Complete Lesson 33 Part 2

app/controllers/application_controller.rb

@@ -4,8 +4,14 @@ class ApplicationController < ActionController::Base
   end
   helper_method :current_user
 
+  def current_user?(user)
+    current_user == user
+  end
+  helper_method :current_user?
+
   def require_signin
     unless current_user
+      session[:intended_url] = request.url
       redirect_to new_session_url, alert: "Please sign in first!"
     end
   end

app/controllers/sessions_controller.rb

@@ -6,7 +6,9 @@ class SessionsController < ApplicationController
     user = User.find_by(email: params[:email])
     if user && user.authenticate(params[:password])
       session[:user_id] = user.id
-      redirect_to user, notice: "Welcome back, #{user.name}!"
+      redirect_to (session[:intended_url] || user),
+             notice: "Welcome back, #{user.name}!"
+      session[:intended_url] = nil
     else
       flash.now[:alert] = "Invalid email/password combination!"
       render :new, status: :unprocessable_entity

app/controllers/users_controller.rb

@@ -1,15 +1,19 @@
 class UsersController < ApplicationController
   before_action :require_signin, except: [:new, :create]
+  before_action :set_user, only: [:show, :edit, :update, :destroy, :require_correct_user]
+  before_action :require_correct_user, only: [:edit, :update, :destroy]
 
   def index
     @users = User.all
   end
+
   def new
     @user = User.new
   end
+
   def show
-    set_user
   end
+
   def create
     @user = User.new(user_params)
     if @user.save
@@ -19,25 +23,26 @@ class UsersController < ApplicationController
       render :new, status: :unprocessable_entity
     end
   end
+
   def edit
-    set_user
   end
+
   def update
-    set_user
     if @user.update(user_params)
       redirect_to @user, notice: "Account successfully updated!"
     else
-      render :new, status: :unprocessable_entity
+      render :edit, status: :unprocessable_entity
     end
   end
+
   def destroy
-    set_user
     @user.destroy
     session[:user_id] = nil
     redirect_to movies_url, status: :see_other, alert: "Account successfully deleted!"
   end
 
   private
+
   def set_user
     @user = User.find(params[:id])
   end
@@ -45,4 +50,10 @@ class UsersController < ApplicationController
   def user_params
     params.require(:user).permit(:name, :email, :password, :password_confirmation)
   end
+
+  def require_correct_user
+    unless current_user?(@user)
+      redirect_to root_url, status: :see_other
+    end
+  end
 end

app/views/users/show.html.erb

@@ -2,7 +2,9 @@
   <h1><%= @user.name %></h1>
   <h2><%= mail_to(@user.email) %></h2>
   <div class="actions">
+    <% if current_user?(@user) %>
     <%= link_to "Edit Account", edit_user_path(@user), class: "button edit" %>
     <%= link_to "Delete Account", user_path(@user), class: "button delete", data: { turbo_method: :delete, turbo_confirm: "Permanently delete your account!?" } %>
+    <% end %>
   </div>
 </section>