__________________________________________________________________________________________

  Exercises

1. Following the model in Listing 10.8, add a test to verify that the User admin attribute isn’t accessible. Be sure to get first to Red, and then to Green. (Hint: Your first step should be to add admin to the accessible list.)

2. Arrange for the Gravatar ‘‘change’’ link in Listing 9.3 to open in a new window (or tab). Hint: Search the web; you should find one particularly robust method involving something called _blank.

3. The current authentication tests check that navigation links such as ‘‘Profile’’ and ‘‘Settings’’ appear when a user is signed in. Add tests to make sure that these links don’t appear when a user isn’t signed in.

4. Use the sign_in test helper from Listing 9.6 in as many places as you can find.

5. Remove the duplicated form code by refactoring the new.html.erb and edit. html.erb views to use the partial in Listing 9.50. Note that you will have to pass the form variable f explicitly as a local variable, as shown in Listing 9.51. You will also have to update the tests, as the forms aren’t currently exactly the same; identify the slight difference and update the tests accordingly.

6. Signed-in users have no reason to access the new and create actions in the Users controller. Arrange for such users to be redirected to the root URL if they do try to hit those pages.

7. Learn about the request object by inserting some of the methods listed in the Rails API8 into the site layout. (Refer to Listing 7.1 if you get stuck.)

8. Write a test to make sure that the friendly forwarding only forwards to the given URI the first time. On subsequent signin attempts, the forwarding URI should revert to the default (i.e., the profile page). See Listing 9.52 for a hint (and, by a hint, I mean the solution).

9. Modify the destroy action to prevent admin users from destroying themselves. (Write a test first.)