Featured articles

app/controllers/posts_controller.rb

@@ -14,7 +14,6 @@ def new
 
   def create
     @post = current_user.posts.build(post_params)
-
     if @post.save
       redirect_to @post
     else
@@ -54,6 +53,10 @@ def find_post
   end
 
   def post_params
-    params.require(:post).permit(:title, :content)
+    if current_user.admin?
+      params.require(:post).permit(:title, :content, :featured)
+    else
+      params.require(:post).permit(:title, :content)
+    end
   end
 end

app/views/posts/_form.slim

@@ -1,4 +1,6 @@
 = simple_form_for @post do |f|
   = f.input :title
   = f.input :content
+  - if @current_user.admin?
+    = f.input_field :featured, as: :boolean
   = f.submit

db/migrate/20171109212251_add_featured_to_posts.rb

@@ -0,0 +1,5 @@
+class AddFeaturedToPosts < ActiveRecord::Migration[5.1]
+  def change
+    add_column :posts, :featured, :boolean, default: false
+  end
+end

db/schema.rb

@@ -10,49 +10,49 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-# rubocop:disable Metrics/BlockLength
-ActiveRecord::Schema.define(version: 20171108174930) do # rubocop:disable Style/NumericLiterals
+ActiveRecord::Schema.define(version: 20171109212251) do
 
   # These are extensions that must be enabled in order to support this database
-  enable_extension 'plpgsql'
+  enable_extension "plpgsql"
 
-  create_table 'comments', force: :cascade do |t|
-    t.text 'comment'
-    t.bigint 'post_id'
-    t.bigint 'user_id'
-    t.datetime 'created_at', null: false
-    t.datetime 'updated_at', null: false
-    t.index ['post_id'], name: 'index_comments_on_post_id'
-    t.index ['user_id'], name: 'index_comments_on_user_id'
+  create_table "comments", force: :cascade do |t|
+    t.text "comment"
+    t.bigint "post_id"
+    t.bigint "user_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["post_id"], name: "index_comments_on_post_id"
+    t.index ["user_id"], name: "index_comments_on_user_id"
   end
 
-  create_table 'posts', force: :cascade do |t|
-    t.string 'title'
-    t.text 'content'
-    t.datetime 'created_at', null: false
-    t.datetime 'updated_at', null: false
-    t.integer 'user_id'
-    t.boolean 'deleted', default: false, null: false
+  create_table "posts", force: :cascade do |t|
+    t.string "title"
+    t.text "content"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.integer "user_id"
+    t.boolean "deleted", default: false, null: false
+    t.boolean "featured", default: false
   end
 
-  create_table 'users', force: :cascade do |t|
-    t.string 'email', default: '', null: false
-    t.string 'encrypted_password', default: '', null: false
-    t.string 'reset_password_token'
-    t.datetime 'reset_password_sent_at'
-    t.datetime 'remember_created_at'
-    t.integer 'sign_in_count', default: 0, null: false
-    t.datetime 'current_sign_in_at'
-    t.datetime 'last_sign_in_at'
-    t.inet 'current_sign_in_ip'
-    t.inet 'last_sign_in_ip'
-    t.datetime 'created_at', null: false
-    t.datetime 'updated_at', null: false
-    t.boolean 'admin', default: false
-    t.index ['email'], name: 'index_users_on_email', unique: true
-    t.index ['reset_password_token'], name: 'index_users_on_reset_password_token', unique: true
+  create_table "users", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.datetime "remember_created_at"
+    t.integer "sign_in_count", default: 0, null: false
+    t.datetime "current_sign_in_at"
+    t.datetime "last_sign_in_at"
+    t.inet "current_sign_in_ip"
+    t.inet "last_sign_in_ip"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.boolean "admin", default: false
+    t.index ["email"], name: "index_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end
 
-  add_foreign_key 'comments', 'posts'
-  add_foreign_key 'comments', 'users'
+  add_foreign_key "comments", "posts"
+  add_foreign_key "comments", "users"
 end

test/controllers/posts_controller_test.rb

@@ -1,7 +1,76 @@
 require 'test_helper'
+require 'mocha/test_unit'
 
 class PostsControllerTest < ActionDispatch::IntegrationTest
-  # test "the truth" do
-  #   assert true
-  # end
+  test 'post_params has all valid params if user is admin' do
+    current_user = create_user(admin: true)
+    params = ActionController::Parameters.new(
+      post: {
+        title: 'sample title',
+        content: 'sample content',
+        featured: true,
+        invalid_param: true,
+      }
+    )
+
+    posts_controller = PostsController.new
+    posts_controller.stubs(:params).returns(params)
+    posts_controller.stubs(:current_user).returns(current_user)
+    post_params = posts_controller.send(:post_params)
+    assert_includes post_params.keys, 'title'
+    assert_includes post_params.keys, 'content'
+    assert_includes post_params.keys, 'featured'
+  end
+
+  test 'post_params drops invalid params if user is admin' do
+    current_user = create_user(admin: true)
+    params = ActionController::Parameters.new(
+      post: {
+        title: 'sample title',
+        content: 'sample content',
+        featured: true,
+        invalid_param: true,
+      }
+    )
+
+    posts_controller = PostsController.new
+    posts_controller.stubs(:params).returns(params)
+    posts_controller.stubs(:current_user).returns(current_user)
+    post_params = posts_controller.send(:post_params)
+    refute_includes post_params.keys, 'invalid_param'
+  end
+
+  test 'post_params has all valid params if user is not admin' do
+    current_user = create_user
+    params = ActionController::Parameters.new(
+      post: {
+        title: 'sample title',
+        content: 'sample content',
+      }
+    )
+
+    posts_controller = PostsController.new
+    posts_controller.stubs(:params).returns(params)
+    posts_controller.stubs(:current_user).returns(current_user)
+    post_params = posts_controller.send(:post_params)
+    assert_includes post_params.keys, 'title'
+    assert_includes post_params.keys, 'content'
+  end
+
+  test 'post_params drops invalid params if user is not admin' do
+    current_user = create_user
+    params = ActionController::Parameters.new(
+      post: {
+        title: 'sample title',
+        content: 'sample content',
+        featured: true,
+      }
+    )
+
+    posts_controller = PostsController.new
+    posts_controller.stubs(:params).returns(params)
+    posts_controller.stubs(:current_user).returns(current_user)
+    post_params = posts_controller.send(:post_params)
+    refute_includes post_params.keys, 'featured'
+  end
 end