Create ProductOwner Signup

Creates the ProductOwner Signup flow. Adds in more specific Ability definitions, ProductOwner views, and modifies the ProductRequest controller to rescue unauthorized actions. * Create ProductOwner Signup for JS and non-JS Users * Adds in Ability definitions for ProductOwners and GovernmentUser * Modify ProductRequest controller to rescue UnAuthorized actions (for non-JS users)
thiesa · May 6, 2016 · 8f11ca8 · 8f11ca8
1 parent a8eedac
commit 8f11ca8
Show file tree

Hide file tree

Showing 36 changed files with 408 additions and 50 deletions.
diff --git a/app/assets/stylesheets/products/_show.scss b/app/assets/stylesheets/products/_show.scss
@@ -24,8 +24,47 @@
     }
   }
 
+  .product-edit {
+    bottom: 0.95em;
+    font-size: 0.85em;
+    position: absolute;
+    right: 0;
+
+    button {
+      @include outline-button($medium-gray);
+      margin: 0;
+      padding: 0.5em 0.75em;
+
+      &[type="submit"] {
+        background-color: transparent;
+      }
+
+      &:hover {
+        background-color: $color-primary;
+        color: $white;
+        text-decoration: none;
+      }
+    }
+
+    i {
+      margin-right: 0.25em;
+    }
+  }
+
   .product-header {
     margin-top: 1em;
+    position: relative;
+  }
+
+  .product-logo {
+    @extend %card;
+    border-radius: 0.75em;
+    padding: 1.75em;
+  }
+
+  .product-name {
+    margin-bottom: 0.25em;
+    width: 85%;
 
     a {
       color: $color-gray-dark;
@@ -36,21 +75,11 @@
       }
     }
 
-    h1 {
-      margin-bottom: 0.25em;
-    }
-
     i {
       font-size: 0.4em;
     }
   }
 
-  .product-logo {
-    @extend %card;
-    border-radius: 0.75em;
-    padding: 1.75em;
-  }
-
   .product-nav {
     font-size: 0.95em;
     margin-bottom: 2em;

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -23,7 +23,11 @@ def after_sign_up_path_for(_resource)
     root_path
   end
 
+  def current_ability
+    @current_ability ||= Ability.new(signed_in_user)
+  end
+
   def signed_in_user
-    current_user || current_government_user
+    current_user || current_government_user || current_product_owner
   end
 end
diff --git a/app/controllers/product_owners/registrations_controller.rb b/app/controllers/product_owners/registrations_controller.rb
@@ -0,0 +1,21 @@
+class ProductOwners::RegistrationsController < RegistrationsController
+  respond_to :html, :json
+  layout "minimal"
+
+  private
+
+  def account_update_params
+    params.require(:product_owner).
+      permit(
+        :first_name,
+        :last_name,
+        :email,
+        :password,
+        :current_password)
+  end
+
+  def sign_up_params
+    params.require(:product_owner).
+      permit(:first_name, :last_name, :email, :password)
+  end
+end
diff --git a/app/controllers/product_requests_controller.rb b/app/controllers/product_requests_controller.rb
@@ -1,5 +1,8 @@
 class ProductRequestsController < ApplicationController
-  before_filter :authenticate_government_user!
+  load_and_authorize_resource
+  rescue_from CanCan::AccessDenied do
+    redirect_to new_product_owner_registration_path
+  end
 
   def create
     @product_request = ProductRequest.new(product_request_params)
@@ -16,6 +19,6 @@ def create
 
   def product_request_params
     params.require(:product_request).
-      permit(:product_id).merge(user: current_government_user)
+      permit(:product_id).merge(user: signed_in_user)
   end
 end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -4,7 +4,7 @@ def custom_body_class
   end
 
   def no_users_signed_in?
-    !user_signed_in? && !government_user_signed_in?
+    !user_signed_in? && !government_user_signed_in? && !product_owner_signed_in?
   end
 
   private

diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb
@@ -8,6 +8,6 @@ def hours_since_sign_up
   end
 
   def signed_in_user
-    current_user || current_government_user
+    current_user || current_government_user || current_product_owner
   end
 end
diff --git a/app/helpers/modal_trigger_helper.rb b/app/helpers/modal_trigger_helper.rb
@@ -1,5 +1,7 @@
 module ModalTriggerHelper
-  def modal_link(text, path, modal_id)
-    link_to text, path, class: "modal-trigger", data: { modal_id: modal_id }
+  def modal_link(html_or_text, path, modal_id)
+    link_to path, class: "modal-trigger", data: { modal_id: modal_id } do
+      html_or_text
+    end
   end
 end
diff --git a/app/models/ability.rb b/app/models/ability.rb
@@ -6,6 +6,10 @@ def initialize(user)
 
     if user.admin?
       can :manage, :all
+    elsif user.type == "GovernmentUser"
+      can :create, ProductRequest
+    elsif user.type == "ProductOwner"
+      can :create, ProductRequest
     else
       can :read, :all
     end

diff --git a/app/models/contract_officer.rb b/app/models/contract_officer.rb
diff --git a/app/models/product_owner.rb b/app/models/product_owner.rb
@@ -0,0 +1,2 @@
+class ProductOwner < User
+end
diff --git a/app/views/product_owners/confirmations/new.html.erb b/app/views/product_owners/confirmations/new.html.erb
@@ -0,0 +1,16 @@
+<h2>Resend confirmation instructions</h2>
+
+<%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
+  <%= f.error_notification %>
+  <%= f.full_error :confirmation_token %>
+
+  <div class="form-inputs">
+    <%= f.input :email, required: true, autofocus: true %>
+  </div>
+
+  <div class="form-actions">
+    <%= f.button :submit, "Resend confirmation instructions" %>
+  </div>
+<% end %>
+
+<%= render "product_owners/shared/links" %>
diff --git a/app/views/product_owners/mailer/confirmation_instructions.html.erb b/app/views/product_owners/mailer/confirmation_instructions.html.erb
@@ -0,0 +1,5 @@
+<p>Welcome <%= @email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
diff --git a/app/views/product_owners/mailer/password_change.html.erb b/app/views/product_owners/mailer/password_change.html.erb
@@ -0,0 +1,3 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>We're contacting you to notify you that your password has been changed.</p>
diff --git a/app/views/product_owners/mailer/reset_password_instructions.html.erb b/app/views/product_owners/mailer/reset_password_instructions.html.erb
@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>
diff --git a/app/views/product_owners/mailer/unlock_instructions.html.erb b/app/views/product_owners/mailer/unlock_instructions.html.erb
@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>
diff --git a/app/views/product_owners/passwords/edit.html.erb b/app/views/product_owners/passwords/edit.html.erb
@@ -0,0 +1,19 @@
+<h2>Change your password</h2>
+
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
+  <%= f.error_notification %>
+
+  <%= f.input :reset_password_token, as: :hidden %>
+  <%= f.full_error :reset_password_token %>
+
+  <div class="form-inputs">
+    <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %>
+    <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
+  </div>
+
+  <div class="form-actions">
+    <%= f.button :submit, "Change my password" %>
+  </div>
+<% end %>
+
+<%= render "product_owners/shared/links" %>
diff --git a/app/views/product_owners/passwords/new.html.erb b/app/views/product_owners/passwords/new.html.erb
@@ -0,0 +1,15 @@
+<h2>Forgot your password?</h2>
+
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
+  <%= f.error_notification %>
+
+  <div class="form-inputs">
+    <%= f.input :email, required: true, autofocus: true %>
+  </div>
+
+  <div class="form-actions">
+    <%= f.button :submit, "Send me reset password instructions" %>
+  </div>
+<% end %>
+
+<%= render "product_owners/shared/links" %>
diff --git a/app/views/product_owners/registrations/_form.html.haml b/app/views/product_owners/registrations/_form.html.haml
@@ -0,0 +1,12 @@
+= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
+  = f.error_notification
+  .form-inputs
+    .names
+      = f.input :first_name, required: true, autofocus: true
+      = f.input :last_name, required: true
+    = f.input :email, required: true
+    = f.input :password,
+      required: true,
+      hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length)
+  .form-actions
+    = f.button :submit, "Sign up"
diff --git a/app/views/product_owners/registrations/edit.html.erb b/app/views/product_owners/registrations/edit.html.erb
@@ -0,0 +1,27 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+  <%= f.error_notification %>
+
+  <div class="form-inputs">
+    <%= f.input :email, required: true, autofocus: true %>
+
+    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+      <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
+    <% end %>
+
+    <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
+    <%= f.input :password_confirmation, required: false %>
+    <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
+  </div>
+
+  <div class="form-actions">
+    <%= f.button :submit, "Update" %>
+  </div>
+<% end %>
+
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
+
+<%= link_to "Back", :back %>
diff --git a/app/views/product_owners/registrations/new.html.haml b/app/views/product_owners/registrations/new.html.haml
@@ -0,0 +1,9 @@
+.sign-up-form
+  .col
+    %figure.logo
+      = link_to root_path do
+        = image_tag("logos/apps-logo-alt.svg")
+    %h1
+      = t(".heading")
+  .col
+    = render "form", resource: resource
diff --git a/app/views/product_owners/sessions/new.html.erb b/app/views/product_owners/sessions/new.html.erb
@@ -0,0 +1,15 @@
+<h2>Log in</h2>
+
+<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
+  <div class="form-inputs">
+    <%= f.input :email, required: false, autofocus: true %>
+    <%= f.input :password, required: false %>
+    <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
+  </div>
+
+  <div class="form-actions">
+    <%= f.button :submit, "Log in" %>
+  </div>
+<% end %>
+
+<%= render "product_owners/shared/links" %>
diff --git a/app/views/product_owners/shared/_links.html.erb b/app/views/product_owners/shared/_links.html.erb
@@ -0,0 +1,25 @@
+<%- if controller_name != 'sessions' %>
+  <%= link_to "Log in", new_session_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+  <%= link_to "Sign up", new_registration_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
+  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
+  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
+  <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.omniauthable? %>
+  <%- resource_class.omniauth_providers.each do |provider| %>
+    <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %><br />
+  <% end -%>
+<% end -%>
diff --git a/app/views/product_owners/unlocks/new.html.erb b/app/views/product_owners/unlocks/new.html.erb
@@ -0,0 +1,16 @@
+<h2>Resend unlock instructions</h2>
+
+<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
+  <%= f.error_notification %>
+  <%= f.full_error :unlock_token %>
+
+  <div class="form-inputs">
+    <%= f.input :email, required: true, autofocus: true %>
+  </div>
+
+  <div class="form-actions">
+    <%= f.button :submit, "Resend unlock instructions" %>
+  </div>
+<% end %>
+
+<%= render "product_owners/shared/links" %>
diff --git a/app/views/products/_product_content.html.haml b/app/views/products/_product_content.html.haml
@@ -1,8 +1,18 @@
 %header.product-header
-  %h1
+  %h1.product-name
     = link_to "//#{product.url}", target: "_blank" do
       = product.name
       %i.fa.fa-external-link
+  - if no_users_signed_in? || product_owner_signed_in?
+    .product-edit
+      = simple_form_for [product, product_request] do |f|
+        = f.input :product_id, value: product.id, as: :hidden
+        - if no_users_signed_in?
+          = button_tag(class: "modal-trigger", data: {modal_id: "product-owner-modal"}, id: "edit-product-button", type: "submit") do
+            = t(".edit_product_html")
+        - else
+          = button_tag(id: "edit-product-button", type: "submit") do
+            = t(".edit_product_html")
 .product-info
   = product.long_description
 
diff --git a/app/views/products/_product_owner_modal.html.haml b/app/views/products/_product_owner_modal.html.haml
@@ -0,0 +1,6 @@
+.modal.product-owner-modal#product-owner-modal
+  .slide-1-heading
+    %h1
+      = t(".heading")
+  = render "product_owner_signup_form"
+  .close.modal-close
diff --git a/app/views/products/_product_owner_signup_form.html.haml b/app/views/products/_product_owner_signup_form.html.haml
@@ -0,0 +1,12 @@
+= simple_form_for(:product_owner, as: "product_owner", url: registration_path("product_owner")) do |f|
+  = f.error_notification
+  .form-inputs
+    .names
+      = f.input :first_name, required: true, autofocus: true
+      = f.input :last_name, required: true
+    = f.input :email, required: true
+    = f.input :password,
+      required: true,
+      hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length)
+  .form-actions
+    = f.button :submit, "Sign up"
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,7 +4,7 @@ def custom_body_class @@
       end
       def no_users_signed_in?
-        !user_signed_in? && !government_user_signed_in?
+        !user_signed_in? && !government_user_signed_in? && !product_owner_signed_in?
       end
       private
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		<p>Hello <%= @resource.email %>!</p>

		<p>We're contacting you to notify you that your password has been changed.</p>