Fix merge request #2

app/controllers/application_controller.rb

 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
+  # rescue_from ActiveRecord::RecordNotFound, :with => :render_404
 
   def authenticate_active_admin_user!
     authenticate_user!
@@ -8,4 +9,12 @@ class ApplicationController < ActionController::Base
       redirect_to root_path
     end
   end
+
+  def render_404
+    respond_to do |format|
+      format.html { render file: "#{Rails.root}/public/404", layout: false, status: :not_found }
+      format.xml  { head :not_found }
+      format.any  { head :not_found }
+    end
+  end
 end

app/controllers/products_controller.rb

 class ProductsController < ApplicationController
   before_action :authenticate_user!, only: [:new, :edit, :create, :update, :destroy]
-  before_action :correct_user, only: [:edit, :destroy]
+  before_action :set_product, only: [:show]
+  before_action :user_can_edit_product, only: [:edit, :update, :destroy]
 
+  # GET /products/new
   def new
-    @product = current_user.products.build
+    @product = Product.new
   end
 
+  # POST /products
   def create
-    @product = current_user.products.build(product_params)
+    @product = Product.new(product_params.merge(user_id: current_user.id))
     if @product.save
-      redirect_to root_url
+      redirect_to root_url, flash: { success: "Product #{@product.title} is sucessfully created" }
     else
       render 'new'
     end
   end
 
-  def edit
-    @product = Product.find(params[:id])
-  end
-
-  def show
-    @product = Product.find(params[:id])
-  end
-
+  # PATCH/PUT /products/1
   def update
-    @product = Product.find(params[:id])
     if @product.update(product_params)
-      redirect_to root_url
+      redirect_to root_url, flash: { success: "Product #{@product.title} is sucessfully updated" }
     else
       render 'edit'
     end
   end
 
+  # DELETE /products/1
+  def destroy
+    if @product.destroy
+      flash[:success] = "Product #{@product.title} deleted"
+    else
+      flash[:danger] = "Product #{@product.title} can't be deleted"
+    end
+
+    redirect_to root_url
+  end
+
   private
 
+  # Use callbacks to share common setup or constraints between actions.
+  def set_product
+    @product = Product.find(params[:id])
+  end
+
+  # Never trust parameters from the scary internet, only allow the white list through.
   def product_params
     params.require(:product).permit(:title, :sku, :price, :description,
                                     :category_id, :image_url)
   end
 
-  def correct_user
-    product = current_user.products.find_by(id: params[:id])
-    redirect_to root_url if product.nil?
+  # Is current user own current editing product?
+  def user_can_edit_product
+    @product = current_user.products.find_by(id: params[:id])
+    redirect_to root_url, flash: { danger: 'You do not have permission to edit this product' } if @product.blank?
   end
 end
\ No newline at end of file

app/helpers/products_helper.rb

 module ProductsHelper
   def get_product_thumbnail(product, thumbnail_width, thumbnail_height)
-    # product.image_url always returns PictureUploader object
     default_img_path = "product/placeholder_#{thumbnail_width}x#{thumbnail_height}"
-    product.image_url.present? ? product.image_url : default_img_path
+    # product.image_url always returns PictureUploader object
+    product.image_url? ? product.image_url : default_img_path
   end
 end
\ No newline at end of file

app/views/products/_product.html.erb

 <li class="product-<%= product.id %>">
   <div class="product product-list">
     <figure class="product-image-area">
-      <a href="<%= product_url(product) %>">
-        <%= image_tag(get_product_thumbnail(product, 170, 204)) %>
-      </a>
+      <%= link_to image_tag(get_product_thumbnail(product, 170, 204)), product_path(product) %>
     </figure>
     <div class="product-details-area">
       <h2 class="product-name">

app/views/products/_recommended.html.erb

-<div class="products-grid columns3">
 <% @recommended_products.each do |product| %>
       <li class="product-<%= product.id %>">
         <div class="product">
           <figure class="product-image-area">
-            <a href="<%= product_url(product) %>">
-              <%= image_tag(get_product_thumbnail(product, 170, 204)) %>
-            </a>
+            <%= link_to image_tag(get_product_thumbnail(product, 170, 204)), product_path(product) %>
           </figure>
           <div class="product-details-area">
             <h2 class="product-name">
@@ -17,5 +14,4 @@
           </div>
         </div>
       </li>
-<% end %>
-</div>
\ No newline at end of file
+<% end %>
\ No newline at end of file

app/views/products/edit.html.erb

@@ -3,6 +3,7 @@
     <div class="col-md-9 col-md-push-3 create-product form-section">
       <h1 class="h2 heading-primary font-weight-normal">
         Edit Product #<%= @product.id %>
+        (<%= link_to 'Delete', @product, method: :delete, data: { confirm: 'Are your sure?' } %>)
       </h1>
 
       <div class="featured-box featured-box-primary featured-box-flat featured-box-text-left mt-md">

app/views/shared/_flash_messages.html.erb

+<% flash.each do |message_type, message| %>
+    <div class="alert alert-<%= message_type %>">
+      <span><%= message %></span>
+    </div>
+<% end %>
\ No newline at end of file

app/views/static_pages/index.html.erb

 <div class="container">
   <div class="row">
     <div class="col-md-9 col-md-push-3">
+      <%= render 'shared/flash_messages' %>
       <h2 class="h2 heading-primary mt-lg clearfix">
         <span>Recommended Items</span>
       </h2>

db/migrate/20170608073720_add_user_ref_to_products.rb

 class AddUserRefToProducts < ActiveRecord::Migration[5.1]
   def change
-    add_reference :products, :user, foreign_key: true
+    add_reference :products, :user, index: true
   end
 end