Finish user edit, update, index, and destroy actions

9495aaca · Đường Sỹ Hoàng · 8a67a6cf · 9495aaca · 9495aaca · 9495aaca
Commit 9495aaca authored Nov 19, 2019 by Đường Sỹ Hoàng
7 changed files
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
 class UsersController < ApplicationController
-  before_action :logged_in_user, only: [:index, :edit, :update]
+  before_action :logged_in_user, only: [:index, :edit, :update,:destroy]
  before_action :correct_user, only: [:edit, :update]
+  before_action :admin_user, only: :destroy
  def index
    @users = User.paginate(page: params[:page])
  end
@@ -38,8 +39,18 @@ class UsersController < ApplicationController
    end
  end
+  def destroy
+    User.find(params[:id]).destroy
+    flash[:success] = "User deleted"
+    redirect_to users_url
+  end
  private 
+  def admin_user
+    redirect_to(root_url) unless current_user.admin?
+  end
  def user_params
    params.require(:user).permit(:name, :email, :password,  :password_confirmation)
  end

--- a/app/views/users/_user.html.erb
+++ b/app/views/users/_user.html.erb
+<li>
+  <%= gravatar_for user, size: 50 %>
+  <%= link_to user.name, user %>
+  <% if current_user.admin? && !current_user?(user) %>
+    | <%= link_to "delete", user, method: :delete,data: {confirm: "You sure?" } %>
+  <% end %>
+</li>
\ No newline at end of file
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
-<% provide(:title, "All users") %>
+<% provide(:title, 'All users') %>
 <h1>All users</h1>
 <%= will_paginate %>
 <ul class="users">
  <% @users.each do |user| %>
-    <li>
+    <%= render @users %>
-      <%= gravatar_for user, size: 50 %>
-      <%= link_to user.name, user %>
-    </li>
  <% end %>
 </ul>
-<% will_paginate %>
+<%= will_paginate %>
\ No newline at end of file
--- a/db/migrate/20191115085103_add_admin_to_users.rb
+++ b/db/migrate/20191115085103_add_admin_to_users.rb
+class AddAdminToUsers < ActiveRecord::Migration[5.1]
+  def change
+    add_column :users, :admin, :boolean, default: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20191113080850) do
+ActiveRecord::Schema.define(version: 20191115085103) do
  create_table "users", force: :cascade do |t|
    t.string "name"
@@ -19,6 +19,7 @@ ActiveRecord::Schema.define(version: 20191113080850) do
    t.datetime "updated_at", null: false
    t.string "password_digest"
    t.string "remember_digest"
+    t.boolean "admin"
    t.index ["email"], name: "index_users_on_email", unique: true
  end

--- a/db/seeds.rb
+++ b/db/seeds.rb
-User.create!(name:  "Example User",
+User.create!(name: "Example User",email: "example@railstutorial.org",password:"foobar",password_confirmation: "foobar",admin: true)
-  email: "example@railstutorial.org",
-  password:"foobar",
-  password_confirmation: "foobar")
 99.times do |n|
 name  = Faker::Name.name
 email = "example-#{n+1}@railstutorial.org"
 password = "password"
-User.create!(name:  name,email: email,password:password,password_confirmation: password)
+User.create!(name: name,email: email,password:password,password_confirmation: password)
 end
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@@ -29,4 +29,17 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
    assert flash.empty?
    assert_redirected_to root_url
  end
+  test "should redirect update when not logged in" do
+    patch user_path(@user), params: { user: { name: @user.name,email: @user.email } }
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
+  test "should not allow the admin attribute to be edited via the web" do
+    log_in_as(@other_user)
+    assert_not @other_user.admin?
+    patch user_path(@other_user), params: {user:{ password: @other_user.password,password_confirmation: @other_user.password, admin: true } }
+    assert_not @other_user.reload.admin?
+  end
 end