14.3 Iteration I3: Limiting Access 14.1 Iteration I1: Adding Users

Generate empty controllers for sessions and administration

rails generate controller Sessions new create destroy

      create  app/controllers/sessions_controller.rb

       route  get "sessions/destroy"

       route  get "sessions/create"

       route  get "sessions/new"

      invoke  erb

      create    app/views/sessions

      create    app/views/sessions/new.html.erb

      create    app/views/sessions/create.html.erb

      create    app/views/sessions/destroy.html.erb

      invoke  test_unit

      create    test/functional/sessions_controller_test.rb

      invoke  helper

      create    app/helpers/sessions_helper.rb

      invoke    test_unit

      create      test/unit/helpers/sessions_helper_test.rb

      invoke  assets

      invoke    coffee

      create      app/assets/javascripts/sessions.js.coffee

      invoke    scss

      create      app/assets/stylesheets/sessions.css.scss

rails generate controller Admin index

      create  app/controllers/admin_controller.rb

       route  get "admin/index"

      invoke  erb

      create    app/views/admin

      create    app/views/admin/index.html.erb

      invoke  test_unit

      create    test/functional/admin_controller_test.rb

      invoke  helper

      create    app/helpers/admin_helper.rb

      invoke    test_unit

      create      test/unit/helpers/admin_helper_test.rb

      invoke  assets

      invoke    coffee

      create      app/assets/javascripts/admin.js.coffee

      invoke    scss

      create      app/assets/stylesheets/admin.css.scss

Implement login in and out by storing the user_id in the session

edit app/controllers/sessions_controller.rb

class SessionsController < ApplicationController

  def new

  end

  def create

    user = User.find_by_name(params[:name])

    if user and user.authenticate(params[:password])

      session[:user_id] = user.id

      redirect_to admin_url

    else

      redirect_to login_url, alert: "Invalid user/password combination"

    end

  end

  def destroy

    session[:user_id] = nil

    redirect_to store_url, notice: "Logged out"

  end

end

Create the view using form_for as there is no underlying model

edit app/views/sessions/new.html.erb

<div class="depot_form">

  <% if flash[:alert] %>

    <p id="notice"><%= flash[:alert] %></p>

  <% end %>

  <%= form_tag do %>

    <fieldset>

      <legend>Please Log In</legend>

      <div>

        <%= label_tag :name, 'Name:' %>

        <%= text_field_tag :name, params[:name] %>

      </div>

      <div>

        <%= label_tag :password, 'Password:' %>

        <%= password_field_tag :password, params[:password] %>

      </div>

      <div>

        <%= submit_tag "Login" %>

      </div>

    </fieldset>

  <% end %>

</div>

Create a landing page for the administrator

edit app/views/admin/index.html.erb

<h1>Welcome</h1>

It's <%= Time.now %>

We have <%= pluralize(@total_orders, "order") %>.

Make the orders count available to the admin page

edit app/controllers/admin_controller.rb

class AdminController < ApplicationController

  def index

    @total_orders = Order.count

  end

end

Connect the routes to the controller actions

edit config/routes.rb

Depot::Application.routes.draw do

  get 'admin' => 'admin#index'

  controller :sessions do

    get  'login' => :new

    post 'login' => :create

    delete 'logout' => :destroy

  end

  resources :users

  resources :orders

  resources :line_items

  resources :carts

  get "store/index"

  resources :products do

    get :who_bought, on: :member

  end

  # ...

  # You can have the root of your site routed with "root"

  # just remember to delete public/index.html.

  # root :to => 'welcome#index'

  root to: 'store#index', as: 'store'

  # ...

end

Do a login

get /login

Pragmatic Bookshelf

• Home
• Questions
• News
• Contact

Please Log In

Name:

Password:

post /login

• name => dave
• password => secret

get http://localhost:3000/admin

Pragmatic Bookshelf

• Home
• Questions
• News
• Contact

Welcome

It's 2011-10-29 03:21:00 -0400 We have 101 orders.

Fix the sessions controller test

edit test/functional/sessions_controller_test.rb

require 'test_helper'

class SessionsControllerTest < ActionController::TestCase

  test "should get new" do

    get :new

    assert_response :success

  end

  test "should login" do

    dave = users(:one)

    post :create, name: dave.name, password: 'secret'

    assert_redirected_to admin_url

    assert_equal dave.id, session[:user_id]

  end

  test "should fail login" do

    dave = users(:one)

    post :create, name: dave.name, password: 'wrong'

    assert_redirected_to login_url

  end

  test "should logout" do

    delete :destroy

    assert_redirected_to store_url

  end

end

edit test/fixtures/users.yml

# Read about fixtures at

# http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html

one:

  name: dave

  password_digest: <%= BCrypt::Password.create('secret') %>

two:

  name: MyString

  password_digest: MyString

rake test

Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p290/gems/rake-0.9.2.2/lib/rake/rake_test_loader

Started

.......

Finished in 0.695145 seconds.

7 tests, 28 assertions, 0 failures, 0 errors, 0 skips

Test run options: --seed 20422

Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p290/gems/rake-0.9.2.2/lib/rake/rake_test_loader

Started

...............................................

Finished in 2.782295 seconds.

47 tests, 78 assertions, 0 failures, 0 errors, 0 skips

Test run options: --seed 11667

Loaded suite /home/rubys/.rvm/gems/ruby-1.9.2-p290/gems/rake-0.9.2.2/lib/rake/rake_test_loader

Started

...

Finished in 1.851150 seconds.

3 tests, 47 assertions, 0 failures, 0 errors, 0 skips

Test run options: --seed 65144

14.3 Iteration I3: Limiting Access 14.1 Iteration I1: Adding Users