diff --git a/Gemfile b/Gemfile index 3d49e52..2b78fd1 100644 --- a/Gemfile +++ b/Gemfile @@ -24,6 +24,8 @@ gem 'bcrypt', '~> 3.1.7' gem 'materialize-sass', '~> 1.0.0' +gem 'jquery-rails' + # Use Active Storage variant # gem 'image_processing', '~> 1.2' diff --git a/Gemfile.lock b/Gemfile.lock index 671f766..7c63543 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -91,6 +91,10 @@ GEM concurrent-ruby (~> 1.0) jbuilder (2.11.2) activesupport (>= 5.0.0) + jquery-rails (4.4.0) + rails-dom-testing (>= 1, < 3) + railties (>= 4.2.0) + thor (>= 0.14, < 2.0) listen (3.4.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) @@ -241,6 +245,7 @@ DEPENDENCIES byebug capybara (>= 3.26) jbuilder (~> 2.7) + jquery-rails listen (~> 3.3) materialize-sass (~> 1.0.0) puma (~> 5.0) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 90af2ed..4e12a38 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,10 +10,18 @@ class ApplicationController < ActionController::Base !current_user.nil? end + protected + def notices_from_errors(record) messages = record.errors.messages.map do |attribute, messages| messages.map { |message| "#{attribute} #{message}".capitalize } end messages.flatten end + + def ensure_admin + unless current_user&.admin? + redirect_to '/welcome', notice: 'You are not allowed to perform this action' + end + end end diff --git a/app/controllers/authors_controller.rb b/app/controllers/authors_controller.rb index f96718c..abd8ecb 100644 --- a/app/controllers/authors_controller.rb +++ b/app/controllers/authors_controller.rb @@ -1,5 +1,28 @@ class AuthorsController < ApplicationController + before_action :ensure_admin + before_action :set_author, only: [:edit, :update] + def index @authors = Author.all end + + def edit + @author = Author.find(params[:id]) + end + + def update + if @author.update(author_params) + redirect_to '/authors' + end + end + + private + + def set_author + @author = Author.find(params[:id]) + end + + def author_params + params.require(:author).permit(:first_name, :last_name) + end end diff --git a/app/controllers/books_controller.rb b/app/controllers/books_controller.rb index 3ef6625..499d455 100644 --- a/app/controllers/books_controller.rb +++ b/app/controllers/books_controller.rb @@ -25,12 +25,6 @@ class BooksController < ApplicationController private - def ensure_admin - unless current_user&.admin? - redirect_to '/welcome', notice: 'You are not allowed to perform this action' - end - end - def set_book @book = BooksPresenter.new(Book.find(params[:id])) end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index e25d5f1..ec02862 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,4 +1,10 @@ class UsersController < ApplicationController + before_action :ensure_admin, only: [:destroy] + + def index + @users = User.all + end + def new @user = User.new end @@ -45,4 +51,9 @@ class UsersController < ApplicationController redirect_to '/welcome', notice: 'Recovery link expired or invalid' end end + + def destroy + User.destroy(params[:id]) + redirect_to '/users' + end end diff --git a/app/javascript/packs/application.js b/app/javascript/packs/application.js index a5843e7..2d92af0 100644 --- a/app/javascript/packs/application.js +++ b/app/javascript/packs/application.js @@ -4,6 +4,8 @@ // that code so it'll be compiled. //= require materialize +//= require jquery +//= require jquery_ujs import Rails from "@rails/ujs" import Turbolinks from "turbolinks" diff --git a/app/views/authors/edit.html.erb b/app/views/authors/edit.html.erb new file mode 100644 index 0000000..57de572 --- /dev/null +++ b/app/views/authors/edit.html.erb @@ -0,0 +1,10 @@ +
+

Edit author

+ <%= form_for @author do |f|%> + <%= f.label :first_name %> + <%= f.text_field :first_name %> + <%= f.label :last_name %> + <%= f.text_field :last_name %> + <%= f.submit 'Save changes', class: 'btn' %> + <%end%> +
\ No newline at end of file diff --git a/app/views/authors/index.html.erb b/app/views/authors/index.html.erb new file mode 100644 index 0000000..f0509a1 --- /dev/null +++ b/app/views/authors/index.html.erb @@ -0,0 +1,13 @@ +
+ <% @authors.each do |author| %> +
+
+ <%= author.first_name %> <%= author.last_name %> +
+ +
+ <%= link_to 'Edit', edit_author_path(author), class: "btn" %> +
+
+ <% end %> +
diff --git a/app/views/books/edit.html.erb b/app/views/books/edit.html.erb index d45ee1c..78e654f 100644 --- a/app/views/books/edit.html.erb +++ b/app/views/books/edit.html.erb @@ -1,14 +1,16 @@ -

Edit book

-<%= form_for @book do |f|%> - <%= f.label :title %> - <%= f.text_field :title %> - <%= f.label :price %> - <%= f.number_field :price, step: 0.01 %> - - <%= f.submit 'Save changes', class: 'btn' %> -<%end%> \ No newline at end of file +
+

Edit book

+ <%= form_for @book do |f|%> + <%= f.label :title %> + <%= f.text_field :title %> + <%= f.label :price %> + <%= f.number_field :price, step: 0.01 %> + + <%= f.submit 'Save changes', class: 'btn' %> + <%end%> +
\ No newline at end of file diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 455b4e4..0bffcd9 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -8,22 +8,40 @@ <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %> <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %> + <%= javascript_include_tag 'rails-ujs' %> - <%= link_to 'Home', '/welcome', method: :get%> - <%= link_to 'Books', '/books', method: :get%> - <% flash.each do |type, notice| %> -
- <% if notice.is_a? String %> - <%= notice %> - <% else %> - <% notice.each do |msg| %> -
<%= msg %>
- <% end %> +
+
+
+ <%= link_to 'Home', '/welcome', method: :get%> +
+ +
+ <%= link_to 'Books', '/books', method: :get%> +
+ <% if current_user&.admin? %> +
+ <%= link_to 'Authors', '/authors', method: :get%> +
+
+ <%= link_to 'Users', '/users', method: :get%> +
<% end %>
- <% end %> + <% flash.each do |type, notice| %> +
+ <% if notice.is_a? String %> + <%= notice %> + <% else %> + <% notice.each do |msg| %> +
<%= msg %>
+ <% end %> + <% end %> +
+ <% end %> +
<%= yield %> diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb index 23315d8..9d3fca7 100644 --- a/app/views/sessions/new.html.erb +++ b/app/views/sessions/new.html.erb @@ -1,9 +1,11 @@ -

Login

- <%= form_tag '/login' do %> - <%= label_tag :email%> - <%= text_field_tag :email %> - <%= label_tag :password%> - <%= password_field_tag :password%> - <%= submit_tag "Login", class: 'btn' %> -<%end%> -<%= link_to "Password recovery", '/password_recovery_request', method: :get%> \ No newline at end of file +
+

Login

+ <%= form_tag '/login' do %> + <%= label_tag :email%> + <%= text_field_tag :email %> + <%= label_tag :password%> + <%= password_field_tag :password%> + <%= submit_tag "Login", class: 'btn' %> + <%end%> + <%= link_to "Password recovery", '/password_recovery_request', method: :get %> +
diff --git a/app/views/sessions/welcome.html.erb b/app/views/sessions/welcome.html.erb index dc85f35..5a3f277 100644 --- a/app/views/sessions/welcome.html.erb +++ b/app/views/sessions/welcome.html.erb @@ -1,8 +1,10 @@ -

Welcome

-<% if logged_in? %> - You are Logged In, <%= current_user.email %> - <%= button_to "Logout", '/logout', method: :get, class: 'btn' %> -<% else %> - <%= button_to "Login", '/login', method: :get, class: 'btn' %> - <%= button_to "Sign Up", '/users/new', method: :get, class: 'btn' %> -<% end %> +
+

Welcome

+ <% if logged_in? %> + You are Logged In, <%= current_user.email %> + <%= button_to "Logout", '/logout', method: :get, class: 'btn' %> + <% else %> + <%= button_to "Login", '/login', method: :get, class: 'btn' %> + <%= button_to "Sign Up", '/users/new', method: :get, class: 'btn' %> + <% end %> +
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb new file mode 100644 index 0000000..bd6b704 --- /dev/null +++ b/app/views/users/index.html.erb @@ -0,0 +1,15 @@ +
+ <% @users.each do |user| %> +
+
+ <%= user.email %> +
+
+ <%= user.role %> +
+
+ <%= link_to 'Delete', user, method: :delete, class: "btn" %> +
+
+ <% end %> +
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index d81b5bf..a4ce410 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb @@ -1,8 +1,10 @@ -

Sign Up

-<%= form_for @user do |f|%> - <%= f.label :email%> - <%= f.text_field :email%> - <%= f.label :password%> - <%= f.password_field :password%> - <%= f.submit 'Sign up', class: 'btn' %> -<%end%> \ No newline at end of file +
+

Sign Up

+ <%= form_for @user do |f|%> + <%= f.label :email%> + <%= f.text_field :email%> + <%= f.label :password%> + <%= f.password_field :password%> + <%= f.submit 'Sign up', class: 'btn' %> + <%end%> +
diff --git a/app/views/users/password_recovery_request_form.erb b/app/views/users/password_recovery_request_form.erb index 66a90a4..b267001 100644 --- a/app/views/users/password_recovery_request_form.erb +++ b/app/views/users/password_recovery_request_form.erb @@ -1,7 +1,9 @@ -

Password recovery

-Provide an email to password recovery -<%= form_with url: "/password_recovery_request", method: :post do |f| %> - <%= f.label :email%>
- <%= f.text_field :email %> - <%= f.submit 'Send email', class: 'btn' %> -<% end %> \ No newline at end of file +
+

Password recovery

+ Provide an email to password recovery + <%= form_with url: "/password_recovery_request", method: :post do |f| %> + <%= f.label :email%>
+ <%= f.text_field :email %> + <%= f.submit 'Send email', class: 'btn' %> + <% end %> +
diff --git a/app/views/users/recover_password_form.html.erb b/app/views/users/recover_password_form.html.erb index 91f0d43..29e7b58 100644 --- a/app/views/users/recover_password_form.html.erb +++ b/app/views/users/recover_password_form.html.erb @@ -1,11 +1,13 @@ -

Provide new password

+
+

Provide new password

-<%= form_with url: '/recover_password', method: :post do |f| %> - <%= f.label :password%> - <%= f.password_field :password %> - <%= f.label :password_confirmation%> - <%= f.password_field :password_confirmation %> - <%= f.hidden_field :recovery_password, :value => @recovery_password %> - <%= f.hidden_field :user_id, :value => @user_id %> - <%= f.submit 'Change password', class: 'btn' %> -<% end %> \ No newline at end of file + <%= form_with url: '/recover_password', method: :post do |f| %> + <%= f.label :password%> + <%= f.password_field :password %> + <%= f.label :password_confirmation%> + <%= f.password_field :password_confirmation %> + <%= f.hidden_field :recovery_password, :value => @recovery_password %> + <%= f.hidden_field :user_id, :value => @user_id %> + <%= f.submit 'Change password', class: 'btn' %> + <% end %> +
diff --git a/config/environments/development.rb b/config/environments/development.rb index 7a9f6c3..93cd1a8 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -56,7 +56,8 @@ Rails.application.configure do # Debug mode disables concatenation and preprocessing of assets. # This option may cause significant delays in view rendering with a large # number of complex assets. - config.assets.debug = true + config.assets.debug = false + config.assets.check_precompiled_asset = false # Suppress logger output for asset requests. config.assets.quiet = true diff --git a/config/routes.rb b/config/routes.rb index 43ec56d..6f791c6 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,5 +1,5 @@ Rails.application.routes.draw do - resources :users, only: [:new, :create] + resources :users get 'login', to: 'sessions#new' get 'logout', to: 'sessions#delete' post 'login', to: 'sessions#create' @@ -9,4 +9,5 @@ Rails.application.routes.draw do get 'recover_password/:id/:recovery_password', to: 'users#recover_password_form' post 'recover_password', to: 'users#recover_password' resources :books + resources :authors end