team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013

Browse Source
This commit is contained in:
cktricky
2013-10-14 08:29:39 -04:00
parent e2c4fb4bd8 f02895351d
commit a65a20a647
21 changed files with 386 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.powrc
+4
View File
@@ -0,0 +1,4 @@
if [ -f "$rvm_path/scripts/rvm" ] && [ -f ".rvmrc" ]; then
source "$rvm_path/scripts/rvm"
source ".rvmrc"
fi
Gemfile
+2
View File
@@ -20,6 +20,8 @@ group :development do
gem 'rack-livereload'
gem 'rb-fsevent'
gem 'travis-lint'
gem 'better_errors'
gem 'binding_of_caller'
end
gem 'gauntlt'
Gemfile.lock
+8
View File
@@ -35,6 +35,11 @@ GEM
cucumber (>= 1.1.1)
rspec-expectations (>= 2.7.0)
bcrypt-ruby (3.0.1)
better_errors (1.0.1)
coderay (>= 1.0.0)
erubis (>= 2.6.6)
binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1)
brakeman (1.9.5)
erubis (~> 2.6)
fastercsv (~> 1.5)
@@ -72,6 +77,7 @@ GEM
gherkin (~> 2.12.0)
multi_json (~> 1.3)
database_cleaner (1.0.1)
debug_inspector (0.0.2)
diff-lcs (1.2.4)
em-websocket (0.5.0)
eventmachine (>= 0.12.9)
@@ -247,6 +253,8 @@ PLATFORMS
DEPENDENCIES
aruba
bcrypt-ruby
better_errors
binding_of_caller
brakeman
bundler-audit
capybara
app/assets/javascripts/application.js
-1
View File
@@ -14,7 +14,6 @@
//= require jquery_ujs
//= require wysiwyg/wysihtml5-0.3.0.js
//= require jquery.min.js
//= require bootstrap.js
//= require jquery.scrollUp.js
//= require wysiwyg/bootstrap-wysihtml5.js
//= require bootstrap-colorpicker.js
app/assets/stylesheets/main.css.erb
+3
View File
@@ -4602,6 +4602,9 @@ button.close {
font-weight: 400;
background: #333333;
border: 1px solid #666666; }
.signup .signup-wrapper .content .input:focus {
background: #e6e6e6;
}
.signup .signup-wrapper .content .select {
height: 52px;
width: 340px; }
app/controllers/messages_controller.rb
+40
View File
@@ -0,0 +1,40 @@
class MessagesController < ApplicationController
def index
@messages = current_user.messages
end
def show
@message = Message.where(:id => params[:id]).first
end
def destroy
message = Message.where(:id => params[:id]).first
if message.destroy
flash[:success] = "Your message has been deleted."
redirect_to user_messages_path(:user_id => current_user.user_id)
else
flash[:error] = "Could not delete message."
end
end
def new
@message = Message.new
end
def create
if Message.create(params[:message])
respond_to do |format|
format.html { redirect_to user_messages_path(:user_id => current_user.user_id) }
format.json { render :json => {:msg => "success"} }
end
else
respond_to do |format|
format.html { redirect_to user_messages_path }
format.json { render :json => {:msg => "failure"} }
end
end
end
end
app/helpers/messages_helper.rb
+2
View File
@@ -0,0 +1,2 @@
module MessagesHelper
end
app/models/message.rb
+10
View File
@@ -0,0 +1,10 @@
class Message < ActiveRecord::Base
belongs_to :user
attr_accessible :creator_id, :message, :read, :receiver_id
validates_presence_of :creator_id, :receiver_id, :message
def creator_name
creator = User.where(:id => self.creator_id).first
creator.full_name
end
end
app/models/user.rb
+3 -3
View File
@@ -17,7 +17,7 @@ class User < ActiveRecord::Base
has_one :paid_time_off, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
has_one :work_info, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
has_many :performance, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
has_many :messages, :foreign_key => :receiver_id, :primary_key => :user_id, :dependent => :destroy
def build_benefits_data
@@ -27,12 +27,12 @@ class User < ActiveRecord::Base
performance.build(POPULATE_PERFORMANCE.shuffle.first)
end
private
def full_name
"#{self.first_name} #{self.last_name}"
end
private
def self.authenticate(email, password)
auth = nil
user = find_by_email(email)
app/views/layouts/shared/_sidebar.html.erb
+8
View File
@@ -58,6 +58,14 @@
Performance
<% end %>
</li>
<li id="messages">
<%= link_to user_messages_path(:user_id => current_user.user_id) do %>
<div class="icon">
<span class="fs1" aria-hidden="true" data-icon="&#xe040;"></span>
</div>
Messages
<% end %>
</li>
</ul>
</div>
app/views/messages/index.html.erb
+55
View File
@@ -0,0 +1,55 @@
<div class="dashboard-wrapper">
<div class="main-container">
<div class="row-fluid">
<div class="span12">
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe022;"></span> Messages for <%= current_user.full_name %>
<span class="fs1" aria-hidden="true" data-icon="&#xe006;"><%= link_to "Send Message", new_user_message_path %></span>
</div>
</div>
<div class="widget-body">
<table class="table table-bordered table-striped">
<thead>
<tr>
<th style="width:7%">From:</th>
<th style="width:6%">Date</th>
<th style="width:16%">Message</th>
<th style="width:6%">Actions</th>
</tr>
</thead>
<tbody>
<tr>
<% if @messages.empty? %>
<td><%= "No messages!" %></td><td></td><td></td><td></td>
<% end %>
<% @messages.each do |message| %>
<td><%= message.creator_name %></td>
<td><%= message.created_at.to_date %></td>
<td><%= message.message %></td>
<td><%= link_to "Details", user_message_path(:id => message.id), {:class => "btn btn-info pull-left"}%>
<%= link_to "Delete", user_message_path(:id => message.id), {:method => 'delete', :class => "btn btn-danger pull-left"}%></td>
</tr>
</tbody>
<% end %>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<script>
function makeActive(){
$('li[id="messages"]').addClass('active');
};
$(document).ready(function () {
makeActive()
});
</script>
app/views/messages/new.html.erb
+96
View File
@@ -0,0 +1,96 @@
<div class="dashboard-wrapper">
<div class="main-container">
<div class="row-fluid">
<div class="span12">
<div id="success" style="display: none;" class="alert alert-block alert-success fade in">
<h4 class="alert-heading">
Success!
</h4>
<p>
Message successfully sent.
</p>
</div>
</div>
</div>
<div class="row-fluid">
<div class="span12">
<div id="failure" style="display: none;" class="alert alert-block alert-error fade in">
<h4 class="alert-heading">
Error!
</h4>
<p>
Failed to send message.
</p>
</div>
</div>
</div>
<div class="row-fluid">
<div class="span6">
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe006;"></span> New Message</span>
</div>
</div>
<div class="widget-body">
<%= form_for @message, :url => user_messages_path, :method => :post, :html => {:id => "send_message"} do |f|%>
<%= f.hidden_field :creator_id, :value => current_user.id %>
<%= f.hidden_field :read, :value => '0' %>
<div class="control-group">
<%= f.label "To:", nil, {:class => "control-label"}%>
<%= f.select(:receiver_id, options_from_collection_for_select(User.all, :id, :full_name)) %>
</div>
<div class="control-group">
<%= f.label :message, nil, {:class => "control-label"}%>
<%= f.text_area :message, {:class => "span12"} %>
</div>
<div class="form-actions no-margin">
<%= f.submit "Submit", {:id => 'submit_button', :class => "btn btn-info pull-right"} %>
</div>
<div class="clearfix"></div>
<% end %>
</div>
</div>
</div>
</div>
<%= javascript_include_tag ('validation.js')%>
<script type="text/javascript">
$("#submit_button").click(function(event) {
var valuesToSubmit = $("#send_message").serialize();
event.preventDefault();
$.ajax({
url: <%= "/users/#{current_user.user_id}/messages.json".inspect.html_safe %>,
data: valuesToSubmit,
type: "POST",
success: function(response) {
if (response.msg == "failure") {
$('#failure').show(500).delay(1500).fadeOut();
} else {
$('#success').show(500).delay(1500).fadeOut();
}
},
error: function(event) {
$('#failure').show(500).delay(1500).fadeOut();
}
});
});
function makeActive(){
$('li[id="messages"]').addClass('active');
};
$(document).ready(function () {
makeActive()
});
</script>
app/views/messages/show.html.erb
+46
View File
@@ -0,0 +1,46 @@
<div class="dashboard-wrapper">
<div class="main-container">
<div class="row-fluid">
<div class="span12">
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe088;"></span> Messages for <%= current_user.full_name %>
</div>
</div>
<div class="widget-body">
<table class="table table-bordered table-striped">
<thead>
<tr>
<th style="width:7%">From:</th>
<th style="width:6%">Date</th>
<th style="width:30%">Message</th>
<th style="width:6%">Actions</th>
</tr>
</thead>
<tbody>
<tr>
<td><%= @message.creator_name %></td>
<td><%= @message.created_at.to_date %></td>
<td><%= @message.message %></td>
<td><%= link_to "Delete", user_message_path, {:id => "@message.id", :method => 'delete', :class => "btn btn-danger pull-left"}%></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
function makeActive(){
$('li[id="messages"]').addClass('active');
};
$(document).ready(function () {
makeActive()
});
</script>
config/routes.rb
+3
View File
@@ -28,6 +28,9 @@ resources :users do
end
resources :messages do
end
end
get "download" => "benefit_forms#download"
db/migrate/20131011180207_create_messages.rb
+12
View File
@@ -0,0 +1,12 @@
class CreateMessages < ActiveRecord::Migration
def change
create_table :messages do |t|
t.integer :creator_id
t.integer :receiver_id
t.text :message
t.boolean :read
t.timestamps
end
end
end
db/schema.rb
+10 -1
View File
@@ -11,13 +11,22 @@
#
# It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20130708202859) do
ActiveRecord::Schema.define(:version => 20131011180207) do
create_table "benefits", :force => true do |t|
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
create_table "messages", :force => true do |t|
t.integer "creator_id"
t.integer "receiver_id"
t.text "message"
t.boolean "read"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
create_table "paid_time_offs", :force => true do |t|
t.integer "user_id"
t.integer "sick_days_taken"
db/seeds.rb
+33
View File
@@ -236,6 +236,33 @@ paid_time_off = [
}
]
messages = [
{
:receiver_id => 2,
:creator_id => 5,
:message => 'Your benefits have been updated.',
:read => false
},
{
:receiver_id => 3,
:creator_id => 4,
:message => 'Please update your profile.',
:read => false
},
{
:receiver_id => 4,
:creator_id => 3,
:message => 'Welcome to Railsgoat.',
:read => false
},
{
:receiver_id => 5,
:creator_id => 2,
:message => 'Hello friend.',
:read => false
}
]
users.each do |user_info|
user = User.new(user_info.reject {|k| k == :user_id })
@@ -273,3 +300,9 @@ performance.each do |perf|
p.user_id = perf[:user_id]
p.save
end
messages.each do |message|
m = Message.new(message.reject {|k| k == :creator_id})
m.creator_id = message[:creator_id]
m.save
end
spec/controllers/messages_controller_spec.rb
+5
View File
@@ -0,0 +1,5 @@
require 'spec_helper'
describe MessagesController do
end
spec/helpers/messages_helper_spec.rb
+15
View File
@@ -0,0 +1,15 @@
require 'spec_helper'
# Specs in this file have access to a helper object that includes
# the MessagesHelper. For example:
#
# describe MessagesHelper do
# describe "string concat" do
# it "concats two strings with spaces" do
# expect(helper.concat_strings("this","that")).to eq("this that")
# end
# end
# end
describe MessagesHelper do
pending "add some examples to (or delete) #{__FILE__}"
end
spec/models/benefits_spec.rb
+25
View File
@@ -0,0 +1,25 @@
require 'spec_helper.rb'
describe User do
before(:all) do
UserFixture.reset_all_users
DatabaseCleaner.strategy = :transaction
end
after(:all) do
DatabaseCleaner.strategy = :truncation
end
it "can be instantiated" do
Benefits.new.should be_an_instance_of(Benefits)
end
it "name can be updated" do
new_name = "Bobby"
user = User.all.first
user.first_name = new_name
user.save!
User.all.first.first_name.should == new_name
end
end
spec/models/message_spec.rb
+5
View File
@@ -0,0 +1,5 @@
require 'spec_helper'
describe Message do
pending "add some examples to (or delete) #{__FILE__}"
end