From 9dadc61cae2c4c01a97880e89ca86a0e760fc8d1 Mon Sep 17 00:00:00 2001 From: hukl Date: Wed, 7 Oct 2009 21:03:28 +0200 Subject: implemented complete restful user management interface including functional tests. this enables basic user operation. note that only admins are allowed to create, edit, destroy other users --- app/controllers/users_controller.rb | 30 ++++++++++++++++++++++++++++- app/helpers/users_helper.rb | 7 +++++++ app/models/user.rb | 2 +- app/views/users/_admin_user_item.html.erb | 12 ++++++++++++ app/views/users/_user_item.html.erb | 4 ++++ app/views/users/create.html.erb | 2 -- app/views/users/destroy.html.erb | 2 -- app/views/users/edit.html.erb | 32 +++++++++++++++++++++++++++++-- app/views/users/index.html.erb | 15 ++++++++------- app/views/users/new.html.erb | 32 +++++++++++++++++++++++++++++-- app/views/users/show.html.erb | 22 +++++++++++++++++++-- app/views/users/update.html.erb | 2 -- 12 files changed, 141 insertions(+), 21 deletions(-) create mode 100644 app/views/users/_admin_user_item.html.erb create mode 100644 app/views/users/_user_item.html.erb delete mode 100644 app/views/users/create.html.erb delete mode 100644 app/views/users/destroy.html.erb delete mode 100644 app/views/users/update.html.erb (limited to 'app') diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 19f6b2d..b15f83b 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -3,29 +3,57 @@ class UsersController < ApplicationController # Private before_filter :login_required + before_filter :verify_admin_status, :except => [:index, :show] layout 'admin' def index - @users = User.all + @users = User.all(:order => "login ASC") end def new + @user = User.new( params[:user] ) end def create + @user = User.new params[:user] + + if @user.save + redirect_to user_path(@user) + else + render :new + end end def edit + @user = User.find(params[:id]) end def update + @user = User.find(params[:id]) + + if @user.update_attributes(params[:user]) + redirect_to user_path(@user) + else + render :edit + end end def show + @user = User.find(params[:id]) end def destroy + user = User.find(params[:id]) + user.destroy if user + redirect_to users_path end + private + def verify_admin_status + unless current_user.admin + flash[:notice] = "Sorry, you need to be an admin for this action" + redirect_to users_path + end + end end diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb index 2310a24..ff03138 100644 --- a/app/helpers/users_helper.rb +++ b/app/helpers/users_helper.rb @@ -1,2 +1,9 @@ module UsersHelper + def user_list_by_admin_status + if current_user && current_user.admin + render :partial => 'admin_user_item', :collection => @users + else + render :partial => 'user_item', :collection => @users + end + end end diff --git a/app/models/user.rb b/app/models/user.rb index 26ebf45..035a145 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -21,7 +21,7 @@ class User < ActiveRecord::Base validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message - attr_accessible :login, :email, :password, :password_confirmation + attr_accessible :login, :email, :password, :password_confirmation, :admin # Authenticates a user by their login name and unencrypted password. Returns the user or nil. def self.authenticate(login, password) diff --git a/app/views/users/_admin_user_item.html.erb b/app/views/users/_admin_user_item.html.erb new file mode 100644 index 0000000..d882dc4 --- /dev/null +++ b/app/views/users/_admin_user_item.html.erb @@ -0,0 +1,12 @@ + + <%= admin_user_item.login %> + + <%= link_to "Show", user_path(admin_user_item) %> + <%= link_to( + "Destroy", + user_path(admin_user_item), + :method => "delete", + :confirm => "Are you sure to delete user: #{admin_user_item.login}?" + ) %> + + \ No newline at end of file diff --git a/app/views/users/_user_item.html.erb b/app/views/users/_user_item.html.erb new file mode 100644 index 0000000..c3389ba --- /dev/null +++ b/app/views/users/_user_item.html.erb @@ -0,0 +1,4 @@ + + <%= user_item.login %> + + \ No newline at end of file diff --git a/app/views/users/create.html.erb b/app/views/users/create.html.erb deleted file mode 100644 index 48ea02e..0000000 --- a/app/views/users/create.html.erb +++ /dev/null @@ -1,2 +0,0 @@ -

Users#create

-

Find me in app/views/users/create.html.erb

diff --git a/app/views/users/destroy.html.erb b/app/views/users/destroy.html.erb deleted file mode 100644 index de4bd26..0000000 --- a/app/views/users/destroy.html.erb +++ /dev/null @@ -1,2 +0,0 @@ -

Users#destroy

-

Find me in app/views/users/destroy.html.erb

diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index 1881fbd..5b73242 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -1,2 +1,30 @@ -

Users#edit

-

Find me in app/views/users/edit.html.erb

+

Edit existing user

+ +<% form_for @user do |f| %> + + + + + + + + + + + + + + + + + + + + + + + + + +
Login<%= f.text_field :login %>
E-Mail<%= f.text_field :email %>
Password<%= f.text_field :password %>
Confirm<%= f.text_field :password_confirmation %>
Admin?<%= f.check_box :admin %>
<%= f.submit "Create" %>
+<% end %> \ No newline at end of file diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb index f0b5b28..8526d84 100644 --- a/app/views/users/index.html.erb +++ b/app/views/users/index.html.erb @@ -1,12 +1,13 @@

Users

- +
- <% @users.each do |user| %> - - - - <% end %> -
login
<%= user.login %>
\ No newline at end of file + <%= user_list_by_admin_status %> + + + +<% content_for :subnavigation do %> + <%= link_to "create", new_user_path %> +<% end %> \ No newline at end of file diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index c21a1ad..0629641 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb @@ -1,2 +1,30 @@ -

Users#new

-

Find me in app/views/users/new.html.erb

+

Create new user

+ +<% form_for @user do |f| %> + + + + + + + + + + + + + + + + + + + + + + + + + +
Login<%= f.text_field :login %>
E-Mail<%= f.text_field :email %>
Password<%= f.text_field :password %>
Confirm<%= f.text_field :password_confirmation %>
Admin?<%= f.check_box :admin %>
<%= f.submit "Create" %>
+<% end %> \ No newline at end of file diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index e5fa3ad..3055d24 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -1,2 +1,20 @@ -

Users#show

-

Find me in app/views/users/show.html.erb

+

User: <%= @user.login %>

+ + + + + + + + + + + + + + +
Login<%= @user.login %>
E-Mail<%= @user.email %>
Admin?<%= @user.admin ? "yes" : "no" %>
+ +<% content_for :subnavigation do %> + <%= link_to 'Edit', edit_user_path(@user) %> +<% end %> diff --git a/app/views/users/update.html.erb b/app/views/users/update.html.erb deleted file mode 100644 index cabbde1..0000000 --- a/app/views/users/update.html.erb +++ /dev/null @@ -1,2 +0,0 @@ -

Users#update

-

Find me in app/views/users/update.html.erb

-- cgit v1.3