Done with user edit/update, index, and destroy actions.

Gemfile

@@ -3,14 +3,12 @@ source 'http://rubygems.org'
 gem 'rails', '3.0.9'
 gem 'sqlite3', '1.3.3'
 gem 'gravatar_image_tag', '1.0.0.pre2'
-
-group :development do
-  gem 'rspec-rails', '2.6.1'
-end
+gem 'will_paginate', '3.0.pre2'
 
 group :development do
   gem 'rspec-rails', '2.6.1'
   gem 'annotate', '2.4.0'
+  gem 'faker', '0.3.1'
 end
 
 group :test do

Gemfile.lock

@@ -38,6 +38,7 @@ GEM
     factory_girl_rails (1.0)
       factory_girl (~> 1.3)
       rails (>= 3.0.0.beta4)
+    faker (0.3.1)
     gravatar_image_tag (1.0.0.pre2)
     i18n (0.5.0)
     mail (2.2.19)
@@ -93,16 +94,19 @@ GEM
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
+    will_paginate (3.0.pre2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   annotate (= 2.4.0)
   factory_girl_rails (= 1.0)
+  faker (= 0.3.1)
   gravatar_image_tag (= 1.0.0.pre2)
   rails (= 3.0.9)
   rspec-rails (= 2.6.1)
   spork (= 0.9.0.rc8)
   sqlite3 (= 1.3.3)
   webrat (= 0.7.1)
+  will_paginate (= 3.0.pre2)

app/controllers/sessions_controller.rb

@@ -12,7 +12,7 @@ def create
       render 'new'
     else
       sign_in user
-      redirect_to user
+      redirect_back_or user
     end
   end
 

app/controllers/users_controller.rb

@@ -1,4 +1,8 @@
 class UsersController < ApplicationController
+  before_filter :authenticate, :only => [:index, :edit, :update]
+  before_filter :correct_user, :only => [:edit, :update]
+  before_filter :admin_user,   :only => :destroy
+
   def new
     @user = User.new
     @title = "Sign up"
@@ -19,4 +23,42 @@ def create
       render 'new'
     end
   end
+
+  def edit
+    @title = "Edit user"
+  end
+
+  def update
+    if @user.update_attributes(params[:user])
+      flash[:success] = "Profile updated."
+      redirect_to @user
+    else
+      @title = "Edit user"
+      render 'edit'
+    end
+  end
+
+  def index
+    @title = "All users"
+    @users = User.paginate(:page => params[:page])
+  end
+
+  def destroy
+    User.find(params[:id]).destroy
+    flash[:success] = "User destroyed."
+    redirect_to users_path
+  end
+
+  private
+
+    def authenticate
+      deny_access unless signed_in?
+    end
+    def correct_user
+      @user = User.find(params[:id])
+      redirect_to(root_path) unless current_user?(@user)
+    end
+    def admin_user
+      redirect_to(root_path) unless current_user.admin?
+    end
 end

app/helpers/sessions_helper.rb

@@ -1,6 +1,6 @@
 module SessionsHelper
   def sign_in(user)
-    cookies.permanent.signed[remember_token] = [user.id, user.salt]
+    cookies.permanent.signed[:remember_token] = [user.id, user.salt]
     self.current_user = user
   end
 
@@ -21,6 +21,20 @@ def sign_out
     self.current_user = nil
   end
 
+  def current_user?(user)
+    user == current_user
+  end
+
+  def deny_access
+    store_location
+    redirect_to signin_path, :notice => "Please sign in to access this page."
+  end
+
+  def redirect_back_or(default)
+    redirect_to(session[:return_to] || default)
+    clear_return_to
+  end
+
   private
     def user_from_remember_token
       User.authenticate_with_salt(*remember_token)
@@ -29,4 +43,12 @@ def user_from_remember_token
     def remember_token
       cookies.signed[:remember_token] || [nil, nil]
     end
+
+    def store_location
+      session[:return_to] = request.fullpath
+    end
+
+    def clear_return_to
+      session[:return_to] = nil
+    end
 end

app/views/layouts/_header.html.erb

@@ -5,6 +5,8 @@
       <li><%= link_to "Home", root_path %></li>
       <% if signed_in? %>
       <li><%= link_to "Profile", current_user %></li>
+      <li><%= link_to "Settings", edit_user_path(current_user) %></li>
+      <li><%= link_to "Users", users_path %></li>
       <% end %>
       <li><%= link_to "Help", help_path %></li>
       <% if signed_in? %>

app/views/layouts/application.html.erb

@@ -4,6 +4,7 @@
     <title><%= title %></title>
     <%= csrf_meta_tag %>
     <%= render 'layouts/stylesheets' %>
+    <%= javascript_include_tag :defaults %>
   </head>
   <body>
     <div class="container">

app/views/sessions/new.html.erb

@@ -12,6 +12,6 @@
   <div class="actions">
     <%= f.submit "Sign in" %>
   </div>
- <% end %>
+<% end %>
 
 <p>New user? <%= link_to "Sign up now!", signup_path %></p>

app/views/shared/_error_messages.html.erb

@@ -1,7 +1,8 @@
 <% if @user.errors.any? %>
   <div id="error_explanation">
     <h2><%= pluralize(@user.errors.count, "error") %> 
-        prohibited this user from being saved:</h2>
+        prohibited this <%= object.class.to_s.underscore.humanize.downcase %> 
+        from being saved:</h2>
     <p>There were problems with the following fields:</p>
     <ul>
     <% @user.errors.full_messages.each do |msg| %>

app/views/users/_user.html.erb

@@ -0,0 +1,8 @@
+<li>
+  <%= gravatar_for user, :size => 30 %>
+  <%= link_to user.name, user %>
+  <% if current_user.admin? %>
+  | <%= link_to "delete", user, :method => :delete, :confirm => "You sure?",
+                                :title => "Delete #{user.name}" %>
+  <% end %>
+</li>

app/views/users/edit.html.erb

@@ -0,0 +1,29 @@
+<h1>Edit user</h1>
+
+<%= form_for(@user) do |f| %>
+  <%= render 'shared/error_messages', :object => f.object %>
+  <div class="field">
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.text_field :email %>
+  </div>
+  <div class="field">
+    <%= f.label :password %><br />
+    <%= f.password_field :password %>
+  </div>
+  <div class="field">
+    <%= f.label :password_confirmation, "Confirmation" %><br />
+    <%= f.password_field :password_confirmation %>
+  </div>
+  <div class="actions">
+    <%= f.submit "Update" %>
+  </div>
+<% end %>
+
+<div>
+  <%= gravatar_for @user %>
+  <a href="http://gravatar.com/emails">change</a>
+</div>

app/views/users/index.html.erb

@@ -0,0 +1,10 @@
+<h1>All users</h1>
+
+<%= will_paginate %>
+
+<ul class="users">
+  <%= render @users %>
+</ul>
+
+<%= will_paginate %>
+

app/views/users/new.html.erb

@@ -1,7 +1,7 @@
 <h1>Sign up</h1>
 
 <%= form_for(@user) do |f| %>
-  <%= render 'shared/error_messages' %>
+  <%= render 'shared/error_messages', :object => f.object %>
   <div class="field">
     <%= f.label :name %><br />
     <%= f.text_field :name %>

db/migrate/20111011160313_add_admin_to_users.rb

@@ -0,0 +1,9 @@
+class AddAdminToUsers < ActiveRecord::Migration
+  def self.up
+    add_column :users, :admin, :boolean, :default => false
+  end
+
+  def self.down
+    remove_column :users, :admin
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20111005205657) do
+ActiveRecord::Schema.define(:version => 20111011160313) do
 
   create_table "users", :force => true do |t|
     t.string   "name"
@@ -19,6 +19,7 @@
     t.datetime "updated_at"
     t.string   "encrypted_password"
     t.string   "salt"
+    t.boolean  "admin",              :default => false
   end
 
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true

lib/tasks/sample_data.rake

@@ -0,0 +1,21 @@
+namespace :db do
+  desc "Fill database with sample data"
+  task :populate => :environment do
+    Rake::Task['db:reset'].invoke
+    admin = User.create!(:name => "pankonjab",
+                         :email => "pankonjab@example.com",
+                         :password => "kljuse",
+                         :password_confirmation => "kljuse")
+    admin.toggle!(:admin)
+    99.times do |n|
+      name  = Faker::Name.name
+      email = "example-#{n+1}@railstutorial.org"
+      password  = "password"
+      User.create!(:name => name,
+                   :email => email,
+                   :password => password,
+                   :password_confirmation => password)
+    end
+  end
+end
+

public/stylesheets/custom.css

@@ -179,3 +179,11 @@ div.field, div.actions {
   list-style: square;
 }
 
+ul.users {
+  margin-top: lem
+}
+
+.users li {
+  list-style: none;
+}
+