Complete Lesson 34

2023-09-27 07:20:20 -05:00 · 2023-09-27 07:20:20 -05:00 · f9a7010911
commit f9a7010911
parent 32fd91bb5c
4 changed files with 17 additions and 0 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -15,4 +15,15 @@ class ApplicationController < ActionController::Base
      redirect_to new_session_url, alert: "Please sign in first!"
    end
  end
+
+  def current_user_admin?
+    current_user && current_user.admin?
+  end
+  helper_method :current_user_admin?
+
+  def require_admin
+    unless current_user_admin?
+      redirect_to root_url, alert: "Unauthorized access!"
+    end
+  end
 end
--- a/app/controllers/movies_controller.rb
+++ b/app/controllers/movies_controller.rb
@ -1,4 +1,6 @@
 class MoviesController < ApplicationController
+  before_action :require_admin, except: [:index, :show]
+
  def index
    @movies = Movie.released
  end
--- a/app/views/movies/index.html.erb
+++ b/app/views/movies/index.html.erb
@ -23,6 +23,8 @@
  <% end %>
  </ul>
  <section class="admin">
+    <% if current_user_admin? %>
    <%= link_to "Add New Movie", new_movie_path, class: "button" %>
+    <% end %>
  </section>
 </div>
--- a/app/views/movies/show.html.erb
+++ b/app/views/movies/show.html.erb
@ -30,8 +30,10 @@
    </table>
    <%= link_to "Write Review", new_movie_review_path(@movie), class: "review" %>
    <section class="admin">
+      <% if current_user_admin? %>
      <%= link_to "Edit", edit_movie_path(@movie), class: "button" %>
      <%= link_to "Delete", movie_path(@movie), class: "button", data: { turbo_method: :delete, turbo_confirm: "Are you sure?" } %>
+      <% end %>
    </section>
  </div>
 </section>