Created
May 6, 2013 14:07
-
-
Save rstrobl/5525390 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Ability | |
include CanCan::Ability | |
def initialize(user) | |
user ||= User.new | |
p user | |
if user.admin? | |
can :manage, :all | |
else | |
can :read, :all | |
end | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'spec_helper' | |
describe "Admin access" do | |
def sign_in(user) | |
post new_user_session_path, :user => { :email => user.email, :password => user.password } | |
end | |
it "should be redirected to the login page if he is not authenticated yet" do | |
get '/admin' | |
response.should redirect_to(new_user_session_path) | |
end | |
it "should redirect to the dashboard if the authenticated user is not an admin" do | |
user = FactoryGirl.create(:user) | |
sign_in user | |
get '/admin' | |
response.should redirect_to(dashboard_path) | |
end | |
it "should redirect to the dashboard if the authenticated user is not an admin" do | |
user = FactoryGirl.create(:admin) | |
sign_in user | |
get '/admin' | |
response.status.should be(200) | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class ApplicationController < ActionController::Base | |
protect_from_forgery | |
rescue_from CanCan::AccessDenied do |exception| | |
if user_signed_in? | |
flash[:error] = I18n.t('auth.message.access_denied') | |
session[:user_return_to] = nil | |
redirect_to main_app.dashboard_path | |
else | |
flash[:error] = I18n.t('auth.message.admin_login_required') | |
session[:user_return_to] = request.fullpath | |
redirect_to new_user_session_path | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment