From 359c9f909cea88c8e976e26593f95b70a599f3c8 Mon Sep 17 00:00:00 2001
From: Erick Moreira <efmoreira@inf.ufpel.edu.br>
Date: Mon, 27 Feb 2017 23:49:38 -0300
Subject: [PATCH] Admin functions.

---
 app/controllers/articles_controller.rb        |  2 +-
 app/controllers/users_controller.rb           | 19 +++++++++++++++++--
 app/models/user.rb                            |  4 ++--
 app/views/articles/_article.html.erb          |  2 +-
 app/views/articles/show.html.erb              |  2 +-
 app/views/layouts/_navigation.html.erb        |  6 ++++--
 app/views/users/index.html.erb                |  4 ++++
 .../20170228021927_add_admin_to_users.rb      |  5 +++++
 db/schema.rb                                  |  7 ++++---
 9 files changed, 39 insertions(+), 12 deletions(-)
 create mode 100644 db/migrate/20170228021927_add_admin_to_users.rb

diff --git a/app/controllers/articles_controller.rb b/app/controllers/articles_controller.rb
index 9d006cc..6f9a38e 100644
--- a/app/controllers/articles_controller.rb
+++ b/app/controllers/articles_controller.rb
@@ -53,7 +53,7 @@ def set_article
   end
 
   def require_same_user
-    if current_user != @article.user
+    if current_user != @article.user && !current_user.admin?
       flash[:danger] = "You can only edit or delete your own articles."
       redirect_to root_path
     end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d1dbb71..a524fa3 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,6 +1,7 @@
 class UsersController < ApplicationController
   before_action :set_user, only: [:edit, :update, :show]
-  before_action :require_same_user, only: [:edit, :update]
+  before_action :require_same_user, only: [:edit, :update, :destroy]
+  before_action :require_admin, only: [:destroy]
 
   def index
     @users = User.paginate(page: params[:page], per_page: 5)
@@ -37,6 +38,13 @@ def update
     end
   end
 
+  def destroy
+    @user = User.find(params[:id])
+    @user.destroy
+    flash[:danger] = "User and all articles created by user have been deleted."
+    redirect_to users_path
+  end
+
   private
   def user_params
     params.require(:user).permit(:username, :email, :password)
@@ -47,10 +55,17 @@ def set_user
   end
 
   def require_same_user
-    if current_user != @user
+    if current_user != @user && !current_user.admin?
       flash[:danger] = "You can only edit your own account."
       redirect_to root_path
     end
   end
 
+  def require_admin
+    if logged_in? && !current_user.admin?
+      flash[:danger] = "Only admins users can perform that action."
+      redirect_to root_path
+    end
+  end
+
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index d47f1af..a384e2f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  has_many :articles
+  has_many :articles, dependent: :destroy
   before_save { self.email = email.downcase }
   validates :username, presence: true,
             length: { minimum: 3, maximum: 25 },
@@ -10,6 +10,6 @@ class User < ActiveRecord::Base
             length: { maximum: 105 },
             uniqueness: { case_sensitive: false },
             format: { with: VALID_EMAIL_REGEX }
-            
+
   has_secure_password
 end
diff --git a/app/views/articles/_article.html.erb b/app/views/articles/_article.html.erb
index 58788c1..4f738da 100644
--- a/app/views/articles/_article.html.erb
+++ b/app/views/articles/_article.html.erb
@@ -13,7 +13,7 @@
                 last updated at: <%= time_ago_in_words(article.updated_at) %> ago</small>
           </div>
         </div>
-        <% if logged_in? && current_user == article.user %>
+        <% if logged_in? && (current_user == article.user || current_user.admin?) %>
           <div class="center">
             <%= link_to "Edit this article", edit_article_path(article), class: "btn btn-default"%>
             <%= link_to "Delete this article", article_path(article), method: :delete, data: {confirm: "Are you sure?"}, class: "btn btn-default delete-btn" %>
diff --git a/app/views/articles/show.html.erb b/app/views/articles/show.html.erb
index 03a9940..258999b 100644
--- a/app/views/articles/show.html.erb
+++ b/app/views/articles/show.html.erb
@@ -17,7 +17,7 @@
 
 <div class="center" style="padding-bottom: 30px">
   <%= link_to "Back to articles list", articles_path, class: "btn btn-primary" %>
-  <% if logged_in? && current_user == @article.user %>
+  <% if logged_in? && ( current_user == @article.user || current_user.admin? ) %>
     <%= link_to "Edit this article", edit_article_path(@article), class: "btn btn-default"%>
     <%= link_to "Delete this article", article_path(@article), method: :delete, data: {confirm: "Are you sure?"}, class: "btn btn-default delete-btn" %>
   <% end %>
diff --git a/app/views/layouts/_navigation.html.erb b/app/views/layouts/_navigation.html.erb
index 94f8e34..28e9f77 100644
--- a/app/views/layouts/_navigation.html.erb
+++ b/app/views/layouts/_navigation.html.erb
@@ -39,13 +39,15 @@
         <% if logged_in? %>
           <li> <%= link_to "Log out", logout_path, method: :delete %> </li>
           <li class="dropdown">
-            <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Your Profile <span class="caret"></span></a>
+            <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">
+              Your <%= "Admin" if current_user.admin? %> Profile <span class="caret"></span>
+            </a>
             <ul class="dropdown-menu">
               <li> <%= link_to "Edit your profile", edit_user_path(current_user) %></a></li>
               <li><%= link_to "View your profile", user_path(current_user) %></li>
 
               <li role="separator" class="divider"></li>
-              <li><a href="#">Separated link</a></li>
+              <li> <%= link_to "Log out", logout_path, method: :delete %> </li>
             </ul>
           </li>
         <% else %>
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
index a9cb0ed..88a96f4 100644
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@@ -8,6 +8,10 @@
           <li><%= link_to gravatar_for(user), user_path(user) %></li>
           <li class="article-title"> <%= link_to user.username, user_path(user) %> </li>
           <li><small><%= pluralize(user.articles.count, "article") if user.articles %></small></li>
+          <% if logged_in? && current_user.admin? %>
+            <li><%= link_to "Delete this user", user_path(user), method: :delete,
+            data: { confirm: "Are you that you want to delete the user and all of his articles?" } %></li>
+          <% end %>
         </div>
       </div>
     </ul>
diff --git a/db/migrate/20170228021927_add_admin_to_users.rb b/db/migrate/20170228021927_add_admin_to_users.rb
new file mode 100644
index 0000000..0e24076
--- /dev/null
+++ b/db/migrate/20170228021927_add_admin_to_users.rb
@@ -0,0 +1,5 @@
+class AddAdminToUsers < ActiveRecord::Migration[5.0]
+  def change
+    add_column :users, :admin, :boolean, default: false
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index c79ed72..a2f8e5d 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20170227133108) do
+ActiveRecord::Schema.define(version: 20170228021927) do
 
   create_table "articles", force: :cascade do |t|
     t.string   "title"
@@ -23,9 +23,10 @@
   create_table "users", force: :cascade do |t|
     t.string   "username"
     t.string   "email"
-    t.datetime "created_at",      null: false
-    t.datetime "updated_at",      null: false
+    t.datetime "created_at",                      null: false
+    t.datetime "updated_at",                      null: false
     t.string   "password_digest"
+    t.boolean  "admin",           default: false
   end
 
 end