Merge branch 'updating-users' into 'master'

Updating users See merge request !9

Merge branch 'updating-users' into 'master'
Updating users See merge request !9
2d33396b · Son Do Hong · 9c88ae2a · ab752d64 · 2d33396b · 2d33396b
Commit 2d33396b authored Nov 19, 2019 by Son Do Hong
22 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -2,6 +2,9 @@ source "https://rubygems.org"

 gem "rails",        "5.1.6"
 gem "bcrypt",      "3.1.12"
+gem "faker",        "1.7.3"
+gem "will_paginate",  "3.1.6"
+gem "bootstrap-will_paginate", "1.0.0"
 gem "bootstrap-sass", "3.3.7"
 gem "puma",         "3.9.1"
 gem "sass-rails",   "5.0.6"

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -47,6 +47,8 @@ GEM
    bootstrap-sass (3.3.7)
      autoprefixer-rails (>= 5.2.1)
      sass (>= 3.3.4)
+    bootstrap-will_paginate (1.0.0)
+      will_paginate
    builder (3.2.3)
    byebug (9.0.6)
    coderay (1.1.2)
@@ -61,7 +63,9 @@ GEM
    crass (1.0.5)
    erubi (1.9.0)
    execjs (2.7.0)
-    ffi (1.11.1)
+    faker (1.7.3)
+      i18n (~> 0.5)
+    ffi (1.11.2)
    formatador (0.2.5)
    globalid (0.4.2)
      activesupport (>= 4.2.0)
@@ -78,7 +82,7 @@ GEM
    guard-minitest (2.4.4)
      guard-compat (~> 1.2)
      minitest (>= 3.0)
-    i18n (1.7.0)
+    i18n (0.9.5)
      concurrent-ruby (~> 1.0)
    jbuilder (2.7.0)
      activesupport (>= 4.2.0)
@@ -149,7 +153,7 @@ GEM
      method_source
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (13.0.0)
+    rake (13.0.1)
    rb-fsevent (0.10.3)
    rb-inotify (0.10.0)
      ffi (~> 1.0)
@@ -198,6 +202,7 @@ GEM
    websocket-driver (0.6.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.4)
+    will_paginate (3.1.6)

 PLATFORMS
  ruby
@@ -205,8 +210,10 @@ PLATFORMS
 DEPENDENCIES
  bcrypt (= 3.1.12)
  bootstrap-sass (= 3.3.7)
+  bootstrap-will_paginate (= 1.0.0)
  byebug (= 9.0.6)
  coffee-rails (= 4.2.2)
+  faker (= 1.7.3)
  guard (= 2.13.0)
  guard-minitest (= 2.4.4)
  jbuilder (= 2.7.0)
@@ -226,6 +233,7 @@ DEPENDENCIES
  tzinfo-data
  uglifier (= 3.2.0)
  web-console (= 3.5.1)
+  will_paginate (= 3.1.6)

 BUNDLED WITH
   2.0.2
--- a/app/assets/stylesheets/custom.scss
+++ b/app/assets/stylesheets/custom.scss
@@ -190,3 +190,15 @@ input {
  width: auto;
  margin-left: 0;
 }
+
+/* Users index */
+
+.users {
+  list-style: none;
+  margin: 0;
+  li {
+    overflow: auto;
+    padding: 10px 0;
+    border-bottom: 1px solid $gray-lighter;
+  }
+}
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -8,8 +8,7 @@ class SessionsController < ApplicationController
    if @user && @user.authenticate(params[:session][:password])
      log_in @user
      params[:session][:remember_me] == "1" ? remember(@user) : forget(@user)
-      #remember user
-      redirect_to @user
+      redirect_back_or @user
    else
      flash.now[:danger] = "Invalid email/password combination" 
      render "new"

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
 class UsersController < ApplicationController
+  before_action :logged_in_user, only: [:index, :edit, :update, :destroy]
+  before_action :correct_user, only: [:edit, :update]
+  before_action :admin_user, only: :destroy
+  
+  def index
+    @users = User.paginate(page: params[:page])
+  end

  def show
-    @user = User.find_by(params[:id])
+    @user = User.find(params[:id])
  end

  def new
@@ -19,9 +26,50 @@ class UsersController < ApplicationController
    end
  end

+  def edit
+    @user = User.find(params[:id])
+  end
+
+  def update
+    @user = User.find(params[:id])
+    if @user.update_attributes(user_params)
+      flash[:success] = "Profile updated"
+      redirect_to @user
+    else
+      render "edit"
+    end
+  end
+
+  def destroy
+    User.find(params[:id]).destroy
+    flash[:success] = "User deleted"
+    redirect_to users_url
+  end
+
  private 

+  def admin_user
+    redirect_to(root_url) unless current_user.admin?
+  end
+
  def user_params
-    params.require(:user).permit(:name, :email, :password,  :password_confirmation)
+    params.require(:user).permit(:name, :email, :password, :password_confirmation)
+  end
+
+  # Before filters
+
+  # Confirms a logged-in user.
+  def logged_in_user
+    unless logged_in?
+      store_location
+      flash[:danger] = "Please log in."
+      redirect_to login_url
+    end
+  end
+
+  # Confirms the correct user.
+  def correct_user
+    @user = User.find(params[:id])
+    redirect_to(root_url) unless current_user?(@user)
  end
 end
--- a/app/helpers/account_activations_helper.rb
+++ b/app/helpers/account_activations_helper.rb
+module AccountActivationsHelper
+end
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -11,6 +11,11 @@ module SessionsHelper
    cookies.permanent[:remember_token] = user.remember_token
  end

+  # Returns true if the given user is the current user.
+  def current_user?(user)
+    user == current_user
+  end
+
  # Returns the user corresponding to the remember token cookie.
  def current_user
    if (user_id = session[:user_id])
@@ -42,6 +47,15 @@ module SessionsHelper
    session.delete(:user_id)
    @current_user = nil
  end
-end

+  # Redirects to stored location (or to the default).
+  def redirect_back_or(default)
+    redirect_to(session[:forwarding_url] || default)
+    session.delete(:forwarding_url)
+  end

+  # Stores the URL trying to be accessed.
+  def store_location
+    session[:forwarding_url] = request.original_url if request.get?
+  end
+end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
 module UsersHelper
  # Returns the Gravatar for the given user.
-  def gravatar_for(user, size: 80)
+  def gravatar_for(user, options = { size: 80 })
    gravatar_id = Digest::MD5::hexdigest(user.email.downcase)
+    size = options[:size]
    gravatar_url = "https://secure.gravatar.com/avatar/#{gravatar_id}?s=#{size}"
    image_tag(gravatar_url, alt: user.name, class: "gravatar")
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -5,7 +5,7 @@ class User < ApplicationRecord

  validates :email, presence: true, length: { maximum: 255 }, format: { with: VALID_EMAIL_REGEX }
  validates :name, presence: true, length: { maximum: 50 }, uniqueness: { case_sensitive: false }
-  validates :password, presence: true, length: { minimum: 6 }
+  validates :password, presence: true, length: { minimum: 6 }, allow_nil: true

  before_save { email.downcase! } #Call Backs
  

--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -6,14 +6,14 @@
        <li><%= link_to "Home",    root_path %></li>
        <li><%= link_to "Help",    help_path %></li>
        <% if logged_in? %>
-          <li><%= link_to "Users", "#" %></li>
+          <li><%= link_to "Users", users_path %></li>
        <li class="dropdown">
          <a href="#" class="dropdown-toggle" data-toggle="dropdown">
            Account <b class="caret"></b>
          </a>
          <ul class="dropdown-menu">
            <li><%= link_to "Profile", current_user %></li>
-            <li><%= link_to "Settings", "#" %></li>
+            <li><%= link_to "Settings", edit_user_path(current_user) %></li>
            <li class="divider"></li>
            <li>
              <%= link_to "Log out", logout_path, method: :delete %>

--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
+<%= form_for(@user) do |f| %>
+  <%= render "shared/error_messages", object: @user %>
+  <%= f.label :name %>
+  <%= f.text_field :name, class: "form-control" %>
+  <%= f.label :email %>
+  <%= f.email_field :email, class: "form-control" %>
+  <%= f.label :password %>
+  <%= f.password_field :password, class: "form-control" %>
+  <%= f.label :password_confirmation %>
+  <%= f.password_field :password_confirmation, class: "form-control" %>
+  <%= f.submit yield(:button_text), class: "btn btn-primary" %>
+<% end %>
--- a/app/views/users/_user.html.erb
+++ b/app/views/users/_user.html.erb
+<li>
+  <%= gravatar_for user, size: 50 %>
+  <%= link_to user.name, user %>
+  <% if current_user.admin? && !current_user?(user) %>
+    | <%= link_to "delete", user, method: :delete, data: { confirm: "You sure?" } %>
+  <% end %>
+</li>
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
+<% provide(:title, "Edit user") %>
+<% provide(:button_text, "Save changes") %>
+<h1>Update your profile</h1>
+<div class="row">
+  <div class="col-md-6 col-md-offset-3">
+    <%= render "form" %>
+    <div class="gravatar_edit">
+      <%= gravatar_for @user %>
+      <a href="http://gravatar.com/emails" target="_blank">Change</a>
+    </div>
+  </div>
+</div>
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
+<% provide(:title, "All users") %>
+<h1>All users</h1>
+
+<%= will_paginate %>
+<ul class="users">
+  <% @users.each do |user| %>
+    <%= render @users %>
+  <% end %>
+</ul>
+<%= will_paginate %>
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
 <% provide(:title, "Sign up") %>
+<% provide(:button_text, "Create my account") %>
 <h1>Sign up</h1>
-
 <div class="row">
  <div class="col-md-6 col-md-offset-3">
-    <%= form_for(@user) do |f| %>
-      <%= render "shared/error_messages" %>
-      <%= f.label :name %>
-      <%= f.text_field :name, class: "form-control" %>
-      <%= f.label :email %>
-      <%= f.email_field :email, class: "form-control" %>
-      <%= f.label :password %>
-      <%= f.password_field :password, class: "form-control" %>
-      <%= f.label :password_confirmation, "Confirmation" %>
-      <%= f.password_field :password_confirmation, class: "form-control" %>
-      <%= f.submit "Create my account", class: "btn btn-primary" %>
-    <% end %>
+    <%= render "form" %>
  </div>
 </div>
--- a/db/migrate/20191115085103_add_admin_to_users.rb
+++ b/db/migrate/20191115085103_add_admin_to_users.rb
+class AddAdminToUsers < ActiveRecord::Migration[5.1]
+  def change
+    add_column :users, :admin, :boolean, default: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20191113080850) do
+ActiveRecord::Schema.define(version: 20191115085103) do

  create_table "users", force: :cascade do |t|
    t.string "name"
@@ -19,6 +19,7 @@ ActiveRecord::Schema.define(version: 20191113080850) do
    t.datetime "updated_at", null: false
    t.string "password_digest"
    t.string "remember_digest"
+    t.boolean "admin"
    t.index ["email"], name: "index_users_on_email", unique: true
  end


--- a/db/seeds.rb
+++ b/db/seeds.rb
-# This file should contain all the record creation needed to seed the database with its default values.
-# The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup).
-#
-# Examples:
-#
-#   movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }])
-#   Character.create(name: 'Luke', movie: movies.first)
+User.create!(name: "Example User",
+                    email: "example@railstutorial.org",
+                    password: "foobar",
+                    password_confirmation: "foobar")
+
+99.times do |n|
+  name = Faker::Name.name
+  email = "example-#{n+1}@railstutorial.org"
+  password = "password"
+  User.create!(name: name,
+                      email: email,
+                      password: password,
+                      password_confirmation: password)
+end
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
 require "test_helper"

 class UsersControllerTest < ActionDispatch::IntegrationTest
+  def setup
+    @user = users(:michael)
+    @other_user = users(:archer)
+  end
+
+  test "should redirect index when not logged in" do
+    get users_path
+    assert_redirected_to login_url
+  end
+  
  test "should get new" do
    get signup_path
    assert_response :success
  end
+
+  test "should redirect edit when logged in as wrong user" do
+    log_in_as(@other_user)
+    get edit_user_path(@user)
+    assert flash.empty?
+    assert_redirected_to root_url
+  end
+
+  test "should redirect update when logged in as wrong user" do
+    log_in_as(@other_user)
+    patch user_path(@user), params: { user: { name: @user.name, email: @user.email } }
+    assert flash.empty?
+    assert_redirected_to root_url
+  end
+
+  test "should redirect update when not logged in" do
+    patch user_path(@user), params: { user: { name: @user.name, email: @user.email } }
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
+
+  test "should not allow the admin attribute to be edited via the web" do
+    log_in_as(@other_user)
+    assert_not @other_user.admin?
+    patch user_path(@other_user), params: { user: { password: @other_user.password, password_confirmation: @other_user.password, admin: true } }
+    assert_not @other_user.reload.admin?
+  end
 end
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -2,3 +2,26 @@ michael:
  name: Michael Example
  email: michael@example.com
  password_digest: <%= User.digest("password") %>
+  admin: true
+
+archer:
+  name: Sterling Archer
+  email: duchess@example.gov
+  password_digest: <%= User.digest("password") %>
+
+lana:
+  name: Lana Kane
+  email: hands@example.gov
+  password_digest: <%= User.digest('password') %>
+
+malory:
+  name: Malory Archer
+  email: boss@example.gov
+  password_digest: <%= User.digest('password') %>
+
+<% 30.times do |n| %>
+user_<%= n %>:
+  name:  <%= "User #{n}" %>
+  email: <%= "user-#{n}@example.com" %>
+  password_digest: <%= User.digest('password') %>
+<% end %>
--- a/test/integration/users_edit_test.rb
+++ b/test/integration/users_edit_test.rb
+require "test_helper"
+
+class UsersEditTest < ActionDispatch::IntegrationTest
+
+  def setup
+    @user = users(:michael)
+  end
+
+  test "unsuccessful edit" do
+    log_in_as(@user)
+    get edit_user_path(@user)
+    assert_template "users/edit"
+    patch user_path(@user), params: { user: { name: "", email: "foo@invalid", password: "foo", password_confirmation: "bar" } }
+    assert_template "users/edit"
+  end
+
+  test "successful edit" do
+    log_in_as(@user)
+    get edit_user_path(@user)
+    assert_template "users/edit"
+    name  = "Foo Bar"
+    email = "foo@bar.com"
+    patch user_path(@user), params: { user: { name: name, email: email, password: "", password_confirmation: "" } }
+    assert_not flash.empty?
+    assert_redirected_to @user
+    @user.reload
+    assert_equal name, @user.name
+    assert_equal email, @user.email
+  end
+
+  test "successful edit with friendly forwarding" do
+    get edit_user_path(@user)
+    log_in_as(@user)
+    assert_redirected_to edit_user_url(@user)
+    name  = "Foo Bar"
+    email = "foo@bar.com"
+    patch user_path(@user), params: { user: { name: name, email: email, password: "", password_confirmation: "" } }
+    assert_not flash.empty?
+    assert_redirected_to @user
+    @user.reload
+    assert_equal name, @user.name
+    assert_equal email, @user.email
+  end
+end
--- a/test/integration/users_index_test.rb
+++ b/test/integration/users_index_test.rb
+require "test_helper"
+class UsersIndexTest < ActionDispatch::IntegrationTest
+  def setup
+    @admin     = users(:michael)
+    @non_admin = users(:archer)
+  end
+
+  test "index as admin including pagination and delete links" do
+    log_in_as(@admin)
+    get users_path
+    assert_template "users/index"
+    assert_select "div.pagination"
+    first_page_of_users = User.paginate(page: 1)
+    first_page_of_users.each do |user|
+      assert_select "a[href=?]", user_path(user), text: user.name
+      unless user == @admin
+        assert_select "a[href=?]", user_path(user), text: "delete"
+      end
+    end
+    assert_difference "User.count", -1 do
+      delete user_path(@non_admin)
+    end
+  end
+
+  test "index as non-admin" do
+    log_in_as(@non_admin)
+    get users_path
+    assert_select "a", text: "delete", count: 0
+  end
+end