From f9a7010911ce136b4e4a96584eb1d88860c410fd Mon Sep 17 00:00:00 2001
From: Simon Quigley <simon@tsimonq2.net>
Date: Wed, 27 Sep 2023 07:20:20 -0500
Subject: [PATCH] Complete Lesson 34

---
 app/controllers/application_controller.rb | 11 +++++++++++
 app/controllers/movies_controller.rb      |  2 ++
 app/views/movies/index.html.erb           |  2 ++
 app/views/movies/show.html.erb            |  2 ++
 4 files changed, 17 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 64c8010..8baf533 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -15,4 +15,15 @@ class ApplicationController < ActionController::Base
       redirect_to new_session_url, alert: "Please sign in first!"
     end
   end
+
+  def current_user_admin?
+    current_user && current_user.admin?
+  end
+  helper_method :current_user_admin?
+
+  def require_admin
+    unless current_user_admin?
+      redirect_to root_url, alert: "Unauthorized access!"
+    end
+  end
 end
diff --git a/app/controllers/movies_controller.rb b/app/controllers/movies_controller.rb
index fd98483..2596103 100644
--- a/app/controllers/movies_controller.rb
+++ b/app/controllers/movies_controller.rb
@@ -1,4 +1,6 @@
 class MoviesController < ApplicationController
+  before_action :require_admin, except: [:index, :show]
+
   def index
     @movies = Movie.released
   end
diff --git a/app/views/movies/index.html.erb b/app/views/movies/index.html.erb
index 7fa639f..9b22a9a 100644
--- a/app/views/movies/index.html.erb
+++ b/app/views/movies/index.html.erb
@@ -23,6 +23,8 @@
   <% end %>
   </ul>
   <section class="admin">
+    <% if current_user_admin? %>
     <%= link_to "Add New Movie", new_movie_path, class: "button" %>
+    <% end %>
   </section>
 </div>
diff --git a/app/views/movies/show.html.erb b/app/views/movies/show.html.erb
index d5e0508..4c827df 100644
--- a/app/views/movies/show.html.erb
+++ b/app/views/movies/show.html.erb
@@ -30,8 +30,10 @@
     </table>
     <%= link_to "Write Review", new_movie_review_path(@movie), class: "review" %>
     <section class="admin">
+      <% if current_user_admin? %>
       <%= link_to "Edit", edit_movie_path(@movie), class: "button" %>
       <%= link_to "Delete", movie_path(@movie), class: "button", data: { turbo_method: :delete, turbo_confirm: "Are you sure?" } %>
+      <% end %>
     </section>
   </div>
 </section>