Complete Lesson 33 Part 2

main
Simon Quigley 1 year ago
parent ffdb341b1e
commit 32fd91bb5c

@ -4,8 +4,14 @@ class ApplicationController < ActionController::Base
end end
helper_method :current_user helper_method :current_user
def current_user?(user)
current_user == user
end
helper_method :current_user?
def require_signin def require_signin
unless current_user unless current_user
session[:intended_url] = request.url
redirect_to new_session_url, alert: "Please sign in first!" redirect_to new_session_url, alert: "Please sign in first!"
end end
end end

@ -6,7 +6,9 @@ class SessionsController < ApplicationController
user = User.find_by(email: params[:email]) user = User.find_by(email: params[:email])
if user && user.authenticate(params[:password]) if user && user.authenticate(params[:password])
session[:user_id] = user.id session[:user_id] = user.id
redirect_to user, notice: "Welcome back, #{user.name}!" redirect_to (session[:intended_url] || user),
notice: "Welcome back, #{user.name}!"
session[:intended_url] = nil
else else
flash.now[:alert] = "Invalid email/password combination!" flash.now[:alert] = "Invalid email/password combination!"
render :new, status: :unprocessable_entity render :new, status: :unprocessable_entity

@ -1,15 +1,19 @@
class UsersController < ApplicationController class UsersController < ApplicationController
before_action :require_signin, except: [:new, :create] before_action :require_signin, except: [:new, :create]
before_action :set_user, only: [:show, :edit, :update, :destroy, :require_correct_user]
before_action :require_correct_user, only: [:edit, :update, :destroy]
def index def index
@users = User.all @users = User.all
end end
def new def new
@user = User.new @user = User.new
end end
def show def show
set_user
end end
def create def create
@user = User.new(user_params) @user = User.new(user_params)
if @user.save if @user.save
@ -19,25 +23,26 @@ class UsersController < ApplicationController
render :new, status: :unprocessable_entity render :new, status: :unprocessable_entity
end end
end end
def edit def edit
set_user
end end
def update def update
set_user
if @user.update(user_params) if @user.update(user_params)
redirect_to @user, notice: "Account successfully updated!" redirect_to @user, notice: "Account successfully updated!"
else else
render :new, status: :unprocessable_entity render :edit, status: :unprocessable_entity
end end
end end
def destroy def destroy
set_user
@user.destroy @user.destroy
session[:user_id] = nil session[:user_id] = nil
redirect_to movies_url, status: :see_other, alert: "Account successfully deleted!" redirect_to movies_url, status: :see_other, alert: "Account successfully deleted!"
end end
private private
def set_user def set_user
@user = User.find(params[:id]) @user = User.find(params[:id])
end end
@ -45,4 +50,10 @@ class UsersController < ApplicationController
def user_params def user_params
params.require(:user).permit(:name, :email, :password, :password_confirmation) params.require(:user).permit(:name, :email, :password, :password_confirmation)
end end
def require_correct_user
unless current_user?(@user)
redirect_to root_url, status: :see_other
end
end
end end

@ -2,7 +2,9 @@
<h1><%= @user.name %></h1> <h1><%= @user.name %></h1>
<h2><%= mail_to(@user.email) %></h2> <h2><%= mail_to(@user.email) %></h2>
<div class="actions"> <div class="actions">
<% if current_user?(@user) %>
<%= link_to "Edit Account", edit_user_path(@user), class: "button edit" %> <%= link_to "Edit Account", edit_user_path(@user), class: "button edit" %>
<%= link_to "Delete Account", user_path(@user), class: "button delete", data: { turbo_method: :delete, turbo_confirm: "Permanently delete your account!?" } %> <%= link_to "Delete Account", user_path(@user), class: "button delete", data: { turbo_method: :delete, turbo_confirm: "Permanently delete your account!?" } %>
<% end %>
</div> </div>
</section> </section>

Loading…
Cancel
Save