Agile Web Development with Rails, Edition 4

14.5 Playtime 14.3 Iteration I3: Limiting Access

14.4 Iteration I4: Adding a Sidebar

Add admin links and a button to Logout

edit app/views/layouts/application.html.erb
<!DOCTYPE html>
<html>
<head>
  <title>Pragprog Books Online Store</title>
  <%= stylesheet_link_tag    "application", media: "all",
    "data-turbolinks-track" => true %>
  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
  <%= csrf_meta_tags %>
</head>
<body class="<%= controller.controller_name %>">
  <div id="banner">
    <%= image_tag("logo.png") %>
    <%= @page_title || "Pragmatic Bookshelf" %>
  </div>
  <div id="columns">
    <div id="side">
      <% if @cart %>
        <%= hidden_div_if(@cart.line_items.empty?, id: 'cart') do %>
          <%= render @cart %>
        <% end %>
      <% end %>
 
      <%= render Order.find(session[:order_id]) if session[:order_id] -%>
 
      <ul>
        <li><a href="http://www....">Home</a></li>
        <li><a href="http://www..../faq">Questions</a></li>
        <li><a href="http://www..../news">News</a></li>
        <li><a href="http://www..../contact">Contact</a></li>
      </ul>
 
      <% if session[:user_id] %>
        <ul>
          <li><%= link_to 'Orders',   orders_path   %></li>
          <li><%= link_to 'Products', products_path %></li>
          <li><%= link_to 'Users',    users_path    %></li>
        </ul>
        <%= button_to 'Logout', logout_path, method: :delete   %>
      <% end %>
    </div>
    <div id="main">
      <%= yield %>
    </div>
  </div>
</body>
</html>

Log out

get /admin

Welcome

It's 2016-01-21 03:42:30 -0500 We have 2 orders.
post /logout
You are being redirected.
get http://localhost:3000/

Your Downloads

CoffeeScript

Logged out

Your Pragmatic Catalog

Cs f56ef62bc41b040664e801a38f068082a75d506d9048307e8096737463503d0b

CoffeeScript

CoffeeScript is JavaScript done right. It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.

$36.00
Ruby 836fee16e3757bcd4e2c21d064eee4fa81d7f93e4e9a44b1ffcd6c1d41c92a88

Programming Ruby 1.9 & 2.0

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95
Rtp d3d2240713cce773840785de837acf822d235d1b77040a3e1ed9d8c014cff086

Rails Test Prescriptions

Rails Test Prescriptions is a comprehensive guide to testing Rails applications, covering Test-Driven Development from both a theoretical perspective (why to test) and from a practical perspective (how to test effectively). It covers the core Rails testing tools and procedures for Rails 2 and Rails 3, and introduces popular add-ons, including Cucumber, Shoulda, Machinist, Mocha, and Rcov.

$34.95

Demonstrate that everybody can get to the store

get /

Your Downloads

CoffeeScript

Your Pragmatic Catalog

Cs f56ef62bc41b040664e801a38f068082a75d506d9048307e8096737463503d0b

CoffeeScript

CoffeeScript is JavaScript done right. It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.

$36.00
Ruby 836fee16e3757bcd4e2c21d064eee4fa81d7f93e4e9a44b1ffcd6c1d41c92a88

Programming Ruby 1.9 & 2.0

Ruby is the fastest growing and most exciting dynamic language out there. If you need to get working programs delivered fast, you should add Ruby to your toolbox.

$49.95
Rtp d3d2240713cce773840785de837acf822d235d1b77040a3e1ed9d8c014cff086

Rails Test Prescriptions

Rails Test Prescriptions is a comprehensive guide to testing Rails applications, covering Test-Driven Development from both a theoretical perspective (why to test) and from a practical perspective (how to test effectively). It covers the core Rails testing tools and procedures for Rails 2 and Rails 3, and introduces popular add-ons, including Cucumber, Shoulda, Machinist, Mocha, and Rcov.

$34.95

Demonstrate that login is required to see the products

get /products
You are being redirected.
get http://localhost:3000/login
Please Log In

Log in

get /login
Please Log In
post /login
You are being redirected.
get http://localhost:3000/admin

Welcome

It's 2016-01-21 03:42:31 -0500 We have 2 orders.

Demonstrate logged in users can see the products

get /products

Listing products

Cs f56ef62bc41b040664e801a38f068082a75d506d9048307e8096737463503d0b
CoffeeScript
CoffeeScript is JavaScript done right. It provides all of JavaScript...
Show
Edit
Destroy
Ruby 836fee16e3757bcd4e2c21d064eee4fa81d7f93e4e9a44b1ffcd6c1d41c92a88
Programming Ruby 1.9 & 2.0
Ruby is the fastest growing and most exciting dynamic language ...
Show
Edit
Destroy
Rtp d3d2240713cce773840785de837acf822d235d1b77040a3e1ed9d8c014cff086
Rails Test Prescriptions
Rails Test Prescriptions is a comprehensive guide to testing ...
Show
Edit
Destroy

New product

Demonstrate logged in users can see the users

get /users

Listing Users

Name
dave Show Edit Destroy

New User

Show that the tests fail (good!)

rake test
Run options: --seed 33581
 
# Running:
 
................F................FF......................
 
Finished in 1.286365s, 44.3109 runs/s, 129.8231 assertions/s.
 
  1) Failure:
UserStoriesTest#test_buying_a_product [/home/rubys/git/awdwr/edition4/work-42/depot/test/integration/user_stories_test.rb:69]:
Expected: "Sam Ruby <depot@example.com>"
  Actual: "from@example.com"
 
 
  2) Failure:
OrderNotifierTest#test_received [/home/rubys/git/awdwr/edition4/work-42/depot/test/mailers/order_notifier_test.rb:9]:
Expected: ["depot@example.com"]
  Actual: ["from@example.com"]
 
 
  3) Failure:
OrderNotifierTest#test_shipped [/home/rubys/git/awdwr/edition4/work-42/depot/test/mailers/order_notifier_test.rb:19]:
Expected: ["depot@example.com"]
  Actual: ["from@example.com"]
 
57 runs, 167 assertions, 3 failures, 0 errors, 0 skips
edit app/models/user.rb
class User < ActiveRecord::Base
  validates :name, presence: true, uniqueness: true
  has_secure_password
 
  after_destroy :ensure_an_admin_remains
 
  private
    def ensure_an_admin_remains
      if User.count.zero?
        raise "Can't delete last user"
      end
    end     
end
edit app/controllers/users_controller.rb
class UsersController < ApplicationController
  before_action :set_user, only: [:show, :edit, :update, :destroy]
 
  # GET /users
  # GET /users.json
  def index
    @users = User.order(:name)
  end
 
  # GET /users/1
  # GET /users/1.json
  def show
  end
 
  # GET /users/new
  def new
    @user = User.new
  end
 
  # GET /users/1/edit
  def edit
  end
 
  # POST /users
  # POST /users.json
  def create
    @user = User.new(user_params)
 
    respond_to do |format|
      if @user.save
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully created." }
        format.json { render :show,
          status: :created, location: @user }
      else
        format.html { render :new }
        format.json { render json: @user.errors,
          status: :unprocessable_entity }
      end
    end
  end
 
  # PATCH/PUT /users/1
  # PATCH/PUT /users/1.json
  def update
    respond_to do |format|
      if @user.update(user_params)
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully updated." }
        format.json { render :show,
          status: :ok, location: @user }
      else
        format.html { render :edit }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end
 
  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    begin
      @user.destroy
      flash[:notice] = "User #{@user.name} deleted"
    rescue StandardError => e
      flash[:notice] = e.message
    end
    respond_to do |format|
      format.html { redirect_to users_url,
        notice: 'User was successfully destroyed.' }
      format.json { head :no_content }
    end
  end
 
  private
    # Use callbacks to share common setup or constraints between actions.
    def set_user
      @user = User.find(params[:id])
    end
 
    # Never trust parameters from the scary internet, only allow the white list through.
    def user_params
      params.require(:user).permit(:name, :password, :password_confirmation)
    end
end

14.5 Playtime 14.3 Iteration I3: Limiting Access