Commit 88298c97

mo khan <mo@mokhan.ca>
2013-07-29 23:40:04
update settings controller to use strong params
master
1 parent 3013215
Changed files (4)
app
controllers
settings_controller.rb
config
locales
en.yml
spec
controllers
settings_controller_spec.rb
features
change_profile_settings_spec.rb
app/controllers/settings_controller.rb
@@ -8,10 +8,16 @@ class SettingsController < ApplicationController
   def update
     @user = current_user
     @user.interest_ids = params[:user][:interest_ids] ||= []
-    if @user.update_without_password(params[:user])
+    if @user.update_without_password(user_params)
       redirect_to settings_path, :notice => 'Your settings have been updated successfully!'
     else
       render :index
     end
   end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:name, :email, :city, :website, :twitter, :facebook)
+  end
 end
config/locales/en.yml
@@ -26,3 +26,4 @@ en:
   tutorial_saved: 'Your tutorial was added.'
   passwords:
     updated: 'Your password was updated.'
+  profile_saved: 'Your settings have been updated successfully!'
spec/controllers/settings_controller_spec.rb
@@ -0,0 +1,39 @@
+require "spec_helper"
+
+describe SettingsController do
+  describe :index do
+    it "should load the current user" do
+      user = build(:user)
+      controller.stub(:current_user).and_return(user)
+      get :index
+      assigns(:user).should == user
+    end
+  end
+
+  describe :update do
+    let(:user) { create(:user) }
+
+    before :each do
+      http_login(user)
+      patch :update, id: user.id, user: { name: 'mo khan', email: 'mo@mokhan.ca', city: 'Calgary', website: 'http://mokhan.ca/', twitter: 'mocheen', facebook: 'fb' }
+      user.reload
+    end
+
+    it "should update the users settings" do
+      user.name.should == 'mo khan'
+      user.email.should == 'mo@mokhan.ca'
+      user.city.should == 'Calgary'
+      user.website.should == 'http://mokhan.ca/'
+      user.twitter.should == 'mocheen'
+      user.facebook.should == 'fb'
+    end
+
+    it "should redirect to the settings page" do
+      response.should redirect_to(settings_path)
+    end
+
+    it "should include a success message" do
+      flash[:notice].should == I18n.t(:profile_saved)
+    end
+  end
+end
spec/features/change_profile_settings_spec.rb
@@ -0,0 +1,26 @@
+require "spec_helper"
+
+describe "Change settings" do
+  let(:user) { create(:user, :password => "password") }
+
+  before :each do
+    visit user_session_path
+    within('.form-inline') do
+      fill_in('user_email', :with => user.email)
+      fill_in('user_password', :with => "password")
+    end
+    click_button("Sign In")
+    visit settings_path
+    within(".form-horizontal") do
+      fill_in('user_city', :with => "Calgary, Alberta, Canada")
+      fill_in('user_website', :with => "http://mokhan.ca/")
+      fill_in('user_twitter', :with => "mocheen")
+      fill_in('user_facebook', :with => "yeah right!")
+    end
+    click_button "Save changes"
+  end
+
+  it "should save the changes properly" do
+    page.should have_content(I18n.translate(:profile_saved))
+  end
+end