Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

added deny methods when unlogged users try to edit data

  • Loading branch information...
commit 132a7faa13edd7dae759433649d3ab0d560b54f6 1 parent 66d3723
@strix3000 strix3000 authored
View
6 app/controllers/application_controller.rb
@@ -1,3 +1,9 @@
class ApplicationController < ActionController::Base
protect_from_forgery
+ before_filter :require_login
+
+ def not_authenticated
+ redirect_to root_path, :alert => "Please login first."
+ end
+
end
View
9 app/controllers/application_controller.rb~
@@ -0,0 +1,9 @@
+class ApplicationController < ActionController::Base
+ protect_from_forgery
+ before_filter :require_login
+
+ def not_authenticated
+ redirect_to root_path, :alert => "Please login first."
+ end
+
+end
View
1  app/controllers/user_sessions_controller.rb
@@ -1,4 +1,5 @@
class UserSessionsController < ApplicationController
+ skip_before_filter :require_login, :except => [:destroy]
def new
@user = User.new
end
View
6 app/controllers/user_sessions_controller.rb~
@@ -1,8 +1,9 @@
class UserSessionsController < ApplicationController
+ skip_before_filter :require_login, :except => [:destroy]
def new
@user = User.new
end
-
+
def create
respond_to do |format|
if @user = login(params[:username],params[:password])
@@ -14,10 +15,9 @@ class UserSessionsController < ApplicationController
end
end
end
-
+
def destroy
logout
redirect_to(:users, :notice => 'Logged out!')
end
end
-end
View
5 app/controllers/users_controller.rb
@@ -1,6 +1,9 @@
class UsersController < ApplicationController
# GET /users
# GET /users.json
+
+ skip_before_filter :require_login, :only => [:index, :new, :create]
+
def index
@users = User.all
@@ -44,7 +47,7 @@ def create
respond_to do |format|
if @user.save
- format.html { redirect_to @user, notice: 'User was successfully created.' }
+ format.html { redirect_to(:users, :notice => 'User was successfully created.') }
format.json { render json: @user, status: :created, location: @user }
else
format.html { render action: "new" }
View
86 app/controllers/users_controller.rb~
@@ -0,0 +1,86 @@
+class UsersController < ApplicationController
+ # GET /users
+ # GET /users.json
+
+ skip_before_filter :require_login, :only => [:index, :new, :create]
+
+ def index
+ @users = User.all
+
+ respond_to do |format|
+ format.html # index.html.erb
+ format.json { render json: @users }
+ end
+ end
+
+ # GET /users/1
+ # GET /users/1.json
+ def show
+ @user = User.find(params[:id])
+
+ respond_to do |format|
+ format.html # show.html.erb
+ format.json { render json: @user }
+ end
+ end
+
+ # GET /users/new
+ # GET /users/new.json
+ def new
+ @user = User.new
+
+ respond_to do |format|
+ format.html # new.html.erb
+ format.json { render json: @user }
+ end
+ end
+
+ # GET /users/1/edit
+ def edit
+ @user = User.find(params[:id])
+ end
+
+ # POST /users
+ # POST /users.json
+ def create
+ @user = User.new(params[:user])
+
+ respond_to do |format|
+ if @user.save
+ format.html { redirect_to(:users, :notice => 'User was successfully created.') }
+ format.json { render json: @user, status: :created, location: @user }
+ else
+ format.html { render action: "new" }
+ format.json { render json: @user.errors, status: :unprocessable_entity }
+ end
+ end
+ end
+
+ # PUT /users/1
+ # PUT /users/1.json
+ def update
+ @user = User.find(params[:id])
+
+ respond_to do |format|
+ if @user.update_attributes(params[:user])
+ format.html { redirect_to @user, notice: 'User was successfully updated.' }
+ format.json { head :ok }
+ else
+ format.html { render action: "edit" }
+ format.json { render json: @user.errors, status: :unprocessable_entity }
+ end
+ end
+ end
+
+ # DELETE /users/1
+ # DELETE /users/1.json
+ def destroy
+ @user = User.find(params[:id])
+ @user.destroy
+
+ respond_to do |format|
+ format.html { redirect_to users_url }
+ format.json { head :ok }
+ end
+ end
+end
View
4 app/views/layouts/application.html.erb
@@ -7,7 +7,7 @@
<%= csrf_meta_tags %>
</head>
<body>
-
+
<div id="nav">
<% if current_user %>
<%= link_to "Edit Profile", edit_user_path(current_user.id) %>
@@ -22,6 +22,6 @@
<p id="alert"><%= alert %></p>
</div>
<%= yield %>
-
+
</body>
</html>
View
13 app/views/user_sessions/_form.html.erb~
@@ -0,0 +1,13 @@
+<%= form_tag user_sessions_path, :method => :post do %>
+ <div class="field">
+ <%= label_tag :username %><br />
+ <%= text_field_tag :username %>
+ </div>
+ <div class="field">
+ <%= label_tag :password %><br />
+ <%= password_field_tag :password %>
+ </div>
+ <div class="actions">
+ <%= submit_tag "Login" %>
+ </div>
+<% end %>
View
2  app/views/user_sessions/create.html.erb~
@@ -0,0 +1,2 @@
+<h1>UserSessions#create</h1>
+<p>Find me in app/views/user_sessions/create.html.erb</p>
View
2  app/views/user_sessions/destroy.html.erb~
@@ -0,0 +1,2 @@
+<h1>UserSessions#destroy</h1>
+<p>Find me in app/views/user_sessions/destroy.html.erb</p>
View
7 app/views/user_sessions/new.html.erb~
@@ -1,2 +1,5 @@
-<h1>UserSessions#new</h1>
-<p>Find me in app/views/user_sessions/new.html.erb</p>
+<h1>Login</h1>
+
+<%= render 'form' %>
+
+<%= link_to 'Back', user_sessions_path %>
View
11 app/views/users/show.html.erb~
@@ -10,16 +10,5 @@
<%= @user.email %>
</p>
-<p>
- <b>Crypted password:</b>
- <%= @user.crypted_password %>
-</p>
-
-<p>
- <b>Salt:</b>
- <%= @user.salt %>
-</p>
-
-
<%= link_to 'Edit', edit_user_path(@user) %> |
<%= link_to 'Back', users_path %>
Please sign in to comment.
Something went wrong with that request. Please try again.