Add merb-auth like router helper

2022-11-09 12:18:31 -05:00 · 2010-05-25 05:02:54 +08:00 · 2010-05-25 05:02:54 +08:00 · 6ff77c9fdf
commit 6ff77c9fdf
parent d98882d745
5 changed files with 46 additions and 0 deletions
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@ -106,6 +106,16 @@ module ActionDispatch::Routing
      end
    end

+    def authenticate(scope)
+      constraint = lambda do |request|
+        request.env["warden"].authenticate!(:scope => scope)
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+
    protected

      def devise_session(mapping, controllers)
--- a/test/integration/database_authenticatable_test.rb
+++ b/test/integration/database_authenticatable_test.rb
@ -54,6 +54,34 @@ class DatabaseAuthenticationSanityTest < ActionController::IntegrationTest
    assert_not warden.authenticated?(:admin)
  end

+  test 'not signed in as admin should not be able to access private route restricted to admins' do
+    get private_path
+
+    assert_redirected_to new_admin_session_path
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'signed in as user should not be able to access private route restricted to admins' do
+    sign_in_as_user
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+
+    get private_path
+    assert_redirected_to new_admin_session_path
+  end
+
+  test 'signed in as admin should be able to access private route restricted to admins' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+
+    get private_path
+
+    assert_response :success
+    assert_template 'home/private'
+    assert_contain 'Private!'
+  end
+
  test 'signed in as user should not be able to access admins actions' do
    sign_in_as_user
    assert warden.authenticated?(:user)
--- a/test/rails_app/app/controllers/home_controller.rb
+++ b/test/rails_app/app/controllers/home_controller.rb
@ -1,4 +1,7 @@
 class HomeController < ApplicationController
  def index
  end
+
+  def private
+  end
 end
--- a/test/rails_app/app/views/home/private.html.erb
+++ b/test/rails_app/app/views/home/private.html.erb
@ -0,0 +1 @@
+Private!
--- a/test/rails_app/config/routes.rb
+++ b/test/rails_app/config/routes.rb
@ -22,4 +22,8 @@ Rails::Application.routes.draw do
  match "/anywhere", :to => "foo#bar", :as => :new_admin_password

  root :to => "home#index"
+
+  authenticate(:admin) do
+    match "/private", :to => "home#private", :as => :private
+  end
 end