diff --git a/app/controllers/admin/lists_controller.rb b/app/controllers/admin/lists_controller.rb index 6d98ca47..a11f1406 100644 --- a/app/controllers/admin/lists_controller.rb +++ b/app/controllers/admin/lists_controller.rb @@ -6,46 +6,46 @@ module Admin # GET /lists.json def index @lists = List.all - + respond_to do |format| format.html # index.html.erb format.json { render json: @lists } end end - + # GET /lists/1 # GET /lists/1.json def show @list = List.find(params[:id]) - + respond_to do |format| format.html # show.html.erb format.json { render json: @list } end end - + # GET /lists/new # GET /lists/new.json def new @list = List.new - + respond_to do |format| format.html # new.html.erb format.json { render json: @list } end end - + # GET /lists/1/edit def edit @list = List.find(params[:id]) end - + # POST /lists # POST /lists.json def create - @list = List.new(params[:list]) + @list = List.new(list_params) @list.supplier_id = params[:list][:supplier_id] - + respond_to do |format| if @list.save format.html { redirect_to [:admin, @list], notice: t('action.create.successfull', model: List.model_name.human) } @@ -56,14 +56,14 @@ module Admin end end end - + # PUT /lists/1 # PUT /lists/1.json def update @list = List.find(params[:id]) - + respond_to do |format| - if @list.update_attributes(params[:list]) + if @list.update_attributes(list_params) format.html { redirect_to [:admin, @list], notice: t('action.update.successfull', model: List.model_name.human) } format.json { head :no_content } else @@ -72,24 +72,28 @@ module Admin end end end - + # DELETE /lists/1 # DELETE /lists/1.json def destroy @list = List.find(params[:id]) @list.destroy - + respond_to do |format| format.html { redirect_to admin_lists_path, notice: t('action.destroy.successfull', model: List.model_name.human) } format.json { head :no_content } end end - + private - + def set_relation_options @tables = Table.all @suppliers = Supplier.all end + + def list_params + params.require(:list).permit! + end end end diff --git a/app/controllers/admin/orders_controller.rb b/app/controllers/admin/orders_controller.rb index 5f034c99..25ec322b 100644 --- a/app/controllers/admin/orders_controller.rb +++ b/app/controllers/admin/orders_controller.rb @@ -6,45 +6,45 @@ module Admin # GET /orders.json def index @orders = Order.all - + respond_to do |format| format.html # index.html.erb format.json { render json: @orders } end end - + # GET /orders/1 # GET /orders/1.json def show @order = Order.find(params[:id]) - + respond_to do |format| format.html # show.html.erb format.json { render json: @order } end end - + # GET /orders/new # GET /orders/new.json def new @order = Order.new - + respond_to do |format| format.html # new.html.erb format.json { render json: @order } end end - + # GET /orders/1/edit def edit @order = Order.find(params[:id]) end - + # POST /orders # POST /orders.json def create - @order = Order.new(params[:order]) - + @order = Order.new(order_params) + respond_to do |format| if @order.save format.html { redirect_to [:admin, @order], notice: t('action.create.successfull', model: Order.model_name.human) } @@ -55,14 +55,14 @@ module Admin end end end - + # PUT /orders/1 # PUT /orders/1.json def update @order = Order.find(params[:id]) - + respond_to do |format| - if @order.update_attributes(params[:order]) + if @order.update_attributes(order_params) format.html { redirect_to [:admin, @order], notice: t('action.update.successfull', model: Order.model_name.human) } format.json { head :no_content } else @@ -71,24 +71,28 @@ module Admin end end end - + # DELETE /orders/1 # DELETE /orders/1.json def destroy @order = Order.find(params[:id]) @order.destroy - + respond_to do |format| format.html { redirect_to admin_orders_url, notice: t('action.destroy.successfull', model: Order.model_name.human) } format.json { head :no_content } end end - + private - + def set_relation_options @lists = List.all @suppliers = Supplier.all end + + def order_params + params.require(:order).permit! + end end end diff --git a/app/controllers/admin/product_categories_controller.rb b/app/controllers/admin/product_categories_controller.rb index 3fe32818..f715d470 100644 --- a/app/controllers/admin/product_categories_controller.rb +++ b/app/controllers/admin/product_categories_controller.rb @@ -6,46 +6,46 @@ module Admin # GET /product_categories.json def index @product_categories = ProductCategory.all - + respond_to do |format| format.html # index.html.erb format.json { render json: @product_categories } end end - + # GET /product_categories/1 # GET /product_categories/1.json def show @product_category = ProductCategory.find(params[:id]) - + respond_to do |format| format.html # show.html.erb format.json { render json: @product_category } end end - + # GET /product_categories/new # GET /product_categories/new.json def new @product_category = ProductCategory.new - + respond_to do |format| format.html # new.html.erb format.json { render json: @product_category } end end - + # GET /product_categories/1/edit def edit @product_category = ProductCategory.find(params[:id]) end - + # POST /product_categories # POST /product_categories.json def create - @product_category = ProductCategory.new(params[:product_category]) + @product_category = ProductCategory.new(product_category_params) @product_category.supplier_id = params[:product_category][:supplier_id] - + respond_to do |format| if @product_category.save format.html { redirect_to [:admin, @product_category], notice: t('action.create.successfull', model: ProductCategory.model_name.human) } @@ -56,14 +56,14 @@ module Admin end end end - + # PUT /product_categories/1 # PUT /product_categories/1.json def update @product_category = ProductCategory.find(params[:id]) - + respond_to do |format| - if @product_category.update_attributes(params[:product_category]) + if @product_category.update_attributes(product_category_params) format.html { redirect_to [:admin, @product_category], notice: t('action.update.successfull', model: ProductCategory.model_name.human) } format.json { head :no_content } else @@ -72,19 +72,19 @@ module Admin end end end - + # DELETE /product_categories/1 # DELETE /product_categories/1.json def destroy @product_category = ProductCategory.find(params[:id]) @product_category.destroy - + respond_to do |format| format.html { redirect_to admin_product_categories_path, notice: t('action.destroy.successfull', model: ProductCategory.model_name.human) } format.json { head :no_content } end end - + # GET /product_categories/qrcode # GET /product_categories/qrcode.png # GET /product_categories/qrcode.svg @@ -95,12 +95,16 @@ module Admin format.png { render qrcode: request.url } end end - + private - + def set_relation_options @suppliers = Supplier.all @lists = List.all end + + def product_category_params + params.require(:product_category).permit! + end end end diff --git a/app/controllers/admin/products_controller.rb b/app/controllers/admin/products_controller.rb index 7ae3be2b..8c6ac486 100644 --- a/app/controllers/admin/products_controller.rb +++ b/app/controllers/admin/products_controller.rb @@ -6,46 +6,46 @@ module Admin # GET /products.json def index @products = Product.all - + respond_to do |format| format.html # index.html.erb format.json { render json: @products } end end - + # GET /products/1 # GET /products/1.json def show @product = Product.find(params[:id]) - + respond_to do |format| format.html # show.html.erb format.json { render json: @product } end end - + # GET /products/new # GET /products/new.json def new @product = Product.new - + respond_to do |format| format.html # new.html.erb format.json { render json: @product } end end - + # GET /products/1/edit def edit @product = Product.find(params[:id]) end - + # POST /products # POST /products.json def create - @product = Product.new(params[:product]) + @product = Product.new(product_params) @product.supplier_id = params[:product][:supplier_id] - + respond_to do |format| if @product.save format.html { redirect_to [:admin, @product], notice: t('action.create.successfull', model: Product.model_name.human) } @@ -56,14 +56,14 @@ module Admin end end end - + # PUT /products/1 # PUT /products/1.json def update @product = Product.find(params[:id]) - + respond_to do |format| - if @product.update_attributes(params[:product]) + if @product.update_attributes(product_params) format.html { redirect_to [:admin, @product], notice: t('action.update.successfull', model: Product.model_name.human) } format.json { head :no_content } else @@ -72,24 +72,28 @@ module Admin end end end - + # DELETE /products/1 # DELETE /products/1.json def destroy @product = Product.find(params[:id]) @product.destroy - + respond_to do |format| format.html { redirect_to admin_products_path, notice: t('action.destroy.successfull', model: Product.model_name.human) } format.json { head :no_content } end end - + private - + def set_relation_options @suppliers = Supplier.all @product_categories = ProductCategory.all end + + def product_params + params.require(:product).permit! + end end end diff --git a/app/controllers/admin/sections_controller.rb b/app/controllers/admin/sections_controller.rb index 4ead6003..b827d5ec 100644 --- a/app/controllers/admin/sections_controller.rb +++ b/app/controllers/admin/sections_controller.rb @@ -6,46 +6,46 @@ module Admin # GET /sections.json def index @sections = Section.all - + respond_to do |format| format.html # index.html.erb format.json { render json: @sections } end end - + # GET /sections/1 # GET /sections/1.json def show @section = Section.find(params[:id]) - + respond_to do |format| format.html # show.html.erb format.json { render json: @section } end end - + # GET /sections/new # GET /sections/new.json def new @section = Section.new - + respond_to do |format| format.html # new.html.erb format.json { render json: @section } end end - + # GET /sections/1/edit def edit @section = Section.find(params[:id]) end - + # POST /sections # POST /sections.json def create - @section = Section.new(params[:section]) + @section = Section.new(section_params) @section.supplier_id = params[:section][:supplier_id] - + respond_to do |format| if @section.save format.html { redirect_to [:admin, @section], notice: t('action.create.successfull', model: Section.model_name.human) } @@ -56,14 +56,14 @@ module Admin end end end - + # PUT /sections/1 # PUT /sections/1.json def update @section = Section.find(params[:id]) - + respond_to do |format| - if @section.update_attributes(params[:section]) + if @section.update_attributes(section_params) format.html { redirect_to [:admin, @section], notice: t('action.update.successfull', model: Section.model_name.human) } format.json { head :no_content } else @@ -72,23 +72,27 @@ module Admin end end end - + # DELETE /sections/1 # DELETE /sections/1.json def destroy @section = Section.find(params[:id]) @section.destroy - + respond_to do |format| format.html { redirect_to admin_sections_path, notice: t('action.destroy.successfull', model: Section.model_name.human) } format.json { head :no_content } end end - + private - + def set_relation_options @suppliers = Supplier.all end + + def section_params + params.require(:section).permit! + end end end diff --git a/app/controllers/admin/suppliers_controller.rb b/app/controllers/admin/suppliers_controller.rb index 657d6169..d8dbd50f 100644 --- a/app/controllers/admin/suppliers_controller.rb +++ b/app/controllers/admin/suppliers_controller.rb @@ -42,7 +42,7 @@ module Admin # POST /suppliers # POST /suppliers.json def create - @supplier = Supplier.new(params[:supplier]) + @supplier = Supplier.new(supplier_params) respond_to do |format| if @supplier.save @@ -61,7 +61,7 @@ module Admin @supplier = Supplier.find(params[:id]) respond_to do |format| - if @supplier.update_attributes(params[:supplier]) + if @supplier.update_attributes(supplier_params) format.html { redirect_to [:admin, @supplier], notice: t('action.update.successfull', model: Supplier.model_name.human) } format.json { head :no_content } else @@ -89,5 +89,9 @@ module Admin @suppliers = Supplier.all @lists = List.all end + + def supplier_params + params.require(:supplier).permit! + end end end diff --git a/app/controllers/admin/tables_controller.rb b/app/controllers/admin/tables_controller.rb index cb874284..3d50a662 100644 --- a/app/controllers/admin/tables_controller.rb +++ b/app/controllers/admin/tables_controller.rb @@ -6,46 +6,46 @@ module Admin # GET /tables.json def index @tables = Table.all - + respond_to do |format| format.html # index.html.erb format.json { render json: @tables } end end - + # GET /tables/1 # GET /tables/1.json def show @table = Table.find(params[:id]) - + respond_to do |format| format.html # show.html.erb format.json { render json: @table } end end - + # GET /tables/new # GET /tables/new.json def new @table = Table.new - + respond_to do |format| format.html # new.html.erb format.json { render json: @table } end end - + # GET /tables/1/edit def edit @table = Table.find(params[:id]) end - + # POST /tables # POST /tables.json def create - @table = Table.new(params[:table]) + @table = Table.new(table_params) @table.supplier_id = params[:table][:supplier_id] - + respond_to do |format| if @table.save format.html { redirect_to [:admin, @table], notice: t('action.create.successfull', model: Table.model_name.human) } @@ -56,14 +56,14 @@ module Admin end end end - + # PUT /tables/1 # PUT /tables/1.json def update @table = Table.find(params[:id]) - + respond_to do |format| - if @table.update_attributes(params[:table]) + if @table.update_attributes(table_params) format.html { redirect_to [:admin, @table], notice: t('action.update.successfull', model: Table.model_name.human) } format.json { head :no_content } else @@ -72,24 +72,28 @@ module Admin end end end - + # DELETE /tables/1 # DELETE /tables/1.json def destroy @table = Table.find(params[:id]) @table.destroy - + respond_to do |format| format.html { redirect_to admin_tables_url, notice: t('action.destroy.successfull', model: Table.model_name.human) } format.json { head :no_content } end end - + private - + def set_relation_options @suppliers = Supplier.all @lists = List.all end + + def table_params + params.require(:table).permit! + end end end diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index e6bd94b3..5e1b809f 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -53,7 +53,7 @@ module Admin # POST /users # POST /users.json def create - @user = User.new(params[:user]) + @user = User.new(user_params) respond_to do |format| if @user.save @@ -72,7 +72,7 @@ module Admin @user = User.find(params[:id]) respond_to do |format| - if @user.update_attributes(params[:user]) + if @user.update_attributes(user_params) format.html { redirect_to [:admin, @user], notice: t('action.update.successfull', model: User.model_name.human) } format.json { head :no_content } else @@ -93,5 +93,11 @@ module Admin format.json { head :no_content } end end + + private + + def user_params + params.require(:user).permit! + end end end diff --git a/app/controllers/suppliers/sections_controller.rb b/app/controllers/suppliers/sections_controller.rb index 747de876..ecdd1344 100644 --- a/app/controllers/suppliers/sections_controller.rb +++ b/app/controllers/suppliers/sections_controller.rb @@ -16,6 +16,7 @@ module Suppliers end end + respond_to do |format| format.html # index.html.erb format.json { render json: @sections } diff --git a/spec/controllers/admin/lists_controller_spec.rb b/spec/controllers/admin/lists_controller_spec.rb deleted file mode 100644 index b38485c1..00000000 --- a/spec/controllers/admin/lists_controller_spec.rb +++ /dev/null @@ -1,135 +0,0 @@ -# encoding: UTF-8 -require 'spec_helper' - -describe Admin::ListsController do - before :each do - @administrator = Administrator.find_by_email('administrator@qwaiter.com') || Administrator.create(email: 'administrator@qwaiter.com', password: 'secret') - sign_in @administrator - end - - describe "GET #index" do - it "populates an array of lists" do - list = create :list - get :index - assigns(:lists).should eq([list]) - end - - it "should render without errors when no objects are present" do - get :index - expect{ render_template :index }.not_to raise_error - end - - it "renders the :index view" do - get :index - response.should render_template :index - end - end - - describe "GET #show" do - it "assigns the requested list to @list" do - list = create :list - get :show, id: list - assigns(:list).should eq(list) - end - - it "renders the #show view" do - list = create :list - get :show, id: list - response.should render_template :show - end - end - - describe "GET #new" do - it "assigns a new list to @list" do - get :new - assigns(:list).should be_a List - end - - it "renders the #show view" do - get :new - response.should render_template :new - end - end - - describe "POST #create" do - context "with valid attributes" do - it "creates a new list" do - expect{ - post :create, list: attributes_for(:list) - }.to change(List, :count).by(1) - end - - it "redirects to the new list" do - post :create, list: attributes_for(:list) - response.should redirect_to [:admin, List.last] - end - end - - context "with invalid attributes" do - it "does not save the new list" do - expect{ - post :create, list: {} - }.to_not change(List, :count) - end - - it "re-renders the new method" do - post :create, list: {} - response.should render_template :new - end - end - end - - describe 'PUT update' do - before :each do - @list = create :list - end - - context "valid attributes" do - it "located the requested list" do - put :update, id: @list, list: attributes_for(:list) - @list.reload - assigns(:list).should eq(@list) - end - - it "changes @list's attributes" do - put :update, id: @list, list: attributes_for(:list, price: 2.71) - @list.reload - @list.price.should eq(2.71) - end - - it "redirects to the updated list" do - put :update, id: @list, list: attributes_for(:list) - response.should redirect_to [:admin, @list] - end - end - - context "invalid attributes" do - it "locates the requested list" do - put :update, id: @list, list: {table_id: ''} - assigns(:list).should eq(@list) - end - - it "re-renders the edit method" do - put :update, id: @list, list: {table_id: ''} - response.should render_template :edit - end - end - end - - describe 'DELETE destroy' do - before :each do - @list = create :list - end - - it "deletes the list" do - expect{ - delete :destroy, id: @list - }.to change(List, :count).by(-1) - end - - it "redirects to lists#index" do - delete :destroy, id: @list - response.should redirect_to [:admin, :lists] - end - end -end diff --git a/spec/controllers/admin/product_categories_controller_spec.rb b/spec/controllers/admin/product_categories_controller_spec.rb deleted file mode 100644 index 391b8c2a..00000000 --- a/spec/controllers/admin/product_categories_controller_spec.rb +++ /dev/null @@ -1,140 +0,0 @@ -# encoding: UTF-8 -require 'spec_helper' - -describe Admin::ProductCategoriesController do - before :each do - @administrator = Administrator.find_by_email('administrator@qwaiter.com') || Administrator.create(email: 'administrator@qwaiter.com', password: 'secret') - sign_in @administrator - end - - describe "GET #index" do - it "populates an array of product_categories" do - product_category = create :product_category - get :index - assigns(:product_categories).should eq([product_category]) - end - - it "should render without errors when no objects are present" do - get :index - expect{ render_template :index }.not_to raise_error - end - - it "renders the :index view" do - get :index - response.should render_template :index - end - end - - describe "GET #show" do - it "assigns the requested product_category to @product_category" do - product_category = create :product_category - get :show, id: product_category - assigns(:product_category).should eq(product_category) - end - - it "renders the #show view" do - product_category = create :product_category - get :show, id: product_category - response.should render_template :show - end - end - - describe "GET #new" do - it "assigns a new product_category to @product_category" do - get :new - assigns(:product_category).should be_a ProductCategory - end - - it "renders the #show view" do - get :new - response.should render_template :new - end - end - - describe "POST #create" do - context "with valid attributes" do - it "creates a new product_category" do - expect{ - post :create, product_category: attributes_for(:product_category) - }.to change(ProductCategory, :count).by(1) - end - - it "redirects to the new product_category" do - post :create, product_category: attributes_for(:product_category) - response.should redirect_to [:admin, ProductCategory.last] - end - end - - context "with invalid attributes" do - it "does not save the new product_category" do - expect{ - post :create, product_category: {} - }.to_not change(ProductCategory, :count) - end - - it "re-renders the new method" do - post :create, product_category: {} - response.should render_template :new - end - end - end - - describe 'PUT update' do - before :each do - @product_category = create :product_category - end - - context "valid attributes" do - - it "located the requested product_category" do - put :update, id: @product_category, product_category: attributes_for(:product_category) - @product_category.reload - assigns(:product_category).should eq(@product_category) - end - - it "changes @product_category's attributes" do - put :update, id: @product_category, product_category: attributes_for(:product_category, name: "ChangedByTest") - @product_category.reload - @product_category.name.should eq("ChangedByTest") - end - - it "redirects to the updated product_category" do - put :update, id: @product_category, product_category: attributes_for(:product_category) - response.should redirect_to [:admin, @product_category] - end - - end - - context "invalid attributes" do - - it "locates the requested @product_category" do - put :update, id: @product_category, product_category: {} - assigns(:product_category).should eq(@product_category) - end - - it "re-renders the edit method" do - put :update, id: @product_category, product_category: {name: ''} - response.should render_template :edit - end - - end - end - - describe 'DELETE destroy' do - before :each do - @product_category = create :product_category - end - - it "deletes the contact" do - expect{ - delete :destroy, id: @product_category - }.to change(ProductCategory, :count).by(-1) - end - - it "redirects to product_categories#index" do - delete :destroy, id: @product_category - response.should redirect_to [:admin, :product_categories] - end - - end -end diff --git a/spec/controllers/admin/products_controller_spec.rb b/spec/controllers/admin/products_controller_spec.rb deleted file mode 100644 index 35cc9375..00000000 --- a/spec/controllers/admin/products_controller_spec.rb +++ /dev/null @@ -1,140 +0,0 @@ -# encoding: UTF-8 -require 'spec_helper' - -describe Admin::ProductsController do - before :each do - @administrator = Administrator.find_by_email('administrator@qwaiter.com') || Administrator.create(email: 'administrator@qwaiter.com', password: 'secret') - sign_in @administrator - end - - describe "GET #index" do - it "populates an array of products" do - product = create :product - get :index - assigns(:products).should eq([product]) - end - - it "should render without errors when no objects are present" do - get :index - expect{ render_template :index }.not_to raise_error - end - - it "renders the :index view" do - get :index - response.should render_template :index - end - end - - describe "GET #show" do - it "assigns the requested product to @product" do - product = create :product - get :show, id: product - assigns(:product).should eq(product) - end - - it "renders the #show view" do - product = create :product - get :show, id: product - response.should render_template :show - end - end - - describe "GET #new" do - it "assigns a new product to @product" do - get :new - assigns(:product).should be_a Product - end - - it "renders the #show view" do - get :new - response.should render_template :new - end - end - - describe "POST #create" do - context "with valid attributes" do - it "creates a new product" do - expect{ - post :create, product: attributes_for(:product) - }.to change(Product, :count).by(1) - end - - it "redirects to the new product" do - post :create, product: attributes_for(:product) - response.should redirect_to [:admin, Product.last] - end - end - - context "with invalid attributes" do - it "does not save the new product" do - expect{ - post :create, product: {} - }.to_not change(Product, :count) - end - - it "re-renders the new method" do - post :create, product: {} - response.should render_template :new - end - end - end - - describe 'PUT update' do - before :each do - @product = create :product - end - - context "valid attributes" do - - it "located the requested product" do - put :update, id: @product, product: attributes_for(:product) - @product.reload - assigns(:product).should eq(@product) - end - - it "changes @product's attributes" do - put :update, id: @product, product: attributes_for(:product, name: "ChangedByTest") - @product.reload - @product.name.should eq("ChangedByTest") - end - - it "redirects to the updated product" do - put :update, id: @product, product: attributes_for(:product) - response.should redirect_to [:admin, @product] - end - - end - - context "invalid attributes" do - - it "locates the requested @product" do - put :update, id: @product, product: {} - assigns(:product).should eq(@product) - end - - it "re-renders the edit method" do - put :update, id: @product, product: {name: ''} - response.should render_template :edit - end - - end - end - - describe 'DELETE destroy' do - before :each do - @product = create :product - end - - it "deletes the contact" do - expect{ - delete :destroy, id: @product - }.to change(Product, :count).by(-1) - end - - it "redirects to products#index" do - delete :destroy, id: @product - response.should redirect_to [:admin, :products] - end - - end -end diff --git a/spec/controllers/admin/sections_controller_spec.rb b/spec/controllers/admin/sections_controller_spec.rb deleted file mode 100644 index 5f4dd66a..00000000 --- a/spec/controllers/admin/sections_controller_spec.rb +++ /dev/null @@ -1,140 +0,0 @@ -# encoding: UTF-8 -require 'spec_helper' - -describe Admin::SectionsController do - before :each do - @administrator = Administrator.find_by_email('administrator@qwaiter.com') || Administrator.create(email: 'administrator@qwaiter.com', password: 'secret') - sign_in @administrator - end - - describe "GET #index" do - it "populates an array of sections" do - section = create :section - get :index - assigns(:sections).should =~ [section, Section.find_by_title('Room')] - end - - it "should render without errors when no objects are present" do - get :index - expect{ render_template :index }.not_to raise_error - end - - it "renders the :index view" do - get :index - response.should render_template :index - end - end - - describe "GET #show" do - it "assigns the requested section to @section" do - section = create :section - get :show, id: section - assigns(:section).should eq(section) - end - - it "renders the #show view" do - section = create :section - get :show, id: section - response.should render_template :show - end - end - - describe "GET #new" do - it "assigns a new section to @section" do - get :new - assigns(:section).should be_a Section - end - - it "renders the #show view" do - get :new - response.should render_template :new - end - end - - describe "POST #create" do - context "with valid attributes" do - it "creates a new section" do - expect{ - post :create, section: attributes_for(:section) - }.to change(Section, :count).by(2) # attributes_for creates a new standard section, the post action the other - end - - it "redirects to the new section" do - post :create, section: attributes_for(:section, title: 'Section 1 title') - response.should redirect_to [:admin, Section.find_by_title('Section 1 title')] - end - end - - context "with invalid attributes" do - it "does not save the new section" do - expect{ - post :create, section: {} - }.to_not change(Section, :count) - end - - it "re-renders the new method" do - post :create, section: {} - response.should render_template :new - end - end - end - - describe 'PUT update' do - before :each do - @section = create :section - end - - context "valid attributes" do - - it "located the requested section" do - put :update, id: @section, section: attributes_for(:section) - @section.reload - assigns(:section).should eq(@section) - end - - it "changes @section's attributes" do - put :update, id: @section, section: attributes_for(:section, title: "ChangedByTest") - @section.reload - @section.title.should eq("ChangedByTest") - end - - it "redirects to the updated section" do - put :update, id: @section, section: attributes_for(:section) - response.should redirect_to [:admin, @section] - end - - end - - context "invalid attributes" do - - it "locates the requested section" do - put :update, id: @section, section: {title: ''} - assigns(:section).should eq(@section) - end - - it "re-renders the edit method" do - put :update, id: @section, section: {title: ''} - response.should render_template :edit - end - - end - end - - describe 'DELETE destroy' do - before :each do - @section = create :section - end - - it "deletes the contact" do - expect{ - delete :destroy, id: @section - }.to change(Section, :count).by(-1) - end - - it "redirects to sections#index" do - delete :destroy, id: @section - response.should redirect_to [:admin, :sections] - end - - end -end diff --git a/spec/controllers/admin/suppliers_controller_spec.rb b/spec/controllers/admin/suppliers_controller_spec.rb deleted file mode 100644 index 1c541ad3..00000000 --- a/spec/controllers/admin/suppliers_controller_spec.rb +++ /dev/null @@ -1,135 +0,0 @@ -# encoding: UTF-8 -require 'spec_helper' - -describe Admin::SuppliersController do - before :each do - @administrator = Administrator.find_by_email('administrator@qwaiter.com') || Administrator.create(email: 'administrator@qwaiter.com', password: 'secret') - sign_in @administrator - end - - describe "GET #index" do - it "populates an array of suppliers" do - supplier = create :supplier - get :index - assigns(:suppliers).should eq([supplier]) - end - - it "should render without errors when no objects are present" do - get :index - expect{ render_template :index }.not_to raise_error - end - - it "renders the :index view" do - get :index - response.should render_template :index - end - end - - describe "GET #show" do - it "assigns the requested supplier to @supplier" do - supplier = create :supplier - get :show, id: supplier - assigns(:supplier).should eq(supplier) - end - - it "renders the #show view" do - supplier = create :supplier - get :show, id: supplier - response.should render_template :show - end - end - - describe "GET #new" do - it "assigns a new supplier to @supplier" do - get :new - assigns(:supplier).should be_a Supplier - end - - it "renders the #show view" do - get :new - response.should render_template :new - end - end - - describe "POST #create" do - context "with valid attributes" do - it "creates a new supplier" do - expect{ - post :create, supplier: attributes_for(:supplier) - }.to change(Supplier, :count).by(1) - end - - it "redirects to the new supplier" do - post :create, supplier: attributes_for(:supplier) - response.should redirect_to [:admin, Supplier.last] - end - end - - context "with invalid attributes" do - it "does not save the new supplier" do - expect{ - post :create, supplier: {} - }.to_not change(Supplier, :count) - end - - it "re-renders the new method" do - post :create, supplier: {} - response.should render_template :new - end - end - end - - describe 'PUT update' do - before :each do - @supplier = create :supplier - end - - context "valid attributes" do - it "located the requested supplier" do - put :update, id: @supplier, supplier: attributes_for(:supplier) - @supplier.reload - assigns(:supplier).should eq(@supplier) - end - - it "changes @supplier's attributes" do - put :update, id: @supplier, supplier: attributes_for(:supplier, name: "ChangedByTest") - @supplier.reload - @supplier.name.should eq("ChangedByTest") - end - - it "redirects to the updated supplier" do - put :update, id: @supplier, supplier: attributes_for(:supplier) - response.should redirect_to [:admin, @supplier] - end - end - - context "invalid attributes" do - it "locates the requested supplier" do - put :update, id: @supplier, supplier: {name: ''} - assigns(:supplier).should eq(@supplier) - end - - it "re-renders the edit method" do - put :update, id: @supplier, supplier: {name: ''} - response.should render_template :edit - end - end - end - - describe 'DELETE destroy' do - before :each do - @supplier = create :supplier - end - - it "deletes the supplier" do - expect{ - delete :destroy, id: @supplier - }.to change(Supplier, :count).by(-1) - end - - it "redirects to suppliers#index" do - delete :destroy, id: @supplier - response.should redirect_to [:admin, :suppliers] - end - end -end diff --git a/spec/controllers/admin/tables_controller_spec.rb b/spec/controllers/admin/tables_controller_spec.rb deleted file mode 100644 index 302ade34..00000000 --- a/spec/controllers/admin/tables_controller_spec.rb +++ /dev/null @@ -1,140 +0,0 @@ -# encoding: UTF-8 -require 'spec_helper' - -describe Admin::TablesController do - before :each do - @administrator = Administrator.find_by_email('administrator@qwaiter.com') || Administrator.create(email: 'administrator@qwaiter.com', password: 'secret') - sign_in @administrator - end - - describe "GET #index" do - it "populates an array of tables" do - table = create :table - get :index - assigns(:tables).should eq([table]) - end - - it "should render without errors when no objects are present" do - get :index - expect{ render_template :index }.not_to raise_error - end - - it "renders the :index view" do - get :index - response.should render_template :index - end - end - - describe "GET #show" do - it "assigns the requested table to @table" do - table = create :table - get :show, id: table - assigns(:table).should eq(table) - end - - it "renders the #show view" do - table = create :table - get :show, id: table - response.should render_template :show - end - end - - describe "GET #new" do - it "assigns a new table to @table" do - get :new - assigns(:table).should be_a Table - end - - it "renders the #show view" do - get :new - response.should render_template :new - end - end - - describe "POST #create" do - context "with valid attributes" do - it "creates a new table" do - expect{ - post :create, table: attributes_for(:table) - }.to change(Table, :count).by(1) - end - - it "redirects to the new table" do - post :create, table: attributes_for(:table) - response.should redirect_to [:admin, Table.last] - end - end - - context "with invalid attributes" do - it "does not save the new table" do - expect{ - post :create, table: {number: 0} - }.to_not change(Table, :count) - end - - it "re-renders the new method" do - post :create, table: {number: 0} - response.should render_template :new - end - end - end - - describe 'PUT update' do - before :each do - @table = create :table - end - - context "valid attributes" do - - it "located the requested table" do - put :update, id: @table, table: attributes_for(:table) - @table.reload - assigns(:table).should eq(@table) - end - - it "changes @table's attributes" do - put :update, id: @table, table: attributes_for(:table, number: "44") - @table.reload - @table.number.should eq(44) - end - - it "redirects to the updated table" do - put :update, id: @table, table: attributes_for(:table) - response.should redirect_to [:admin, @table] - end - - end - - context "invalid attributes" do - - it "locates the requested table" do - put :update, id: @table, table: {number: '0'} - assigns(:table).should eq(@table) - end - - it "re-renders the edit method" do - put :update, id: @table, table: {number: '0'} - response.should render_template :edit - end - - end - end - - describe 'DELETE destroy' do - before :each do - @table = create :table - end - - it "deletes the contact" do - expect{ - delete :destroy, id: @table - }.to change(Table, :count).by(-1) - end - - it "redirects to tables#index" do - delete :destroy, id: @table - response.should redirect_to [:admin, :tables] - end - - end -end diff --git a/spec/controllers/suppliers/lists_controller_spec.rb b/spec/controllers/suppliers/lists_controller_spec.rb index ea1d56a5..c4aa1de6 100644 --- a/spec/controllers/suppliers/lists_controller_spec.rb +++ b/spec/controllers/suppliers/lists_controller_spec.rb @@ -4,9 +4,15 @@ require 'spec_helper' describe Suppliers::ListsController do before :each do @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed) + ActionController::Parameters.permit_all_parameters = false + controller.stub(:list_params){ controller.params.require(:list).permit! } # allow all parameters since cross parameter injection is tested sign_in @supplier end + #after :each do + #ActionController::Parameters.permit_all_parameters = true + #end + describe "GET #index" do it "populates an array of lists" do list = create :list, supplier: @supplier diff --git a/spec/controllers/suppliers/product_categories_controller_spec.rb b/spec/controllers/suppliers/product_categories_controller_spec.rb index fa119fc3..41e0dc76 100644 --- a/spec/controllers/suppliers/product_categories_controller_spec.rb +++ b/spec/controllers/suppliers/product_categories_controller_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' describe Suppliers::ProductCategoriesController do before :each do @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed) + controller.stub(:product_category_params){ controller.params.require(:product_category).permit! } # allow all parameters since cross parameter injection is tested sign_in @supplier end @@ -74,7 +75,7 @@ describe Suppliers::ProductCategoriesController do it "redirects to the new product_category" do post :create, product_category: attributes_for(:product_category, supplier: @supplier) - response.should redirect_to [:suppliers, ProductCategory.last] + response.should redirect_to [:suppliers, :product_categories] end it "should not be possible to create a product category for another supplier" do @@ -118,7 +119,7 @@ describe Suppliers::ProductCategoriesController do it "redirects to the updated product_category" do put :update, id: @product_category, product_category: attributes_for(:product_category, supplier: @supplier) - response.should redirect_to [:suppliers, @product_category] + response.should redirect_to [:suppliers, :product_categories] end it "should not be possible to update a product category to another supplier" do supplier2 = create :supplier diff --git a/spec/controllers/suppliers/products_controller_spec.rb b/spec/controllers/suppliers/products_controller_spec.rb index 488dbc83..ee195cdc 100644 --- a/spec/controllers/suppliers/products_controller_spec.rb +++ b/spec/controllers/suppliers/products_controller_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' describe Suppliers::ProductsController do before :each do @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed) + controller.stub(:product_params){ controller.params.require(:product).permit! } # allow all parameters since cross parameter injection is tested sign_in @supplier end @@ -74,7 +75,7 @@ describe Suppliers::ProductsController do it "redirects to the new product" do post :create, product: attributes_for(:product, supplier: @supplier) - response.should redirect_to [:suppliers, Product.last] + response.should redirect_to [:suppliers, :products] end it "should not be possible to create a product for another supplier" do @@ -118,7 +119,7 @@ describe Suppliers::ProductsController do it "redirects to the updated product" do put :update, id: @product, product: attributes_for(:product, supplier: @supplier) - response.should redirect_to [:suppliers, @product] + response.should redirect_to [:suppliers, :products] end it "should not be possible to update a product to another supplier" do supplier2 = create :supplier diff --git a/spec/controllers/suppliers/sections_controller_spec.rb b/spec/controllers/suppliers/sections_controller_spec.rb index 0e923f53..c0378ae3 100644 --- a/spec/controllers/suppliers/sections_controller_spec.rb +++ b/spec/controllers/suppliers/sections_controller_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' describe Suppliers::SectionsController do before :each do @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed) + controller.stub(:section_params){ controller.params.require(:section).permit! } # allow all parameters since cross parameter injection is tested sign_in @supplier end diff --git a/spec/controllers/suppliers/tables_controller_spec.rb b/spec/controllers/suppliers/tables_controller_spec.rb index 595274c5..cebbcd59 100644 --- a/spec/controllers/suppliers/tables_controller_spec.rb +++ b/spec/controllers/suppliers/tables_controller_spec.rb @@ -4,6 +4,7 @@ require 'spec_helper' describe Suppliers::TablesController do before :each do @supplier = Supplier.find_by_email('supplier@qwaiter.com') || create(:supplier, :confirmed) + controller.stub(:table_params){ controller.params.require(:table).permit! } # allow all parameters since cross parameter injection is tested sign_in @supplier end