Finish user edit, update, index and destroy actions

bodfarian · Nov 3, 2014 · bca30e7 · bca30e7
1 parent 1babced
commit bca30e7
Show file tree

Hide file tree

Showing 19 changed files with 304 additions and 11 deletions.
diff --git a/Gemfile b/Gemfile
@@ -3,6 +3,9 @@ ruby  '2.1.1'
 
 gem 'rails',                '4.2.0.beta2'
 gem 'bcrypt',               '3.1.7'
+gem 'faker',                '1.4.2'
+gem 'will_paginate',         '3.0.7'
+gem 'bootstrap-will_paginate', '0.0.10'
 gem 'sass-rails'          
 # '~> 4.0.3'
 gem 'bootstrap-sass'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -43,6 +43,8 @@ GEM
       debug_inspector (>= 0.0.1)
     bootstrap-sass (3.2.0.2)
       sass (~> 3.2)
+    bootstrap-will_paginate (0.0.10)
+      will_paginate
     builder (3.2.2)
     byebug (3.4.0)
       columnize (~> 0.8)
@@ -63,6 +65,8 @@ GEM
     debugger-linecache (1.2.0)
     erubis (2.7.0)
     execjs (2.2.2)
+    faker (1.4.2)
+      i18n (~> 0.5)
     ffi (1.9.6)
     formatador (0.2.5)
     globalid (0.3.0)
@@ -199,15 +203,18 @@ GEM
       binding_of_caller (= 0.7.3.pre1)
       railties (~> 4.0)
       sprockets-rails (>= 2.0, < 4.0)
+    will_paginate (3.0.7)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   bcrypt (= 3.1.7)
   bootstrap-sass
+  bootstrap-will_paginate (= 0.0.10)
   byebug (= 3.4.0)
   coffee-rails (= 4.0.1)
+  faker (= 1.4.2)
   guard-minitest (= 2.3.1)
   jbuilder (= 2.2.3)
   jquery-rails (= 4.0.0.beta2)
@@ -225,3 +232,4 @@ DEPENDENCIES
   uglifier (= 2.5.3)
   unicorn (= 4.8.3)
   web-console (= 2.0.0.beta3)
+  will_paginate (= 3.0.7)
diff --git a/app/assets/stylesheets/custom.css.scss b/app/assets/stylesheets/custom.css.scss
@@ -217,6 +217,18 @@ input {
   width: auto;
   margin-left: 0;
 }
+
+/* Users index */
+
+.users {
+  list-style: none;
+  margin: 0;
+  li {
+    overflow: auto;
+    padding: 10px 0;
+    border-bottom: 1px solid $gray-lighter;
+  }
+}
 
 /* miscellaneous */
 

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -8,7 +8,7 @@ def create
     if user && user.authenticate(params[:session][:password])
       log_in user
       params[:session][:remember_me] == '1' ? remember(user) : forget(user)
-      redirect_to user 
+      redirect_back_or user 
     else
       flash.now[:danger] = 'Invalid email/password combination' # Not quite right!
       render 'new'

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,4 +1,11 @@
 class UsersController < ApplicationController
+  before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
+  before_action :correct_user,   only: [:edit, :update]
+  before_action :admin_user,     only: :destroy
+
+  def index
+    @users = User.paginate(page: params[:page])
+  end
 
   def show
     @user = User.find(params[:id])
@@ -20,10 +27,53 @@ def create
     end
   end
 
+  def edit
+    # @user = User.find(params[:id])
+  end
+
+  def update
+    # @user = User.find(params[:id])
+    if @user.update_attributes(user_params)
+      # Handle a successful update.
+      flash[:success] = "Profile updated"
+      redirect_to @user 
+    else
+      render 'edit'
+    end
+  end
+
+  def destroy
+    User.find(params[:id]).destroy
+    flash[:success] = "User deleted"
+    redirect_to users_url
+  end
+
   private
 
     def user_params
       params.require(:user).permit(:name, :email, :password,
                                    :password_confirmation)
     end
+
+    # Before filters
+
+    # Confirms a logged-in user.
+    def logged_in_user
+      unless logged_in?
+        store_location 
+        flash[:danger] = "Please log in."
+        redirect_to login_url
+      end
+    end
+
+    # Confirms the correct user.
+    def correct_user
+      @user = User.find(params[:id])
+      redirect_to(root_url) unless current_user?(@user)
+    end
+
+    # Confirms an admin user.
+    def admin_user
+      redirect_to(root_url) unless current_user.admin?
+    end
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -12,6 +12,11 @@ def remember(user)
     cookies.permanent[:remember_token] = user.remember_token
   end
 
+  # Returns true if the given user is the current user.
+  def current_user?(user)
+    user == current_user
+  end
+
   # Returns the user corresponding to the remember token cookie.
   def current_user
     if (user_id = session[:user_id])
@@ -44,5 +49,16 @@ def log_out
     @current_user = nil
   end
 
+  # Redirects to stored location (or to the default).
+  def redirect_back_or(default)
+    redirect_to(session[:forwarding_url] || default)
+    session.delete(:forwarding_url)
+  end
+
+  # Stores the URL trying to be accessed.
+  def store_location
+    session[:forwarding_url] = request.url if request.get?
+  end
+
 
 end
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
@@ -1,9 +1,10 @@
 module UsersHelper
 
   # Returns the Gravatar for the given user.
-  def gravatar_for(user)
+  def gravatar_for(user, options = { size: 80 })
     gravatar_id = Digest::MD5::hexdigest(user.email.downcase)
-    gravatar_url = "https://secure.gravatar.com/avatar/#{gravatar_id}"
+    size = options[:size]
+    gravatar_url = "https://secure.gravatar.com/avatar/#{gravatar_id}?s=#{size}"
     image_tag(gravatar_url, alt: user.name, class: "gravatar")
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -7,7 +7,7 @@ class User < ActiveRecord::Base
                     format: { with: VALID_EMAIL_REGEX },
                     uniqueness: { case_sensitive: false }
   has_secure_password
-  validates :password, length: { minimum: 6 }
+  validates :password, length: { minimum: 6 }, allow_blank: true
 
   # Returns the hash digest of the given string.
   def User.digest(string)

diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
@@ -6,14 +6,14 @@
         <li><%= link_to "Home", root_path %></li>
         <li><%= link_to "Help", help_path %></li>
         <% if logged_in? %>
-          <li><%= link_to "Users", '#' %></li>
+          <li><%= link_to "Users", users_path %></li>
           <li class="dropdown">
             <a href="#" class="dropdown-toggle" data-toggle="dropdown">
               Account <b class="caret"></b>
             </a>
             <ul class="dropdown-menu">
               <li><%= link_to "Profile", current_user %></li>
-              <li><%= link_to "Settings", '#' %></li>
+              <li><%= link_to "Settings", edit_user_path(current_user) %></li>
               <li class="divider"></li>
               <li>
                 <%= link_to "Log out", logout_path, method: "delete" %>

diff --git a/app/views/users/_user.html.erb b/app/views/users/_user.html.erb
@@ -0,0 +1,8 @@
+<li>
+  <%= gravatar_for user, size: 50 %>
+  <%= link_to user.name, user %>
+  <% if current_user.admin? && !current_user?(user) %>
+    | <%= link_to "delete", user, method: :delete,
+                                  data: { confirm: "You sure?" } %>
+  <% end %>
+</li>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
@@ -0,0 +1,29 @@
+<% provide(:title, "Edit user") %>
+<h1>Update your profile</h1>
+
+<div class="row">
+  <div class="col-md-6 col-md-offset-3">
+    <%= form_for(@user) do |f| %>
+      <%= render 'shared/error_messages' %>
+
+      <%= f.label :name %>
+      <%= f.text_field :name, class: 'form-control' %>
+
+      <%= f.label :email %>
+      <%= f.text_field :email, class: 'form-control' %>
+
+      <%= f.label :password %>
+      <%= f.password_field :password, class: 'form-control' %>
+
+      <%= f.label :password_confirmation, "Confirmation" %>
+      <%= f.password_field :password_confirmation, class: 'form-control' %>
+
+      <%= f.submit "Save changes", class: "btn btn-primary" %>
+    <% end %>
+
+    <div class="gravatar_edit">
+      <%= gravatar_for @user %>
+      <a href="http://gravatar.com/emails">change</a>
+    </div>
+  </div>
+</div>
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
@@ -0,0 +1,10 @@
+<% provide(:title, 'All users') %>
+<h1>All users</h1>
+
+<%= will_paginate %>
+
+<ul class="users">
+  <%= render @users %>
+</ul>
+
+<%= will_paginate %>
diff --git a/db/migrate/20141103214952_add_admin_to_users.rb b/db/migrate/20141103214952_add_admin_to_users.rb
@@ -0,0 +1,5 @@
+class AddAdminToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :admin, :boolean, default: false
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -11,15 +11,16 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20141102194813) do
+ActiveRecord::Schema.define(version: 20141103214952) do
 
   create_table "users", force: true do |t|
     t.string   "name"
     t.string   "email"
-    t.datetime "created_at",      null: false
-    t.datetime "updated_at",      null: false
+    t.datetime "created_at",                      null: false
+    t.datetime "updated_at",                      null: false
     t.string   "password_digest"
     t.string   "remember_digest"
+    t.boolean  "admin",           default: false
   end
 
   add_index "users", ["email"], name: "index_users_on_email", unique: true

diff --git a/db/seeds.rb b/db/seeds.rb
@@ -5,3 +5,18 @@
 #
 #   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
 #   Mayor.create(name: 'Emanuel', city: cities.first)
+User.create!(name:  "Example User",
+             email: "[email protected]",
+             password:              "foobar",
+             password_confirmation: "foobar",
+             admin:  true)
+
+99.times do |n|
+  name  = Faker::Name.name
+  email = "example-#{n+1}@railstutorial.org"
+  password = "password"
+  User.create!(name:  name,
+               email: email,
+               password:              password,
+               password_confirmation: password)
+end
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
@@ -1,10 +1,56 @@
 require 'test_helper'
 
 class UsersControllerTest < ActionController::TestCase
+
+  def setup
+    @user       = users(:michael)
+    @other_user = users(:archer)
+  end
+
   test "should get new" do
     get :new
     assert_response :success
-    assert_select "title", "Sign up | Ruby on Rails Tutorial Sample App"
   end
 
-end
+  test "should redirect index when not logged in" do
+    get :index
+    assert_redirected_to login_url
+  end
+
+  test "should redirect edit when not logged in" do
+    get :edit, id: @user
+    assert_redirected_to login_url
+  end
+
+  test "should redirect update when not logged in" do
+    patch :update, id: @user, user: { name: @user.name, email: @user.email }
+    assert_redirected_to login_url
+  end
+
+  test "should redirect edit when logged in as wrong user" do
+    log_in_as(@other_user)
+    get :edit, id: @user
+    assert_redirected_to root_url
+  end
+
+  test "should redirect update when logged in as wrong user" do
+    log_in_as(@other_user)
+    patch :update, id: @user, user: { name: @user.name, email: @user.email }
+    assert_redirected_to root_url
+  end
+
+  test "should redirect destroy when not logged in" do
+    assert_no_difference 'User.count' do
+      delete :destroy, id: @user
+    end
+    assert_redirected_to login_url
+  end
+
+  test "should redirect destroy when logged in as a non-admin" do
+    log_in_as(@other_user)
+    assert_no_difference 'User.count' do
+      delete :destroy, id: @user
+    end
+    assert_redirected_to root_url
+  end
+end