Complete Lesson 33 Part 2

2023-09-27 07:05:39 -05:00 · 2023-09-27 07:05:39 -05:00 · 32fd91bb5c
commit 32fd91bb5c
parent ffdb341b1e
4 changed files with 27 additions and 6 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -4,8 +4,14 @@ class ApplicationController < ActionController::Base
  end
  helper_method :current_user

+  def current_user?(user)
+    current_user == user
+  end
+  helper_method :current_user?
+
  def require_signin
    unless current_user
+      session[:intended_url] = request.url
      redirect_to new_session_url, alert: "Please sign in first!"
    end
  end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -6,7 +6,9 @@ class SessionsController < ApplicationController
    user = User.find_by(email: params[:email])
    if user && user.authenticate(params[:password])
      session[:user_id] = user.id
-      redirect_to user, notice: "Welcome back, #{user.name}!"
+      redirect_to (session[:intended_url] || user),
+             notice: "Welcome back, #{user.name}!"
+      session[:intended_url] = nil
    else
      flash.now[:alert] = "Invalid email/password combination!"
      render :new, status: :unprocessable_entity
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,15 +1,19 @@
 class UsersController < ApplicationController
  before_action :require_signin, except: [:new, :create]
+  before_action :set_user, only: [:show, :edit, :update, :destroy, :require_correct_user]
+  before_action :require_correct_user, only: [:edit, :update, :destroy]

  def index
    @users = User.all
  end
+
  def new
    @user = User.new
  end
+
  def show
-    set_user
  end
+
  def create
    @user = User.new(user_params)
    if @user.save
@ -19,25 +23,26 @@ class UsersController < ApplicationController
      render :new, status: :unprocessable_entity
    end
  end
+
  def edit
-    set_user
  end
+
  def update
-    set_user
    if @user.update(user_params)
      redirect_to @user, notice: "Account successfully updated!"
    else
-      render :new, status: :unprocessable_entity
+      render :edit, status: :unprocessable_entity
    end
  end
+
  def destroy
-    set_user
    @user.destroy
    session[:user_id] = nil
    redirect_to movies_url, status: :see_other, alert: "Account successfully deleted!"
  end

  private
+
  def set_user
    @user = User.find(params[:id])
  end
@ -45,4 +50,10 @@ class UsersController < ApplicationController
  def user_params
    params.require(:user).permit(:name, :email, :password, :password_confirmation)
  end
+
+  def require_correct_user
+    unless current_user?(@user)
+      redirect_to root_url, status: :see_other
+    end
+  end
 end
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@ -2,7 +2,9 @@
  <h1><%= @user.name %></h1>
  <h2><%= mail_to(@user.email) %></h2>
  <div class="actions">
+    <% if current_user?(@user) %>
    <%= link_to "Edit Account", edit_user_path(@user), class: "button edit" %>
    <%= link_to "Delete Account", user_path(@user), class: "button delete", data: { turbo_method: :delete, turbo_confirm: "Permanently delete your account!?" } %>
+    <% end %>
  </div>
 </section>