diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ac72c18..3e7cfdc 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -38,24 +38,28 @@ class ApplicationController < ActionController::Base redirect_to controller: "articles", action: "news_index" end - rescue_from AccessError do |exception| - render 'errors/403', status: 403, layout: 'errors' - end + unless Rails.env.production? - rescue_from Error do |exception| - render text: exception.message, layout: true - end + rescue_from AccessError do |exception| + render 'errors/403', status: 403, layout: 'errors' + end - rescue_from ActiveRecord::StaleObjectError do |exception| - render text: t(:application_stale) - end + rescue_from Error do |exception| + render text: exception.message, layout: true + end - rescue_from ActiveRecord::RecordNotFound do |exception| - render :template => 'errors/404.html', :status => :not_found, :layout => 'errors' + rescue_from ActiveRecord::StaleObjectError do |exception| + render text: t(:application_stale) + end + + rescue_from ActiveRecord::RecordNotFound do |exception| + render :template => 'errors/404.html', :status => :not_found, :layout => 'errors' + end end private + # FIXME: move to model def update_user if cuser Time.zone = cuser.time_zone diff --git a/app/controllers/articles_controller.rb b/app/controllers/articles_controller.rb index 50f8f6d..334aa45 100644 --- a/app/controllers/articles_controller.rb +++ b/app/controllers/articles_controller.rb @@ -39,8 +39,7 @@ class ArticlesController < ApplicationController end def create - @article = Article.new article_params - ([:article]) + @article = Article.new Article.article_params(params, cuser) @article.user = cuser raise AccessError unless @article.can_create? cuser @@ -53,7 +52,7 @@ class ArticlesController < ApplicationController end def update - raise AccessError unless @article.can_update? cuser, params[:article] + raise AccessError unless @article.can_update? cuser, Article.article_params(params, cuser) if @article.update_attributes(article_params) flash[:notice] = t(:articles_update) redirect_to @article @@ -80,8 +79,4 @@ class ArticlesController < ApplicationController def get_article @article = Article.find params[:id] end - - def article_params - params.require(:article).permit(:title, :status, :category_id, :text, :text_coding, :user_id) - end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index ec50e1d..0952b63 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -128,7 +128,7 @@ class UsersController < ApplicationController private def user_params - params.require(:user).permit(:password, :firstname, :lastname, :email, :steamid, :country, :birthdate, :timezone, :public_email, :filter) + params.require(:user).permit(:raw_password, :firstname, :lastname, :email, :steamid, :country, :birthdate, :timezone, :public_email, :filter) end def get_user diff --git a/app/models/article.rb b/app/models/article.rb index 74836f3..49fba25 100644 --- a/app/models/article.rb +++ b/app/models/article.rb @@ -78,11 +78,11 @@ class Article < ActiveRecord::Base end def previous_article - category.articles.nodrafts.first.where("id < ?", self.id).order("id DESC") + category.articles.nodrafts.first&.(where("id < ?", self.id).order("id DESC")) end def next_article - category.articles.nodrafts.first(conditions: ["id > ?", self.id], order: "id ASC") + category.articles.nodrafts.first&.(where("id > ?", self.id).order("id ASC")) end def statuses @@ -141,4 +141,10 @@ class Article < ActiveRecord::Base def can_destroy? cuser cuser and cuser.admin? end + + def self.article_params params, cuser + p = [:title, :category_id, :text, :text_coding] + p << :status if cuser.admin? + params.require(:article).permit(*p) + end end diff --git a/app/models/user.rb b/app/models/user.rb index c48abce..bfe60dd 100755 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -99,6 +99,8 @@ class User < ActiveRecord::Base scope :lately, -> { where("lastvisit > ?", 30.days.ago.utc) } + before_validation :update_password + validates_uniqueness_of :username, :email, :steamid validates_length_of :firstname, :in => 1..15, :allow_blank => true validates_length_of :lastname, :in => 1..25, :allow_blank => true diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 3d44510..f8ea0a7 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -1,3 +1,6 @@ +# Load spec_helper +require 'spec_helper' + # This file is copied to spec/ when you run 'rails generate rspec:install' ENV['RAILS_ENV'] ||= 'test' require File.expand_path('../../config/environment', __FILE__) @@ -5,8 +8,9 @@ require File.expand_path('../../config/environment', __FILE__) # Prevent database truncation if the environment is production abort("The Rails environment is running in production mode!") if Rails.env.production? +# Load rails require 'rspec/rails' -require 'spec_helper' + # Add additional requires below this line. Rails is not loaded until this point! # Requires supporting ruby files with custom matchers and macros, etc, in diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e9b6c3d..4b037f6 100755 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,7 +1,7 @@ ENV["RAILS_ENV"] ||= "test" require 'dotenv' -Dotenv.load('.env') +Dotenv.load() # require "codeclimate-test-reporter" require "simplecov" diff --git a/spec/support/features/session_helpers.rb b/spec/support/features/session_helpers.rb index f7188d7..0108546 100755 --- a/spec/support/features/session_helpers.rb +++ b/spec/support/features/session_helpers.rb @@ -7,6 +7,7 @@ module Features fill_in "login_password", with: user.raw_password click_button I18n.t("helpers.submit.user.login") + expect(page).to have_content(I18n.t('login_successful')) end def change_timezone_for(user, timezone)