Agile Web Development with Rails, Edition 4

14.5 Playtime 14.3 Iteration I3: Limiting Access

14.4 Iteration I4: Adding a Sidebar

Add admin links and a button to Logout

edit app/views/layouts/application.html.erb
<!DOCTYPE html>
<html>
<head>
  <title>Pragprog Books Online Store</title>
  <%= stylesheet_link_tag    "application", media: "all",
    "data-turbolinks-track" => true %>
  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
  <%= csrf_meta_tags %>
</head>
<body class="<%= controller.controller_name %>">
  <div id="banner">
    <%= image_tag("logo.png") %>
    <%= @page_title || "Pragmatic Bookshelf" %>
  </div>
  <div id="columns">
    <div id="side">
      <% if @cart %>
        <%= hidden_div_if(@cart.line_items.empty?, id: 'cart') do %>
          <%= render @cart %>
        <% end %>
      <% end %>
 
      <ul>
        <li><a href="http://www....">Home</a></li>
        <li><a href="http://www..../faq">Questions</a></li>
        <li><a href="http://www..../news">News</a></li>
        <li><a href="http://www..../contact">Contact</a></li>
      </ul>
 
      <% if session[:user_id] %>
        <ul>
          <li><%= link_to 'Orders',   orders_path   %></li>
          <li><%= link_to 'Products', products_path %></li>
          <li><%= link_to 'Users',    users_path    %></li>
        </ul>
        <%= button_to 'Logout', logout_path, method: :delete   %>
      <% end %>
    </div>
    <div id="main">
      <%= yield %>
    </div>
  </div>
</body>
</html>

Log out

get /admin

Welcome

It's 2013-02-25 20:16:24 -0500 We have 1 order.
post /logout
You are being redirected.
get http://localhost:3000/

Logged out

Your Pragmatic Catalog

Cs

CoffeeScript

CoffeeScript is JavaScript done right. It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.

$36.00
Ruby

Programming Ruby 1.9

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95
Rtp

Rails Test Prescriptions

Rails Test Prescriptions is a comprehensive guide to testing Rails applications, covering Test-Driven Development from both a theoretical perspective (why to test) and from a practical perspective (how to test effectively). It covers the core Rails testing tools and procedures for Rails 2 and Rails 3, and introduces popular add-ons, including Cucumber, Shoulda, Machinist, Mocha, and Rcov.

$34.95

Demonstrate that everybody can get to the store

get /

Your Pragmatic Catalog

Cs

CoffeeScript

CoffeeScript is JavaScript done right. It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.

$36.00
Ruby

Programming Ruby 1.9

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95
Rtp

Rails Test Prescriptions

Rails Test Prescriptions is a comprehensive guide to testing Rails applications, covering Test-Driven Development from both a theoretical perspective (why to test) and from a practical perspective (how to test effectively). It covers the core Rails testing tools and procedures for Rails 2 and Rails 3, and introduces popular add-ons, including Cucumber, Shoulda, Machinist, Mocha, and Rcov.

$34.95

Demonstrate that login is required to see the products

get /products
You are being redirected.
get http://localhost:3000/login
Please Log In

Log in

get /login
Please Log In
post /login
You are being redirected.
get http://localhost:3000/admin

Welcome

It's 2013-02-25 20:16:25 -0500 We have 1 order.

Demonstrate logged in users can see the products

get /products

Listing products

Cs
CoffeeScript
CoffeeScript is JavaScript done right. It provides all of JavaScript...
Show
Edit
Destroy
Ruby
Programming Ruby 1.9
Ruby is the fastest growing and most exciting dynamic language ...
Show
Edit
Destroy
Rtp
Rails Test Prescriptions
Rails Test Prescriptions is a comprehensive guide to testing ...
Show
Edit
Destroy

New product

Demonstrate logged in users can see the users

get /users

Listing users

Name
dave Show Edit Destroy

New User

Show that the tests fail (good!)

rake test
Run options: 
 
# Running tests:
 
.......
 
Finished tests in 0.732148s, 9.5609 tests/s, 38.2436 assertions/s.
 
7 tests, 28 assertions, 0 failures, 0 errors, 0 skips
 
ruby -v: ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]
Run options: 
 
# Running tests:
 
...............................................
 
Finished tests in 2.406942s, 19.5269 tests/s, 33.2372 assertions/s.
 
47 tests, 80 assertions, 0 failures, 0 errors, 0 skips
 
ruby -v: ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]
Run options: 
 
# Running tests:
 
...
 
Finished tests in 1.325089s, 2.2640 tests/s, 35.4693 assertions/s.
 
3 tests, 47 assertions, 0 failures, 0 errors, 0 skips
 
ruby -v: ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]
edit app/models/user.rb
class User < ActiveRecord::Base
  attr_accessible :name, :password, :password_confirmation
  validates :name, presence: true, uniqueness: true
  has_secure_password
 
  after_destroy :ensure_an_admin_remains
 
  private
    def ensure_an_admin_remains
      if User.count.zero?
        raise "Can't delete last user"
      end
    end     
end
edit app/controllers/users_controller.rb
class UsersController < ApplicationController
  # GET /users
  # GET /users.json
  def index
    @users = User.order(:name)
 
    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @users }
    end
  end
 
  # GET /users/1
  # GET /users/1.json
  def show
    @user = User.find(params[:id])
 
    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @user }
    end
  end
 
  # GET /users/new
  # GET /users/new.json
  def new
    @user = User.new
 
    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @user }
    end
  end
 
  # GET /users/1/edit
  def edit
    @user = User.find(params[:id])
  end
 
  # POST /users
  # POST /users.json
  def create
    @user = User.new(params[:user])
 
    respond_to do |format|
      if @user.save
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully created." }
        format.json { render json: @user,
          status: :created, location: @user }
      else
        format.html { render action: "new" }
        format.json { render json: @user.errors,
          status: :unprocessable_entity }
      end
    end
  end
 
  # PUT /users/1
  # PUT /users/1.json
  def update
    @user = User.find(params[:id])
 
    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully updated." }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @user.errors,
          status: :unprocessable_entity }
      end
    end
  end
 
  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    @user = User.find(params[:id])
    begin
      @user.destroy
      flash[:notice] = "User #{@user.name} deleted"
    rescue Exception => e
      flash[:notice] = e.message
    end
 
    respond_to do |format|
      format.html { redirect_to users_url }
      format.json { head :no_content }
    end
  end
end

14.5 Playtime 14.3 Iteration I3: Limiting Access