user handling - started

Signed-off-by: zeljko <zeljko@zwr.fi>

app/controllers/application_controller.rb

@@ -2,4 +2,12 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+
+  def error_404
+    raise ActionController::RoutingError.new('Not Found')
+  end
+
+  def check_admin
+    error_404 unless current_user.admin?
+  end
 end

app/controllers/home_controller.rb

@@ -7,6 +7,7 @@ def index
   def apply
     a = params["home"]
     a["appnum"] = User.max(:appnum).to_i + 1
+    a["admin"] = false
     puts  JSON.pretty_generate a
     data = params["receipt"]# code like this  data:image/png;base64,iVBORw0KGgoA...
     if params["receipt"].nil?

app/controllers/users_controller.rb

@@ -2,30 +2,40 @@ class UsersController < ApplicationController
   before_action :set_user, only: [:show, :edit, :update, :destroy]
   before_action :authenticate_user!
 
+  def check_admin_or_me
+    unless @user and current_user == @user
+      check_admin
+    end
+  end
 
   # GET /users
   # GET /users.json
   def index
+    check_admin
     @users = User.all
   end
 
   # GET /users/1
   # GET /users/1.json
   def show
+    check_admin_or_me
   end
 
   # GET /users/new
   def new
+    check_admin
     @user = User.new
   end
 
   # GET /users/1/edit
   def edit
+    check_admin_or_me
   end
 
   # POST /users
   # POST /users.json
   def create
+    check_admin
     @user = User.new(user_params)
 
     respond_to do |format|
@@ -42,6 +52,7 @@ def create
   # PATCH/PUT /users/1
   # PATCH/PUT /users/1.json
   def update
+    check_admin
     respond_to do |format|
       if @user.update(user_params)
         format.html { redirect_to @user, notice: 'User was successfully updated.' }
@@ -56,6 +67,7 @@ def update
   # DELETE /users/1
   # DELETE /users/1.json
   def destroy
+    check_admin
     @user.destroy
     respond_to do |format|
       format.html { redirect_to users_url, notice: 'User was successfully destroyed.' }

app/models/user.rb

@@ -43,6 +43,8 @@ class User
   #has_mongoid_attached_file :receipt
   #do_not_validate_attachment_file_type :receipt
 
+  field :admin,      type: Boolean, default: false
+
 
 
 

app/views/users/index.html.haml

@@ -5,8 +5,6 @@
     %tr
       %th Name
       %th Email
-      %th Password
-      %th Password confirmation
       %th Admin
       %th
       %th
@@ -17,9 +15,8 @@
       %tr
         %td= user.name
         %td= user.email
-        %td= user.password
-        %td= user.password_confirmation
         %td= user.admin
+      -#
         %td= link_to 'Show', user
         %td= link_to 'Edit', edit_user_path(user)
         %td= link_to 'Destroy', user, :method => :delete, :data => { :confirm => 'Are you sure?' }

config/routes.rb

@@ -6,5 +6,10 @@
 
   post '/apply', to: 'home#apply'
 
+  devise_scope :user do 
+    get '/login', to: 'devise/sessions#new'
+    get '/logout', to: 'devise/sessions#destroy'
+  end
+
   root to: 'home#index'
 end

db/seeds/users.rb

@@ -0,0 +1,11 @@
+puts "Creating two users and deleteting rest"
+User.delete_all
+User.create!  email: "katariina@z-ware.fi",
+    password: "nellabella!",
+    password_confirmation: "nellabella!",
+    admin: true
+User.create!  email: "zeljko@zwr.fi",
+    password: "nellabella!",
+    password_confirmation: "nellabella!",
+    admin: false
+