diff --git a/app/controllers/articles_controller.rb b/app/controllers/articles_controller.rb index 9d006cc..6f9a38e 100644 --- a/app/controllers/articles_controller.rb +++ b/app/controllers/articles_controller.rb @@ -53,7 +53,7 @@ def set_article end def require_same_user - if current_user != @article.user + if current_user != @article.user && !current_user.admin? flash[:danger] = "You can only edit or delete your own articles." redirect_to root_path end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index d1dbb71..a524fa3 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,7 @@ class UsersController < ApplicationController before_action :set_user, only: [:edit, :update, :show] - before_action :require_same_user, only: [:edit, :update] + before_action :require_same_user, only: [:edit, :update, :destroy] + before_action :require_admin, only: [:destroy] def index @users = User.paginate(page: params[:page], per_page: 5) @@ -37,6 +38,13 @@ def update end end + def destroy + @user = User.find(params[:id]) + @user.destroy + flash[:danger] = "User and all articles created by user have been deleted." + redirect_to users_path + end + private def user_params params.require(:user).permit(:username, :email, :password) @@ -47,10 +55,17 @@ def set_user end def require_same_user - if current_user != @user + if current_user != @user && !current_user.admin? flash[:danger] = "You can only edit your own account." redirect_to root_path end end + def require_admin + if logged_in? && !current_user.admin? + flash[:danger] = "Only admins users can perform that action." + redirect_to root_path + end + end + end diff --git a/app/models/user.rb b/app/models/user.rb index d47f1af..a384e2f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,5 +1,5 @@ class User < ActiveRecord::Base - has_many :articles + has_many :articles, dependent: :destroy before_save { self.email = email.downcase } validates :username, presence: true, length: { minimum: 3, maximum: 25 }, @@ -10,6 +10,6 @@ class User < ActiveRecord::Base length: { maximum: 105 }, uniqueness: { case_sensitive: false }, format: { with: VALID_EMAIL_REGEX } - + has_secure_password end diff --git a/app/views/articles/_article.html.erb b/app/views/articles/_article.html.erb index 58788c1..4f738da 100644 --- a/app/views/articles/_article.html.erb +++ b/app/views/articles/_article.html.erb @@ -13,7 +13,7 @@ last updated at: <%= time_ago_in_words(article.updated_at) %> ago - <% if logged_in? && current_user == article.user %> + <% if logged_in? && (current_user == article.user || current_user.admin?) %>
<%= link_to "Edit this article", edit_article_path(article), class: "btn btn-default"%> <%= link_to "Delete this article", article_path(article), method: :delete, data: {confirm: "Are you sure?"}, class: "btn btn-default delete-btn" %> diff --git a/app/views/articles/show.html.erb b/app/views/articles/show.html.erb index 03a9940..258999b 100644 --- a/app/views/articles/show.html.erb +++ b/app/views/articles/show.html.erb @@ -17,7 +17,7 @@
<%= link_to "Back to articles list", articles_path, class: "btn btn-primary" %> - <% if logged_in? && current_user == @article.user %> + <% if logged_in? && ( current_user == @article.user || current_user.admin? ) %> <%= link_to "Edit this article", edit_article_path(@article), class: "btn btn-default"%> <%= link_to "Delete this article", article_path(@article), method: :delete, data: {confirm: "Are you sure?"}, class: "btn btn-default delete-btn" %> <% end %> diff --git a/app/views/layouts/_navigation.html.erb b/app/views/layouts/_navigation.html.erb index 94f8e34..28e9f77 100644 --- a/app/views/layouts/_navigation.html.erb +++ b/app/views/layouts/_navigation.html.erb @@ -39,13 +39,15 @@ <% if logged_in? %>
  • <%= link_to "Log out", logout_path, method: :delete %>
  • - +
    • <%= link_to "Edit your profile", edit_user_path(current_user) %>
    • <%= link_to "View your profile", user_path(current_user) %>
      • -
    • Separated link
      • +
    • <%= link_to "Log out", logout_path, method: :delete %>
    • <% else %> diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb index a9cb0ed..88a96f4 100644 --- a/app/views/users/index.html.erb +++ b/app/views/users/index.html.erb @@ -8,6 +8,10 @@
  • <%= link_to gravatar_for(user), user_path(user) %>
  • <%= link_to user.username, user_path(user) %>
  • <%= pluralize(user.articles.count, "article") if user.articles %>
    • + <% if logged_in? && current_user.admin? %> +
  • <%= link_to "Delete this user", user_path(user), method: :delete, + data: { confirm: "Are you that you want to delete the user and all of his articles?" } %>
    • + <% end %>
    diff --git a/db/migrate/20170228021927_add_admin_to_users.rb b/db/migrate/20170228021927_add_admin_to_users.rb new file mode 100644 index 0000000..0e24076 --- /dev/null +++ b/db/migrate/20170228021927_add_admin_to_users.rb @@ -0,0 +1,5 @@ +class AddAdminToUsers < ActiveRecord::Migration[5.0] + def change + add_column :users, :admin, :boolean, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index c79ed72..a2f8e5d 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20170227133108) do +ActiveRecord::Schema.define(version: 20170228021927) do create_table "articles", force: :cascade do |t| t.string "title" @@ -23,9 +23,10 @@ create_table "users", force: :cascade do |t| t.string "username" t.string "email" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false t.string "password_digest" + t.boolean "admin", default: false end end