diff options
30 files changed, 201 insertions, 134 deletions
diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index 07fc8694c..a24c418b4 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -26,3 +26,4 @@ //= require_directory ./compliance_check_tasks //= require_directory ./exports //= require_directory ./lines +//= require_directory ./referentials diff --git a/app/assets/stylesheets/vendor/simple_form.css.scss b/app/assets/stylesheets/vendor/simple_form.css.scss index ea5e4d528..afac930c1 100644 --- a/app/assets/stylesheets/vendor/simple_form.css.scss +++ b/app/assets/stylesheets/vendor/simple_form.css.scss @@ -3,4 +3,9 @@ .help-inline{ color:#cc0000; } + + .form-actions{ + @extend .col-sm-offset-3; + @extend .col-sm-9; + } }
\ No newline at end of file diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4359ee02e..63775a30f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,10 @@ class ApplicationController < ActionController::Base - protect_from_forgery + # TODO : Delete hack to authorize Cross Request for js and json get request from javascript + protect_from_forgery unless: -> { request.get? && (request.format.json? || request.format.js?) } before_filter :authenticate_user! before_filter :set_locale + + # Load helpers in rails engine helper LanguageEngine::Engine.helpers def set_locale diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb new file mode 100644 index 000000000..97e5352e4 --- /dev/null +++ b/app/controllers/invitations_controller.rb @@ -0,0 +1,21 @@ +class InvitationsController < Devise::InvitationsController + + def update + if this + redirect_to organisation_path + else + super + end + end + + protected + + def invite_params + params.require(:user).permit(:name, :email ) + end + + def update_resource_params + params.require(:user).permit(:name, :email, :password, :password_confirmation, :invitation_token) + end + +end diff --git a/app/controllers/organisations_controller.rb b/app/controllers/organisations_controller.rb index 026892613..51a325586 100644 --- a/app/controllers/organisations_controller.rb +++ b/app/controllers/organisations_controller.rb @@ -1,7 +1,7 @@ class OrganisationsController < BreadcrumbController defaults :resource_class => Organisation - respond_to :html + respond_to :html, :only => [:edit, :show, :update] def update update! do |success, failure| diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index b02d3217a..0cc0b1c31 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -2,6 +2,23 @@ prepend_before_filter :accept_user_creation, :only => [:new, :create] + protected + + # The default url to be used after updating a resource. You need to overwrite + # this method in your own RegistrationsController. + def after_update_path_for(resource) + organisation_user_path(resource) + end + + def sign_up_params + params.require(:user).permit(:name, :email, :password, :password_confirmation, { organisation_attributes: [:name] } ) + end + + def account_update_params + params.require(:user).permit(:name, :email, :password, :password_confirmation, :current_password) + end + + private def accept_user_creation @@ -11,6 +28,6 @@ else return true end - end + end end diff --git a/app/controllers/subscriptions_controller.rb b/app/controllers/subscriptions_controller.rb deleted file mode 100644 index a1dca5a5d..000000000 --- a/app/controllers/subscriptions_controller.rb +++ /dev/null @@ -1,14 +0,0 @@ -class SubscriptionsController < InheritedResources::Base - skip_filter :authenticate_user! - - def create - create! do |success, failure| - success.html do - sign_in resource.user - redirect_to referentials_path - end - end - end - -end - diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 2b1c2bd14..7726f203a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,7 +1,8 @@ class UsersController < BreadcrumbController defaults :resource_class => User - + respond_to :html, :only => [:show, :new] + def create @user = current_organisation.users.build(params[:user]) @@ -13,12 +14,6 @@ class UsersController < BreadcrumbController end end - def update - update! do |success, failure| - success.html { redirect_to organisation_user_path(@user) } - end - end - def destroy destroy! do |success, failure| success.html { redirect_to organisation_path } diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb deleted file mode 100644 index f9b859b9c..000000000 --- a/app/controllers/welcome_controller.rb +++ /dev/null @@ -1,4 +0,0 @@ -class WelcomeController < ApplicationController - def index - end -end diff --git a/app/models/user.rb b/app/models/user.rb index e3ea71603..4a794beaf 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,9 +1,9 @@ class User < ActiveRecord::Base # Include default devise modules. Others available are: # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable - devise :database_authenticatable, :registerable, + devise :invitable, :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, - :confirmable, :invitable + :confirmable # Setup accessible (or protected) attributes for your model # attr_accessible :email, :password, :current_password, :password_confirmation, :remember_me, :name, :organisation_attributes diff --git a/app/views/devise/invitations/new.html.erb b/app/views/devise/invitations/new.html.erb index 5567463c8..76a81a33d 100644 --- a/app/views/devise/invitations/new.html.erb +++ b/app/views/devise/invitations/new.html.erb @@ -1,18 +1,12 @@ -<div class="col-md-offset-2 col-md-8"> - <div class="panel panel-default"> - <div class="panel-heading"><%= t "devise.invitations.new.header" %></div> - <div class="panel-body"> +<h2><%= t "devise.invitations.new.header" %></h2> - <%= simple_form_for resource, :as => resource_name, :url => invitation_path(resource_name), :html => {:method => :post} do |form| %> +<%= simple_form_for resource, :as => resource_name, :url => invitation_path(resource_name), :html => {:method => :post, class: "form-horizontal"} do |form| %> - <% resource.class.invite_key_fields.each do |field| -%> - <%= form.input field %> - <% end -%> + <% resource.class.invite_key_fields.each do |field| -%> + <%= form.input field %> + <% end -%> - <div class="submit"> - <%= form.button :submit, :value => t("devise.invitations.new.submit_button"), :class => "btn-info" %> - </div> - <% end %> - </div> - </div> -</div> + <div class="form-actions"> + <%= form.button :submit, :value => t("devise.invitations.new.submit_button"), :class => "btn-info" %> + </div> +<% end %> diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index e0cad44a2..0d3d1d99d 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -2,14 +2,14 @@ <div class="panel panel-default"> <div class="panel-heading"><%= t('.title') %></div> <div class="panel-body"> - <%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %> + <%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put, class: "form-horizontal" }) do |f| %> <%= f.input :reset_password_token, :as => :hidden %> <%= f.input :password, :as => :password %> <%= f.input :password_confirmation, :as => :password %> - <div class="submit"> - <%= link_to t("cancel"), root_path, :class => "btn btn-default" %> + <div class="form-actions"> + <%= link_to t("cancel"), unauthenticated_root_path, :class => "btn btn-default" %> <%= f.button :submit, :value => t("devise.passwords.edit.commit"), :class => "btn-info" %> </div> <% end %> diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 8f5ec0f10..8f9e6dd47 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -2,11 +2,11 @@ <div class="panel panel-default"> <div class="panel-heading"><%= t('.title') %></div> <div class="panel-body"> - <%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name)) do |form| %> + <%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), html: {class: 'form-horizontal' } ) do |form| %> <%= form.input :email, :as => :email, placeholder: 'user@domain.com' %> <div class="submit"> - <%= link_to t("cancel"), root_path, :class => "btn btn-default" %> + <%= link_to t("cancel"), unauthenticated_root_path, :class => "btn btn-default" %> <%= form.button :submit, :value => t("devise.passwords.new.commit"), :class => "btn-info" %> </div> <% end %> diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 95dcbf382..154ecf1c8 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -1,6 +1,6 @@ <%= title_tag t('.title') %> -<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { class: "form-horizontal", method: :put }) do |f| %> <%= f.error_notification %> <div class="form-inputs"> @@ -21,10 +21,4 @@ </div> <% end %> -<% content_for :sidebar do %> -<ul class="actions"> - <%= link_to t('.actions.destroy'), registration_path(resource_name), :confirm => t('.actions.destroy_confirm'), :method => :delete, :class => "remove" %> -</ul> -<% end %> - diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 9c780cba3..2a1456c58 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -4,16 +4,16 @@ <div class="panel panel-default"> <div class="panel-heading"><%= t("devise.registrations.new.title") %></div> <div class="panel-body"> - <%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :wrapper => "form_without_label" ) do |form| %> + <%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :wrapper => "form_without_label", html: {class: 'form-horizontal' } ) do |form| %> <%= form.simple_fields_for :organisation, Organisation.new do |organisation| %> - <%= organisation.input :name, :label => false, :placeholder => t("helpers.label.user.organisation_name"), input_html: { :class => "form-control" } %> + <%= organisation.input :name, :label => false, input_html: { :class => "form-control" } %> <% end %> <% if resource.respond_to?( :name) %> - <%= form.input :name, :label => false, :placeholder => t("helpers.label.user.name"), input_html: { :class => "form-control" } %> + <%= form.input :name, :label => false, input_html: { :class => "form-control" } %> <% end %> - <%= form.input :email, :label => false, :placeholder => t("helpers.label.user.email"), input_html: { :class => "form-control" } %> - <%= form.input :password, :as => :password, :label => false, :placeholder => t("helpers.label.user.password"), input_html: { :class => "form-control" } %> - <%= form.input :password_confirmation, :as => :password, :label => false, :placeholder => t("helpers.label.user.password_confirmation"), input_html: { :class => "form-control" } %> + <%= form.input :email, :label => false, input_html: { :class => "form-control" } %> + <%= form.input :password, :as => :password, :label => false, input_html: { :class => "form-control" } %> + <%= form.input :password_confirmation, :as => :password, :label => false, input_html: { :class => "form-control" } %> <%= form.button :submit, :class => "btn-primary" %> <% end %> diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index f0a2a26f4..279eb3ca8 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -11,7 +11,7 @@ <div class="col-md-4 login"> <div class="panel panel-default"> <div class="panel-body"> - <%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name), :wrapper => "form_without_label", html: { :class => 'session_new' } ) do |form| %> + <%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name), :wrapper => "form_without_label", html: { :class => 'form-horizontal session_new' } ) do |form| %> <%= form.input :email, :label => false, input_html: { :class => "form-control" } %> <div class="row"> <div class="col-md-6"> @@ -39,7 +39,7 @@ <div class="panel panel-default"> <div class="panel-heading"><%= t("devise.registrations.new.title") %></div> <div class="panel-body"> - <%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :wrapper => "form_without_label", html: { class: "registration_new" } ) do |form| %> + <%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :wrapper => "form_without_label", html: { class: "form-horizontal registration_new" } ) do |form| %> <%= form.simple_fields_for :organisation, Organisation.new do |organisation| %> <%= organisation.input :name, :label => false, input_html: { :class => "form-control" } %> <% end %> diff --git a/app/views/organisations/show.html.erb b/app/views/organisations/show.html.erb index c67eeb271..753229e60 100644 --- a/app/views/organisations/show.html.erb +++ b/app/views/organisations/show.html.erb @@ -12,7 +12,7 @@ <% content_for :sidebar do %> <ul class="actions"> <li><%= link_to t('organisations.actions.edit'), edit_organisation_path, :class => "edit" %></li> - <li><%= link_to t('users.actions.new'), new_organisation_user_path, :class => "add" %></li> + <li><%= link_to t('users.actions.new'), new_user_invitation_path, :class => "add" %></li> </ul> <% end %> diff --git a/app/views/subscriptions/new.html.erb b/app/views/subscriptions/new.html.erb deleted file mode 100644 index 686ab8c98..000000000 --- a/app/views/subscriptions/new.html.erb +++ /dev/null @@ -1,25 +0,0 @@ -<%= title_tag t('devise.registrations.new.title') %> - -<%= semantic_form_for @subscription, :url => subscription_path do |form| %> - <%= form.inputs do %> - <%= form.input :organisation_name %> - <%= form.input :user_name %> - <%= form.input :email %> - <%= form.input :password, :as => :password %> - <%= form.input :password_confirmation, :as => :password %> - <% end %> - - <%= form.actions do %> - <%= form.action :submit, :as => :button, :label => t('devise.registrations.new.title') %> - <%= form.action :cancel, :as => :link %> - <% end %> -<% end %> - -<% content_for :sidebar do %> -<ul class="actions"> - <li> - <%= link_to t('devise.shared.sign_in'), new_user_session_path %> - </li> -</ul> -<% end %> - diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb index ff452c924..74de43cef 100644 --- a/app/views/users/_form.html.erb +++ b/app/views/users/_form.html.erb @@ -1,11 +1,10 @@ -<%= semantic_form_for [:organisation, @user] do |form| %> - <%= form.inputs do %> - <%= form.input :name %> - <%= form.input :email %> - <% end %> +<%= simple_form_for [:organisation, @user], html: {class: 'form-horizontal' } do |form| %> + <%= form.input :name %> + <%= form.input :email %> + - <%= form.actions do %> - <%= form.action :submit, :as => :button %> - <%= form.action :cancel, :as => :link , :url => organisation_path %> - <% end %> + <div class="form-actions"> + <%= link_to t("cancel"), organisation_path, :class => "btn btn-default" %> + <%= form.button :submit, :as => :button %> + </div> <% end %> diff --git a/app/views/users/_user.html.erb b/app/views/users/_user.html.erb index 3f70e8479..4a67bb693 100644 --- a/app/views/users/_user.html.erb +++ b/app/views/users/_user.html.erb @@ -1,10 +1,7 @@ <div id="index_item" class="panel panel-default user"> <div class="panel-heading"> <div class="panel-title clearfix"> - <span class="pull-right"> - <%= link_to edit_organisation_user_path( user), :class => "btn btn-default btn-sm" do %> - <span class="fa fa-pencil"></span> - <% end %> + <span class="pull-right"> <%= link_to organisation_user_path(user), :method => :delete, :data => {:confirm => t('users.actions.destroy_confirm')}, :class => "btn btn-danger btn-sm" do %> <span class="fa fa-trash-o"></span> <% end %> diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb deleted file mode 100644 index 89d01b648..000000000 --- a/app/views/users/edit.html.erb +++ /dev/null @@ -1,3 +0,0 @@ -<%= title_tag t('.title', :user => @user.email) %> - -<%= render "form" %> diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index 07e747331..b984ce206 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -13,7 +13,7 @@ <% content_for(:sidebar) do %> <ul class="actions"> - <li><%= link_to t('users.actions.edit'), edit_organisation_user_path( @user), :class => "edit" %></li> + <li><%= link_to( t('users.actions.edit'), edit_user_registration_path, :class => "edit") if @user == current_user %></li> <% unless current_user.id==@user.id %> <li><%= link_to t('users.actions.destroy'), organisation_user_path(@user),:method => :delete, :data => {:confirm => t('users.actions.destroy_confirm')}, :class => "remove" %></li> <% end %> diff --git a/config/environments/development.rb b/config/environments/development.rb index de7a254cf..f46e07c83 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -29,7 +29,7 @@ ChouetteIhm::Application.configure do # Debug mode disables concatenation and preprocessing of assets. # This option may cause significant delays in view rendering with a large # number of complex assets. - config.assets.debug = false + config.assets.debug = true # Adds additional error checking when serving assets at runtime. # Checks for improperly declared sprockets dependencies. diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index ce309ca84..59d66f473 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -281,6 +281,7 @@ end Rails.application.config.to_prepare do Devise::SessionsController.layout "devise" Devise::RegistrationsController.layout proc{ |controller| ( action_name == "edit" || action_name == "update") ? "application" : "devise" } + Devise::InvitationsController.layout "application" Devise::ConfirmationsController.layout "devise" Devise::UnlocksController.layout "devise" Devise::PasswordsController.layout "devise" diff --git a/config/initializers/devise_permitted_parameters.rb b/config/initializers/devise_permitted_parameters.rb deleted file mode 100644 index 5ac054b39..000000000 --- a/config/initializers/devise_permitted_parameters.rb +++ /dev/null @@ -1,17 +0,0 @@ -module DevisePermittedParameters - extend ActiveSupport::Concern - - included do - before_filter :configure_permitted_parameters - end - - protected - - def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) { |u| u.permit( :name, :email, :password, :password_confirmation, { organisation_attributes: [:name] } ) } - devise_parameter_sanitizer.for(:account_update) { |u| u.permit( :name, :email, :password, :password_confirmation, :current_password, { organisation_attributes: [:name] } ) } - end - -end - -DeviseController.send :include, DevisePermittedParameters diff --git a/config/initializers/simple_form_bootstrap.rb b/config/initializers/simple_form_bootstrap.rb index f9fc81d70..4f4dc23b3 100644 --- a/config/initializers/simple_form_bootstrap.rb +++ b/config/initializers/simple_form_bootstrap.rb @@ -151,7 +151,7 @@ SimpleForm.setup do |config| # Check the Bootstrap docs (http://getbootstrap.com) # to learn about the different styles for forms and inputs, # buttons and other elements. - config.default_wrapper = :vertical_form + config.default_wrapper = :horizontal_form config.wrapper_mappings = { check_boxes: :vertical_radio_and_checkboxes, radio_buttons: :vertical_radio_and_checkboxes, diff --git a/config/routes.rb b/config/routes.rb index 342e2460c..788b92bf6 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,8 +1,7 @@ ChouetteIhm::Application.routes.draw do - devise_for :users, :controllers => { :registrations => "registrations" } - resources :users - + devise_for :users, :controllers => { :registrations => "registrations", :invitations => 'invitations' } + devise_scope :user do authenticated :user do root :to => 'referentials#index', as: :authenticated_root @@ -36,10 +35,7 @@ ChouetteIhm::Application.routes.draw do end end - - resource :subscription - - resource :organisation do + resource :organisation, :only => [:show, :edit, :update] do resources :users end diff --git a/spec/features/users/user_delete_spec.rb b/spec/features/users/user_delete_spec.rb new file mode 100644 index 000000000..48f4e35d1 --- /dev/null +++ b/spec/features/users/user_delete_spec.rb @@ -0,0 +1,35 @@ +require 'spec_helper' + +include Warden::Test::Helpers +Warden.test_mode! + +# Feature: User delete +# As a user +# I want to delete my user profile +# So I can close my account +feature 'User delete', :devise, :js do + + after(:each) do + Warden.test_reset! + end + + # Scenario: User can delete own account + # Given I am signed in + # When I delete my account + # Then I should see an account deleted message + # scenario 'user can delete own account' do + # skip 'skip a slow test' + # user = FactoryGirl.create(:user) + # user.confirm! + # login_as(user, :scope => :user) + # visit edit_user_registration_path(user) + # click_button 'Cancel my account' + # page.driver.browser.switch_to.alert.accept + # expect(page).to have_content I18n.t 'devise.registrations.destroyed' + # end + +end + + + + diff --git a/spec/features/users/user_index_spec.rb b/spec/features/users/user_index_spec.rb new file mode 100644 index 000000000..249b41ce6 --- /dev/null +++ b/spec/features/users/user_index_spec.rb @@ -0,0 +1,28 @@ +require 'spec_helper' + +include Warden::Test::Helpers +Warden.test_mode! + +# Feature: User index page +# As a user +# I want to see a list of users +# So I can see who has registered +feature 'User index page', :devise do + + after(:each) do + Warden.test_reset! + end + + # Scenario: User listed on index page + # Given I am signed in + # When I visit the user index page + # Then I see my own email address + scenario 'user sees own email address' do + user = create(:user) + user.confirm! + login_as(user, scope: :user) + visit organisation_path + expect(page).to have_content user.email.truncate(20) + end + +end diff --git a/spec/features/users/user_show_spec.rb b/spec/features/users/user_show_spec.rb new file mode 100644 index 000000000..fdc48a279 --- /dev/null +++ b/spec/features/users/user_show_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +include Warden::Test::Helpers +Warden.test_mode! + +# Feature: User profile page +# As a user +# I want to visit my user profile page +# So I can see my personal account data +feature 'User profile page', :devise do + + after(:each) do + Warden.test_reset! + end + + # Scenario: User sees own profile + # Given I am signed in + # When I visit the user profile page + # Then I see my own email address + scenario 'user sees own profile' do + user = FactoryGirl.create(:user) + user.confirm! + login_as(user, :scope => :user) + visit organisation_user_path(user) + expect(page).to have_content 'Mon Profil' + expect(page).to have_content user.email + end + + # Scenario: User cannot see another user's profile + # Given I am signed in + # When I visit another user's profile + # Then I see an 'access denied' message + scenario "user cannot see another user's profile" do + me = FactoryGirl.create(:user) + me.confirm! + other = FactoryGirl.create(:user, email: 'other@example.com', :organisation => me.organisation) + other.confirm! + login_as(me, :scope => :user) + Capybara.current_session.driver.header 'Referer', authenticated_root_path + visit organisation_user_path(other) + expect(page).to have_content 'Access denied.' + end + +end |