Wish list

app/controllers/application_controller.rb

@@ -1,5 +1,6 @@
 class ApplicationController < ActionController::Base
-  helper_method :current_user, :authorized_user
+  helper_method :current_user, :authorized_user, :unauthorized_user
+  before_action :root_path_if_not_logged_in
 
   def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
@@ -8,4 +9,22 @@ def current_user
   def authorized_user(other_user)
     current_user.id == other_user.id
   end
+
+  def logged_in?
+    current_user != nil
+  end
+
+  def root_path_if_not_logged_in
+    if !logged_in?
+      flash[:warning] = 'You need to be logged in first.'
+      redirect_to root_path
+    end
+  end
+
+  def unauthorized_user(user)
+    if !authorized_user(user)
+      flash[:warning] = 'This action is unauthorized.'
+      redirect_to root_path
+    end
+  end
 end

app/controllers/groups_controller.rb

@@ -1,5 +1,6 @@
 class GroupsController < ApplicationController
   before_action :set_group, only: [:show, :edit, :update, :destroy]
+  before_action -> { unauthorized_user(@group.owner) }, only: [:update, :edit, :destroy]
 
   def index
     @groups = Group.all
@@ -11,43 +12,62 @@ def new
 
   def create
     @group = Group.new(group_params)
-    @group.user_ids= current_user.id
-    if @group.save
-      redirect_to dashboard_path
+    @group.user_ids = current_user.id # Add user as a user
+    @group.owner_id = current_user.id # Add user as owner
+    if authorized_user(@group.owner) && @group.save
+      create_list
+      flash[:notice] = 'Group created successfully.'
+      redirect_to group_path(@group)
     else
+      flash[:notice] = 'The group name is already taken. Please choose another name.'
       render 'new'
     end
   end
 
   def show
+    @user_wish_list = @group.user_wish_list(current_user)
   end
 
   def edit
   end
 
   def update
-    if @group.update(group_params)
+    if authorized_user(@group.owner) && @group.update(group_params)
       flash[:notice] = "Group '#{@group.name}' updated!"
       redirect_to group_path(@group)
     else
       flash[:warning] = 'An error occurred, please try again.'
-      render 'edit'
+      redirect_to edit_group_path(@group)
     end
   end
 
   def destroy
+    # Destroy not working. Delete lists associated with group first.
     @group.destroy
-    flash[:notice] = 'Group Deleted!'
+    flash[:notice] = "Group Deleted!"
     redirect_to dashboard_path
   end
 
   private
 
+  def create_list
+    @list = List.new
+    @list.user_id = current_user.id
+    @list.group_id = @group.id
+    @list.save
+  end
+
   def set_group
-   @group = Group.find(params[:id])
+    @group = Group.find(params[:id])
   end
 
   def group_params
-    params.require(:group).permit(:name, :description)
+    params.require(:group).permit(:name, :description, :owner_id)
+  end
+
+  def belonging_user(user_list)
+    user_list.any? do |user|
+      user.user_id == current_user.id
+    end
   end
 end

app/controllers/items_controller.rb

@@ -0,0 +1,66 @@
+class ItemsController < ApplicationController
+  before_action :set_group
+  before_action :set_list
+  before_action :set_item, only: [:show, :edit, :update, :destroy]
+  before_action :set_user, except: :index
+  before_action -> { unauthorized_user(@user) }, except: [:show]
+
+  def new
+    @item = Item.new
+  end
+
+  def create
+    @item = Item.new(item_params)
+    @item.list_id = @list.id
+    if authorized_user(@user) && @item.save
+      redirect_to group_list_path(@group, @list)
+    else
+      flash[:warning] = 'Invalid entry.'
+      render 'new'
+    end
+  end
+
+  def show
+  end
+
+  def edit
+  end
+
+  def update
+    if authorized_user(@user) && @item.update(item_params)
+      flash[:notice] = "Item, #{@item.name}, updated."
+      redirect_to group_list_item_path(@group, @list, @item)
+    else
+      flash[:warning] = 'An error occurred, please try again.'
+      render 'edit'
+    end
+  end
+
+  def destroy
+    flash.notice = "Item, #{@item.name}, Deleted!"
+    @item.destroy
+    redirect_to group_list_path(@group, @list)
+  end
+
+  private
+
+  def set_item
+    @item = Item.find(params[:id])
+  end
+
+  def set_user
+    @user = @list.user
+  end
+
+  def set_group
+    @group = Group.find(params[:group_id])
+  end
+
+  def set_list
+    @list = List.find(params[:list_id])
+  end
+
+  def item_params
+    params.require(:item).permit(:name, :description, :note, :size)
+  end
+end

app/controllers/lists_controller.rb

@@ -0,0 +1,9 @@
+class ListsController < ApplicationController
+  def show
+    @list = List.find(params[:id])
+    @user = @list.user
+    @group = Group.find(params[:group_id])
+    @items = @list.items
+    @authorized_user = authorized_user(@user)
+  end
+end

app/controllers/sessions_controller.rb

@@ -1,12 +1,14 @@
 class SessionsController < ApplicationController
+  skip_before_action :root_path_if_not_logged_in, only: [:new, :create]
+
   def new
   end
 
   def create
     user = User.find_by(email: params[:email])
     if user && user.authenticate(params[:password])
       session[:user_id] = user.id
-      redirect_to root_path
+      redirect_to dashboard_path
     else
       flash[:warning] = 'Email or password is invalid'
       render 'new'

app/controllers/users_controller.rb

@@ -1,5 +1,7 @@
 class UsersController < ApplicationController
-  before_action :set_user, only: [:edit, :update]
+  skip_before_action :root_path_if_not_logged_in, only: [:new, :create]
+  before_action :set_user, only: [:edit, :update, :profile]
+
   def new
     @user = User.new
     if current_user
@@ -19,14 +21,21 @@ def create
     end
   end
 
-  def show
-    @user = params[:id] ? User.find(params[:id]) : current_user
-    if !current_user
+  def profile
+    if @user
+      @authorized_user = true
+      render 'show'
+    else
       redirect_to root_url
       flash[:warning] = 'You must be logged in first.'
     end
   end
 
+  def show
+    @user = User.find(params[:id])
+    @authorized_user = authorized_user(@user)
+  end
+
   def edit
   end
 

app/controllers/welcome_controller.rb

@@ -1,4 +1,6 @@
 class WelcomeController < ApplicationController
+  skip_before_action :root_path_if_not_logged_in, only: :index
+
   def index
     if current_user
       redirect_to dashboard_path

app/models/group.rb

@@ -1,4 +1,15 @@
 class Group < ApplicationRecord
   has_many :user_groups
   has_many :users, through: :user_groups
+  has_many :lists
+  belongs_to :owner, foreign_key: :owner_id, class_name: 'User'
+  validates_uniqueness_of :name
+  validates :description, presence: true
+  validates :owner_id, presence: true
+
+  def user_wish_list(user)
+    list = self.lists.where(['user_id = :user_id AND group_id = :group_id',
+                     { user_id: user.id, group_id: self.id }])
+    list[0]
+  end
 end

app/models/item.rb

@@ -0,0 +1,5 @@
+class Item < ApplicationRecord
+  belongs_to :list
+  validates :name, presence: true
+  validates :description, presence: true
+end

app/models/list.rb

@@ -0,0 +1,5 @@
+class List < ApplicationRecord
+  belongs_to :user
+  belongs_to :group
+  has_many :items
+end

app/models/user.rb

@@ -1,6 +1,7 @@
 class User < ApplicationRecord
   has_many :user_groups
   has_many :groups, through: :user_groups
+  has_many :lists
   has_secure_password
   validates_uniqueness_of :email
   validates :first_name, presence: true

app/views/groups/edit.html.erb

@@ -1,3 +1,5 @@
 <h1>Edit a Group</h1>
 
 <%= render partial: 'groups/form' %>
+
+<%= link_to 'Back to Group', group_path(@group) %>

app/views/groups/new.html.erb

@@ -1,3 +1,5 @@
 <h1>Create a Group</h1>
 
 <%= render partial: 'groups/form' %>
+
+<%= link_to 'Back to Dashboard', dashboard_path %>

app/views/groups/show.html.erb

@@ -1,19 +1,28 @@
 <h1><%= @group.name %></h1>
 <%= @group.description %>
 <br>
+<br>
+<% if authorized_user(User.find(@group.owner_id)) %>
+  <%= link_to 'Edit Group', edit_group_path %>
+  <%= link_to 'Delete Group', group_path, method: :delete, data: { confirm: 'Are you sure? This cannot be undone.' } %>
+  <br>
+  <br>
+<% end %>
+<% if @user_wish_list %>
+  <%= link_to 'View your Wish List', group_list_path(@group, @user_wish_list.id) %>
+<% end %>
 
+<br>
+<br>
 Users in this group:
 <ul>
   <% @group.users.each do |user| %>
-  <li><%= link_to "#{user.first_name} #{user.last_name}'s profile", profile_path(user.id) %></li>
+  <li><%= "#{user.first_name} #{user.last_name}: " %> <%= link_to 'Profile', user_path(user.id) %> <%= link_to "Wish List", group_list_path(@group.id, @group.user_wish_list(user).id) %></li>
   <% end %>
 </ul>
 
 
 
-<br>
-<%= link_to 'Edit Group', edit_group_path %>
-<%= link_to 'Delete Group', group_path, method: :delete, data: { confirm: 'Are you sure? This cannot be undone.' } %>
 
 <br>
-<%= link_to 'Back', dashboard_path %>
+<%= link_to 'Back to Dashboard', dashboard_path %>

app/views/items/_form.html.erb

@@ -0,0 +1,21 @@
+<%= form_for [@group, @list, @item] do |f| %>
+  <div>
+    <%= f.label :name %>
+    <%= f.text_field :name %>
+  </div>
+  <div>
+    <%= f.label :description %>
+    <%= f.text_area :description %>
+  </div>
+  <div>
+    <%= f.label :size %>
+    <%= f.text_field :size %>
+  </div>
+  <div>
+    <%= f.label :note %>
+    <%= f.text_area :note %>
+  </div>
+  <div>
+    <%= f.submit %>
+  </div>
+<% end %>

app/views/items/edit.html.erb

@@ -0,0 +1,5 @@
+<h1>Edit Item</h1>
+
+<%= render partial: 'items/form' %>
+
+<%= link_to 'Back to Item', group_list_item_path(@group, @list, @item) %>

app/views/items/new.html.erb

@@ -0,0 +1,5 @@
+<h1>Create a list item</h1>
+
+<%= render partial: 'items/form' %>
+
+<%= link_to 'Back to List', group_list_path(@group, @list) %>

app/views/items/show.html.erb

@@ -0,0 +1,15 @@
+<h1>Item Information</h1>
+<%= link_to "#{@user.first_name} #{@user.last_name}'s item", user_path(@user) %>
+<ul>
+  <li>Name: <%= "#{@item.name}" %></li>
+  <li>Description: <%= "#{@item.description}" %></li>
+  <li>Size: <%= "#{@item.size}" %></li>
+  <li>Note: <%= "#{@item.note}" %></li>
+</ul>
+
+<% if authorized_user(@user) %>
+<%= link_to 'Edit Item', edit_group_list_item_path(@group, @list, @item) %>
+<%= link_to 'Delete Item', group_list_item_path(@group, @list, @item), method: :delete, data: { confirm: "Are you sure you want to delete item: #{@item.name}?" } %>
+<% end %>
+<br>
+<%= link_to 'Back to List', group_list_path(@group, @list) %>

app/views/lists/show.html.erb

@@ -0,0 +1,14 @@
+<h1><%= "#{@user.first_name} #{@user.last_name}'s wishlist for the #{@group.name} group" %></h1>
+
+<%= link_to "#{@user.first_name} #{@user.last_name}'s list", user_path(@user) %>
+<br>
+<% if authorized_user(@user) %>
+  <%= link_to 'Add an item to your wish list', new_group_list_item_path(@group, @list) %>
+<% end %>
+<ul>
+  <% @items.each do |item| %>
+  <li><%= link_to "#{item.name}", group_list_item_path(@group, @list, item.id) %></li>
+  <% end %>
+</ul>
+
+<%= link_to 'Back to Group', group_path(@group.id) %>

app/views/users/edit.html.erb

@@ -37,3 +37,5 @@
     <%= f.submit 'Update Password' %>
   </div>
 <% end %>
+<br>
+<%= link_to 'Back to Profile', profile_path %>