refactor user controller, remove redundant index action

fablabbcn · Dec 12, 2024 · 1ec65a1 · 1ec65a1
1 parent ea05990
commit 1ec65a1
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 67 deletions.
diff --git a/app/controllers/ui/users_controller.rb b/app/controllers/ui/users_controller.rb
@@ -3,22 +3,18 @@ class UsersController < ApplicationController
     include SharedControllerMethods
 
     def index
-      @title = I18n.t(:users_index_title)
+      redirect_to current_user ? ui_user_path(current_user.username) : login_path
     end
 
     def show
-      @user = User.friendly.find(params[:id])
+      find_user!
       @title = I18n.t(:show_user_title, username: @user.username)
       render "show", layout: "base"
     end
 
     def secrets
-      @user = User.friendly.find(params[:id])
-      unless authorize? @user, :show_secrets?
-        flash[:alert] = I18n.t(:edit_user_forbidden)
-        redirect_to current_user ? ui_user_path(@user.username) : login_path
-        return
-      end
+      find_user!
+      return unless authorize_user!
       @title = I18n.t(:secrets_user_title, username: @user.username)
     end
 
@@ -57,22 +53,14 @@ def create
     end
 
     def edit
-      @user = User.friendly.find(params[:id])
-      unless authorize? @user, :update?
-        flash[:alert] = I18n.t(:edit_user_forbidden)
-        redirect_to current_user ? ui_user_path(@user.username) : login_path
-        return
-      end
+      find_user!
+      return unless authorize_user!
       @title = I18n.t(:edit_user_title)
     end
 
     def update
-      @user = User.friendly.find(params[:id])
-      unless authorize? @user, :update?
-        flash[:alert] = I18n.t(:edit_user_forbidden)
-        redirect_to current_user ? ui_user_path(@user.username) : login_path
-        return
-      end
+      find_user!
+      return unless authorize_user!
       if @user.update(params.require(:user).permit(
         :profile_picture,
         :username,
@@ -92,22 +80,14 @@ def update
     end
 
     def delete
-      @user = User.friendly.find(params[:id])
-      unless authorize? @user, :destroy?
-        flash[:alert] = I18n.t(:delete_user_forbidden)
-        redirect_to current_user ? ui_user_path(@user) : login_path
-        return
-      end
+      find_user!
+      return unless authorize_user!
       @title = I18n.t(:delete_user_title)
     end
 
     def destroy
-      @user = User.friendly.find(params[:id])
-      unless authorize? @user, :destroy?
-        flash[:alert] = I18n.t(:delete_user_forbidden)
-        redirect_to current_user ? ui_user_path(@user) : login_path
-        return
-      end
+      find_user!
+      return unless authorize_user!
       if @user.username != params[:username]
         flash[:alert] = I18n.t(:delete_user_wrong_username)
         redirect_to delete_ui_user_path(@user.username)
@@ -121,5 +101,18 @@ def destroy
     def post_delete
       @title = I18n.t(:post_delete_user_title)
     end
+
+    private
+
+    def find_user!
+      @user = User.friendly.find(params[:id])
+    end
+
+    def authorize_user!
+      return true if authorize? @user, :destroy?
+      flash[:alert] = I18n.t(:delete_user_forbidden)
+      redirect_to current_user ? ui_user_path(@user) : login_path
+      return false
+    end
   end
 end
diff --git a/app/views/ui/users/index.html.erb b/app/views/ui/users/index.html.erb
diff --git a/config/locales/controllers/en.yml b/config/locales/controllers/en.yml
@@ -9,7 +9,6 @@ en:
     password_reset_success: "Changed password for: %{username}."
     password_reset_invalid: "Your reset code might be too old or have been used before."
     destroy_session_success: "Logged out!"
-    users_index_title: "User information"
     show_user_title: "%{username}'s profile"
     secrets_user_title: "Your API keys"
     new_user_title: "Sign up"

diff --git a/config/locales/views/users/en.yml b/config/locales/views/users/en.yml
@@ -28,12 +28,6 @@ en:
   delete_user_warning_html: "🚨<strong>Warning!</strong> This will permanently delete the account <strong>%{username}</strong> and all of its devices.🚨"
   delete_user_username_label: "To confirm, type your username below:"
   delete_user_submit: "I understand, delete my account"
-  users_index_logged_in_message: "Logged in as %{username}."
-  users_index_access_token_label: "Your access token:"
-  users_index_profile_link: "Your profile"
-  users_index_log_out_submit: "Log out"
-  users_index_not_logged_in_message: "Not logged in!"
-  users_index_log_in_link: "Go back"
   users_password_reset_landing_confirmation_label: "Confirm new password"
   users_password_reset_landing_submit: "Change my password"
   post_delete_user_blurb_html: "If you have deleted your account in error, please contact <a href='mailto:support@smartcitizen.me'>Smart Citizen support<a> as soon as possible. After 24 hours, your account and all devices will be deleted permanently."

diff --git a/spec/controllers/ui/users_controller_spec.rb b/spec/controllers/ui/users_controller_spec.rb
@@ -5,10 +5,19 @@
   let(:user) { create(:user) }
 
   describe "index" do
-    it "renders the template" do
-      get :index
-      expect(response).to have_http_status(:success)
-      expect(response).to render_template(:index)
+
+    context "when a user is logged in" do
+      it "redirects to the logged in user's profile page" do
+        get :index, session: { user_id: user.id }
+        expect(response).to redirect_to(ui_user_path(user.username))
+      end
+    end
+
+    context "when no user is logged in" do
+      it "redirects to the login page" do
+        get :index, session: { user_id: nil }
+        expect(response).to redirect_to(login_path)
+      end
     end
   end
 
@@ -30,7 +39,7 @@
     end
 
     context "when a user is logged in" do
-      it "displays an error message and redirects to the ui users path" do
+      it "displays an error message and redirects to the user's profile page" do
         get :new, session: { user_id: user.id }
         expect(response).to redirect_to(ui_user_path(user.username))
         expect(flash[:alert]).to be_present
@@ -49,7 +58,7 @@
       }
     }
     context "when a user is logged in" do
-      it "displays an error message and redirects to the ui users path, without creating a user" do
+      it "displays an error message and redirects to the user's profile page, without creating a user" do
         expect_any_instance_of(User).not_to receive(:save)
         post :create, params: { user: user_params }, session: { user_id: user.id }
         expect(response).to redirect_to(ui_user_path(user.username))

diff --git a/spec/features/session_management_spec.rb b/spec/features/session_management_spec.rb
@@ -10,7 +10,7 @@
     fill_in "Username or email", with: user.email
     fill_in "Password", with: password
     click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
+    expect(page).to have_current_path(ui_user_path(user.username))
     expect(page).to have_content("You have been successfully logged in!")
   end
 
@@ -19,7 +19,7 @@
     fill_in "Username or email", with: user.username
     fill_in "Password", with: password
     click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
+    expect(page).to have_current_path(ui_user_path(user.username))
     expect(page).to have_content("You have been successfully logged in!")
   end
 
@@ -46,7 +46,7 @@
     fill_in "Username or email", with: user.email
     fill_in "Password", with: password
     click_on "Sign into your account"
-    click_on "Log out"
+    click_on "Sign out"
     expect(page).to have_current_path(new_ui_session_path)
     expect(page).to have_content("Logged out!")
   end
@@ -64,7 +64,7 @@
     fill_in "Username or email", with: user.username
     fill_in "Password", with: "newpassword456"
     click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
+    expect(page).to have_current_path(ui_user_path(user.username))
     expect(page).to have_content("You have been successfully logged in!")
   end
 

diff --git a/spec/features/user_management_spec.rb b/spec/features/user_management_spec.rb
@@ -128,8 +128,6 @@
     fill_in "Username or email", with: user.email
     fill_in "Password", with: password
     click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
-    click_on "Your profile"
     click_on "Edit your profile"
     click_on "Permanently delete your account"
     expect(page).to have_current_path(delete_ui_user_path(user.username))
@@ -151,8 +149,6 @@
     fill_in "Username or email", with: user.email
     fill_in "Password", with: password
     click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
-    click_on "Your profile"
     expect(page).to have_current_path(ui_user_path(user.username))
     expect(page).to have_content(user.username)
   end
@@ -165,8 +161,6 @@
     fill_in "Username or email", with: user.email
     fill_in "Password", with: password
     click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
-    click_on "Your profile"
     expect(page).to have_current_path(ui_user_path(user.username))
     click_on "Edit your profile"
     fill_in "Username", with: "my_new_name"
@@ -186,8 +180,6 @@
     fill_in "Username or email", with: user.email
     fill_in "Password", with: password
     click_on "Sign into your account"
-    expect(page).to have_current_path(ui_users_path)
-    click_on "Your profile"
     expect(page).to have_current_path(ui_user_path(user.username))
     click_on "Show your API keys"
     expect(page).to have_current_path(secrets_ui_user_path(user.username))