Class: Panda::Core::Admin::TestSessionsController
- Inherits:
-
ActionController::Base
- Object
- ActionController::Base
- Panda::Core::Admin::TestSessionsController
- Defined in:
- app/controllers/panda/core/admin/test_sessions_controller.rb
Overview
Test-only controller for setting up authentication in system tests This bypasses OAuth to avoid cross-process issues with Capybara Security: This route is only defined in test environments, never in production
Usage in tests:
post "/admin/test_sessions", params: { user_id: user.id }
post "/admin/test_sessions", params: { user_id: user.id, return_to: "/some/path" }
Instance Method Summary collapse
Instance Method Details
#create ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'app/controllers/panda/core/admin/test_sessions_controller.rb', line 18 def create user = Panda::Core::User.find(params[:user_id]) # Mirror real SessionsController: admin users always pass, # non-admin users checked via authorization_policy policy = Panda::Core.config. unless user.admin? || policy.call(user, :access_admin, nil) flash[:alert] = "You do not have permission to access the admin area." flash.keep(:alert) if Rails.env.test? redirect_to "#{Panda::Core.config.admin_path || "/admin"}/login", allow_other_host: false, status: :found return end # Set session (mimics real OAuth callback) session[Panda::Core::ADMIN_SESSION_KEY] = user.id Panda::Core::Current.user = user # Support custom redirect path for test flexibility redirect_path = params[:return_to] || determine_default_redirect_path redirect_to redirect_path, allow_other_host: false, status: :found rescue ActiveRecord::RecordNotFound render html: "User not found: #{params[:user_id]}", status: :not_found rescue => e render html: "Error: #{e.class} - #{e.}<br>#{e.backtrace.first(5).join("<br>")}", status: :internal_server_error end |