Finish user edit, update, index, and destroy actions

app/controllers/users_controller.rb

 class UsersController < ApplicationController
-  before_action :logged_in_user, only: [:index, :edit, :update]
+  before_action :logged_in_user, only: [:index, :edit, :update,:destroy]
   before_action :correct_user, only: [:edit, :update]
+  before_action :admin_user, only: :destroy
   def index
     @users = User.paginate(page: params[:page])
   end
@@ -38,8 +39,18 @@ class UsersController < ApplicationController
     end
   end
 
+  def destroy
+    User.find(params[:id]).destroy
+    flash[:success] = "User deleted"
+    redirect_to users_url
+  end
+
   private 
 
+  def admin_user
+    redirect_to(root_url) unless current_user.admin?
+  end
+  
   def user_params
     params.require(:user).permit(:name, :email, :password,  :password_confirmation)
   end

app/views/users/_user.html.erb

+<li>
+  <%= gravatar_for user, size: 50 %>
+  <%= link_to user.name, user %>
+  <% if current_user.admin? && !current_user?(user) %>
+    | <%= link_to "delete", user, method: :delete,data: {confirm: "You sure?" } %>
+  <% end %>
+</li>
\ No newline at end of file

app/views/users/index.html.erb

-<% provide(:title, "All users") %>
+<% provide(:title, 'All users') %>
 <h1>All users</h1>
 
 <%= will_paginate %>
 <ul class="users">
   <% @users.each do |user| %>
-    <li>
-      <%= gravatar_for user, size: 50 %>
-      <%= link_to user.name, user %>
-    </li>
+    <%= render @users %>
   <% end %>
 </ul>
-<% will_paginate %>
\ No newline at end of file
+<%= will_paginate %>
\ No newline at end of file

db/migrate/20191115085103_add_admin_to_users.rb

+class AddAdminToUsers < ActiveRecord::Migration[5.1]
+  def change
+    add_column :users, :admin, :boolean, default: false
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20191113080850) do
+ActiveRecord::Schema.define(version: 20191115085103) do
 
   create_table "users", force: :cascade do |t|
     t.string "name"
@@ -19,6 +19,7 @@ ActiveRecord::Schema.define(version: 20191113080850) do
     t.datetime "updated_at", null: false
     t.string "password_digest"
     t.string "remember_digest"
+    t.boolean "admin"
     t.index ["email"], name: "index_users_on_email", unique: true
   end
 

db/seeds.rb

-User.create!(name:  "Example User",
-  email: "example@railstutorial.org",
-  password:"foobar",
-  password_confirmation: "foobar")
-
+User.create!(name: "Example User",email: "example@railstutorial.org",password:"foobar",password_confirmation: "foobar",admin: true)
 99.times do |n|
 name  = Faker::Name.name
 email = "example-#{n+1}@railstutorial.org"
 password = "password"
-User.create!(name:  name,email: email,password:password,password_confirmation: password)
+User.create!(name: name,email: email,password:password,password_confirmation: password)
 end

test/controllers/users_controller_test.rb

@@ -29,4 +29,17 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     assert flash.empty?
     assert_redirected_to root_url
   end
+
+  test "should redirect update when not logged in" do
+    patch user_path(@user), params: { user: { name: @user.name,email: @user.email } }
+    assert_not flash.empty?
+    assert_redirected_to login_url
+  end
+
+  test "should not allow the admin attribute to be edited via the web" do
+    log_in_as(@other_user)
+    assert_not @other_user.admin?
+    patch user_path(@other_user), params: {user:{ password: @other_user.password,password_confirmation: @other_user.password, admin: true } }
+    assert_not @other_user.reload.admin?
+  end
 end