From 46cb9dd346b81bc4f00e416c2d999d9f013192e8 Mon Sep 17 00:00:00 2001
From: zhitomirskiyi <ilya@joindiaspora.com>
Date: Fri, 21 Jan 2011 10:28:37 -0800
Subject: [PATCH] before auth filter

---
 app/controllers/statistics_controller.rb       |  8 ++++++++
 config/app_config.yml.example                  |  4 ++++
 spec/controllers/statistics_controller_spec.rb | 13 +++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/app/controllers/statistics_controller.rb b/app/controllers/statistics_controller.rb
index 06848a6ed..f15b698d8 100644
--- a/app/controllers/statistics_controller.rb
+++ b/app/controllers/statistics_controller.rb
@@ -1,5 +1,6 @@
 class StatisticsController < ApplicationController
   before_filter :authenticate_user!
+  before_filter :redirect_unauthorized
   
   def index
     @statistics = Statistic.find(:all, :order => 'created_at DESC').paginate(:page => params[:page], :per_page => 15)
@@ -21,5 +22,12 @@ class StatisticsController < ApplicationController
             :type => 'image/png', 
             :filename => "stats.png")
   end
+
+  private
+  def redirect_unauthorized
+    unless AppConfig[:admins].include?(current_user.username)
+      redirect_to root_url
+    end
+  end
 end
 
diff --git a/config/app_config.yml.example b/config/app_config.yml.example
index f442e08b1..b8f89529e 100644
--- a/config/app_config.yml.example
+++ b/config/app_config.yml.example
@@ -87,6 +87,10 @@ default:
   cloudfiles_api_key:  'abc123'
   invites_off: false
 
+  #list of users who have admin privilages
+  admins:
+    - 'example_user1dsioaioedfhgoiesajdigtoearogjaidofgjo'
+
 development:
 
 test:
diff --git a/spec/controllers/statistics_controller_spec.rb b/spec/controllers/statistics_controller_spec.rb
index 84e64cd52..2b6697442 100644
--- a/spec/controllers/statistics_controller_spec.rb
+++ b/spec/controllers/statistics_controller_spec.rb
@@ -4,6 +4,7 @@ describe StatisticsController do
   render_views
 
   before do
+    AppConfig[:admins] = ['alice']
     sign_in :user, alice
   end
 
@@ -39,4 +40,16 @@ describe StatisticsController do
     end
   end
 
+  describe '#redirect_unauthorized' do
+    it 'redirects for non admins' do
+      AppConfig[:admins] = ['bob']
+      get :index
+      response.should be_redirect
+    end
+
+    it 'succeeds' do
+      get :index
+      response.should be_success
+    end
+  end
 end