Agile Web Development with Rails, Edition 4

14.5 Playtime 14.3 Iteration I3: Limiting Access

14.4 Iteration I4: Adding a Sidebar

Add admin links and a button to Logout

edit app/views/layouts/application.html.erb
<!DOCTYPE html>
<html>
<head>
  <title>Pragprog Books Online Store</title>
  <%= stylesheet_link_tag    "depot", media: "all",
    "data-turbolinks-track" => true %>
  <%= javascript_include_tag "depot", "data-turbolinks-track" => true %>
  <%= csrf_meta_tag %>
</head>
<body class="<%= controller.controller_name %>">
  <div id="banner">
    <%= image_tag("logo.png") %>
    <%= @page_title || "Pragmatic Bookshelf" %>
  </div>
  <div id="columns">
    <div id="side">
      <% if @cart %>
        <%= hidden_div_if(@cart.line_items.empty?, id: 'cart') do %>
          <%= render @cart %>
        <% end %>
      <% end %>
 
      <ul>
        <li><a href="http://www....">Home</a></li>
        <li><a href="http://www..../faq">Questions</a></li>
        <li><a href="http://www..../news">News</a></li>
        <li><a href="http://www..../contact">Contact</a></li>
      </ul>
 
      <% if session[:user_id] %>
        <ul>
          <li><%= link_to 'Orders',   orders_path   %></li>
          <li><%= link_to 'Products', products_path %></li>
          <li><%= link_to 'Users',    users_path    %></li>
        </ul>
        <%= button_to 'Logout', logout_path, method: :delete   %>
      <% end %>
    </div>
    <div id="main">
      <%= yield %>
    </div>
  </div>
</body>
</html>

Log out

get /admin

Welcome

It's 2014-02-04 15:44:17 -0500 We have 1 order.
post /logout
You are being redirected.
get http://localhost:3000/

Logged out

Your Pragmatic Catalog

Cs

CoffeeScript

CoffeeScript is JavaScript done right. It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.

$36.00
Ruby

Programming Ruby 1.9 & 2.0

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95
Rtp

Rails Test Prescriptions

Rails Test Prescriptions is a comprehensive guide to testing Rails applications, covering Test-Driven Development from both a theoretical perspective (why to test) and from a practical perspective (how to test effectively). It covers the core Rails testing tools and procedures for Rails 2 and Rails 3, and introduces popular add-ons, including Cucumber, Shoulda, Machinist, Mocha, and Rcov.

$34.95

Demonstrate that everybody can get to the store

get /

Your Pragmatic Catalog

Cs

CoffeeScript

CoffeeScript is JavaScript done right. It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.

$36.00
Ruby

Programming Ruby 1.9 & 2.0

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95
Rtp

Rails Test Prescriptions

Rails Test Prescriptions is a comprehensive guide to testing Rails applications, covering Test-Driven Development from both a theoretical perspective (why to test) and from a practical perspective (how to test effectively). It covers the core Rails testing tools and procedures for Rails 2 and Rails 3, and introduces popular add-ons, including Cucumber, Shoulda, Machinist, Mocha, and Rcov.

$34.95

Demonstrate that login is required to see the products

get /products
You are being redirected.
get http://localhost:3000/login
Please Log In

Log in

get /login
Please Log In
post /login
You are being redirected.
get http://localhost:3000/admin

Welcome

It's 2014-02-04 15:44:18 -0500 We have 1 order.

Demonstrate logged in users can see the products

get /products

Listing products

Cs
CoffeeScript
CoffeeScript is JavaScript done right. It provides all of JavaScript...
Show
Edit
Destroy
Ruby
Programming Ruby 1.9 & 2.0
Ruby is the fastest growing and most exciting dynamic language ...
Show
Edit
Destroy
Rtp
Rails Test Prescriptions
Rails Test Prescriptions is a comprehensive guide to testing ...
Show
Edit
Destroy

New product

Demonstrate logged in users can see the users

get /users

Listing users

Name
dave Show Edit Destroy

New User

Show that the tests fail (good!)

rake test
Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p320/gems/rake-10.1.1/lib/rake/rake_test_loader
Started
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
..........
Finished in 0.325187 seconds.
 
10 tests, 31 assertions, 0 failures, 0 errors, 0 skips
 
Test run options: --seed 47014
Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p320/gems/rake-10.1.1/lib/rake/rake_test_loader
Started
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
...............................................
Finished in 1.060013 seconds.
 
47 tests, 79 assertions, 0 failures, 0 errors, 0 skips
 
Test run options: --seed 37022
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p320/gems/rake-10.1.1/lib/rake/rake_test_loader
Started
...
Finished in 0.741664 seconds.
 
3 tests, 47 assertions, 0 failures, 0 errors, 0 skips
 
Test run options: --seed 30450
edit app/models/user.rb
require 'digest/sha2'
 
class User < ActiveRecord::Base
  validates :name, presence: true, uniqueness: true
 
  validates :password, confirmation: true
  attr_accessor :password_confirmation
  attr_reader   :password
 
  validate  :password_must_be_present
  
  def User.authenticate(name, password)
    if user = find_by_name(name)
      if user.hashed_password == encrypt_password(password, user.salt)
        user
      end
    end
  end
 
  def User.encrypt_password(password, salt)
    Digest::SHA2.hexdigest(password + "wibble" + salt)
  end
  
  # 'password' is a virtual attribute
  def password=(password)
    @password = password
 
    if password.present?
      generate_salt
      self.hashed_password = self.class.encrypt_password(password, salt)
    end
  end
  
  private
 
    def password_must_be_present
      errors.add(:password, "Missing password") unless hashed_password.present?
    end
  
    def generate_salt
      self.salt = self.object_id.to_s + rand.to_s
    end
 
  after_destroy :ensure_an_admin_remains
 
  private
    def ensure_an_admin_remains
      if User.count.zero?
        raise "Can't delete last user"
      end
    end     
end
edit app/controllers/users_controller.rb
class UsersController < ApplicationController
  # GET /users
  # GET /users.xml
  def index
    @users = User.order(:name)
 
    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @users }
    end
  end
 
  # GET /users/1
  # GET /users/1.xml
  def show
    @user = User.find(params[:id])
 
    respond_to do |format|
      format.html # show.html.erb
      format.xml  { render :xml => @user }
    end
  end
 
  # GET /users/new
  # GET /users/new.xml
  def new
    @user = User.new
 
    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @user }
    end
  end
 
  # GET /users/1/edit
  def edit
    @user = User.find(params[:id])
  end
 
  # POST /users
  # POST /users.xml
  def create
    @user = User.new(params[:user])
 
    respond_to do |format|
      if @user.save
        format.html { redirect_to(users_url,
          :notice => "User #{@user.name} was successfully created.") }
        format.xml  { render :xml => @user,
          :status => :created, :location => @user }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors,
          :status => :unprocessable_entity }
      end
    end
  end
 
  # PUT /users/1
  # PUT /users/1.xml
  def update
    @user = User.find(params[:id])
 
    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to(users_url,
          :notice => "User #{@user.name} was successfully updated.") }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors,
          :status => :unprocessable_entity }
      end
    end
  end
 
  # DELETE /users/1
  # DELETE /users/1.xml
  def destroy
    @user = User.find(params[:id])
    begin
      @user.destroy
      flash[:notice] = "User #{@user.name} deleted"
    rescue Exception => e
      flash[:notice] = e.message
    end
 
    respond_to do |format|
      format.html { redirect_to(users_url) }
      format.xml  { head :ok }
    end
  end
end

14.5 Playtime 14.3 Iteration I3: Limiting Access