Feature/whitelist

app/controllers/projects_controller.rb

@@ -2,6 +2,7 @@ class ProjectsController < ApplicationController
   before_action :set_project, only: [:show, :edit, :update, :destroy]
   before_action :authenticate_user!
 
+
   # GET /projects
   # GET /projects.json
 

app/controllers/whitelists_controller.rb

@@ -0,0 +1,87 @@
+class WhitelistsController < ApplicationController
+  before_action :check_if_coach
+
+  # GET /whitelists
+  def index
+    @permitted_users = User.all 
+  end
+
+  # GET /whitelists/new
+  def new
+    @authorized_user = Whitelist.new(user_params)
+  end
+
+  # POST /whitelists/
+  def create
+    username = params[:username]
+    if Whitelist.has_username?(username)
+      flash[:notice] = "User #{username} already exists in whitelist. "
+    else
+      begin
+        Whitelist.create!(username: username)
+        flash[:notice] = "Add user #{username} successfully."
+      rescue ActiveRecord::RecordInvalid
+        flash[:notice] = "Invalid username format."
+      end
+    end
+    redirect_to whitelists_path
+  end
+
+  # DELETE /whitelists/
+  def destroy
+    user = Whitelist.find(params[:id])
+    if user.username.eql?(current_user.provider_username)
+      flash[:notice] = "Delete yourself from the whitelist is not allowed. "
+    else
+      user.destroy!
+      flash[:notice] = "User is deleted successfully."
+    end
+    redirect_to whitelists_path
+  end
+
+  def check_if_coach
+    unless current_user.role.eql?("admin") or current_user.role.eql?("coach")
+       flash[:notice] = "You have no privilege to manipulate privilege control."
+       redirect_to projects_url
+    end
+  end
+
+  def upgrade
+    unless current_user.role.eql?("admin") or current_user.role.eql?("coach")
+      flash[:alert] = "You do not have privilege to change other user's role. "
+      redirect_to whitelists_path
+      return
+    end
+    user = User.find(params[:id])
+    if user.role.eql?("admin")
+      flash[:alert] = "Admin role cannot be changed."
+    end
+    if user.role.eql?("student")
+      user.change_role("coach")
+    end
+    redirect_to whitelists_path
+  end
+
+  def downgrade
+    unless current_user.role.eql?("admin") or current_user.role.eql?("coach")
+      flash[:alert] = "You do not have privilege to change other user's role. "
+      redirect_to whitelists_path
+      return
+    end
+    user = User.find(params[:id])
+    if user.role.eql?("admin")
+      flash[:alert] = "Admin role cannot be changed."
+    end
+    if user.role.eql?("coach")
+      user.change_role("student")
+    end
+    redirect_to whitelists_path
+  end
+
+  private
+
+  def user_params
+    params.require(:whitelist).permit(:username)
+  end
+
+end

app/models/user.rb

@@ -36,6 +36,7 @@ class User < ActiveRecord::Base
 
   ADMIN = "admin"
   COACH = "coach"
+  STUDENT = "student"
 
   def self.from_omniauth(auth)
     email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email
@@ -59,6 +60,11 @@ def is_admin?
   	self.role == ADMIN
   end
 
+  def change_role(role)
+    self.role = role
+    self.save!
+  end
+
   def preferred_projects
     self.selected_projects = Project.all if self.selected_projects.empty?
     self.selected_projects

app/models/whitelist.rb

@@ -0,0 +1,15 @@
+# == Schema Information
+#
+# Table name: whitelists
+#
+#  id       :integer          not null, primary key
+#  username :string
+#
+
+class Whitelist < ActiveRecord::Base
+  validates_format_of :username,:with => /\A[a-z0-9\-_]+\z/i
+
+  def self.has_username?(username)
+    return !Whitelist.find_by_username(username).nil?
+  end
+end

app/views/devise/sessions/new.html.erb

@@ -6,6 +6,7 @@
         <h2><strong>Welcome to ProjectScope</strong></h2>
       </div>
       <div class="panel-body">
+
         <%= render "devise/shared/links" %>
       </div>
     </div>

app/views/devise/shared/_links.html.erb

@@ -12,6 +12,7 @@
   <%= link_to "Sign up", new_registration_path(resource_name) %><br />
 <% end -%>
 
+
 <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
   <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
 <% end -%>

app/views/projects/index.html.haml

@@ -20,6 +20,17 @@
               = '%.2f'.try(:%,sample.try(:score) || 0.0)
               #{raw sample.try(:image)}
 
-%br/
+-unless current_user.role.eql?("coach") or current_user.role.eql?("admin")
+  %br/
+
+  = link_to 'Create New Project', new_project_path, :class => "btn btn-primary"
+
+-else
+  %br/
+
+  = link_to 'Privilege Control', whitelists_path, :class => "btn btn-primary"
+
+  %br/
+
+  = link_to 'Create New Project', new_project_path, :class => "btn btn-primary"
 
-= link_to 'Create New Project', new_project_path, :class => "btn btn-primary"

app/views/whitelists/_add.html.haml

@@ -0,0 +1,5 @@
+= form_tag whitelists_path do
+  = field_set_tag do
+    = label_tag :username, 'GitHub username'
+    = text_field_tag :username
+    = submit_tag 'Add'

app/views/whitelists/index.html.haml

@@ -0,0 +1,50 @@
+:css
+  #Users{
+      border-collapse: collapse;
+      width: 80%;
+      margin-right: auto;
+  }
+
+  #Users td, #Users th {
+      border: 1px solid #ddd;
+      padding: 8px;
+  }
+
+  #Users tr:nth-child(even){background-color: #f2f2f2;}
+
+  #Users tr:hover {background-color: #ddd;}
+
+  #Users th {
+      padding-top: 12px;
+      padding-bottom: 12px;
+      text-align: left;
+      background-color: #337ab7;
+      color: white;
+  }
+  #Users tr {
+     text-align: left;
+  }
+
+%h1 Privilege Control 
+
+%table#Users
+  %thead
+    %tr
+      %th GitHub Account
+      %th Role
+      %th Action
+
+  %tbody
+    - @permitted_users.each do |user|
+      %tr
+        %td= user.provider_username
+        %td= user.role
+        -if user.role.eql?("coach")
+          %td= link_to "Downgrade to student", downgrade_user_path(user), :method => :get, data: { confirm: "Do you want to downgrade user #{user.provider_username} from the whitelist?" }, :user => user
+        -elsif user.role.eql?("student")
+          %td= link_to "Upgrade to coach", upgrade_user_path(user), :method => :get, data: { confirm: "Do you want to upgrade user #{user.provider_username} from the whitelist?" }, :user => user
+        -else
+          %td
+
+%br/
+= link_to 'Back to project page', projects_url

app/views/whitelists/new.html.erb

@@ -0,0 +1,6 @@
+<h1>Authorize Users to have access to ProjectScope</h1>
+
+<%= render 'add' %>
+
+<input name="authenticity_token" value="<%= form_authenticity_token %>" type="hidden">
+<%= link_to 'Back', whitelists_path %>

config/routes.rb

@@ -1,7 +1,12 @@
 Rails.application.routes.draw do
   resources :users, :only => [:show, :update], :path => "u"
   devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }, :skip => [:password]
-  
+
   resources :projects
   root 'projects#index'
+  resources :whitelists
+
+  get '/whitelists/upgrade/:id', :to => 'whitelists#upgrade', :as => 'upgrade_user'
+  get '/whitelists/downgrade/:id', :to => 'whitelists#downgrade', :as => 'downgrade_user'
+
 end

db/migrate/20161020034239_add_role_to_users.rb

@@ -1,5 +1,5 @@
 class AddRoleToUsers < ActiveRecord::Migration
   def change
-    add_column :users, :role, :string, null: false, default: "coach"
+    add_column :users, :role, :string, null: false, default: "student"
   end
 end

db/migrate/20161020040440_create_root_user.rb

@@ -4,16 +4,22 @@ def up
   		password: Devise.friendly_token[0,20], 
   		provider_username: "DrakeW",
   		provider: "github",
-  		role: "admin")
+  		role: "coach")
   	User.create!(email: "fox@cs.berkeley.edu",
   		password: Devise.friendly_token[0,20], 
   		provider_username: "armandofox",
   		provider: "github",
   		role: "admin")
+    User.create!(email: "jiachengwu@berkeley.edu",
+      password: Devise.friendly_token[0,20], 
+      provider_username: "ysiad",
+      provider: "github",
+      role: "coach")
   end
 
   def down
   	User.where(email: "junyuw@berkeley.edu", provider: "github").first.destroy
   	User.where(email: "fox@cs.berkeley.edu", provider: "github").first.destroy
+    User.where(email: "jiachengwu@berkeley.edu", provider: "github").first.destroy
   end
 end

db/migrate/20161022053537_create_whitelists.rb

@@ -0,0 +1,9 @@
+class CreateWhitelists < ActiveRecord::Migration
+  def change
+    create_table :whitelists, :force => true  do |t|
+      t.string :username                  # default: "",      null: false
+    end
+    add_index :whitelists, :username
+  end
+end
+

db/migrate/20161022053828_create_authorized_user.rb

@@ -0,0 +1,11 @@
+class CreateAuthorizedUser < ActiveRecord::Migration
+  def up
+  	Whitelist.create!(username: "DrakeW")
+  	Whitelist.create!(username: "armandofox")
+  end
+
+  def down
+  	Whitelist.where(username: "DrakeW").first.destroy
+  	Whitelist.where(username: "armandofox").first.destroy
+  end
+end

db/schema.rb

@@ -79,4 +79,10 @@
   add_index "users", ["provider_username"], name: "index_users_on_provider_username", unique: true
   add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
 
+  create_table "whitelists", force: :cascade do |t|
+    t.string "username"
+  end
+
+  add_index "whitelists", ["username"], name: "index_whitelists_on_username"
+
 end

features/github_user_login.feature

@@ -5,13 +5,15 @@ Feature: GitHub User Login
 
 Scenario: github user login with email
 	Given I am on the login page
+	And "test-coach" is in the whitelist
 	And I have a valid github account with email "test-coach@test.com" username "test-coach"
 	When I follow "Sign in with GitHub"
 	Then I should be on the home page
 	And I should see "Signed in successfully."
 
 Scenario: github user login without email
 	Given I am on the login page
+	And "test-coach" is in the whitelist
 	And I have a valid github account with email "" username "test-coach"
 	When I follow "Sign in with GitHub"
 	Then I should be on the home page

features/step_definitions/project_steps.rb

@@ -56,6 +56,7 @@
 end
 
 And(/^I am logged in$/) do
+  Whitelist.create :username => "test-coach"
   visit path_to("the login page")
   OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
     {

features/step_definitions/whitelist_steps.rb

@@ -0,0 +1,16 @@
+Given(/^"([^"]*)" is in the whitelist$/) do |username|
+	Whitelist.create!(username: username)
+end
+
+Then /^I should be admin$/ do 
+	expect(current_user.role).to eq "admin"
+end
+
+Given /^I enter the whitelist page$/ do
+  visit path_to("the whitelist page")
+  sleep(1)
+end
+
+When /^I follow the first "Delete"$/ do 
+	first(:link, "Delete").click
+end

features/support/paths.rb

@@ -21,6 +21,10 @@ def path_to(page_name)
         "/projects/#{Project.find_by(name: $1).id}/edit"
       when /^the login page/ then
         '/users/sign_in'
+      when /^the whitelist page/ then
+        '/whitelists'
+      when /^the whitelist management page/ then
+        '/whitelists/new'
       # Add more mappings here.
       # Here is an example that pulls values out of the Regexp:
       #