Modified: trunk/app/controllers/profiles_controller.rb (2920 => 2921)
--- trunk/app/controllers/profiles_controller.rb 2012-01-24 16:30:08 UTC (rev 2920)
+++ trunk/app/controllers/profiles_controller.rb 2012-01-26 13:24:17 UTC (rev 2921)
@@ -4,11 +4,12 @@
# See license.txt for details.
class ProfilesController < ApplicationController
+
before_filter :login_required, :except => [:index, :show]
-
+
before_filter :find_profiles, : [:index]
- before_filter :find_profile, : [:show]
- before_filter :find_profile_auth, : [:edit, :update, :destroy]
+ before_filter :find_profile, :except => [:index]
+ before_filter :auth, :except => [:index, :show]
# declare sweepers and which actions should invoke them
cache_sweeper :profile_sweeper, : [ :create, :update, :destroy ]
@@ -34,8 +35,10 @@
unless current_user.profile
@profile = "" => current_user.id)
else
- error("Profile not created, maximum number of profiles per user exceeded",
- "not created, maximum number of profiles per user exceeded")
+ flash[:error] = "Profile not created, maximum number of profiles per user exceeded"
+ respond_to do |format|
+ format.html { redirect_to profile_url(@profile) }
+ end
end
end
@@ -60,8 +63,10 @@
end
end
else
- error("Profile not created, maximum number of profiles per user exceeded",
- "not created, maximum number of profiles per user exceeded")
+ flash[:error] = "Profile not created, maximum number of profiles per user exceeded"
+ respond_to do |format|
+ format.html { redirect_to profile_url(@profile) }
+ end
end
end
@@ -104,48 +109,23 @@
def find_profile
begin
- if params[:user_id]
- begin
- @user = User.find(params[:user_id])
- @profile = ""
- rescue ActiveRecord::RecordNotFound
- error("User not found (id unknown)", "not found", attr=:user_id)
- end
- else
- @profile = ""
- @user = @profile.owner
- end
+ @user = User.find(params[:user_id])
+ @profile = ""
rescue ActiveRecord::RecordNotFound
- error("Profile not found (id unknown)", "not found")
+ flash[:error] = "User not found"
+ respond_to do |format|
+ format.html { redirect_to users_url }
+ end
end
end
- def find_profile_auth
- begin
- if params[:user_id]
- begin
- @user = User.find(params[:user_id], :conditions => ["id = ?", current_user.id])
- @profile = ""
- rescue ActiveRecord::RecordNotFound
- error("User not found (id unknown)", "not found", attr=:user_id)
- end
- else
- @profile = "" :conditions => ["user_id = ?", current_user.id])
- @user = @profile.owner
+ def auth
+ if current_user != @user
+ flash[:error] = "You are not authorized to perform this action"
+ respond_to do |format|
+ format.html { redirect_to profile_url(@profile) }
end
- rescue ActiveRecord::RecordNotFound
- error("Profile not found (id not authorized)", "is invalid (not owner)")
end
end
-
-private
- def error(notice, message, attr=:id)
- flash[:error] = notice
- (err = Profile.new.errors).add(attr, message)
-
- respond_to do |format|
- format.html { redirect_to profile_url(profile.id) }
- end
- end
end
Modified: trunk/test/functional/profiles_controller_test.rb (2920 => 2921)
--- trunk/test/functional/profiles_controller_test.rb 2012-01-24 16:30:08 UTC (rev 2920)
+++ trunk/test/functional/profiles_controller_test.rb 2012-01-26 13:24:17 UTC (rev 2921)
@@ -36,19 +36,19 @@
end
def test_should_show_profile
- get :show, :id => 1
+ get :show, :user_id => 1
assert_response :success
end
def test_should_get_edit
login_as(:john)
- get :edit, :id => 1
+ get :edit, :user_id => 1
assert_response :success
end
def test_should_update_profile
login_as(:john)
- put :update, :id => 1, :profile ="" { :email => 'address@hidden' }
+ put :update, :user_id => 1, :profile ="" { :email => 'address@hidden' }
assert_redirected_to user_path(users(:john).id)
end