Finish user edit, update, index and destroy actions

62a1e377 · Mai Hoang Thai Ha · a11f9f2d · 62a1e377 · 62a1e377 · 62a1e377
Commit 62a1e377 authored Jun 15, 2021 by Mai Hoang Thai Ha
9 changed files
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
 class UsersController < ApplicationController
-  before_action :logged_in_user, only: [:index, :edit, :update]
+  before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
  before_action :correct_user, only: [:edit, :update]
+  before_action :admin_user, only: :destroy

  def index
    @users = User.paginate(page: params[:page])
-    # @users = User.all
  end
  
  def show 
@@ -41,6 +41,12 @@ class UsersController < ApplicationController
    end
  end

+  def destroy
+    User.find(params[:id]).destroy
+    flash[:success] = "User deleted"
+    redirect_to users_url
+  end
+
  private 

    def user_params
@@ -63,4 +69,8 @@ class UsersController < ApplicationController
      @user = User.find(params[:id])
      redirect_to(root_url) unless current_user?(@user)
    end
+
+    def admin_user
+      redirect_to(root_url) unless current_user.admin?
+    end
 end
--- a/app/views/users/_user.html.erb
+++ b/app/views/users/_user.html.erb
+<li>
+  <%= gravatar_for user, size: 50 %>
+  <%= link_to user.name, user %>
+  <% if current_user.admin? && !current_user?(user) %>
+    | <%= link_to "delete", user, method: :delete,
+                                  data: { confirm: "You sure?" } %>
+  <% end %>                            
+</li>
\ No newline at end of file
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -4,11 +4,8 @@
 <%= will_paginate %>

 <ul class="users">
-<% @users.each do |user| %>
-  <li>
-    <%= gravatar_for user, size: 50 %>
-    <%= link_to user.name, user%>
-  </li>
+  <% @users.each do |user| %>
+    <%= render @users %>
  <% end %>
 </ul>


--- a/db/migrate/20210615072636_add_admin_to_users.rb
+++ b/db/migrate/20210615072636_add_admin_to_users.rb
+class AddAdminToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :admin, :boolean, default: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 2021_06_11_030107) do
+ActiveRecord::Schema.define(version: 2021_06_15_072636) do

  create_table "users", force: :cascade do |t|
    t.string "name"
@@ -19,6 +19,7 @@ ActiveRecord::Schema.define(version: 2021_06_11_030107) do
    t.datetime "updated_at", precision: 6, null: false
    t.string "password_digest"
    t.string "remember_digest"
+    t.boolean "admin", default: false
    t.index ["email"], name: "index_users_on_email", unique: true
  end


--- a/db/seeds.rb
+++ b/db/seeds.rb
 User.create!( name: "Example User",
              email: "example@railstutorial.org",
              password: "foobar",
-              password_confirmation: "foobar")
+              password_confirmation: "foobar",
+              admin: true)

 99.times do |num|
  name = Faker::Name.name

--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -30,6 +30,21 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_url
  end

+  test "should redirect destroy when not logged in" do
+    assert_no_difference 'User.count' do
+      delete user_path(@user)
+    end
+    assert_redirected_to login_url
+  end
+
+  test "should redirect destroy when logged in as a non-admin" do
+    log_in_as(@other_user)
+    assert_no_difference 'User.count' do
+      delete user_path(@user)
+    end
+    assert_redirected_to root_url
+  end
+
  test "should redirect edit when logged in as wrong user" do
    log_in_as(@other_user)
    get edit_user_path(@user)

--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -7,3 +7,20 @@ archer:
  name: Sterling Archer
  email: duchess@example.gov
  password_digest: <%= User.digest('password') %> 
+
+lana:
+  name: Lana Kane
+  email: hands@example.gov
+  password_digest: <%= User.digest('password') %>
+
+malory:
+  name: Malory Archer
+  email: boss@example.gov
+  password_digest: <%= User.digest('password') %>
+
+<% 30.times do |n| %>
+user_<%= n %>:
+  name: <%= "User #{n}" %>
+  email: <%= "user-#{n}@example.com" %>
+  password_digest: <%= User.digest('password') %>
+<% end %>
\ No newline at end of file
--- a/test/integration/users_index_test.rb
+++ b/test/integration/users_index_test.rb
+require "test_helper"
+
+class UsersIndexTest < ActionDispatch::IntegrationTest
+  def setup
+    @admin = users(:michael)
+    @non_admin = users(:archer)
+  end
+
+  test "index as admin including pagination and delete links" do
+    log_in_as(@admin)
+    get users_path
+    assert_template 'users/index'
+    assert_select 'div.pagination'
+    first_page_of_users = User.paginate(page: 1)
+    first_page_of_users.each do |user|
+      assert_select 'a[href=?]', user_path(user), text: user.name
+      unless user = @admin
+        assert_select 'a[href=?]', user_path(user),text: 'delete'
+      end
+    end
+    # assert_difference 'User.count', -1 do
+    #   delete user_path(@non_admin)
+    # end
+  end
+
+  test "index as non-admin" do
+    log_in_as(@non_admin)
+    get users_path
+    assert_select 'a', text: 'delete', count: 0
+  end
+end