added confirm email of foreign users for admin's

iboard · Feb 20, 2013 · f1010c8 · f1010c8
1 parent 45b1b30
commit f1010c8
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 5 deletions.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -68,7 +68,11 @@ def destroy
   end
 
   def confirm_email
-    @user = User.where(_id: params[:id], confirm_email_token: params[:token]).first
+    if can_execute?('Admin')
+      @user = User.where(_id: params[:id]).first
+    else
+      @user = User.where(_id: params[:id], confirm_email_token: params[:token]).first
+    end
     if @user
       @user.confirm_email_token = nil
       @user.email_confirmed_at = Time.now.utc

diff --git a/app/views/users/_user.haml b/app/views/users/_user.haml
@@ -19,7 +19,10 @@
         %p
           = presenter.email
           - unless short
-            = presenter.confirmed_at
+            - if user.email_confirmed_at
+              = presenter.confirmed_at
+            - else
+              = link_to "Confirm: #{user.email}", confirm_email_user_path(user._id, 'admin')
             %br/
             = presenter.exists_since
             %br/

diff --git a/spec/models/timeline_subscription_spec.rb b/spec/models/timeline_subscription_spec.rb
@@ -16,15 +16,16 @@
   it "can be added to a user" do
     @user.subscribe_timelines(@public_timeline,@contentkeeper)
     @user.timeline_subscriptions.count.should == 2
-    @user.timeline_subscriptions.map(&:timeline).should == [@public_timeline,@contentkeeper]
+    @user.timeline_subscriptions.map(&:timeline).should include(@public_timeline,@contentkeeper)
   end
 
   it "can be removed from a user" do
     @user.subscribe_timelines(@public_timeline,@contentkeeper)
-    @user.timeline_subscriptions.map(&:timeline).should == [@public_timeline,@contentkeeper]
+    @user.timeline_subscriptions.map(&:timeline).should include(@public_timeline,@contentkeeper)
     @user.unsubscribe_timelines(@public_timeline)
     @user.timeline_subscriptions.count.should == 1
-    @user.timeline_subscriptions.map(&:timeline).should == [@contentkeeper]
+    @user.timeline_subscriptions.map(&:timeline).should include(@contentkeeper)
+    @user.timeline_subscriptions.map(&:timeline).should_not include(@public_timeline)
   end
 
   it "can be asked if user subscribed" do

diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
@@ -258,6 +258,27 @@ def prevent_destroying
       page.should have_content "Account exists since #{I18n.localize(@admin.created_at)}"
     end
 
+    it "should be possible to set email-confirmed for any user" do
+      @user_to_test = User.create(name: "Testerle", email: "[email protected]")
+      @user_to_test.email_confirmed_at.should be_nil
+      visit users_path
+      page.should have_link "Confirm: [email protected]"
+      click_link "Confirm: [email protected]"
+      @user_to_test.reload.email_confirmed_at.should_not be_nil
+      page.should have_content "Your e-mail is confirmed now"
+    end
+
+    it "should not be possible to confirm foreign emails if not admin" do
+      @hacker = test_user 'Hacker', 'notsecret', 'Hacker'
+      @user_to_test = User.create(name: "Testerle", email: "[email protected]")
+      @user_to_test.email_confirmed_at.should be_nil
+      visit signout_path
+      sign_in_user name: 'Hacker', password: 'notsecret'
+      visit confirm_email_user_path(@user_to_test._id, 'admin')
+      @user_to_test.reload.email_confirmed_at.should be_nil
+      page.should have_content "Token not found"
+    end
+
     it "finds users using the search-form without JS" do
       test_user 'Hidden user', 'secret'
       visit users_path
@@ -283,6 +304,7 @@ def prevent_destroying
       assert page.all( '.user-location div' ).count == 0, "Should not show Google-map while search"
     end
 
+
   end
 
 end