Added roles

Role is a separate model. User is invalid if is non-recruiter administrator.
Administrators can change role of anybody. No one else can change anybody's role.

6 files changed, 130 insertions, 5 deletions

diff --git a/.gitignore b/.gitignore
index c31f38b..495f212 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,6 @@
-db
+db/*.sqlite3
+db/migrate
+db/seeds.rb
 log
 test
 app/views/taglibs/auto
diff --git a/app/models/role.rb b/app/models/role.rb
new file mode 100644
index 0000000..4e122d9
--- /dev/null
+++ b/app/models/role.rb
@@ -0,0 +1 @@
+Role = HoboFields::EnumString.for(:recruit, :mentor, :recruiter)
diff --git a/app/models/user.rb b/app/models/user.rb
index 7e8ade3..77eeba4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -6,12 +6,16 @@ class User < ActiveRecord::Base
     name          :string, :required, :unique
     email_address :email_address, :login => true
     administrator :boolean, :default => false
+    role          Role, :default => 'recruit'
     timestamps
   end
 
-  # This gives admin rights to the first sign-up.
-  # Just remove it if you don't want that
-  before_create { |user| user.administrator = true if !Rails.env.test? && count == 0 }
+  # This gives admin rights and recruiter role to the first sign-up.
+  before_create { |user|
+    if !Rails.env.test? && count == 0
+      user.administrator  = true
+      user.role           = :recruiter
+    end }
 
   
   # --- Signup lifecycle --- #
@@ -33,6 +37,7 @@ class User < ActiveRecord::Base
 
   end
   
+  validate  :only_recruiter_can_be_administrator
 
   # --- Permissions --- #
 
@@ -41,11 +46,12 @@ class User < ActiveRecord::Base
   end
 
   def update_permitted?
-    acting_user.administrator? || 
+    acting_user.administrator? ||
       (acting_user == self && only_changed?(:email_address, :crypted_password,
                                             :current_password, :password, :password_confirmation))
     # Note: crypted_password has attr_protected so although it is permitted to change, it cannot be changed
     # directly from a form submission.
+
   end
 
   def destroy_permitted?
@@ -56,4 +62,10 @@ class User < ActiveRecord::Base
     true
   end
 
+  protected
+
+    def only_recruiter_can_be_administrator
+      errors.add(:administrator, 'only recruiters can be administrators' )  if administrator and !role.is_recruiter?
+    end
+
 end
diff --git a/db/schema.rb b/db/schema.rb
new file mode 100644
index 0000000..02129e7
--- /dev/null
+++ b/db/schema.rb
@@ -0,0 +1,31 @@
+# This file is auto-generated from the current state of the database. Instead of editing this file, 
+# please use the migrations feature of Active Record to incrementally modify your database, and
+# then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your database schema. If you need
+# to create the application database on another system, you should be using db:schema:load, not running
+# all the migrations from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20100520194754) do
+
+  create_table "users", :force => true do |t|
+    t.string   "crypted_password",          :limit => 40
+    t.string   "salt",                      :limit => 40
+    t.string   "remember_token"
+    t.datetime "remember_token_expires_at"
+    t.string   "name"
+    t.string   "email_address"
+    t.boolean  "administrator",                           :default => false
+    t.string   "role",                                    :default => "recruit"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.string   "state",                                   :default => "active"
+    t.datetime "key_timestamp"
+  end
+
+  add_index "users", ["state"], :name => "index_users_on_state"
+
+end
diff --git a/spec/fixtures/users.yml b/spec/fixtures/users.yml
new file mode 100644
index 0000000..cfebdff
--- /dev/null
+++ b/spec/fixtures/users.yml
@@ -0,0 +1,25 @@
+alice:
+  name:           Alice
+  email_address:  alice@admins.org
+  administrator:  true
+  role:           recruiter
+ann:
+  name:           Ann
+  email_address:  ann@admins.org
+  administrator:  true
+  role:           recruiter
+uriael:
+  name:           Uriael
+  email_address:  uriael@users.org
+mustafa:
+  name:           Mustafa
+  email_address:  mustafa@mentors.org
+  role:           mentor
+ron:
+  name:           Ron
+  email_address:  ron@recruits.org
+  role:           recruit
+ralph:
+  name:           Ralph Recruiter
+  email_address:  ralph@recruiter.org
+  role:           recruiter
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
new file mode 100644
index 0000000..5193437
--- /dev/null
+++ b/spec/models/user_spec.rb
@@ -0,0 +1,54 @@
+require 'spec_helper.rb'
+describe 'User' do
+
+  fixtures :users
+
+  before(:each) do
+    @new_user = users(:uriael)
+    @admin    = users(:ann)
+    @admin2   = users(:alice)
+  end
+
+  it "should be non-admin recruit" do
+    @new_user.should_not   be_administrator
+    @new_user.role.should  == :recruit
+  end
+
+  it "should be able to become mentor and recruiter" do
+    for new_role in [:mentor, :recruiter] do
+      @new_user.role        = new_role
+      @new_user.should      be_valid
+    end
+  end
+
+  it "should be valid if recruiter is administrator" do
+    @new_user.role = :recruiter
+    @new_user.administrator = true
+    @new_user.should be_valid
+  end
+
+  it "should be invalid if non-recruiter is administrator" do
+    @new_user.administrator = true
+
+    for new_role in [:recruit, :mentor]
+      @new_user.role        =  new_role
+      @new_user.should_not  be_valid
+    end
+  end
+
+  it "should be prohibited for non-admin to change anyone role" do
+    for new_role in [:recruiter, :mentor]
+      @new_user.role        =  new_role
+      @new_user.should_not  be_updatable_by(@new_user)
+    end
+  end
+
+  it "should be allowed for admin to change anyone else role" do
+    for other_user in [@new_user, @admin]
+      for new_role in [:recruit, :mentor, :recruiter]
+        other_user.role    = new_role
+        other_user.should  be_updatable_by(@admin2)
+      end
+    end
+  end
+end