert true
end
end

3
test/fixtures/mats.yml vendored
View File

@@ -9,4 +9,5 @@
# tournament_id: 1
one:
name: Mat1
tournament_id: 1
tournament_id: 1
id: 1