Complete Lesson 33 Part 2
This commit is contained in:
parent
ffdb341b1e
commit
32fd91bb5c
@ -4,8 +4,14 @@ class ApplicationController < ActionController::Base
|
||||
end
|
||||
helper_method :current_user
|
||||
|
||||
def current_user?(user)
|
||||
current_user == user
|
||||
end
|
||||
helper_method :current_user?
|
||||
|
||||
def require_signin
|
||||
unless current_user
|
||||
session[:intended_url] = request.url
|
||||
redirect_to new_session_url, alert: "Please sign in first!"
|
||||
end
|
||||
end
|
||||
|
@ -6,7 +6,9 @@ class SessionsController < ApplicationController
|
||||
user = User.find_by(email: params[:email])
|
||||
if user && user.authenticate(params[:password])
|
||||
session[:user_id] = user.id
|
||||
redirect_to user, notice: "Welcome back, #{user.name}!"
|
||||
redirect_to (session[:intended_url] || user),
|
||||
notice: "Welcome back, #{user.name}!"
|
||||
session[:intended_url] = nil
|
||||
else
|
||||
flash.now[:alert] = "Invalid email/password combination!"
|
||||
render :new, status: :unprocessable_entity
|
||||
|
@ -1,15 +1,19 @@
|
||||
class UsersController < ApplicationController
|
||||
before_action :require_signin, except: [:new, :create]
|
||||
before_action :set_user, only: [:show, :edit, :update, :destroy, :require_correct_user]
|
||||
before_action :require_correct_user, only: [:edit, :update, :destroy]
|
||||
|
||||
def index
|
||||
@users = User.all
|
||||
end
|
||||
|
||||
def new
|
||||
@user = User.new
|
||||
end
|
||||
|
||||
def show
|
||||
set_user
|
||||
end
|
||||
|
||||
def create
|
||||
@user = User.new(user_params)
|
||||
if @user.save
|
||||
@ -19,25 +23,26 @@ class UsersController < ApplicationController
|
||||
render :new, status: :unprocessable_entity
|
||||
end
|
||||
end
|
||||
|
||||
def edit
|
||||
set_user
|
||||
end
|
||||
|
||||
def update
|
||||
set_user
|
||||
if @user.update(user_params)
|
||||
redirect_to @user, notice: "Account successfully updated!"
|
||||
else
|
||||
render :new, status: :unprocessable_entity
|
||||
render :edit, status: :unprocessable_entity
|
||||
end
|
||||
end
|
||||
|
||||
def destroy
|
||||
set_user
|
||||
@user.destroy
|
||||
session[:user_id] = nil
|
||||
redirect_to movies_url, status: :see_other, alert: "Account successfully deleted!"
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def set_user
|
||||
@user = User.find(params[:id])
|
||||
end
|
||||
@ -45,4 +50,10 @@ class UsersController < ApplicationController
|
||||
def user_params
|
||||
params.require(:user).permit(:name, :email, :password, :password_confirmation)
|
||||
end
|
||||
|
||||
def require_correct_user
|
||||
unless current_user?(@user)
|
||||
redirect_to root_url, status: :see_other
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -2,7 +2,9 @@
|
||||
<h1><%= @user.name %></h1>
|
||||
<h2><%= mail_to(@user.email) %></h2>
|
||||
<div class="actions">
|
||||
<% if current_user?(@user) %>
|
||||
<%= link_to "Edit Account", edit_user_path(@user), class: "button edit" %>
|
||||
<%= link_to "Delete Account", user_path(@user), class: "button delete", data: { turbo_method: :delete, turbo_confirm: "Permanently delete your account!?" } %>
|
||||
<% end %>
|
||||
</div>
|
||||
</section>
|
||||
|
Loading…
x
Reference in New Issue
Block a user