before auth filter

2011-01-21 10:28:37 -08:00 · 2011-01-21 10:28:37 -08:00 · 46cb9dd346
commit 46cb9dd346
parent 46b94bc130
3 changed files with 25 additions and 0 deletions
--- a/app/controllers/statistics_controller.rb
+++ b/app/controllers/statistics_controller.rb
@ -1,5 +1,6 @@
 class StatisticsController < ApplicationController
  before_filter :authenticate_user!
+  before_filter :redirect_unauthorized
  
  def index
    @statistics = Statistic.find(:all, :order => 'created_at DESC').paginate(:page => params[:page], :per_page => 15)
@ -21,5 +22,12 @@ class StatisticsController < ApplicationController
            :type => 'image/png', 
            :filename => "stats.png")
  end
+
+  private
+  def redirect_unauthorized
+    unless AppConfig[:admins].include?(current_user.username)
+      redirect_to root_url
+    end
+  end
 end

--- a/config/app_config.yml.example
+++ b/config/app_config.yml.example
@ -87,6 +87,10 @@ default:
  cloudfiles_api_key:  'abc123'
  invites_off: false

+  #list of users who have admin privilages
+  admins:
+    - 'example_user1dsioaioedfhgoiesajdigtoearogjaidofgjo'
+
 development:

 test:
--- a/spec/controllers/statistics_controller_spec.rb
+++ b/spec/controllers/statistics_controller_spec.rb
@ -4,6 +4,7 @@ describe StatisticsController do
  render_views

  before do
+    AppConfig[:admins] = ['alice']
    sign_in :user, alice
  end

@ -39,4 +40,16 @@ describe StatisticsController do
    end
  end

+  describe '#redirect_unauthorized' do
+    it 'redirects for non admins' do
+      AppConfig[:admins] = ['bob']
+      get :index
+      response.should be_redirect
+    end
+
+    it 'succeeds' do
+      get :index
+      response.should be_success
+    end
+  end
 end