diff --git a/Gemfile b/Gemfile index ae1bc05..5642d98 100644 --- a/Gemfile +++ b/Gemfile @@ -3,14 +3,12 @@ source 'http://rubygems.org' gem 'rails', '3.0.9' gem 'sqlite3', '1.3.3' gem 'gravatar_image_tag', '1.0.0.pre2' - -group :development do - gem 'rspec-rails', '2.6.1' -end +gem 'will_paginate', '3.0.pre2' group :development do gem 'rspec-rails', '2.6.1' gem 'annotate', '2.4.0' + gem 'faker', '0.3.1' end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index a339742..f545d2b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -38,6 +38,7 @@ GEM factory_girl_rails (1.0) factory_girl (~> 1.3) rails (>= 3.0.0.beta4) + faker (0.3.1) gravatar_image_tag (1.0.0.pre2) i18n (0.5.0) mail (2.2.19) @@ -93,6 +94,7 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) + will_paginate (3.0.pre2) PLATFORMS ruby @@ -100,9 +102,11 @@ PLATFORMS DEPENDENCIES annotate (= 2.4.0) factory_girl_rails (= 1.0) + faker (= 0.3.1) gravatar_image_tag (= 1.0.0.pre2) rails (= 3.0.9) rspec-rails (= 2.6.1) spork (= 0.9.0.rc8) sqlite3 (= 1.3.3) webrat (= 0.7.1) + will_paginate (= 3.0.pre2) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 58a0ecb..339cbcf 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,7 +12,7 @@ def create render 'new' else sign_in user - redirect_to user + redirect_back_or user end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 9ca1870..afae8f2 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,4 +1,8 @@ class UsersController < ApplicationController + before_filter :authenticate, :only => [:index, :edit, :update] + before_filter :correct_user, :only => [:edit, :update] + before_filter :admin_user, :only => :destroy + def new @user = User.new @title = "Sign up" @@ -19,4 +23,42 @@ def create render 'new' end end + + def edit + @title = "Edit user" + end + + def update + if @user.update_attributes(params[:user]) + flash[:success] = "Profile updated." + redirect_to @user + else + @title = "Edit user" + render 'edit' + end + end + + def index + @title = "All users" + @users = User.paginate(:page => params[:page]) + end + + def destroy + User.find(params[:id]).destroy + flash[:success] = "User destroyed." + redirect_to users_path + end + + private + + def authenticate + deny_access unless signed_in? + end + def correct_user + @user = User.find(params[:id]) + redirect_to(root_path) unless current_user?(@user) + end + def admin_user + redirect_to(root_path) unless current_user.admin? + end end diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb index 1c11511..b4c963e 100644 --- a/app/helpers/sessions_helper.rb +++ b/app/helpers/sessions_helper.rb @@ -1,6 +1,6 @@ module SessionsHelper def sign_in(user) - cookies.permanent.signed[remember_token] = [user.id, user.salt] + cookies.permanent.signed[:remember_token] = [user.id, user.salt] self.current_user = user end @@ -21,6 +21,20 @@ def sign_out self.current_user = nil end + def current_user?(user) + user == current_user + end + + def deny_access + store_location + redirect_to signin_path, :notice => "Please sign in to access this page." + end + + def redirect_back_or(default) + redirect_to(session[:return_to] || default) + clear_return_to + end + private def user_from_remember_token User.authenticate_with_salt(*remember_token) @@ -29,4 +43,12 @@ def user_from_remember_token def remember_token cookies.signed[:remember_token] || [nil, nil] end + + def store_location + session[:return_to] = request.fullpath + end + + def clear_return_to + session[:return_to] = nil + end end diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb index e2b51b1..f7348e1 100644 --- a/app/views/layouts/_header.html.erb +++ b/app/views/layouts/_header.html.erb @@ -5,6 +5,8 @@
  • <%= link_to "Home", root_path %>
    • <% if signed_in? %>
  • <%= link_to "Profile", current_user %>
    • +
  • <%= link_to "Settings", edit_user_path(current_user) %>
    • +
  • <%= link_to "Users", users_path %>
    • <% end %>
  • <%= link_to "Help", help_path %>
    • <% if signed_in? %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 763c1c7..c0238e6 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -4,6 +4,7 @@ <%= title %> <%= csrf_meta_tag %> <%= render 'layouts/stylesheets' %> + <%= javascript_include_tag :defaults %>
    diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb index 3ed8943..f125a90 100644 --- a/app/views/sessions/new.html.erb +++ b/app/views/sessions/new.html.erb @@ -12,6 +12,6 @@
    <%= f.submit "Sign in" %>
    - <% end %> +<% end %>

    New user? <%= link_to "Sign up now!", signup_path %>

    diff --git a/app/views/shared/_error_messages.html.erb b/app/views/shared/_error_messages.html.erb index 5e49540..16eebe5 100644 --- a/app/views/shared/_error_messages.html.erb +++ b/app/views/shared/_error_messages.html.erb @@ -1,7 +1,8 @@ <% if @user.errors.any? %>

    <%= pluralize(@user.errors.count, "error") %> - prohibited this user from being saved:

    + prohibited this <%= object.class.to_s.underscore.humanize.downcase %> + from being saved:

    There were problems with the following fields: