From 8e2fbda0a0dc74b096ff4d37fbcff2f96ccddd86 Mon Sep 17 00:00:00 2001 From: Kurt Date: Sun, 30 Sep 2018 16:52:24 -0600 Subject: [PATCH 01/42] Sets before_action method call. --- app/controllers/groups_controller.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 6e1cd3f..7e465d4 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -1,4 +1,6 @@ class GroupsController < ApplicationController + before_action :set_group, only: [:show, :edit, :update, :destroy] + def index @groups = Group.all end @@ -17,22 +19,18 @@ def create end def show - @group = Group.find(params[:id]) end def edit - @group = Group.find(params[:id]) end def update - @group = Group.find(params[:id]) @group.update(group_params) flash.notice = "Group '#{@group.name}' updated!" redirect_to group_path(@group) end def destroy - @group = Group.find(params[:id]) @group.destroy flash.notice = "Group Deleted!" redirect_to dashboard_path @@ -40,6 +38,10 @@ def destroy private + def set_group + @group = Group.find(params[:id]) + end + def group_params params.require(:group).permit(:name, :description) end From 7830db0c1b68115280814cd043cbb0b547cf7dc5 Mon Sep 17 00:00:00 2001 From: Kurt Date: Sun, 30 Sep 2018 16:53:02 -0600 Subject: [PATCH 02/42] Adds blank line. --- app/controllers/users_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 7714c8b..54bca76 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,5 +1,6 @@ class UsersController < ApplicationController before_action :set_user, only: [:edit, :update] + def new @user = User.new if current_user From 97068ee65e7d39bd8711a36b24b8e712c300b3e6 Mon Sep 17 00:00:00 2001 From: Kurt Date: Sun, 30 Sep 2018 17:06:07 -0600 Subject: [PATCH 03/42] Adds owner_id column to a group, referencing a user_id. --- db/migrate/20180930230442_add_owner_id_to_groups.rb | 6 ++++++ db/schema.rb | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 db/migrate/20180930230442_add_owner_id_to_groups.rb diff --git a/db/migrate/20180930230442_add_owner_id_to_groups.rb b/db/migrate/20180930230442_add_owner_id_to_groups.rb new file mode 100644 index 0000000..2726115 --- /dev/null +++ b/db/migrate/20180930230442_add_owner_id_to_groups.rb @@ -0,0 +1,6 @@ +class AddOwnerIdToGroups < ActiveRecord::Migration[5.2] + def change + add_column :groups, :owner_id, :integer + add_reference :groups, :users, foreign_key: true + end +end diff --git a/db/schema.rb b/db/schema.rb index bc39f68..15a9879 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2018_09_28_203618) do +ActiveRecord::Schema.define(version: 2018_09_30_230442) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -18,6 +18,9 @@ create_table "groups", force: :cascade do |t| t.text "name" t.string "description" + t.integer "owner_id" + t.bigint "users_id" + t.index ["users_id"], name: "index_groups_on_users_id" end create_table "user_groups", force: :cascade do |t| @@ -35,4 +38,5 @@ t.string "password_confirmation" end + add_foreign_key "groups", "users", column: "users_id" end From f711d321112f2e3b4b3113a758ca1625abfcef29 Mon Sep 17 00:00:00 2001 From: Kurt Date: Sun, 30 Sep 2018 17:37:39 -0600 Subject: [PATCH 04/42] Adds owner_id column to a group. --- app/models/group.rb | 1 + app/models/user.rb | 1 + db/migrate/20180930230442_add_owner_id_to_groups.rb | 6 ------ db/migrate/20180930232847_add_owner_id_to_groups.rb | 6 ++++++ db/schema.rb | 9 ++++----- 5 files changed, 12 insertions(+), 11 deletions(-) delete mode 100644 db/migrate/20180930230442_add_owner_id_to_groups.rb create mode 100644 db/migrate/20180930232847_add_owner_id_to_groups.rb diff --git a/app/models/group.rb b/app/models/group.rb index afc116b..cc15987 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -1,4 +1,5 @@ class Group < ApplicationRecord has_many :user_groups has_many :users, through: :user_groups + has_one :user end diff --git a/app/models/user.rb b/app/models/user.rb index 3cc1ae8..001da67 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,6 +1,7 @@ class User < ApplicationRecord has_many :user_groups has_many :groups, through: :user_groups + belongs_to :group has_secure_password validates_uniqueness_of :email validates :first_name, presence: true diff --git a/db/migrate/20180930230442_add_owner_id_to_groups.rb b/db/migrate/20180930230442_add_owner_id_to_groups.rb deleted file mode 100644 index 2726115..0000000 --- a/db/migrate/20180930230442_add_owner_id_to_groups.rb +++ /dev/null @@ -1,6 +0,0 @@ -class AddOwnerIdToGroups < ActiveRecord::Migration[5.2] - def change - add_column :groups, :owner_id, :integer - add_reference :groups, :users, foreign_key: true - end -end diff --git a/db/migrate/20180930232847_add_owner_id_to_groups.rb b/db/migrate/20180930232847_add_owner_id_to_groups.rb new file mode 100644 index 0000000..bed24dc --- /dev/null +++ b/db/migrate/20180930232847_add_owner_id_to_groups.rb @@ -0,0 +1,6 @@ +class AddOwnerIdToGroups < ActiveRecord::Migration[5.2] + def change + add_reference :groups, :user, foreign_key: true + rename_column :groups, :user_id, :owner_id + end +end diff --git a/db/schema.rb b/db/schema.rb index 15a9879..79c289b 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2018_09_30_230442) do +ActiveRecord::Schema.define(version: 2018_09_30_232847) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -18,9 +18,8 @@ create_table "groups", force: :cascade do |t| t.text "name" t.string "description" - t.integer "owner_id" - t.bigint "users_id" - t.index ["users_id"], name: "index_groups_on_users_id" + t.bigint "owner_id" + t.index ["owner_id"], name: "index_groups_on_owner_id" end create_table "user_groups", force: :cascade do |t| @@ -38,5 +37,5 @@ t.string "password_confirmation" end - add_foreign_key "groups", "users", column: "users_id" + add_foreign_key "groups", "users", column: "owner_id" end From 3cc082e074b767d4b5227b38fb3f5bf11abbce1c Mon Sep 17 00:00:00 2001 From: Kurt Date: Sun, 30 Sep 2018 18:38:27 -0600 Subject: [PATCH 05/42] When a user creates a group, they are added as the group's owner --- app/controllers/groups_controller.rb | 8 +++++--- app/models/group.rb | 5 ++++- app/models/user.rb | 1 - app/views/users/show.html.erb | 1 + 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 7e465d4..07bea00 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -10,10 +10,12 @@ def new def create @group = Group.new(group_params) - @group.user_ids= current_user.id + @group.user_ids = current_user.id # Add user as a user + @group.owner_id = current_user.id # Add user as owner if @group.save - redirect_to dashboard_path + redirect_to group_path(@group.id) # Find the group page else + flash[:notice] = 'The group name is already taken. Please choose another name.' render 'new' end end @@ -43,6 +45,6 @@ def set_group end def group_params - params.require(:group).permit(:name, :description) + params.require(:group).permit(:name, :description, :owner_id) end end diff --git a/app/models/group.rb b/app/models/group.rb index cc15987..aa4a431 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -1,5 +1,8 @@ class Group < ApplicationRecord has_many :user_groups has_many :users, through: :user_groups - has_one :user + belongs_to :user, foreign_key: :owner_id + validates_uniqueness_of :name + validates :description, presence: true + validates :owner_id, presence: true end diff --git a/app/models/user.rb b/app/models/user.rb index 001da67..3cc1ae8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,7 +1,6 @@ class User < ApplicationRecord has_many :user_groups has_many :groups, through: :user_groups - belongs_to :group has_secure_password validates_uniqueness_of :email validates :first_name, presence: true diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index ba1f99c..dd90cce 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -1,3 +1,4 @@ +

Profile

Name: <%= "#{@user.first_name} #{@user.last_name}" %>
Email: <%= @user.email %> From 42f617ec394798a1e45e8395462b9104f165ebbd Mon Sep 17 00:00:00 2001 From: Kurt Date: Sun, 30 Sep 2018 18:49:33 -0600 Subject: [PATCH 06/42] Adds List and Item models and db schema. --- app/models/group.rb | 1 + app/models/item.rb | 3 +++ app/models/list.rb | 5 +++++ app/models/user.rb | 1 + db/migrate/20181001004237_create_lists.rb | 8 ++++++++ db/migrate/20181001004651_create_items.rb | 11 +++++++++++ db/schema.rb | 21 ++++++++++++++++++++- 7 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 app/models/item.rb create mode 100644 app/models/list.rb create mode 100644 db/migrate/20181001004237_create_lists.rb create mode 100644 db/migrate/20181001004651_create_items.rb diff --git a/app/models/group.rb b/app/models/group.rb index aa4a431..bfe65e7 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -1,6 +1,7 @@ class Group < ApplicationRecord has_many :user_groups has_many :users, through: :user_groups + has_many :lists belongs_to :user, foreign_key: :owner_id validates_uniqueness_of :name validates :description, presence: true diff --git a/app/models/item.rb b/app/models/item.rb new file mode 100644 index 0000000..c9cded8 --- /dev/null +++ b/app/models/item.rb @@ -0,0 +1,3 @@ +class Item < ApplicationRecord + belongs_to :list +end diff --git a/app/models/list.rb b/app/models/list.rb new file mode 100644 index 0000000..ad20aae --- /dev/null +++ b/app/models/list.rb @@ -0,0 +1,5 @@ +class List < ApplicationRecord + belongs_to :user + belongs_to :group + has_many :items +end diff --git a/app/models/user.rb b/app/models/user.rb index 3cc1ae8..6dfda25 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,6 +1,7 @@ class User < ApplicationRecord has_many :user_groups has_many :groups, through: :user_groups + has_many :lists has_secure_password validates_uniqueness_of :email validates :first_name, presence: true diff --git a/db/migrate/20181001004237_create_lists.rb b/db/migrate/20181001004237_create_lists.rb new file mode 100644 index 0000000..3075393 --- /dev/null +++ b/db/migrate/20181001004237_create_lists.rb @@ -0,0 +1,8 @@ +class CreateLists < ActiveRecord::Migration[5.2] + def change + create_table :lists do |t| + t.references :user, foreign_key: true + t.references :group, foreign_key: true + end + end +end diff --git a/db/migrate/20181001004651_create_items.rb b/db/migrate/20181001004651_create_items.rb new file mode 100644 index 0000000..22ef76f --- /dev/null +++ b/db/migrate/20181001004651_create_items.rb @@ -0,0 +1,11 @@ +class CreateItems < ActiveRecord::Migration[5.2] + def change + create_table :items do |t| + t.text :name + t.text :description + t.text :note + t.text :size + t.references :lists, foreign_key: true + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 79c289b..7843209 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2018_09_30_232847) do +ActiveRecord::Schema.define(version: 2018_10_01_004651) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -22,6 +22,22 @@ t.index ["owner_id"], name: "index_groups_on_owner_id" end + create_table "items", force: :cascade do |t| + t.text "name" + t.text "description" + t.text "note" + t.text "size" + t.bigint "lists_id" + t.index ["lists_id"], name: "index_items_on_lists_id" + end + + create_table "lists", force: :cascade do |t| + t.bigint "user_id" + t.bigint "group_id" + t.index ["group_id"], name: "index_lists_on_group_id" + t.index ["user_id"], name: "index_lists_on_user_id" + end + create_table "user_groups", force: :cascade do |t| t.integer "user_id" t.integer "group_id" @@ -38,4 +54,7 @@ end add_foreign_key "groups", "users", column: "owner_id" + add_foreign_key "items", "lists", column: "lists_id" + add_foreign_key "lists", "groups" + add_foreign_key "lists", "users" end From e7f81755e083bf51186a672e9ba3202df0064f50 Mon Sep 17 00:00:00 2001 From: Kurt Date: Sun, 30 Sep 2018 20:26:57 -0600 Subject: [PATCH 07/42] Changes from /profile/:id to /users/:id for Lists implementation. --- app/controllers/users_controller.rb | 28 ++++++++++++++++++++-------- config/routes.rb | 8 +++++--- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 54bca76..7df8709 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,6 @@ class UsersController < ApplicationController - before_action :set_user, only: [:edit, :update] - + before_action :set_user, only: [:edit, :update, :profile] + def new @user = User.new if current_user @@ -19,19 +19,31 @@ def create end end - def show - if params[:id] && current_user - @own_profile = own_profile?(current_user, params[:id]) - @user = User.find(params[:id]) - elsif current_user + def profile + if @user @own_profile = true - set_user + render 'show' else redirect_to root_url flash[:warning] = 'You must be logged in first.' end end + def show + @user = User.find(params[:id]) + + # if params[:id] && current_user + @own_profile = own_profile?(current_user, params[:id]) + # @user = User.find(params[:id]) + # elsif current_user + # @own_profile = true + # set_user + # else + # redirect_to root_url + # flash[:warning] = 'You must be logged in first.' + # end + end + def edit end diff --git a/config/routes.rb b/config/routes.rb index 969dbd1..2388c4a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -10,12 +10,14 @@ get '/dashboard' => 'dashboard#show', as: 'dashboard' get '/signup' => 'users#new', as: 'signup' - get '/profile(/:id)' => 'users#show', as: 'profile' + get '/profile' => 'users#profile', as: 'profile' get '/login' => 'sessions#new', as: 'login' delete '/logout' => 'sessions#destroy', as: 'logout' - resources :users, only: [:create, :edit, :update] - resources :groups + resources :users, only: [:show, :create, :edit, :update] + resources :groups do + resources :lists + end resources :sessions, except: [:edit, :update] end From afa7ddb8e4710b210923cc1cf450af2aba90db9b Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 11:26:25 -0600 Subject: [PATCH 08/42] Adds view pages for Items and Lists. --- app/views/items/_form.html.erb | 21 +++++++++++++++++++++ app/views/items/destroy.html.erb | 0 app/views/items/edit.html.erb | 0 app/views/items/new.html.erb | 3 +++ app/views/items/show.html.erb | 0 app/views/lists/new.html.erb | 1 + app/views/lists/show.html.erb | 11 +++++++++++ 7 files changed, 36 insertions(+) create mode 100644 app/views/items/_form.html.erb create mode 100644 app/views/items/destroy.html.erb create mode 100644 app/views/items/edit.html.erb create mode 100644 app/views/items/new.html.erb create mode 100644 app/views/items/show.html.erb create mode 100644 app/views/lists/new.html.erb create mode 100644 app/views/lists/show.html.erb diff --git a/app/views/items/_form.html.erb b/app/views/items/_form.html.erb new file mode 100644 index 0000000..b23f498 --- /dev/null +++ b/app/views/items/_form.html.erb @@ -0,0 +1,21 @@ +<%= form_for [@group, @list, @item] do |f| %> +
+ <%= f.label :name %> + <%= f.text_field :name %> +
+
+ <%= f.label :description %> + <%= f.text_area :description %> +
+
+ <%= f.label :note %> + <%= f.text_area :note %> +
+
+ <%= f.label :size %> + <%= f.text_field :size %> +
+
+ <%= f.submit %> +
+<% end %> diff --git a/app/views/items/destroy.html.erb b/app/views/items/destroy.html.erb new file mode 100644 index 0000000..e69de29 diff --git a/app/views/items/edit.html.erb b/app/views/items/edit.html.erb new file mode 100644 index 0000000..e69de29 diff --git a/app/views/items/new.html.erb b/app/views/items/new.html.erb new file mode 100644 index 0000000..addeee4 --- /dev/null +++ b/app/views/items/new.html.erb @@ -0,0 +1,3 @@ +

Create a list item

+ +<%= render partial: 'items/form' %> diff --git a/app/views/items/show.html.erb b/app/views/items/show.html.erb new file mode 100644 index 0000000..e69de29 diff --git a/app/views/lists/new.html.erb b/app/views/lists/new.html.erb new file mode 100644 index 0000000..57d4228 --- /dev/null +++ b/app/views/lists/new.html.erb @@ -0,0 +1 @@ +

Create a Wish List

diff --git a/app/views/lists/show.html.erb b/app/views/lists/show.html.erb new file mode 100644 index 0000000..f346fcb --- /dev/null +++ b/app/views/lists/show.html.erb @@ -0,0 +1,11 @@ +

<%= "#{@user.first_name} #{@user.last_name}'s wishlist for the #{@group.name} group" %>

+ + +<%= link_to 'Create a new item for your list', new_group_list_item_path(@group, @list) %> +
    + <% @items.each do |item| %> +
  • <%= link_to "#{item.name}", group_list_item_path(@group, @list, item.id) %>
    • + <% end %> +
+ +<%= link_to 'Back', group_path(@group.id) %> From 42af6d168c49d8cd3b2369c3766301e1f88cdb47 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 11:28:13 -0600 Subject: [PATCH 09/42] On group#show page, each user has a link to their profile and wishlist. --- app/controllers/groups_controller.rb | 2 ++ app/views/groups/show.html.erb | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 07bea00..31e740a 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -21,6 +21,8 @@ def create end def show + @user_list = @group.lists.where(['user_id = :user_id and group_id = :group_id', + { user_id: current_user.id, group_id: @group.id }]) end def edit diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb index b6f2d49..fbad38e 100644 --- a/app/views/groups/show.html.erb +++ b/app/views/groups/show.html.erb @@ -1,19 +1,29 @@

<%= @group.name %>

<%= @group.description %>
+
+<%= link_to 'Edit Group', edit_group_path %> +<%= link_to 'Delete Group', group_path, method: :delete, data: { confirm: 'Are you sure? This cannot be undone.' } %> +
+
+<% if !@user_list.empty? %> + <%= link_to 'View your Wish list', group_list_path(@group, @user_list[0]) %> +<% else %> + <%= link_to 'Create a Wish List', group_lists_path(@group), method: :post %> +<% end %> +
+
Users in this group:
    <% @group.users.each do |user| %> -
  • <%= link_to "#{user.first_name} #{user.last_name}'s profile", profile_path(user.id) %>
    • + <% wish_list = user.lists.where(['user_id = :user_id and group_id = :group_id', { user_id: user.id, group_id: @group.id }]) %> +
  • <%= "#{user.first_name} #{user.last_name}: " %> <%= link_to 'Profile', user_path(user.id) %> <%= link_to "Wish List", group_list_path(@group.id, wish_list[0].id) unless wish_list.empty? %>
    • <% end %>
-
-<%= link_to 'Edit Group', edit_group_path %> -<%= link_to 'Delete Group', group_path, method: :delete, data: { confirm: 'Are you sure? This cannot be undone.' } %>
<%= link_to 'Back', dashboard_path %> From 7647198a035f8ac99c25ab1b3cb2a310ff725a06 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 11:28:55 -0600 Subject: [PATCH 10/42] Nests resources: groups/lists/items. --- config/routes.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index 2388c4a..059b3f9 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -16,8 +16,9 @@ resources :users, only: [:show, :create, :edit, :update] resources :groups do - resources :lists + resources :lists do + resources :items + end end - resources :sessions, except: [:edit, :update] end From a6768e4f51c71130d229923ae0be3e3bedf96562 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 11:31:06 -0600 Subject: [PATCH 11/42] Adds new, show and create logic for items and lists. --- app/controllers/items_controller.rb | 33 +++++++++++++++++++++++++++++ app/controllers/lists_controller.rb | 16 ++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 app/controllers/items_controller.rb create mode 100644 app/controllers/lists_controller.rb diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb new file mode 100644 index 0000000..dbb2b18 --- /dev/null +++ b/app/controllers/items_controller.rb @@ -0,0 +1,33 @@ +class ItemsController < ApplicationController + def new + @group = Group.find(params[:group_id]) + @list = List.find(params[:list_id]) + @item = Item.new + end + + def create + @item = Item.new(item_params) + @list = List.find(params[:list_id]) + @group = Group.find(params[:group_id]) + @user = @list.user + @item.lists_id = @list.id + if @item.save + redirect_to group_list_path(@group, @list) + else + flash[:warning] = 'Invalid entry.' + render 'new' + end + end + + def show + @user = User.find(params[:id]) + @group = Group.find(params[:group_id]) + @list = @user.lists + end + + private + + def item_params + params.require(:item).permit(:name, :description, :note, :size) + end +end diff --git a/app/controllers/lists_controller.rb b/app/controllers/lists_controller.rb new file mode 100644 index 0000000..e1422a1 --- /dev/null +++ b/app/controllers/lists_controller.rb @@ -0,0 +1,16 @@ +class ListsController < ApplicationController + def create + @list = List.new + @list.user_id = current_user.id + @list.group_id = params[:group_id] + @list.save + redirect_to group_path(params[:group_id]) + end + + def show + @list = List.find(params[:id]) + @user = @list.user + @group = Group.find(params[:group_id]) + @items = Item.where(['lists_id = :list_id', { list_id: @list.id }]) + end +end From bbfa23d8511c81dc59e277975996ee950ae8b2ba Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 11:31:52 -0600 Subject: [PATCH 12/42] Adds validators and relationship for Item. --- app/models/item.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/models/item.rb b/app/models/item.rb index c9cded8..0ced207 100644 --- a/app/models/item.rb +++ b/app/models/item.rb @@ -1,3 +1,5 @@ class Item < ApplicationRecord - belongs_to :list + has_one :list + validates :name, presence: true + validates :description, presence: true end From d6a8863db62c01081369e0cc75a24efbdb043801 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 16:58:53 -0600 Subject: [PATCH 13/42] Adds update failure check, flash message project convention, listing of users' wish lists on #show page. --- app/controllers/groups_controller.rb | 18 ++++++++++++------ app/views/groups/edit.html.erb | 2 ++ app/views/groups/show.html.erb | 2 +- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 31e740a..a215b60 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -12,11 +12,12 @@ def create @group = Group.new(group_params) @group.user_ids = current_user.id # Add user as a user @group.owner_id = current_user.id # Add user as owner + # CREATE THE WISHLIST HERE! SET IT AS THE OWNER'S LIST if @group.save - redirect_to group_path(@group.id) # Find the group page + redirect_to group_path(@group) # Find the group page else flash[:notice] = 'The group name is already taken. Please choose another name.' - render 'new' + redirect_to new_group_path(@group) end end @@ -29,14 +30,19 @@ def edit end def update - @group.update(group_params) - flash.notice = "Group '#{@group.name}' updated!" - redirect_to group_path(@group) + if @group.update(group_params) + flash[:notice] = "Group '#{@group.name}' updated!" + redirect_to group_path(@group) + else + flash[:warning] = 'An error occurred, please try again.' + redirect_to edit_group_path(@group) + end end def destroy + # Destroy not working. Delete lists associated with group first. @group.destroy - flash.notice = "Group Deleted!" + flash[:notice] = "Group Deleted!" redirect_to dashboard_path end diff --git a/app/views/groups/edit.html.erb b/app/views/groups/edit.html.erb index 884fbc9..1ac5ef2 100644 --- a/app/views/groups/edit.html.erb +++ b/app/views/groups/edit.html.erb @@ -1,3 +1,5 @@

Edit a Group

<%= render partial: 'groups/form' %> + +<%= link_to 'Back', group_path(@group) %> diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb index fbad38e..ac5f307 100644 --- a/app/views/groups/show.html.erb +++ b/app/views/groups/show.html.erb @@ -7,7 +7,7 @@

<% if !@user_list.empty? %> - <%= link_to 'View your Wish list', group_list_path(@group, @user_list[0]) %> + <%= link_to 'View your Wish List', group_list_path(@group, @user_list[0]) %> <% else %> <%= link_to 'Create a Wish List', group_lists_path(@group), method: :post %> <% end %> From 8abf8c726d36405d590069152f51d3981ed3ec70 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 16:59:54 -0600 Subject: [PATCH 14/42] Adds full CRUD functionality to items within a list. --- app/controllers/items_controller.rb | 53 ++++++++++++++++++++++++----- app/views/items/_form.html.erb | 8 ++--- app/views/items/edit.html.erb | 5 +++ app/views/items/show.html.erb | 15 ++++++++ 4 files changed, 69 insertions(+), 12 deletions(-) diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb index dbb2b18..6033778 100644 --- a/app/controllers/items_controller.rb +++ b/app/controllers/items_controller.rb @@ -1,15 +1,15 @@ class ItemsController < ApplicationController + before_action :set_group, only: [:new, :create, :show, :edit, :destroy] + before_action :set_list, only: [:new, :create, :show, :edit, :destroy] + before_action :set_item, only: [:show, :edit, :update, :destroy] + before_action :set_user, only: [:create, :show] # check if needed in `show` + def new - @group = Group.find(params[:group_id]) - @list = List.find(params[:list_id]) @item = Item.new end def create @item = Item.new(item_params) - @list = List.find(params[:list_id]) - @group = Group.find(params[:group_id]) - @user = @list.user @item.lists_id = @list.id if @item.save redirect_to group_list_path(@group, @list) @@ -20,14 +20,51 @@ def create end def show - @user = User.find(params[:id]) - @group = Group.find(params[:group_id]) - @list = @user.lists + @item_owner = item_owner?(current_user, @user) + end + + def edit + end + + def update + if @item.update(item_params) + redirect_to group_list_item_path(@item) + flash[:notice] = "Item, #{@item.name}, updated." + else + flash[:warning] = 'An error occurred, please try again.' + render 'edit' + end + end + + def destroy + flash.notice = "Item, #{@item.name}, Deleted!" + @item.destroy + redirect_to group_list_path(@group, @list) end private + def set_item + @item = Item.find(params[:id]) + end + + def set_user + @user = @list.user + end + + def set_group + @group = Group.find(params[:group_id]) + end + + def set_list + @list = List.find(params[:list_id]) + end + def item_params params.require(:item).permit(:name, :description, :note, :size) end + + def item_owner?(current_user, user) + current_user.id == user.id + end end diff --git a/app/views/items/_form.html.erb b/app/views/items/_form.html.erb index b23f498..6a6d3a7 100644 --- a/app/views/items/_form.html.erb +++ b/app/views/items/_form.html.erb @@ -7,14 +7,14 @@ <%= f.label :description %> <%= f.text_area :description %> -
- <%= f.label :note %> - <%= f.text_area :note %> -
<%= f.label :size %> <%= f.text_field :size %>
+
+ <%= f.label :note %> + <%= f.text_area :note %> +
<%= f.submit %>
diff --git a/app/views/items/edit.html.erb b/app/views/items/edit.html.erb index e69de29..f7a5828 100644 --- a/app/views/items/edit.html.erb +++ b/app/views/items/edit.html.erb @@ -0,0 +1,5 @@ +

Edit Item

+ +<%= render partial: 'items/form' %> + +<%= link_to 'Back', group_list_item_path(@group, @list, @item) %> diff --git a/app/views/items/show.html.erb b/app/views/items/show.html.erb index e69de29..d476d65 100644 --- a/app/views/items/show.html.erb +++ b/app/views/items/show.html.erb @@ -0,0 +1,15 @@ +

Item Information

+<%= link_to "#{@user.first_name} #{@user.last_name}'s item", user_path(@user) %> +
    +
  • Name: <%= "#{@item.name}" %>
    • +
  • Description: <%= "#{@item.description}" %>
    • +
  • Size: <%= "#{@item.size}" %>
    • +
  • Note: <%= "#{@item.note}" %>
    • +
+ +<% if @item_owner %> +<%= link_to 'Edit Item', edit_group_list_item_path(@group, @list, @item) %> +<%= link_to 'Delete Item', group_list_item_path(@group, @list, @item), method: :delete, data: { confirm: 'Are you sure?' } %> +<% end %> +
+<%= link_to 'Back', group_list_path(@group, @list) %> From 8a0b03ba4b9d32ddba5aa22347e90d90a748499e Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 17:00:34 -0600 Subject: [PATCH 15/42] Rewords link text. --- app/views/lists/show.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/lists/show.html.erb b/app/views/lists/show.html.erb index f346fcb..07ff481 100644 --- a/app/views/lists/show.html.erb +++ b/app/views/lists/show.html.erb @@ -1,7 +1,7 @@

<%= "#{@user.first_name} #{@user.last_name}'s wishlist for the #{@group.name} group" %>

-<%= link_to 'Create a new item for your list', new_group_list_item_path(@group, @list) %> +<%= link_to 'Create a new Wish list item', new_group_list_item_path(@group, @list) %>
    <% @items.each do |item| %>
  • <%= link_to "#{item.name}", group_list_item_path(@group, @list, item.id) %>
    • From f117078820713dbcba7ec865d2bbbbc2bb2ba16c Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 17:33:24 -0600 Subject: [PATCH 16/42] Makes 'Back' links on each page consistent with their wording to where it links to. --- app/views/groups/edit.html.erb | 2 +- app/views/groups/new.html.erb | 2 ++ app/views/groups/show.html.erb | 2 +- app/views/items/edit.html.erb | 2 +- app/views/items/new.html.erb | 2 ++ app/views/items/show.html.erb | 2 +- app/views/lists/show.html.erb | 2 +- app/views/users/index.html.erb | 2 ++ app/views/users/show.html.erb | 3 ++- 9 files changed, 13 insertions(+), 6 deletions(-) diff --git a/app/views/groups/edit.html.erb b/app/views/groups/edit.html.erb index 1ac5ef2..dfc368a 100644 --- a/app/views/groups/edit.html.erb +++ b/app/views/groups/edit.html.erb @@ -2,4 +2,4 @@ <%= render partial: 'groups/form' %> -<%= link_to 'Back', group_path(@group) %> +<%= link_to 'Back to Group', group_path(@group) %> diff --git a/app/views/groups/new.html.erb b/app/views/groups/new.html.erb index 870a96c..249b18e 100644 --- a/app/views/groups/new.html.erb +++ b/app/views/groups/new.html.erb @@ -1,3 +1,5 @@

    Create a Group

    <%= render partial: 'groups/form' %> + +<%= link_to 'Back to Dashboard', dashboard_path %> diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb index ac5f307..bd3d9df 100644 --- a/app/views/groups/show.html.erb +++ b/app/views/groups/show.html.erb @@ -26,4 +26,4 @@ Users in this group:
    -<%= link_to 'Back', dashboard_path %> +<%= link_to 'Back to Dashboard', dashboard_path %> diff --git a/app/views/items/edit.html.erb b/app/views/items/edit.html.erb index f7a5828..ebdda12 100644 --- a/app/views/items/edit.html.erb +++ b/app/views/items/edit.html.erb @@ -2,4 +2,4 @@ <%= render partial: 'items/form' %> -<%= link_to 'Back', group_list_item_path(@group, @list, @item) %> +<%= link_to 'Back to Item', group_list_item_path(@group, @list, @item) %> diff --git a/app/views/items/new.html.erb b/app/views/items/new.html.erb index addeee4..04cbb29 100644 --- a/app/views/items/new.html.erb +++ b/app/views/items/new.html.erb @@ -1,3 +1,5 @@

    Create a list item

    <%= render partial: 'items/form' %> + +<%= link_to 'Back to List', group_list_path(@group, @list) %> diff --git a/app/views/items/show.html.erb b/app/views/items/show.html.erb index d476d65..cdff0bf 100644 --- a/app/views/items/show.html.erb +++ b/app/views/items/show.html.erb @@ -12,4 +12,4 @@ <%= link_to 'Delete Item', group_list_item_path(@group, @list, @item), method: :delete, data: { confirm: 'Are you sure?' } %> <% end %>
    -<%= link_to 'Back', group_list_path(@group, @list) %> +<%= link_to 'Back to List', group_list_path(@group, @list) %> diff --git a/app/views/lists/show.html.erb b/app/views/lists/show.html.erb index 07ff481..493d787 100644 --- a/app/views/lists/show.html.erb +++ b/app/views/lists/show.html.erb @@ -8,4 +8,4 @@ <% end %>
-<%= link_to 'Back', group_path(@group.id) %> +<%= link_to 'Back to Group', group_path(@group.id) %> diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb index 4994a00..7136931 100644 --- a/app/views/users/index.html.erb +++ b/app/views/users/index.html.erb @@ -1,3 +1,5 @@ + + <% if current_user %>

<%= "Welcome, #{current_user.first_name || current_user.email}." %>

<%= link_to 'Sign Out', logout_path, method: :delete %> diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index dd90cce..eb63080 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -7,4 +7,5 @@ Email: <%= @user.email %> <% if @own_profile %> <%= link_to 'Update Your Information', edit_user_path(@user.id) %> <% end %> -<%= link_to 'Back', dashboard_path %> +
+<%= link_to 'Back to Dashboard', dashboard_path %> From f930127f21d5e1b884ea353af16a0419b84e78a0 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 18:00:42 -0600 Subject: [PATCH 17/42] Makes 'Back' link consistent with wording where it links to. --- app/views/users/edit.html.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb index 6f48d80..5c9eadf 100644 --- a/app/views/users/edit.html.erb +++ b/app/views/users/edit.html.erb @@ -37,3 +37,5 @@ <%= f.submit 'Update Password' %> <% end %> +
+<%= link_to 'Back to Profile', profile_path %> From 255dd7932bd48187f1053f7eb3e3d11c1547c935 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 18:48:01 -0600 Subject: [PATCH 18/42] Adds the authorized_user helper method to render links within multiple views based on the boolean return value. --- app/controllers/application_controller.rb | 6 +++++- app/controllers/groups_controller.rb | 10 +++++++++- app/controllers/items_controller.rb | 6 +----- app/controllers/lists_controller.rb | 1 + app/controllers/users_controller.rb | 14 ++------------ app/views/groups/show.html.erb | 12 +++++++----- app/views/items/show.html.erb | 2 +- app/views/lists/show.html.erb | 5 +++-- app/views/users/show.html.erb | 2 +- 9 files changed, 30 insertions(+), 28 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6868d20..fe88aaf 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,11 @@ class ApplicationController < ActionController::Base - helper_method :current_user + helper_method :current_user, :authorized_user def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] end + + def authorized_user(other_user) + current_user.id == other_user.id + end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index a215b60..1b6b592 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -14,7 +14,7 @@ def create @group.owner_id = current_user.id # Add user as owner # CREATE THE WISHLIST HERE! SET IT AS THE OWNER'S LIST if @group.save - redirect_to group_path(@group) # Find the group page + redirect_to group_path(@group) else flash[:notice] = 'The group name is already taken. Please choose another name.' redirect_to new_group_path(@group) @@ -24,6 +24,8 @@ def create def show @user_list = @group.lists.where(['user_id = :user_id and group_id = :group_id', { user_id: current_user.id, group_id: @group.id }]) + @authorized_user = authorized_user(User.find(@group.owner_id)) + @belonging_user = belonging_user(@user_list) end def edit @@ -55,4 +57,10 @@ def set_group def group_params params.require(:group).permit(:name, :description, :owner_id) end + + def belonging_user(user_list) + user_list.any? do |user| + user.user_id == current_user.id + end + end end diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb index 6033778..1df0bff 100644 --- a/app/controllers/items_controller.rb +++ b/app/controllers/items_controller.rb @@ -20,7 +20,7 @@ def create end def show - @item_owner = item_owner?(current_user, @user) + @authorized_user = authorized_user(@user) end def edit @@ -63,8 +63,4 @@ def set_list def item_params params.require(:item).permit(:name, :description, :note, :size) end - - def item_owner?(current_user, user) - current_user.id == user.id - end end diff --git a/app/controllers/lists_controller.rb b/app/controllers/lists_controller.rb index e1422a1..5ffa003 100644 --- a/app/controllers/lists_controller.rb +++ b/app/controllers/lists_controller.rb @@ -12,5 +12,6 @@ def show @user = @list.user @group = Group.find(params[:group_id]) @items = Item.where(['lists_id = :list_id', { list_id: @list.id }]) + @authorized_user = authorized_user(@user) end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 7df8709..236601a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -21,7 +21,7 @@ def create def profile if @user - @own_profile = true + @authorized_user = true render 'show' else redirect_to root_url @@ -31,17 +31,7 @@ def profile def show @user = User.find(params[:id]) - - # if params[:id] && current_user - @own_profile = own_profile?(current_user, params[:id]) - # @user = User.find(params[:id]) - # elsif current_user - # @own_profile = true - # set_user - # else - # redirect_to root_url - # flash[:warning] = 'You must be logged in first.' - # end + @authorized_user = authorized_user(@user) end def edit diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb index bd3d9df..2834447 100644 --- a/app/views/groups/show.html.erb +++ b/app/views/groups/show.html.erb @@ -2,13 +2,15 @@ <%= @group.description %>

-<%= link_to 'Edit Group', edit_group_path %> -<%= link_to 'Delete Group', group_path, method: :delete, data: { confirm: 'Are you sure? This cannot be undone.' } %> -
-
+<% if @authorized_user %> + <%= link_to 'Edit Group', edit_group_path %> + <%= link_to 'Delete Group', group_path, method: :delete, data: { confirm: 'Are you sure? This cannot be undone.' } %> +
+
+<% end %> <% if !@user_list.empty? %> <%= link_to 'View your Wish List', group_list_path(@group, @user_list[0]) %> -<% else %> +<% elsif @user_list.empty? && @belonging_user %> <%= link_to 'Create a Wish List', group_lists_path(@group), method: :post %> <% end %> diff --git a/app/views/items/show.html.erb b/app/views/items/show.html.erb index cdff0bf..60bd91e 100644 --- a/app/views/items/show.html.erb +++ b/app/views/items/show.html.erb @@ -7,7 +7,7 @@
  • Note: <%= "#{@item.note}" %>
    • -<% if @item_owner %> +<% if @authorized_user %> <%= link_to 'Edit Item', edit_group_list_item_path(@group, @list, @item) %> <%= link_to 'Delete Item', group_list_item_path(@group, @list, @item), method: :delete, data: { confirm: 'Are you sure?' } %> <% end %> diff --git a/app/views/lists/show.html.erb b/app/views/lists/show.html.erb index 493d787..08c31f0 100644 --- a/app/views/lists/show.html.erb +++ b/app/views/lists/show.html.erb @@ -1,7 +1,8 @@

    <%= "#{@user.first_name} #{@user.last_name}'s wishlist for the #{@group.name} group" %>

    - -<%= link_to 'Create a new Wish list item', new_group_list_item_path(@group, @list) %> +<% if @authorized_user %> + <%= link_to 'Create a new Wish list item', new_group_list_item_path(@group, @list) %> +<% end %>
      <% @items.each do |item| %>
    • <%= link_to "#{item.name}", group_list_item_path(@group, @list, item.id) %>
      • diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index eb63080..6bee869 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -4,7 +4,7 @@ Name: <%= "#{@user.first_name} #{@user.last_name}" %> Email: <%= @user.email %>
      -<% if @own_profile %> +<% if @authorized_user %> <%= link_to 'Update Your Information', edit_user_path(@user.id) %> <% end %>
      From b07cc19bd981d8c3689e16ac66a74b677113f872 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 18:50:41 -0600 Subject: [PATCH 19/42] Adds profile link to list#show. --- app/views/lists/show.html.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/views/lists/show.html.erb b/app/views/lists/show.html.erb index 08c31f0..3027515 100644 --- a/app/views/lists/show.html.erb +++ b/app/views/lists/show.html.erb @@ -1,5 +1,7 @@

      <%= "#{@user.first_name} #{@user.last_name}'s wishlist for the #{@group.name} group" %>

      +<%= link_to "#{@user.first_name} #{@user.last_name}'s list", user_path(@user) %> +
      <% if @authorized_user %> <%= link_to 'Create a new Wish list item', new_group_list_item_path(@group, @list) %> <% end %> From 1c78c2058288e7c63e2e8c6633450372ef5877c3 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 20:53:32 -0600 Subject: [PATCH 20/42] When a group is created, the owner's Wish List is created as well. --- app/controllers/groups_controller.rb | 9 ++++++++- app/controllers/lists_controller.rb | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 1b6b592..62d14f7 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -12,8 +12,8 @@ def create @group = Group.new(group_params) @group.user_ids = current_user.id # Add user as a user @group.owner_id = current_user.id # Add user as owner - # CREATE THE WISHLIST HERE! SET IT AS THE OWNER'S LIST if @group.save + create_list redirect_to group_path(@group) else flash[:notice] = 'The group name is already taken. Please choose another name.' @@ -50,6 +50,13 @@ def destroy private + def create_list + @list = List.new + @list.user_id = current_user.id + @list.group_id = @group.id + @list.save + end + def set_group @group = Group.find(params[:id]) end diff --git a/app/controllers/lists_controller.rb b/app/controllers/lists_controller.rb index 5ffa003..0d05c06 100644 --- a/app/controllers/lists_controller.rb +++ b/app/controllers/lists_controller.rb @@ -1,5 +1,6 @@ class ListsController < ApplicationController def create + # REMOVE THIS METHOD?!? @list = List.new @list.user_id = current_user.id @list.group_id = params[:group_id] From a242771987bfc163805aa81ee76b9f429a393781 Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 21:20:32 -0600 Subject: [PATCH 21/42] Adds tests for logging in, adds file for future tests. --- spec/features/groups/group_spec.rb | 18 +++++++++++ spec/features/session/user_can_login_spec.rb | 31 +++++++++++++++++++ spec/features/users/user_can_signup_spec.rb | 6 ++-- .../user_can_visit_welcome_page_spec.rb | 2 ++ spec/helpers/sessions_helper_spec.rb | 2 +- spec/views/sessions/new.html.erb_spec.rb | 5 --- 6 files changed, 55 insertions(+), 9 deletions(-) create mode 100644 spec/features/groups/group_spec.rb create mode 100644 spec/features/session/user_can_login_spec.rb delete mode 100644 spec/views/sessions/new.html.erb_spec.rb diff --git a/spec/features/groups/group_spec.rb b/spec/features/groups/group_spec.rb new file mode 100644 index 0000000..b24457b --- /dev/null +++ b/spec/features/groups/group_spec.rb @@ -0,0 +1,18 @@ +require 'rails_helper' + +xdescribe 'groups' do + before { @user = User.create(first_name: 'Raa', last_name: 'Zzz', email: 'email@raa.zzz', password: 'passpass') } + context 'are created' do + it 'correctly' do + @group_info = { name: 'This sdfis one adwesome grfoup', description: 'What a description' } + allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(@user) + visit new_group_path + fill_in('group_name', with: @group_info[:name]) + fill_in('group_description', with: @group_info[:description]) + click_on 'Create Group' + expect(page).to have_content "#{@group_info[:name]}" + expect(page).to have_content "#{@group_info[:description]}" + + end + end +end diff --git a/spec/features/session/user_can_login_spec.rb b/spec/features/session/user_can_login_spec.rb new file mode 100644 index 0000000..6254726 --- /dev/null +++ b/spec/features/session/user_can_login_spec.rb @@ -0,0 +1,31 @@ +require 'rails_helper' + +describe "user login" do + # Examples + # before { @user = User.create() } + # let(:user) { User.create() } + # let!(:user) { User.create() } + before { @user = User.create(first_name: 'Test', last_name: 'Ing', email: 'test@ing.com', password: 'password') } + context 'with correct login information' do + it 'can login' do + visit new_session_path + fill_in('email', with: @user.email) + fill_in('password', with: @user.password) + click_on 'Log In' + + expect(current_path).to eq dashboard_path + end + end + context 'with incorrect login information' do + it 'rejects login' do + visit new_session_path + fill_in('email', with: @user.email) + fill_in('password', with: @user.first_name) + click_on 'Log In' + + expect(current_path).to eq sessions_path + expect(page).to have_content 'Email or password is invalid' + + end + end +end diff --git a/spec/features/users/user_can_signup_spec.rb b/spec/features/users/user_can_signup_spec.rb index 29a6883..a848f9f 100644 --- a/spec/features/users/user_can_signup_spec.rb +++ b/spec/features/users/user_can_signup_spec.rb @@ -18,7 +18,7 @@ fill_in('password', with: 'passpass') click_on 'Log In' - expect(current_path).to eq root_path + expect(current_path).to eq dashboard_path expect(page).to have_content 'Welcome, Ra.' expect(page).to have_link 'Sign Out' expect(page).to have_link 'Profile' @@ -28,11 +28,11 @@ end context 'as an existing, logged in user' do - it 'redirects from /signup to root' do + it 'redirects from /signup to dashboard' do u = User.create(first_name: 'Raa', last_name: 'Zzz', email: 'email@raa.zzz', password: 'passpass') allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(u) visit signup_path - expect(current_path).to eq root_path + expect(current_path).to eq dashboard_path end end end diff --git a/spec/features/welcome/user_can_visit_welcome_page_spec.rb b/spec/features/welcome/user_can_visit_welcome_page_spec.rb index 20084ca..f8b952e 100644 --- a/spec/features/welcome/user_can_visit_welcome_page_spec.rb +++ b/spec/features/welcome/user_can_visit_welcome_page_spec.rb @@ -3,6 +3,8 @@ describe 'welcome page' do it 'has information about secret santa' do visit '/' + expect(page).to have_link 'Log In' + expect(page).to have_link 'Sign Up' within('h1') do expect(page).to have_content 'Welcome to Secret Santa' diff --git a/spec/helpers/sessions_helper_spec.rb b/spec/helpers/sessions_helper_spec.rb index 9484198..a98efb2 100644 --- a/spec/helpers/sessions_helper_spec.rb +++ b/spec/helpers/sessions_helper_spec.rb @@ -11,5 +11,5 @@ # end # end RSpec.describe SessionsHelper, type: :helper do - pending "add some examples to (or delete) #{__FILE__}" + # pending "add some examples to (or delete) #{__FILE__}" end diff --git a/spec/views/sessions/new.html.erb_spec.rb b/spec/views/sessions/new.html.erb_spec.rb deleted file mode 100644 index 6de37da..0000000 --- a/spec/views/sessions/new.html.erb_spec.rb +++ /dev/null @@ -1,5 +0,0 @@ -require 'rails_helper' - -RSpec.describe "sessions/new.html.erb", type: :view do - pending "add some examples to (or delete) #{__FILE__}" -end From 500d40ee795f7c59d37e9e66de72acfddb03e0bf Mon Sep 17 00:00:00 2001 From: Kurt Date: Mon, 1 Oct 2018 21:21:13 -0600 Subject: [PATCH 22/42] Removed unnecessary private helper method. --- app/controllers/users_controller.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 236601a..053df3a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -65,10 +65,6 @@ def validate_params(string) end end - def own_profile?(current_user, user_profile_id) - current_user.id == user_profile_id.to_i - end - def user_params params.require(:user).permit(:email, :first_name, :last_name, :password, :password_confirmation) end From 089a658cfb4118659e833d792c236f8fc8cb13db Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 9 Oct 2018 21:08:47 -0600 Subject: [PATCH 23/42] Modifies redirection paths. --- app/controllers/groups_controller.rb | 2 +- app/controllers/sessions_controller.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 62d14f7..e361592 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -17,7 +17,7 @@ def create redirect_to group_path(@group) else flash[:notice] = 'The group name is already taken. Please choose another name.' - redirect_to new_group_path(@group) + redirect_to new_group_path end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 92e34cc..0329bed 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -6,7 +6,7 @@ def create user = User.find_by(email: params[:email]) if user && user.authenticate(params[:password]) session[:user_id] = user.id - redirect_to root_path + redirect_to dashboard_path else flash[:warning] = 'Email or password is invalid' render 'new' From 404095fc49a3ec98a7c8780d45815962bc166aff Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 10:18:33 -0600 Subject: [PATCH 24/42] Removes unnecessary file. --- app/views/items/destroy.html.erb | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 app/views/items/destroy.html.erb diff --git a/app/views/items/destroy.html.erb b/app/views/items/destroy.html.erb deleted file mode 100644 index e69de29..0000000 From 6948e83a09b098cdd70e9434f414ac30c21d3619 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:29:39 -0600 Subject: [PATCH 25/42] Adds redirection to root path unless a user is logged in, blocking access to the application. --- app/controllers/application_controller.rb | 10 ++++++++++ app/controllers/sessions_controller.rb | 2 ++ app/controllers/welcome_controller.rb | 2 ++ 3 files changed, 14 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fe88aaf..5e5a605 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,6 @@ class ApplicationController < ActionController::Base helper_method :current_user, :authorized_user + before_action :root_path_if_not_logged_in def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id] @@ -8,4 +9,13 @@ def current_user def authorized_user(other_user) current_user.id == other_user.id end + + def logged_in? + current_user != nil + end + + def root_path_if_not_logged_in + flash[:warning] = 'You need to be logged in first.' unless logged_in? + redirect_to root_path unless logged_in? + end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 0329bed..55ad669 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,4 +1,6 @@ class SessionsController < ApplicationController + skip_before_action :root_path_if_not_logged_in, only: [:new, :create] + def new end diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index 4a76052..8db4a2a 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -1,4 +1,6 @@ class WelcomeController < ApplicationController + skip_before_action :root_path_if_not_logged_in, only: :index + def index if current_user redirect_to dashboard_path From db04d824834cfa4e9c9d038563cad613105443e2 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:30:53 -0600 Subject: [PATCH 26/42] Adds exception to redirection to root path for users#new, create. --- app/controllers/users_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index fd16452..3094985 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,4 +1,5 @@ class UsersController < ApplicationController + skip_before_action :root_path_if_not_logged_in, only: [:new, :create] before_action :set_user, only: [:edit, :update, :profile] def new From 4d3e2420e58d4fb786a57ab33a0c7ae174fdacca Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:31:55 -0600 Subject: [PATCH 27/42] Adds flash notice on group creation, reduces instance variables for show page. --- app/controllers/groups_controller.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index aea929c..d10d152 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -15,18 +15,16 @@ def create @group.owner_id = current_user.id # Add user as owner if @group.save create_list + flash[:notice] = 'Group created successfully.' redirect_to group_path(@group) else flash[:notice] = 'The group name is already taken. Please choose another name.' - redirect_to new_group_path + render 'new' end end def show - @user_list = @group.lists.where(['user_id = :user_id and group_id = :group_id', - { user_id: current_user.id, group_id: @group.id }]) - @authorized_user = authorized_user(User.find(@group.owner_id)) - @belonging_user = belonging_user(@user_list) + @user_wish_list = @group.user_wish_list(current_user) end def edit From f629b0e3cfb270d74e15cd8c48940d9672a4a8c0 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:34:38 -0600 Subject: [PATCH 28/42] Fixes update action redirection bug. Reduces instance variables in show action. --- app/controllers/items_controller.rb | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb index 1df0bff..d03ea9f 100644 --- a/app/controllers/items_controller.rb +++ b/app/controllers/items_controller.rb @@ -1,8 +1,8 @@ class ItemsController < ApplicationController - before_action :set_group, only: [:new, :create, :show, :edit, :destroy] - before_action :set_list, only: [:new, :create, :show, :edit, :destroy] + before_action :set_group + before_action :set_list before_action :set_item, only: [:show, :edit, :update, :destroy] - before_action :set_user, only: [:create, :show] # check if needed in `show` + before_action :set_user, only: [:create, :show] def new @item = Item.new @@ -10,7 +10,7 @@ def new def create @item = Item.new(item_params) - @item.lists_id = @list.id + @item.list_id = @list.id if @item.save redirect_to group_list_path(@group, @list) else @@ -20,7 +20,6 @@ def create end def show - @authorized_user = authorized_user(@user) end def edit @@ -28,8 +27,8 @@ def edit def update if @item.update(item_params) - redirect_to group_list_item_path(@item) flash[:notice] = "Item, #{@item.name}, updated." + redirect_to group_list_item_path(@group, @list, @item) else flash[:warning] = 'An error occurred, please try again.' render 'edit' From bd3959b796f6db20b717f8ee40f052e4f162f5b8 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:35:53 -0600 Subject: [PATCH 29/42] Makes use of ActiveRecord relationship of lists and items, removes unused create action. --- app/controllers/lists_controller.rb | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/app/controllers/lists_controller.rb b/app/controllers/lists_controller.rb index 0d05c06..a16d635 100644 --- a/app/controllers/lists_controller.rb +++ b/app/controllers/lists_controller.rb @@ -1,18 +1,9 @@ class ListsController < ApplicationController - def create - # REMOVE THIS METHOD?!? - @list = List.new - @list.user_id = current_user.id - @list.group_id = params[:group_id] - @list.save - redirect_to group_path(params[:group_id]) - end - def show @list = List.find(params[:id]) @user = @list.user @group = Group.find(params[:group_id]) - @items = Item.where(['lists_id = :list_id', { list_id: @list.id }]) + @items = @list.items @authorized_user = authorized_user(@user) end end From 20194cc8c92149166ab0a3dd179805196f57237f Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:37:03 -0600 Subject: [PATCH 30/42] Renames group.user to group.owner to be more clear. Adds model method for querying user_wish_list. --- app/models/group.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/models/group.rb b/app/models/group.rb index bfe65e7..c6c5144 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -2,8 +2,14 @@ class Group < ApplicationRecord has_many :user_groups has_many :users, through: :user_groups has_many :lists - belongs_to :user, foreign_key: :owner_id + belongs_to :owner, foreign_key: :owner_id, class_name: 'User' validates_uniqueness_of :name validates :description, presence: true validates :owner_id, presence: true + + def user_wish_list(user) + list = self.lists.where(['user_id = :user_id AND group_id = :group_id', + { user_id: user.id, group_id: self.id }]) + list[0] + end end From b6dbec7c18f6cb7eadb5aa8d019ae4f86197e4da Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:37:54 -0600 Subject: [PATCH 31/42] Changes list relation from 'has_one' to 'belongs_to'. --- app/models/item.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/item.rb b/app/models/item.rb index 0ced207..f333004 100644 --- a/app/models/item.rb +++ b/app/models/item.rb @@ -1,5 +1,5 @@ class Item < ApplicationRecord - has_one :list + belongs_to :list validates :name, presence: true validates :description, presence: true end From 2d4ad4e2e159ef9987212f39c5bb0b33ef83e92b Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:39:22 -0600 Subject: [PATCH 32/42] Utilizes helper method. Uses group model method. --- app/views/groups/show.html.erb | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb index 2834447..7f9a2b7 100644 --- a/app/views/groups/show.html.erb +++ b/app/views/groups/show.html.erb @@ -2,16 +2,14 @@ <%= @group.description %>

      -<% if @authorized_user %> +<% if authorized_user(User.find(@group.owner_id)) %> <%= link_to 'Edit Group', edit_group_path %> <%= link_to 'Delete Group', group_path, method: :delete, data: { confirm: 'Are you sure? This cannot be undone.' } %>

      <% end %> -<% if !@user_list.empty? %> - <%= link_to 'View your Wish List', group_list_path(@group, @user_list[0]) %> -<% elsif @user_list.empty? && @belonging_user %> - <%= link_to 'Create a Wish List', group_lists_path(@group), method: :post %> +<% if @user_wish_list %> + <%= link_to 'View your Wish List', group_list_path(@group, @user_wish_list.id) %> <% end %>
      @@ -19,8 +17,7 @@ Users in this group:
        <% @group.users.each do |user| %> - <% wish_list = user.lists.where(['user_id = :user_id and group_id = :group_id', { user_id: user.id, group_id: @group.id }]) %> -
      • <%= "#{user.first_name} #{user.last_name}: " %> <%= link_to 'Profile', user_path(user.id) %> <%= link_to "Wish List", group_list_path(@group.id, wish_list[0].id) unless wish_list.empty? %>
        • +
      • <%= "#{user.first_name} #{user.last_name}: " %> <%= link_to 'Profile', user_path(user.id) %> <%= link_to "Wish List", group_list_path(@group.id, @group.user_wish_list(user).id) %>
        • <% end %>
      From a84c7e11401380f8b3baf06957dfd295f4c7d8e4 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:40:35 -0600 Subject: [PATCH 33/42] Utilizes authorized_user helper method. Adds more information to the question when user deletes an item. --- app/views/items/show.html.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/items/show.html.erb b/app/views/items/show.html.erb index 60bd91e..83c35fa 100644 --- a/app/views/items/show.html.erb +++ b/app/views/items/show.html.erb @@ -7,9 +7,9 @@
    • Note: <%= "#{@item.note}" %>
    -<% if @authorized_user %> +<% if authorized_user(@user) %> <%= link_to 'Edit Item', edit_group_list_item_path(@group, @list, @item) %> -<%= link_to 'Delete Item', group_list_item_path(@group, @list, @item), method: :delete, data: { confirm: 'Are you sure?' } %> +<%= link_to 'Delete Item', group_list_item_path(@group, @list, @item), method: :delete, data: { confirm: "Are you sure you want to delete item: #{@item.name}?" } %> <% end %>
    <%= link_to 'Back to List', group_list_path(@group, @list) %> From b28ed64c060298c0836eb84f384a387156c08ae7 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:41:02 -0600 Subject: [PATCH 34/42] Removes empty file. --- app/views/lists/new.html.erb | 1 - 1 file changed, 1 deletion(-) delete mode 100644 app/views/lists/new.html.erb diff --git a/app/views/lists/new.html.erb b/app/views/lists/new.html.erb deleted file mode 100644 index 57d4228..0000000 --- a/app/views/lists/new.html.erb +++ /dev/null @@ -1 +0,0 @@ -

    Create a Wish List

    From 2a01a7e8acb71eb4b14a4730a0b8138c3ebcae33 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:41:47 -0600 Subject: [PATCH 35/42] Utilizes authorized_user helper method. Changes create item link text. --- app/views/lists/show.html.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/lists/show.html.erb b/app/views/lists/show.html.erb index 3027515..3c0f8a3 100644 --- a/app/views/lists/show.html.erb +++ b/app/views/lists/show.html.erb @@ -2,8 +2,8 @@ <%= link_to "#{@user.first_name} #{@user.last_name}'s list", user_path(@user) %>
    -<% if @authorized_user %> - <%= link_to 'Create a new Wish list item', new_group_list_item_path(@group, @list) %> +<% if authorized_user(@user) %> + <%= link_to 'Add an item to your wish list', new_group_list_item_path(@group, @list) %> <% end %>
      <% @items.each do |item| %> From 6036e9d0f87335431fad51eed679458a830f364f Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:42:18 -0600 Subject: [PATCH 36/42] Limits lists to only the show route. --- config/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/routes.rb b/config/routes.rb index 059b3f9..c9f6ddc 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -16,7 +16,7 @@ resources :users, only: [:show, :create, :edit, :update] resources :groups do - resources :lists do + resources :lists, only: [:show] do resources :items end end From c28dae6fb3e703914955c6cb9a23197129cf4021 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:43:03 -0600 Subject: [PATCH 37/42] Removes single 's' from ':lists' to fix incorrect entry. --- db/migrate/20181001004651_create_items.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/migrate/20181001004651_create_items.rb b/db/migrate/20181001004651_create_items.rb index 22ef76f..0612cfb 100644 --- a/db/migrate/20181001004651_create_items.rb +++ b/db/migrate/20181001004651_create_items.rb @@ -5,7 +5,7 @@ def change t.text :description t.text :note t.text :size - t.references :lists, foreign_key: true + t.references :list, foreign_key: true end end end From 80b79aa608e4c6c266b6fe7687735250d43073ea Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:43:23 -0600 Subject: [PATCH 38/42] Adds more information to database seeds. --- db/seeds.rb | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/db/seeds.rb b/db/seeds.rb index 0ec7c36..7e76129 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -6,8 +6,27 @@ # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) # Character.create(name: 'Luke', movie: movies.first) 10.times do - User.create!(first_name: Faker::LordOfTheRings.character, - last_name: Faker::LordOfTheRings.character, - email: Faker::SiliconValley.email, - password: Faker::LordOfTheRings.location) + first_name = Faker::LordOfTheRings.character + last_name = Faker::Name.last_name + user = User.create!(first_name: first_name, + last_name: last_name, + email: "#{first_name.downcase}@#{last_name.downcase}.com".gsub(' ', ''), + password: 'asdf;lkjpoiuqwer', + password_confirmation: 'asdf;lkjpoiuqwer') + + group = Group.create!(name: Faker::MostInterestingManInTheWorld.unique.quote, + description: Faker::GameOfThrones.quote, + owner_id: user.id) + + group.user_ids << user.id + user.groups << group + + list = List.create!(user_id: user.id, group_id: group.id) + 5.times do + item = Item.create!(name: Faker::Fallout.character, + description: Faker::FamousLastWords.last_words, + note: Faker::Myst.quote, + size: Faker::Measurement.weight, + list_id: list.id) + end end From 24992ed396448d014123523bb45b89a05ccfaca6 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 14:43:57 -0600 Subject: [PATCH 39/42] Changes schema correcting lists/item relationship. --- db/schema.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/db/schema.rb b/db/schema.rb index 7843209..78b0438 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -27,8 +27,8 @@ t.text "description" t.text "note" t.text "size" - t.bigint "lists_id" - t.index ["lists_id"], name: "index_items_on_lists_id" + t.bigint "list_id" + t.index ["list_id"], name: "index_items_on_list_id" end create_table "lists", force: :cascade do |t| @@ -54,7 +54,7 @@ end add_foreign_key "groups", "users", column: "owner_id" - add_foreign_key "items", "lists", column: "lists_id" + add_foreign_key "items", "lists" add_foreign_key "lists", "groups" add_foreign_key "lists", "users" end From deff3d4aec3660de1d5221ca3eb6b46eda1511fe Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 16:22:54 -0600 Subject: [PATCH 40/42] Adds unauthorized_user method, checking on group and item creation and update, preventing unauthorized modification. --- app/controllers/application_controller.rb | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5e5a605..8269b94 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,5 @@ class ApplicationController < ActionController::Base - helper_method :current_user, :authorized_user + helper_method :current_user, :authorized_user, :unauthorized_user before_action :root_path_if_not_logged_in def current_user @@ -15,7 +15,16 @@ def logged_in? end def root_path_if_not_logged_in - flash[:warning] = 'You need to be logged in first.' unless logged_in? - redirect_to root_path unless logged_in? + if !logged_in? + flash[:warning] = 'You need to be logged in first.' + redirect_to root_path + end + end + + def unauthorized_user(user) + if !authorized_user(user) + flash[:warning] = 'This action is unauthorized.' + redirect_to root_path + end end end From e5bb93cdb56968c4d74b1810fb60393fb5b17564 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 16:24:05 -0600 Subject: [PATCH 41/42] Adds unauthorized checks with a before action, during create and update. --- app/controllers/groups_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index d10d152..6b8b1b9 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -1,5 +1,6 @@ class GroupsController < ApplicationController before_action :set_group, only: [:show, :edit, :update, :destroy] + before_action -> { unauthorized_user(@group.owner) }, only: [:update, :edit, :destroy] def index @groups = Group.all @@ -13,7 +14,7 @@ def create @group = Group.new(group_params) @group.user_ids = current_user.id # Add user as a user @group.owner_id = current_user.id # Add user as owner - if @group.save + if authorized_user(@group.owner) && @group.save create_list flash[:notice] = 'Group created successfully.' redirect_to group_path(@group) @@ -31,7 +32,7 @@ def edit end def update - if @group.update(group_params) + if authorized_user(@group.owner) && @group.update(group_params) flash[:notice] = "Group '#{@group.name}' updated!" redirect_to group_path(@group) else From aef663fe458f111da5a443580b27865bb44a1a74 Mon Sep 17 00:00:00 2001 From: Kurt Meyerhofer Date: Tue, 30 Oct 2018 16:25:33 -0600 Subject: [PATCH 42/42] Adds unauthorized checks with a before action, during create and update. --- app/controllers/items_controller.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb index d03ea9f..a0ed56a 100644 --- a/app/controllers/items_controller.rb +++ b/app/controllers/items_controller.rb @@ -2,7 +2,8 @@ class ItemsController < ApplicationController before_action :set_group before_action :set_list before_action :set_item, only: [:show, :edit, :update, :destroy] - before_action :set_user, only: [:create, :show] + before_action :set_user, except: :index + before_action -> { unauthorized_user(@user) }, except: [:show] def new @item = Item.new @@ -11,7 +12,7 @@ def new def create @item = Item.new(item_params) @item.list_id = @list.id - if @item.save + if authorized_user(@user) && @item.save redirect_to group_list_path(@group, @list) else flash[:warning] = 'Invalid entry.' @@ -26,7 +27,7 @@ def edit end def update - if @item.update(item_params) + if authorized_user(@user) && @item.update(item_params) flash[:notice] = "Item, #{@item.name}, updated." redirect_to group_list_item_path(@group, @list, @item) else