Why is admin_signed_in? false even after logging in as admin?
37 views
Skip to first unread message
Jason Hsu, Ruby on High Speed Rails
Dec 11, 2015, 12:54:40 PM12/11/15
to Ruby on Rails: Talk
Back story:
I'm developing a new Rails site for the local Ruby user group. I'm using Devise to provide authentication for separate user and admin classes.
Current task:
I'm working on the create/new function for the sponsor class. Sponsors are an independent class and are not tied to users, admins, or other classes. However, only admins should be allowed to create sponsors.
I'm developing a new Rails site for the local Ruby user group. I'm using Devise to provide authentication for separate user and admin classes.
Current task:
I'm working on the create/new function for the sponsor class. Sponsors are an independent class and are not tied to users, admins, or other classes. However, only admins should be allowed to create sponsors.
The problem:
In my sponsor controller tests, I'm unable to prevent users and unauthenticated visitors from creating new sponsors without also preventing admins from doing so. Troubleshooting with the puts command reveals that the admin_signed_in? value is false EVEN AFTER loggin in.
The source code of this app is at https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller .
Excerpt from test/controllers/sponsors_controller_test.rb:
app/controllers/sponsors_controller.rb
In my sponsor controller tests, I'm unable to prevent users and unauthenticated visitors from creating new sponsors without also preventing admins from doing so. Troubleshooting with the puts command reveals that the admin_signed_in? value is false EVEN AFTER loggin in.
The source code of this app is at https://github.com/jhsu802701/ruby_mn_site/tree/sponsors_create_controller .
Excerpt from test/controllers/sponsors_controller_test.rb:
test 'superadmin can create a new sponsor' do
login_as @a1
assert_difference 'Sponsor.count', 1 do
add_past
end
assert_difference 'Sponsor.count', 1 do
add_current
end
logout :admin
end
test 'regular admin can create a new sponsor' do
login_as @a3
assert_difference 'Sponsor.count', 1 do
add_past
end
assert_difference 'Sponsor.count', 1 do
add_current
end
logout :admin
end
test 'user cannot create a new sponsor' do
login_as @u1
assert_no_difference 'Sponsor.count' do
add_past
end
assert_no_difference 'Sponsor.count' do
add_current
end
logout :user
end
test 'an unregistered visitor cannot create a new sponsor' do
assert_no_difference 'Sponsor.count' do
add_past
end
assert_no_difference 'Sponsor.count' do
add_current
end
end
app/controllers/sponsors_controller.rb
#
class SponsorsController < ApplicationController
before_filter :admin_signed_in?, except: [:index, :show]
def index
@sponsors_current = Sponsor.where('current=?', true)
@sponsors_past = Sponsor.where('current!=?', true)
end
def show
@sponsor = Sponsor.find(params[:id])
end
def new
@sponsor = Sponsor.new
end
def create
puts admin_signed_in?
if admin_signed_in?
@sponsor = Sponsor.new(sponsor_params)
if @sponsor.save
flash[:info] = "Sponsor added."
redirect_to sponsors_path
else
render 'new'
end
else
redirect_to root_path
end
end
private
def sponsor_params
params.require(:sponsor).permit(:name, :phone, :description,
:contact_email, :contact_url,
:current)
end
end
Colin Law
Dec 11, 2015, 1:08:54 PM12/11/15
to Ruby on Rails: Talk
On 11 December 2015 at 17:54, Jason Hsu, Ruby on High Speed Rails
Colin
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/d4243b93-82b0-490c-941d-a07dcf0d137c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
<jhsu8...@gmail.com> wrote:
> Back story:
> I'm developing a new Rails site for the local Ruby user group. I'm using
> Devise to provide authentication for separate user and admin classes.
>
> Current task:
> I'm working on the create/new function for the sponsor class. Sponsors are
> an independent class and are not tied to users, admins, or other classes.
> However, only admins should be allowed to create sponsors.
>
> The problem:
> In my sponsor controller tests, I'm unable to prevent users and
> unauthenticated visitors from creating new sponsors without also preventing
> admins from doing so. Troubleshooting with the puts command reveals that
> the admin_signed_in? value is false EVEN AFTER loggin in.
You do not appear to have shown us the admin_signed_in? method.
> Back story:
> I'm developing a new Rails site for the local Ruby user group. I'm using
> Devise to provide authentication for separate user and admin classes.
>
> Current task:
> I'm working on the create/new function for the sponsor class. Sponsors are
> an independent class and are not tied to users, admins, or other classes.
> However, only admins should be allowed to create sponsors.
>
> The problem:
> In my sponsor controller tests, I'm unable to prevent users and
> unauthenticated visitors from creating new sponsors without also preventing
> admins from doing so. Troubleshooting with the puts command reveals that
> the admin_signed_in? value is false EVEN AFTER loggin in.
Colin
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rubyonrails-talk/d4243b93-82b0-490c-941d-a07dcf0d137c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Jason Hsu, Ruby on High Speed Rails
Dec 11, 2015, 1:12:51 PM12/11/15
to Ruby on Rails: Talk
The admin_signed_in? method comes from the Devise gem.
Rob Biedenharn
Dec 11, 2015, 1:44:41 PM12/11/15
to rubyonra...@googlegroups.com
> On 2015-Dec-11, at 13:12 , Jason Hsu, Ruby on High Speed Rails <jhsu8...@gmail.com> wrote:
>
> The admin_signed_in? method comes from the Devise gem.
I.e., somewhere in your login_as helper there should be something like?
sign_in :admin, some_user_who_is_admin
-Rob
Jason Hsu, Ruby on High Speed Rails
Dec 11, 2015, 2:58:04 PM12/11/15
to Ruby on Rails: Talk
Thanks. Yes, this was the problem. Now I understand that this is the proper procedure for logging in for functional tests.
This raises another question: Given my use of if statements in my def create function, is there any point to using before_filter or before_action in the controller? The before_filter/before_action statement doesn't replace the need for those if statements.
This raises another question: Given my use of if statements in my def create function, is there any point to using before_filter or before_action in the controller? The before_filter/before_action statement doesn't replace the need for those if statements.
Rob Biedenharn
Dec 11, 2015, 3:42:42 PM12/11/15
to rubyonra...@googlegroups.com
On 2015-Dec-11, at 14:58 , Jason Hsu, Ruby on High Speed Rails <jhsu8...@gmail.com> wrote:Thanks. Yes, this was the problem. Now I understand that this is the proper procedure for logging in for functional tests.
This raises another question: Given my use of if statements in my def create function, is there any point to using before_filter or before_action in the controller? The before_filter/before_action statement doesn't replace the need for those if statements.
You could have a before_action that was something like:
before_action :require_admin, except: [ :index, :show ]def require_adminunless admin_signed_in?redirect_to not_authorized_urlendend
On Friday, December 11, 2015 at 12:44:41 PM UTC-6, Rob Biedenharn wrote:
> On 2015-Dec-11, at 13:12 , Jason Hsu, Ruby on High Speed Rails <jhsu8...@gmail.com> wrote:
>
> The admin_signed_in? method comes from the Devise gem.
Are you using the :admin scope to do the login?
I.e., somewhere in your login_as helper there should be something like?
sign_in :admin, some_user_who_is_admin
-Rob
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/5c47366b-2641-469b-a5de-4981e95e2fcf%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages