diff --git a/app/controllers/achievements_controller.rb b/app/controllers/achievements_controller.rb index b67507c..92db8e1 100644 --- a/app/controllers/achievements_controller.rb +++ b/app/controllers/achievements_controller.rb @@ -4,6 +4,8 @@ class AchievementsController < ApplicationController before_action :set_achievement_dropdown_menu, only: %i[new create edit update] before_action :current_achievement, only: %i[edit show update] + before_action :non_admin, only: %i[new create edit update] + def new @achievement = current_user.achievements.build end diff --git a/app/controllers/addresses_controller.rb b/app/controllers/addresses_controller.rb index da9ce04..00dbd4c 100644 --- a/app/controllers/addresses_controller.rb +++ b/app/controllers/addresses_controller.rb @@ -4,6 +4,8 @@ class AddressesController < ApplicationController before_action :set_address_dropdown_menu, only: %i[new create edit update] before_action :current_address, only: %i[edit show update] + before_action :non_admin, only: %i[new create edit update] + def new @address = current_user.addresses.build end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3da7ed5..92bd518 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -21,4 +21,8 @@ def logged_in_user def admin_user redirect_to(root_url) unless current_user.admin? # look attribute admin? true:false end + + def non_admin + redirect_to(root_url) if current_user.admin? # look attribute admin? true:false + end end diff --git a/app/controllers/extras_controller.rb b/app/controllers/extras_controller.rb index 0829640..448cd2c 100644 --- a/app/controllers/extras_controller.rb +++ b/app/controllers/extras_controller.rb @@ -4,6 +4,8 @@ class ExtrasController < ApplicationController before_action :set_extra_dropdown_menu, only: %i[new create edit update] before_action :current_extra, only: %i[edit show update] + before_action :non_admin, only: %i[new create edit update] + def new @extra = current_user.extras.build end diff --git a/app/controllers/languages_controller.rb b/app/controllers/languages_controller.rb index 837c729..409051c 100644 --- a/app/controllers/languages_controller.rb +++ b/app/controllers/languages_controller.rb @@ -4,6 +4,8 @@ class LanguagesController < ApplicationController before_action :set_language_dropdown_menu, only: %i[new create edit update] before_action :current_language, only: %i[edit update show] + before_action :non_admin, only: %i[new create edit update] + def new @language = current_user.languages.build end diff --git a/app/controllers/majors_controller.rb b/app/controllers/majors_controller.rb index 3df728b..422bc97 100644 --- a/app/controllers/majors_controller.rb +++ b/app/controllers/majors_controller.rb @@ -5,6 +5,8 @@ class MajorsController < ApplicationController before_action :set_major_dropdown_menu, only: %i[new create edit update] before_action :current_user, only: %i[edit update show] before_action :fill_major, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @major = current_user.build_major end diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb index 18c42fd..abcd6be 100644 --- a/app/controllers/organizations_controller.rb +++ b/app/controllers/organizations_controller.rb @@ -4,6 +4,8 @@ class OrganizationsController < ApplicationController before_action :set_organization_dropdown_menu, only: %i[new create edit update] before_action :current_organization, only: %i[edit show update] + before_action :non_admin, only: %i[new create edit update] + def new @organization = current_user.organizations.build end diff --git a/app/controllers/parents_controller.rb b/app/controllers/parents_controller.rb index 5740422..120b98d 100644 --- a/app/controllers/parents_controller.rb +++ b/app/controllers/parents_controller.rb @@ -5,6 +5,8 @@ class ParentsController < ApplicationController before_action :set_parent_dropdown_menu, only: %i[new create edit update] before_action :current_parent, only: %i[show update edit] before_action :fill_parent, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @parent = current_user.build_parent end diff --git a/app/controllers/personals_controller.rb b/app/controllers/personals_controller.rb index 28f3977..382aa48 100644 --- a/app/controllers/personals_controller.rb +++ b/app/controllers/personals_controller.rb @@ -6,6 +6,8 @@ class PersonalsController < ApplicationController # before_action :set_personal, only: %i[edit update show] before_action :current_personal, only: %i[edit update show] before_action :fill_personal, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @personal = current_user.build_personal end diff --git a/app/controllers/pmdk_each_score_informations_controller.rb b/app/controllers/pmdk_each_score_informations_controller.rb index 5b86f73..09da551 100644 --- a/app/controllers/pmdk_each_score_informations_controller.rb +++ b/app/controllers/pmdk_each_score_informations_controller.rb @@ -4,6 +4,8 @@ class PmdkEachScoreInformationsController < ApplicationController before_action :current_pmdk_each_score, only: %i[show edit update] before_action :fill_pmdk_each_score, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @pmdk_each_score = current_user.build_pmdk_each_score_information end diff --git a/app/controllers/pmdk_school_informations_controller.rb b/app/controllers/pmdk_school_informations_controller.rb index 7d12669..4a1b424 100644 --- a/app/controllers/pmdk_school_informations_controller.rb +++ b/app/controllers/pmdk_school_informations_controller.rb @@ -5,6 +5,8 @@ class PmdkSchoolInformationsController < ApplicationController before_action :set_pmdk_school_dropdown, only: %i[new create edit update] before_action :current_pmdk_school, only: %i[edit update show] before_action :fill_pmdk_school, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @pmdk_school_information = current_user.build_pmdk_school_information end diff --git a/app/controllers/pmdk_total_score_informations_controller.rb b/app/controllers/pmdk_total_score_informations_controller.rb index 90a0019..96942da 100644 --- a/app/controllers/pmdk_total_score_informations_controller.rb +++ b/app/controllers/pmdk_total_score_informations_controller.rb @@ -4,6 +4,8 @@ class PmdkTotalScoreInformationsController < ApplicationController before_action :current_pmdk_total_score, only: %i[edit update show] before_action :fill_pmdk_total, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @pmdk_total_score = current_user.build_pmdk_total_score_information end diff --git a/app/controllers/sources_controller.rb b/app/controllers/sources_controller.rb index 430eb80..2c1ca42 100644 --- a/app/controllers/sources_controller.rb +++ b/app/controllers/sources_controller.rb @@ -5,6 +5,8 @@ class SourcesController < ApplicationController before_action :set_source_dropdown_menu, only: %i[new create edit update] before_action :current_source, only: %i[edit update show] before_action :fill_source, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @source = current_user.build_source end diff --git a/app/controllers/usm_school_informations_controller.rb b/app/controllers/usm_school_informations_controller.rb index 0e4db57..f9d5ff3 100644 --- a/app/controllers/usm_school_informations_controller.rb +++ b/app/controllers/usm_school_informations_controller.rb @@ -5,6 +5,8 @@ class UsmSchoolInformationsController < ApplicationController before_action :set_usm_school_dropdown, only: %i[new create edit update] before_action :current_usm_school, only: %i[edit update show] before_action :fill_usm_school, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @usm_school = current_user.build_usm_school_information end diff --git a/app/controllers/utbk_school_informations_controller.rb b/app/controllers/utbk_school_informations_controller.rb index ef1496e..f032f43 100644 --- a/app/controllers/utbk_school_informations_controller.rb +++ b/app/controllers/utbk_school_informations_controller.rb @@ -5,6 +5,8 @@ class UtbkSchoolInformationsController < ApplicationController before_action :set_utbk_school_dropdown, only: %i[new create edit update] before_action :current_utbk_school, only: %i[edit update show] before_action :fill_utbk_school, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] + def new @utbk_school_information = current_user.build_utbk_school_information end diff --git a/app/controllers/utbk_scores_controller.rb b/app/controllers/utbk_scores_controller.rb index 8530b62..dc9bf64 100644 --- a/app/controllers/utbk_scores_controller.rb +++ b/app/controllers/utbk_scores_controller.rb @@ -1,9 +1,10 @@ # frozen_string_literal: true -# utbk_score : handle utbk score data +# utbk_score : handle utbk score data class UtbkScoresController < ApplicationController before_action :current_utbk, only: %i[edit update show] before_action :fill_utbk, only: %i[new create] + before_action :non_admin, only: %i[new create edit update] def new @utbk_score = current_user.build_utbk_score end diff --git a/test/controllers/accreditation_school_lists_controller_test.rb b/test/controllers/accreditation_school_lists_controller_test.rb index f94dee4..7223cfc 100644 --- a/test/controllers/accreditation_school_lists_controller_test.rb +++ b/test/controllers/accreditation_school_lists_controller_test.rb @@ -6,7 +6,7 @@ class AccreditationSchoolListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @accreditation_school_list = accreditation_school_lists(:one) end diff --git a/test/controllers/achievement_kategori_lists_controller_test.rb b/test/controllers/achievement_kategori_lists_controller_test.rb index fc1d545..6322e5b 100644 --- a/test/controllers/achievement_kategori_lists_controller_test.rb +++ b/test/controllers/achievement_kategori_lists_controller_test.rb @@ -6,7 +6,7 @@ class AchievementKategoriListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @achievement_kategori_list = achievement_kategori_lists(:one) end diff --git a/test/controllers/achievement_tingkat_lists_controller_test.rb b/test/controllers/achievement_tingkat_lists_controller_test.rb index fa955ed..5d4e801 100644 --- a/test/controllers/achievement_tingkat_lists_controller_test.rb +++ b/test/controllers/achievement_tingkat_lists_controller_test.rb @@ -6,7 +6,7 @@ class AchievementTingkatListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @achievement_tingkat_list = achievement_tingkat_lists(:one) end diff --git a/test/controllers/address_kabupaten_lists_controller_test.rb b/test/controllers/address_kabupaten_lists_controller_test.rb index 79512f1..ad3b7fb 100644 --- a/test/controllers/address_kabupaten_lists_controller_test.rb +++ b/test/controllers/address_kabupaten_lists_controller_test.rb @@ -6,7 +6,7 @@ class AddressKabupatenListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { - session: { email: users(:michael).email, password: 'password' } + session: { email: users(:adminuser).email, password: 'password' } } @address_kabupaten_list = address_kabupaten_lists(:acehtengah) end diff --git a/test/controllers/address_kecamatan_lists_controller_test.rb b/test/controllers/address_kecamatan_lists_controller_test.rb index d04af11..e7dd256 100644 --- a/test/controllers/address_kecamatan_lists_controller_test.rb +++ b/test/controllers/address_kecamatan_lists_controller_test.rb @@ -6,7 +6,7 @@ class AddressKecamatanListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { - session: { email: users(:michael).email, password: 'password' } + session: { email: users(:adminuser).email, password: 'password' } } @address_kecamatan_list = address_kecamatan_lists(:kecacehtengah) end diff --git a/test/controllers/address_province_lists_controller_test.rb b/test/controllers/address_province_lists_controller_test.rb index 1f27cca..46ad2bc 100644 --- a/test/controllers/address_province_lists_controller_test.rb +++ b/test/controllers/address_province_lists_controller_test.rb @@ -6,7 +6,7 @@ class AddressProvinceListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { - session: { email: users(:michael).email, password: 'password' } + session: { email: users(:adminuser).email, password: 'password' } } @address_province_list = address_province_lists(:aceh) end diff --git a/test/controllers/all_school_lists_controller_test.rb b/test/controllers/all_school_lists_controller_test.rb index c07bca7..13b648b 100644 --- a/test/controllers/all_school_lists_controller_test.rb +++ b/test/controllers/all_school_lists_controller_test.rb @@ -6,7 +6,7 @@ class AllSchoolListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @all_school_list = all_school_lists(:one) end diff --git a/test/controllers/batch_lists_controller_test.rb b/test/controllers/batch_lists_controller_test.rb index 9caf4c2..cdf7322 100644 --- a/test/controllers/batch_lists_controller_test.rb +++ b/test/controllers/batch_lists_controller_test.rb @@ -6,7 +6,7 @@ class BatchListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @batch_list = batch_lists(:one) end diff --git a/test/controllers/extra_lists_controller_test.rb b/test/controllers/extra_lists_controller_test.rb index 369889a..f7717fb 100644 --- a/test/controllers/extra_lists_controller_test.rb +++ b/test/controllers/extra_lists_controller_test.rb @@ -6,7 +6,7 @@ class ExtraListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, + email: users(:adminuser).email, password: 'password' } } @extra_list = extra_lists(:one) diff --git a/test/controllers/high_school_majors_controller_test.rb b/test/controllers/high_school_majors_controller_test.rb index 8e5dfb7..6af9fe9 100644 --- a/test/controllers/high_school_majors_controller_test.rb +++ b/test/controllers/high_school_majors_controller_test.rb @@ -6,7 +6,7 @@ class HighSchoolMajorsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @high_school_major = high_school_majors(:one) end diff --git a/test/controllers/language_degree_lists_controller_test.rb b/test/controllers/language_degree_lists_controller_test.rb index f2748ee..ad7c635 100644 --- a/test/controllers/language_degree_lists_controller_test.rb +++ b/test/controllers/language_degree_lists_controller_test.rb @@ -6,7 +6,7 @@ class LanguageDegreeListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, + email: users(:adminuser).email, password: 'password' } } @language_degree_list = language_degree_lists(:one) diff --git a/test/controllers/language_name_lists_controller_test.rb b/test/controllers/language_name_lists_controller_test.rb index c905455..f17b007 100644 --- a/test/controllers/language_name_lists_controller_test.rb +++ b/test/controllers/language_name_lists_controller_test.rb @@ -6,7 +6,7 @@ class LanguageNameListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, + email: users(:adminuser).email, password: 'password' } } @language_name_list = language_name_lists(:one) diff --git a/test/controllers/major_lists_controller_test.rb b/test/controllers/major_lists_controller_test.rb index 9ed0695..c04c050 100644 --- a/test/controllers/major_lists_controller_test.rb +++ b/test/controllers/major_lists_controller_test.rb @@ -6,7 +6,7 @@ class MajorListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @major_list = major_lists(:one) end diff --git a/test/controllers/organization_degree_lists_controller_test.rb b/test/controllers/organization_degree_lists_controller_test.rb index d5d9e0a..c270bb0 100644 --- a/test/controllers/organization_degree_lists_controller_test.rb +++ b/test/controllers/organization_degree_lists_controller_test.rb @@ -6,7 +6,7 @@ class OrganizationDegreeListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, + email: users(:adminuser).email, password: 'password' } } @organization_degree_list = organization_degree_lists(:one) diff --git a/test/controllers/parent_education_lists_controller_test.rb b/test/controllers/parent_education_lists_controller_test.rb index 6749908..4083a93 100644 --- a/test/controllers/parent_education_lists_controller_test.rb +++ b/test/controllers/parent_education_lists_controller_test.rb @@ -6,7 +6,7 @@ class ParentEducationListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @parent_education_list = parent_education_lists(:one) end diff --git a/test/controllers/parent_job_lists_controller_test.rb b/test/controllers/parent_job_lists_controller_test.rb index afb8726..e290c14 100644 --- a/test/controllers/parent_job_lists_controller_test.rb +++ b/test/controllers/parent_job_lists_controller_test.rb @@ -6,7 +6,7 @@ class ParentJobListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @parent_job_list = parent_job_lists(:one) end diff --git a/test/controllers/personal_gender_lists_controller_test.rb b/test/controllers/personal_gender_lists_controller_test.rb index c91f6b2..1a6ff25 100644 --- a/test/controllers/personal_gender_lists_controller_test.rb +++ b/test/controllers/personal_gender_lists_controller_test.rb @@ -6,7 +6,7 @@ class PersonalGenderListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @personal_gender_list = personal_gender_lists(:one) end diff --git a/test/controllers/personal_religion_lists_controller_test.rb b/test/controllers/personal_religion_lists_controller_test.rb index d8481f8..23f2f07 100644 --- a/test/controllers/personal_religion_lists_controller_test.rb +++ b/test/controllers/personal_religion_lists_controller_test.rb @@ -6,7 +6,7 @@ class PersonalReligionListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @personal_religion_list = personal_religion_lists(:one) end diff --git a/test/controllers/pmdk_school_lists_controller_test.rb b/test/controllers/pmdk_school_lists_controller_test.rb index 2c7768b..718ebda 100644 --- a/test/controllers/pmdk_school_lists_controller_test.rb +++ b/test/controllers/pmdk_school_lists_controller_test.rb @@ -6,7 +6,7 @@ class PmdkSchoolListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { - session: { email: users(:michael).email, password: 'password' } + session: { email: users(:adminuser).email, password: 'password' } } @pmdk_school_list = pmdk_school_lists(:one) end diff --git a/test/controllers/source_motivation_lists_controller_test.rb b/test/controllers/source_motivation_lists_controller_test.rb index 96dad68..99c256c 100644 --- a/test/controllers/source_motivation_lists_controller_test.rb +++ b/test/controllers/source_motivation_lists_controller_test.rb @@ -6,7 +6,7 @@ class SourceMotivationListsControllerTest < ActionDispatch::IntegrationTest setup do get login_path post login_path, params: { session: { - email: users(:michael).email, password: 'password' + email: users(:adminuser).email, password: 'password' } } @source_motivation_list = source_motivation_lists(:one) end diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb index b2bdb23..1dd98cf 100644 --- a/test/controllers/users_controller_test.rb +++ b/test/controllers/users_controller_test.rb @@ -60,6 +60,7 @@ def setup assert_redirected_to root_url end test 'should redirect destroy when logged in as admin' do + @user = users(:adminuser) get login_path post login_path, params: { session: { email: @user.email, password: 'password' } } assert_difference 'User.count', -1 do diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index f37b417..face90e 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -3,6 +3,13 @@ michael: name: Michael Hartl email: michaelhar@gmail.com password_digest: <%=User.digest('password') %> + admin: false + activated: true + activated_at: <%= Time.zone.now %> +adminuser: + name: Januari + email: januari@gmail.com + password_digest: <%=User.digest('password') %> admin: true activated: true activated_at: <%= Time.zone.now %> diff --git a/test/integration/reject_non_admin_test.rb b/test/integration/reject_non_admin_test.rb new file mode 100644 index 0000000..8a62632 --- /dev/null +++ b/test/integration/reject_non_admin_test.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: true + +# reject access for non admin user +require 'test_helper' + +class RejectNonAdminTest < ActionDispatch::IntegrationTest + def setup + @user = users(:adminuser) + get login_path + post login_path, params: { session: { email: @user.email, password: 'password'}} + assert logged_in? + end + test 'personal data reject for admin' do + get new_personal_url + assert_redirected_to root_url + end + test 'parents data reject for admin' do + get new_parent_url + assert_redirected_to root_url + end + test 'majors data reject for admin' do + get new_major_url + assert_redirected_to root_url + end + test 'organizations data reject for admin' do + get new_organization_url + assert_redirected_to root_url + end + test 'source data reject for admin' do + get new_source_url + assert_redirected_to root_url + end + test 'achievement data reject for admin' do + get new_achievement_url + assert_redirected_to root_url + end + test 'language data reject for admin' do + get new_language_url + assert_redirected_to root_url + end + test 'utbk_score data reject for admin' do + get new_utbk_score_url + assert_redirected_to root_url + end + test 'utbk school data reject for admin' do + get new_utbk_school_information_url + assert_redirected_to root_url + end + test 'usm school data reject for admin' do + get new_usm_school_information_url + assert_redirected_to root_url + end + test 'pmdk total data reject for admin' do + get new_pmdk_total_score_information_url + assert_redirected_to root_url + end + test 'pmdk school data reject for admin' do + get new_pmdk_school_information_url + assert_redirected_to root_url + end + test 'pmdk each score data reject for admin' do + get new_pmdk_each_score_information_url + assert_redirected_to root_url + end + test 'address data reject for admin' do + get new_address_url + assert_redirected_to root_url + end +end