From 32fd91bb5cab961bd2507218351fdef2752d569e Mon Sep 17 00:00:00 2001 From: Simon Quigley Date: Wed, 27 Sep 2023 07:05:39 -0500 Subject: [PATCH] Complete Lesson 33 Part 2 --- app/controllers/application_controller.rb | 6 ++++++ app/controllers/sessions_controller.rb | 4 +++- app/controllers/users_controller.rb | 21 ++++++++++++++++----- app/views/users/show.html.erb | 2 ++ 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index bf00341..64c8010 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -4,8 +4,14 @@ class ApplicationController < ActionController::Base end helper_method :current_user + def current_user?(user) + current_user == user + end + helper_method :current_user? + def require_signin unless current_user + session[:intended_url] = request.url redirect_to new_session_url, alert: "Please sign in first!" end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 6d0a052..4c4377a 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -6,7 +6,9 @@ class SessionsController < ApplicationController user = User.find_by(email: params[:email]) if user && user.authenticate(params[:password]) session[:user_id] = user.id - redirect_to user, notice: "Welcome back, #{user.name}!" + redirect_to (session[:intended_url] || user), + notice: "Welcome back, #{user.name}!" + session[:intended_url] = nil else flash.now[:alert] = "Invalid email/password combination!" render :new, status: :unprocessable_entity diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4a16916..943f385 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,15 +1,19 @@ class UsersController < ApplicationController before_action :require_signin, except: [:new, :create] + before_action :set_user, only: [:show, :edit, :update, :destroy, :require_correct_user] + before_action :require_correct_user, only: [:edit, :update, :destroy] def index @users = User.all end + def new @user = User.new end + def show - set_user end + def create @user = User.new(user_params) if @user.save @@ -19,25 +23,26 @@ class UsersController < ApplicationController render :new, status: :unprocessable_entity end end + def edit - set_user end + def update - set_user if @user.update(user_params) redirect_to @user, notice: "Account successfully updated!" else - render :new, status: :unprocessable_entity + render :edit, status: :unprocessable_entity end end + def destroy - set_user @user.destroy session[:user_id] = nil redirect_to movies_url, status: :see_other, alert: "Account successfully deleted!" end private + def set_user @user = User.find(params[:id]) end @@ -45,4 +50,10 @@ class UsersController < ApplicationController def user_params params.require(:user).permit(:name, :email, :password, :password_confirmation) end + + def require_correct_user + unless current_user?(@user) + redirect_to root_url, status: :see_other + end + end end diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index e698faf..c8ac777 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -2,7 +2,9 @@

<%= @user.name %>

<%= mail_to(@user.email) %>

+ <% if current_user?(@user) %> <%= link_to "Edit Account", edit_user_path(@user), class: "button edit" %> <%= link_to "Delete Account", user_path(@user), class: "button delete", data: { turbo_method: :delete, turbo_confirm: "Permanently delete your account!?" } %> + <% end %>