From bca30e74f093e824ab33f42a8e5197354d184d28 Mon Sep 17 00:00:00 2001
From: patricia mitchell <patricia__mitchell@hotmail.com>
Date: Mon, 3 Nov 2014 17:08:55 -0500
Subject: [PATCH] Finish user edit, update, index and destroy actions

---
 Gemfile                                       |  3 ++
 Gemfile.lock                                  |  8 +++
 app/assets/stylesheets/custom.css.scss        | 12 +++++
 app/controllers/sessions_controller.rb        |  2 +-
 app/controllers/users_controller.rb           | 50 +++++++++++++++++++
 app/helpers/sessions_helper.rb                | 16 ++++++
 app/helpers/users_helper.rb                   |  5 +-
 app/models/user.rb                            |  2 +-
 app/views/layouts/_header.html.erb            |  4 +-
 app/views/users/_user.html.erb                |  8 +++
 app/views/users/edit.html.erb                 | 29 +++++++++++
 app/views/users/index.html.erb                | 10 ++++
 .../20141103214952_add_admin_to_users.rb      |  5 ++
 db/schema.rb                                  |  7 +--
 db/seeds.rb                                   | 15 ++++++
 test/controllers/users_controller_test.rb     | 50 ++++++++++++++++++-
 test/fixtures/users.yml                       | 23 +++++++++
 test/integration/users_edit_test.rb           | 36 +++++++++++++
 test/integration/users_index_test.rb          | 30 +++++++++++
 19 files changed, 304 insertions(+), 11 deletions(-)
 create mode 100644 app/views/users/_user.html.erb
 create mode 100644 app/views/users/edit.html.erb
 create mode 100644 app/views/users/index.html.erb
 create mode 100644 db/migrate/20141103214952_add_admin_to_users.rb
 create mode 100644 test/integration/users_edit_test.rb
 create mode 100644 test/integration/users_index_test.rb

diff --git a/Gemfile b/Gemfile
index f34ca9a..dcd085b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,6 +3,9 @@ ruby  '2.1.1'
 
 gem 'rails',                '4.2.0.beta2'
 gem 'bcrypt',               '3.1.7'
+gem 'faker',                '1.4.2'
+gem 'will_paginate',         '3.0.7'
+gem 'bootstrap-will_paginate', '0.0.10'
 gem 'sass-rails'          
 # '~> 4.0.3'
 gem 'bootstrap-sass'
diff --git a/Gemfile.lock b/Gemfile.lock
index f50af0b..2af145f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -43,6 +43,8 @@ GEM
       debug_inspector (>= 0.0.1)
     bootstrap-sass (3.2.0.2)
       sass (~> 3.2)
+    bootstrap-will_paginate (0.0.10)
+      will_paginate
     builder (3.2.2)
     byebug (3.4.0)
       columnize (~> 0.8)
@@ -63,6 +65,8 @@ GEM
     debugger-linecache (1.2.0)
     erubis (2.7.0)
     execjs (2.2.2)
+    faker (1.4.2)
+      i18n (~> 0.5)
     ffi (1.9.6)
     formatador (0.2.5)
     globalid (0.3.0)
@@ -199,6 +203,7 @@ GEM
       binding_of_caller (= 0.7.3.pre1)
       railties (~> 4.0)
       sprockets-rails (>= 2.0, < 4.0)
+    will_paginate (3.0.7)
 
 PLATFORMS
   ruby
@@ -206,8 +211,10 @@ PLATFORMS
 DEPENDENCIES
   bcrypt (= 3.1.7)
   bootstrap-sass
+  bootstrap-will_paginate (= 0.0.10)
   byebug (= 3.4.0)
   coffee-rails (= 4.0.1)
+  faker (= 1.4.2)
   guard-minitest (= 2.3.1)
   jbuilder (= 2.2.3)
   jquery-rails (= 4.0.0.beta2)
@@ -225,3 +232,4 @@ DEPENDENCIES
   uglifier (= 2.5.3)
   unicorn (= 4.8.3)
   web-console (= 2.0.0.beta3)
+  will_paginate (= 3.0.7)
diff --git a/app/assets/stylesheets/custom.css.scss b/app/assets/stylesheets/custom.css.scss
index ab8ef56..fa8badc 100644
--- a/app/assets/stylesheets/custom.css.scss
+++ b/app/assets/stylesheets/custom.css.scss
@@ -217,6 +217,18 @@ input {
   width: auto;
   margin-left: 0;
 }
+
+/* Users index */
+
+.users {
+  list-style: none;
+  margin: 0;
+  li {
+    overflow: auto;
+    padding: 10px 0;
+    border-bottom: 1px solid $gray-lighter;
+  }
+}
   
 /* miscellaneous */
 
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 4293f0b..3191b24 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -8,7 +8,7 @@ def create
     if user && user.authenticate(params[:session][:password])
       log_in user
       params[:session][:remember_me] == '1' ? remember(user) : forget(user)
-      redirect_to user 
+      redirect_back_or user 
     else
       flash.now[:danger] = 'Invalid email/password combination' # Not quite right!
       render 'new'
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8b874ce..d485662 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,4 +1,11 @@
 class UsersController < ApplicationController
+  before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
+  before_action :correct_user,   only: [:edit, :update]
+  before_action :admin_user,     only: :destroy
+
+  def index
+    @users = User.paginate(page: params[:page])
+  end
   
   def show
     @user = User.find(params[:id])
@@ -20,10 +27,53 @@ def create
     end
   end
 
+  def edit
+    # @user = User.find(params[:id])
+  end
+
+  def update
+    # @user = User.find(params[:id])
+    if @user.update_attributes(user_params)
+      # Handle a successful update.
+      flash[:success] = "Profile updated"
+      redirect_to @user 
+    else
+      render 'edit'
+    end
+  end
+
+  def destroy
+    User.find(params[:id]).destroy
+    flash[:success] = "User deleted"
+    redirect_to users_url
+  end
+
   private
 
     def user_params
       params.require(:user).permit(:name, :email, :password,
                                    :password_confirmation)
     end
+
+    # Before filters
+
+    # Confirms a logged-in user.
+    def logged_in_user
+      unless logged_in?
+        store_location 
+        flash[:danger] = "Please log in."
+        redirect_to login_url
+      end
+    end
+
+    # Confirms the correct user.
+    def correct_user
+      @user = User.find(params[:id])
+      redirect_to(root_url) unless current_user?(@user)
+    end
+
+    # Confirms an admin user.
+    def admin_user
+      redirect_to(root_url) unless current_user.admin?
+    end
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 6b4d3e1..d642017 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -12,6 +12,11 @@ def remember(user)
     cookies.permanent[:remember_token] = user.remember_token
   end
 
+  # Returns true if the given user is the current user.
+  def current_user?(user)
+    user == current_user
+  end
+
   # Returns the user corresponding to the remember token cookie.
   def current_user
     if (user_id = session[:user_id])
@@ -44,5 +49,16 @@ def log_out
     @current_user = nil
   end
 
+  # Redirects to stored location (or to the default).
+  def redirect_back_or(default)
+    redirect_to(session[:forwarding_url] || default)
+    session.delete(:forwarding_url)
+  end
+
+  # Stores the URL trying to be accessed.
+  def store_location
+    session[:forwarding_url] = request.url if request.get?
+  end
+
 
 end
\ No newline at end of file
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index a1ac53e..670685f 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,9 +1,10 @@
 module UsersHelper
   
   # Returns the Gravatar for the given user.
-  def gravatar_for(user)
+  def gravatar_for(user, options = { size: 80 })
     gravatar_id = Digest::MD5::hexdigest(user.email.downcase)
-    gravatar_url = "https://secure.gravatar.com/avatar/#{gravatar_id}"
+    size = options[:size]
+    gravatar_url = "https://secure.gravatar.com/avatar/#{gravatar_id}?s=#{size}"
     image_tag(gravatar_url, alt: user.name, class: "gravatar")
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 62aa3b9..71dece2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -7,7 +7,7 @@ class User < ActiveRecord::Base
                     format: { with: VALID_EMAIL_REGEX },
                     uniqueness: { case_sensitive: false }
   has_secure_password
-  validates :password, length: { minimum: 6 }
+  validates :password, length: { minimum: 6 }, allow_blank: true
 
   # Returns the hash digest of the given string.
   def User.digest(string)
diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
index f582396..4a5657d 100644
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -6,14 +6,14 @@
         <li><%= link_to "Home", root_path %></li>
         <li><%= link_to "Help", help_path %></li>
         <% if logged_in? %>
-          <li><%= link_to "Users", '#' %></li>
+          <li><%= link_to "Users", users_path %></li>
           <li class="dropdown">
             <a href="#" class="dropdown-toggle" data-toggle="dropdown">
               Account <b class="caret"></b>
             </a>
             <ul class="dropdown-menu">
               <li><%= link_to "Profile", current_user %></li>
-              <li><%= link_to "Settings", '#' %></li>
+              <li><%= link_to "Settings", edit_user_path(current_user) %></li>
               <li class="divider"></li>
               <li>
                 <%= link_to "Log out", logout_path, method: "delete" %>
diff --git a/app/views/users/_user.html.erb b/app/views/users/_user.html.erb
new file mode 100644
index 0000000..14fa8ae
--- /dev/null
+++ b/app/views/users/_user.html.erb
@@ -0,0 +1,8 @@
+<li>
+  <%= gravatar_for user, size: 50 %>
+  <%= link_to user.name, user %>
+  <% if current_user.admin? && !current_user?(user) %>
+    | <%= link_to "delete", user, method: :delete,
+                                  data: { confirm: "You sure?" } %>
+  <% end %>
+</li>
\ No newline at end of file
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
new file mode 100644
index 0000000..deeb101
--- /dev/null
+++ b/app/views/users/edit.html.erb
@@ -0,0 +1,29 @@
+<% provide(:title, "Edit user") %>
+<h1>Update your profile</h1>
+
+<div class="row">
+  <div class="col-md-6 col-md-offset-3">
+    <%= form_for(@user) do |f| %>
+      <%= render 'shared/error_messages' %>
+
+      <%= f.label :name %>
+      <%= f.text_field :name, class: 'form-control' %>
+
+      <%= f.label :email %>
+      <%= f.text_field :email, class: 'form-control' %>
+
+      <%= f.label :password %>
+      <%= f.password_field :password, class: 'form-control' %>
+
+      <%= f.label :password_confirmation, "Confirmation" %>
+      <%= f.password_field :password_confirmation, class: 'form-control' %>
+
+      <%= f.submit "Save changes", class: "btn btn-primary" %>
+    <% end %>
+
+    <div class="gravatar_edit">
+      <%= gravatar_for @user %>
+      <a href="http://gravatar.com/emails">change</a>
+    </div>
+  </div>
+</div>
\ No newline at end of file
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
new file mode 100644
index 0000000..15de3d5
--- /dev/null
+++ b/app/views/users/index.html.erb
@@ -0,0 +1,10 @@
+<% provide(:title, 'All users') %>
+<h1>All users</h1>
+
+<%= will_paginate %>
+
+<ul class="users">
+  <%= render @users %>
+</ul>
+
+<%= will_paginate %>
\ No newline at end of file
diff --git a/db/migrate/20141103214952_add_admin_to_users.rb b/db/migrate/20141103214952_add_admin_to_users.rb
new file mode 100644
index 0000000..e386d33
--- /dev/null
+++ b/db/migrate/20141103214952_add_admin_to_users.rb
@@ -0,0 +1,5 @@
+class AddAdminToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :admin, :boolean, default: false
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 11801d5..56ca153 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,15 +11,16 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20141102194813) do
+ActiveRecord::Schema.define(version: 20141103214952) do
 
   create_table "users", force: true do |t|
     t.string   "name"
     t.string   "email"
-    t.datetime "created_at",      null: false
-    t.datetime "updated_at",      null: false
+    t.datetime "created_at",                      null: false
+    t.datetime "updated_at",                      null: false
     t.string   "password_digest"
     t.string   "remember_digest"
+    t.boolean  "admin",           default: false
   end
 
   add_index "users", ["email"], name: "index_users_on_email", unique: true
diff --git a/db/seeds.rb b/db/seeds.rb
index 4edb1e8..b70517c 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -5,3 +5,18 @@
 #
 #   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
 #   Mayor.create(name: 'Emanuel', city: cities.first)
+User.create!(name:  "Example User",
+             email: "example@railstutorial.org",
+             password:              "foobar",
+             password_confirmation: "foobar",
+             admin:  true)
+
+99.times do |n|
+  name  = Faker::Name.name
+  email = "example-#{n+1}@railstutorial.org"
+  password = "password"
+  User.create!(name:  name,
+               email: email,
+               password:              password,
+               password_confirmation: password)
+end
\ No newline at end of file
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
index 7195ce5..009c869 100644
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -1,10 +1,56 @@
 require 'test_helper'
 
 class UsersControllerTest < ActionController::TestCase
+
+  def setup
+    @user       = users(:michael)
+    @other_user = users(:archer)
+  end
+
   test "should get new" do
     get :new
     assert_response :success
-    assert_select "title", "Sign up | Ruby on Rails Tutorial Sample App"
   end
 
-end
+  test "should redirect index when not logged in" do
+    get :index
+    assert_redirected_to login_url
+  end
+
+  test "should redirect edit when not logged in" do
+    get :edit, id: @user
+    assert_redirected_to login_url
+  end
+
+  test "should redirect update when not logged in" do
+    patch :update, id: @user, user: { name: @user.name, email: @user.email }
+    assert_redirected_to login_url
+  end
+
+  test "should redirect edit when logged in as wrong user" do
+    log_in_as(@other_user)
+    get :edit, id: @user
+    assert_redirected_to root_url
+  end
+
+  test "should redirect update when logged in as wrong user" do
+    log_in_as(@other_user)
+    patch :update, id: @user, user: { name: @user.name, email: @user.email }
+    assert_redirected_to root_url
+  end
+
+  test "should redirect destroy when not logged in" do
+    assert_no_difference 'User.count' do
+      delete :destroy, id: @user
+    end
+    assert_redirected_to login_url
+  end
+
+  test "should redirect destroy when logged in as a non-admin" do
+    log_in_as(@other_user)
+    assert_no_difference 'User.count' do
+      delete :destroy, id: @user
+    end
+    assert_redirected_to root_url
+  end
+end
\ No newline at end of file
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index 15c7835..de1630b 100644
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -2,3 +2,26 @@ michael:
   name: Michael Example
   email: michael@example.com
   password_digest: <%= User.digest('password') %>
+  admin: true
+
+archer:
+  name: Sterling Archer
+  email: duchess@example.gov
+  password_digest: <%= User.digest('password') %>
+
+lana:
+  name: Lana Kane
+  email: hands@example.gov
+  password_digest: <%= User.digest('password') %>
+
+mallory:
+  name: Mallory Archer
+  email: boss@example.gov
+  password_digest: <%= User.digest('password') %>
+
+<% 30.times do |n| %>
+user_<%= n %>:
+  name:  <%= "User #{n}" %>
+  email: <%= "user-#{n}@example.com" %>
+  password_digest: <%= User.digest('password') %>
+<% end %>
\ No newline at end of file
diff --git a/test/integration/users_edit_test.rb b/test/integration/users_edit_test.rb
new file mode 100644
index 0000000..f1bae21
--- /dev/null
+++ b/test/integration/users_edit_test.rb
@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class UsersEditTest < ActionDispatch::IntegrationTest
+  
+  def setup
+    @user = users(:michael)
+  end
+
+  test "unsuccessful edit" do
+    log_in_as(@user)
+    get edit_user_path(@user)
+    patch user_path(@user), user: { name:  '',
+                                    email: 'foo@invalid',
+                                    password:              'foo',
+                                    password_confirmation: 'bar' }
+    assert_template 'users/edit'
+  end
+
+  test "successful edit with friendly forwarding" do
+    get edit_user_path(@user)
+    log_in_as(@user)
+    assert_redirected_to edit_user_path(@user)
+    name  = "Foo Bar"
+    email = "foo@bar.com"
+    patch user_path(@user), user: { name:  name,
+                                    email: email,
+                                    password:              "foobar",
+                                    password_confirmation: "foobar" }
+    assert_not flash.empty?
+    assert_redirected_to @user
+    @user.reload
+    assert_equal @user.name,  name
+    assert_equal @user.email, email
+  end
+end
+
diff --git a/test/integration/users_index_test.rb b/test/integration/users_index_test.rb
new file mode 100644
index 0000000..86795d4
--- /dev/null
+++ b/test/integration/users_index_test.rb
@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class UsersIndexTest < ActionDispatch::IntegrationTest
+
+  def setup
+    @admin     = users(:michael)
+    @non_admin = users(:archer)
+  end
+
+  test "index as admin including pagination and delete links" do
+    log_in_as(@admin)
+    get users_path
+    assert_select 'div.pagination'
+    first_page_of_users = User.paginate(page: 1)
+    first_page_of_users.each do |user|
+      assert_select 'a', user.name
+    end
+    assert_select 'a', text: 'delete'
+    user = first_page_of_users.first
+    assert_difference 'User.count', -1 do
+      delete user_path(user)
+    end
+  end
+
+  test "index as non-admin" do
+    log_in_as(@non_admin)
+    get users_path
+    assert_select 'a', text: 'delete', count: 0
+  end
+end
\ No newline at end of file