Agile Web Development with Rails, Edition 4

14.5 Playtime 14.3 Iteration I3: Limiting Access

14.4 Iteration I4: Adding a Sidebar

Add admin links and a button to Logout

edit app/views/layouts/application.html.erb

<!DOCTYPE html>

<html>

<head>

  <title>Pragprog Books Online Store</title>

  <%= stylesheet_link_tag "depot" %>

  <%= javascript_include_tag "depot" %>

  <%= csrf_meta_tag %>

</head>

<body class="<%= controller.controller_name %>">

  <div id="banner">

    <%= image_tag("logo.png") %>

    <%= @page_title || "Pragmatic Bookshelf" %>

  </div>

  <div id="columns">

    <div id="side">

      <% if @cart %>

        <%= hidden_div_if(@cart.line_items.empty?, :id => 'cart') do %>

          <%= render @cart %>

        <% end %>

      <% end %>

      <ul>

        <li><a href="http://www....">Home</a></li>

        <li><a href="http://www..../faq">Questions</a></li>

        <li><a href="http://www..../news">News</a></li>

        <li><a href="http://www..../contact">Contact</a></li>

      </ul>

      <% if session[:user_id] %>

        <ul>

          <li><%= link_to 'Orders',   orders_path   %></li>

          <li><%= link_to 'Products', products_path %></li>

          <li><%= link_to 'Users',    users_path    %></li>

        </ul>

        <%= button_to 'Logout', logout_path, :method => :delete   %>

      <% end %>

    </div>

    <div id="main">

      <%= yield %>

    </div>

  </div>

</body>

</html>

Log out

get /admin

Welcome

It's Fri Jun 29 12:35:22 -0400 2012 We have 101 orders.

post /logout

submit => Logout

You are being redirected.

get http://localhost:3000/

Logged out

Your Pragmatic Catalog

CoffeeScript

CoffeeScript is JavaScript done right. It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.

$36.00

Programming Ruby 1.9

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95

Rails Test Prescriptions

Rails Test Prescriptions is a comprehensive guide to testing Rails applications, covering Test-Driven Development from both a theoretical perspective (why to test) and from a practical perspective (how to test effectively). It covers the core Rails testing tools and procedures for Rails 2 and Rails 3, and introduces popular add-ons, including Cucumber, Shoulda, Machinist, Mocha, and Rcov.

$34.95

Demonstrate that everybody can get to the store

get /

Your Pragmatic Catalog

CoffeeScript

$36.00

Programming Ruby 1.9

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95

Rails Test Prescriptions

$34.95

Demonstrate that login is required to see the products

get /products

You are being redirected.

get http://localhost:3000/login

get /login

post /login

name => dave
password => secret

You are being redirected.

get http://localhost:3000/admin

Welcome

It's Fri Jun 29 12:35:25 -0400 2012 We have 101 orders.

Demonstrate logged in users can see the products

get /products

Listing products

	CoffeeScript CoffeeScript is JavaScript done right. It provides all of JavaScript...	Show Edit Destroy
	Programming Ruby 1.9 Ruby is the fastest growing and most exciting dynamic language ...	Show Edit Destroy
	Rails Test Prescriptions Rails Test Prescriptions is a comprehensive guide to testing ...	Show Edit Destroy

New product

Demonstrate logged in users can see the users

get /users

Listing users

Name
dave	Show	Edit	Destroy

New User

Show that the tests fail (good!)

rake test

Loaded suite /home/rubys/.rvm/gems/ruby-1.8.7-p352/gems/rake-0.9.2.2/lib/rake/rake_test_loader

Started

..........

Finished in 0.410954 seconds.

10 tests, 31 assertions, 0 failures, 0 errors

Loaded suite /home/rubys/.rvm/gems/ruby-1.8.7-p352/gems/rake-0.9.2.2/lib/rake/rake_test_loader

Started

...............................................

Finished in 1.8517 seconds.

47 tests, 79 assertions, 0 failures, 0 errors

Loaded suite /home/rubys/.rvm/gems/ruby-1.8.7-p352/gems/rake-0.9.2.2/lib/rake/rake_test_loader

Started

...

Finished in 1.248134 seconds.

3 tests, 75 assertions, 0 failures, 0 errors

edit app/models/user.rb

require 'digest/sha2'

class User < ActiveRecord::Base

  validates :name, :presence => true, :uniqueness => true

  validates :password, :confirmation => true

  attr_accessor :password_confirmation

  attr_reader   :password

  validate  :password_must_be_present

  def User.authenticate(name, password)

    if user = find_by_name(name)

      if user.hashed_password == encrypt_password(password, user.salt)

        user

end

end

end

  def User.encrypt_password(password, salt)

    Digest::SHA2.hexdigest(password + "wibble" + salt)

end

  # 'password' is a virtual attribute

  def password=(password)

    @password = password

    if password.present?

      generate_salt

      self.hashed_password = self.class.encrypt_password(password, salt)

end

end

  private

    def password_must_be_present

      errors.add(:password, "Missing password") unless hashed_password.present?

end

    def generate_salt

      self.salt = self.object_id.to_s + rand.to_s

end

  after_destroy :ensure_an_admin_remains

  private

    def ensure_an_admin_remains

      if User.count.zero?

        raise "Can't delete last user"

end

end

end

edit app/controllers/users_controller.rb

class UsersController < ApplicationController

  # GET /users

  # GET /users.xml

  def index

    @users = User.order(:name)

    respond_to do |format|

      format.html # index.html.erb

      format.xml  { render :xml => @users }

end

end

  # GET /users/1

  # GET /users/1.xml

  def show

    @user = User.find(params[:id])

    respond_to do |format|

      format.html # show.html.erb

      format.xml  { render :xml => @user }

end

end

  # GET /users/new

  # GET /users/new.xml

  def new

    @user = User.new

    respond_to do |format|

      format.html # new.html.erb

      format.xml  { render :xml => @user }

end

end

  # GET /users/1/edit

  def edit

    @user = User.find(params[:id])

end

  # POST /users

  # POST /users.xml

  def create

    @user = User.new(params[:user])

    respond_to do |format|

      if @user.save

        format.html { redirect_to(users_url,

          :notice => "User #{@user.name} was successfully created.") }

        format.xml  { render :xml => @user,

          :status => :created, :location => @user }

      else

        format.html { render :action => "new" }

        format.xml  { render :xml => @user.errors,

          :status => :unprocessable_entity }

end

end

end

  # PUT /users/1

  # PUT /users/1.xml

  def update

    @user = User.find(params[:id])

    respond_to do |format|

      if @user.update_attributes(params[:user])

        format.html { redirect_to(users_url,

          :notice => "User #{@user.name} was successfully updated.") }

        format.xml  { head :ok }

      else

        format.html { render :action => "edit" }

        format.xml  { render :xml => @user.errors,

          :status => :unprocessable_entity }

end

end

end

  # DELETE /users/1

  # DELETE /users/1.xml

  def destroy

    @user = User.find(params[:id])

    begin

      @user.destroy

      flash[:notice] = "User #{@user.name} deleted"

    rescue Exception => e

      flash[:notice] = e.message

end

    respond_to do |format|

      format.html { redirect_to(users_url) }

      format.xml  { head :ok }

end

end

end

14.5 Playtime 14.3 Iteration I3: Limiting Access