user blocking

2021-03-21 23:43:09 +01:00 · 2021-03-21 23:43:09 +01:00 · 2804c55fd9
commit 2804c55fd9
parent ccb6e23960
9 changed files with 44 additions and 11 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -4,9 +4,19 @@ class SessionsController < ApplicationController

  def create
    @user = User.find_by(email: params[:email])
-    if @user && @user.authenticate(params[:password])
-      session[:user_id] = @user.id
+    unless @user
+      redirect_to '/welcome', notice: 'Wrong email address'
+      return
    end
+    unless @user.authenticate(params[:password])
+      redirect_to '/welcome', notice: 'Wrong password'
+      return
+    end
+    if @user.blocked?
+      redirect_to '/welcome', notice: 'You are blocked, please contact support'
+      return
+    end
+    session[:user_id] = @user.id
    redirect_to '/welcome'
  end

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,5 +1,5 @@
 class UsersController < ApplicationController
-  before_action :ensure_admin, only: [:destroy]
+  before_action :ensure_admin, only: [:destroy, :block]

  def index
    @users = User.all
@ -56,4 +56,9 @@ class UsersController < ApplicationController
    User.destroy(params[:id])
    redirect_to '/users'
  end
+
+  def block
+    User.find(params[:id]).update(status: :blocked)
+    redirect_to '/users'
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -2,9 +2,11 @@ class User < ApplicationRecord
  has_secure_password
  has_secure_password :recovery_password, validations: false
  enum role: [:customer, :admin], _default: :customer
+  enum status: [:ready, :blocked], _default: :ready

  validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
  validates :role, presence: true
+  validates :status, presence: true
  validates :password, {
    presence: true,
    length: { minimum: 8 },
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@ -4,12 +4,18 @@
      <div class='col s3'>
        <%= user.email %>
      </div>
-      <div class='col s3'>
+      <div class='col s2'>
        <%= user.role %>
      </div>
-      <div class='col s3'>
+      <div class='col s2'>
+        <%= user.status %>
+      </div>
+      <div class='col s2'>
        <%= link_to 'Delete', user, method: :delete, class: "btn" %>
      </div>
+      <div class='col s2'>
+        <%= link_to 'Block', "/user/#{user.id}/block", method: :post, class: "btn" %>
+      </div>
    </div>
  <% end %>
 </div>