Agile Web Development with Rails, Edition 4

15.5 Playtime 15.3 Iteration J3: Limiting Access

15.4 Iteration J4: Adding a Sidebar

Add admin links and a button to Logout

edit app/views/layouts/application.html.erb
<!DOCTYPE html>
<html>
  <head>
    <title>Pragprog Books Online Store</title>
    <%= csrf_meta_tags %>
 
    <%= csrf_meta_tags %>
 
    <%= stylesheet_link_tag    'application', media: 'all',
    'data-turbolinks-track': 'reload' %>
    <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %>
  </head>
 
  <body class="<%= controller.controller_name %>">
    <div id="banner">
      <%= image_tag 'logo.svg', alt: 'The Pragmatic Bookshelf' %>
      <span class="title"><%= @page_title %></span>
    </div>
    <div id="columns">
      <div id="side">
        <% if @cart %>
          <%= hidden_div_if(@cart.line_items.empty?, id: 'cart') do %>
            <%= render @cart %>
          <% end %>
        <% end %>
 
      <%= render Order.find(session[:order_id]) if session[:order_id] -%>
 
        <ul>
          <li><a href="http://www....">Home</a></li>
          <li><a href="http://www..../faq">Questions</a></li>
          <li><a href="http://www..../news">News</a></li>
          <li><a href="http://www..../contact">Contact</a></li>
        </ul>
 
        <% if session[:user_id] %>
          <ul>
            <li><%= link_to 'Orders',   orders_path   %></li>
            <li><%= link_to 'Products', products_path %></li>
            <li><%= link_to 'Users',    users_path    %></li>
          </ul>
          <%= button_to 'Logout', logout_path, method: :delete   %>
        <% end %>
      </div>
      <div id="main">
        <%= yield %>
      </div>
    </div>
  </body>
</html>

Log out

get /admin

Welcome

It's 2017-06-03 03:42:05 -0400. We have 2 orders.

post /logout
You are being redirected.
get http://localhost:3000/store/index

Logged out

Your Pragmatic Catalog

Dcbang

Rails, Angular, Postgres, and Bootstrap

Powerful, Effective, and Efficient Full-Stack Web Development As a Rails developer, you care about user experience and performance, but you also want simple and maintainable code. Achieve all that by embracing the full stack of web development, from styling with Bootstrap, building an interactive user interface with AngularJS, to storing data quickly and reliably in PostgreSQL. Take a holistic view of full-stack development to create usable, high-performing applications, and learn to use these technologies effectively in a Ruby on Rails environment.

$45.00
Adrpo

Ruby Performance Optimization

Why Ruby Is Slow, and How to Fix It You don’t have to accept slow Ruby or Rails performance. In this comprehensive guide to Ruby optimization, you’ll learn how to write faster Ruby code—but that’s just the beginning. See exactly what makes Ruby and Rails code slow, and how to fix it. Alex Dymo will guide you through perils of memory and CPU optimization, profiling, measuring, performance testing, garbage collection, and tuning. You’ll find that all those “hard” things aren’t so difficult after all, and your code will run orders of magnitude faster.

$46.00
7apps

Seven Mobile Apps in Seven Weeks

Native Apps, Multiple Platforms Answer the question “Can we build this for ALL the devices?” with a resounding YES. This book will help you get there with a real-world introduction to seven platforms, whether you’re new to mobile or an experienced developer needing to expand your options. Plus, you’ll find out which cross-platform solution makes the most sense for your needs.

$26.00

Demonstrate that everybody can get to the store

get /

Your Pragmatic Catalog

Dcbang

Rails, Angular, Postgres, and Bootstrap

Powerful, Effective, and Efficient Full-Stack Web Development As a Rails developer, you care about user experience and performance, but you also want simple and maintainable code. Achieve all that by embracing the full stack of web development, from styling with Bootstrap, building an interactive user interface with AngularJS, to storing data quickly and reliably in PostgreSQL. Take a holistic view of full-stack development to create usable, high-performing applications, and learn to use these technologies effectively in a Ruby on Rails environment.

$45.00
Adrpo

Ruby Performance Optimization

Why Ruby Is Slow, and How to Fix It You don’t have to accept slow Ruby or Rails performance. In this comprehensive guide to Ruby optimization, you’ll learn how to write faster Ruby code—but that’s just the beginning. See exactly what makes Ruby and Rails code slow, and how to fix it. Alex Dymo will guide you through perils of memory and CPU optimization, profiling, measuring, performance testing, garbage collection, and tuning. You’ll find that all those “hard” things aren’t so difficult after all, and your code will run orders of magnitude faster.

$46.00
7apps

Seven Mobile Apps in Seven Weeks

Native Apps, Multiple Platforms Answer the question “Can we build this for ALL the devices?” with a resounding YES. This book will help you get there with a real-world introduction to seven platforms, whether you’re new to mobile or an experienced developer needing to expand your options. Plus, you’ll find out which cross-platform solution makes the most sense for your needs.

$26.00

Demonstrate that login is required to see the products

get /products
You are being redirected.
get http://localhost:3000/login
Please Log In

Log in

get /login
Please Log In
post /login
You are being redirected.
get http://localhost:3000/admin

Welcome

It's 2017-06-03 03:42:06 -0400. We have 2 orders.

Demonstrate logged in users can see the products

get /products

Products

Dcbang
Rails, Angular, Postgres, and Bootstrap
Powerful, Effective, and Efficient Full-Stack Web Development As...
Show
Edit
Destroy
7apps
Seven Mobile Apps in Seven Weeks
Native Apps, Multiple Platforms Answer the question “Can we buil...
Show
Edit
Destroy
Adrpo
Ruby Performance Optimization
Why Ruby Is Slow, and How to Fix It You don’t have to accept sl...
Show
Edit
Destroy

New product

Demonstrate logged in users can see the users

get /users

Listing users

Name
dave Show Edit Destroy

New User

Show that the tests fail (good!)

rake test
Run options: --seed 35790
 
# Running:
 
........................................................
 
Finished in 0.992044s, 56.4491 runs/s, 171.3634 assertions/s.
 
56 runs, 170 assertions, 0 failures, 0 errors, 0 skips
edit app/models/user.rb
class User < ActiveRecord::Base
  validates :name, presence: true, uniqueness: true
  has_secure_password
 
  after_destroy :ensure_an_admin_remains
 
  class Error < StandardError
  end
 
  private
    def ensure_an_admin_remains
      if User.count.zero?
        raise Error.new "Can't delete last user"
      end
    end     
end
edit app/controllers/users_controller.rb
class UsersController < ApplicationController
  before_action :set_user, only: [:show, :edit, :update, :destroy]
 
  # GET /users
  # GET /users.json
  def index
    @users = User.order(:name)
  end
 
  # GET /users/1
  # GET /users/1.json
  def show
  end
 
  # GET /users/new
  def new
    @user = User.new
  end
 
  # GET /users/1/edit
  def edit
  end
 
  # POST /users
  # POST /users.json
  def create
    @user = User.new(user_params)
 
    respond_to do |format|
      if @user.save
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully created." }
        format.json { render :show, status: :created, location: @user }
      else
        format.html { render :new }
        format.json { render json: @user.errors,
          status: :unprocessable_entity }
      end
    end
  end
 
  # PATCH/PUT /users/1
  # PATCH/PUT /users/1.json
  def update
    respond_to do |format|
      if @user.update(user_params)
        format.html { redirect_to users_url,
          notice: "User #{@user.name} was successfully updated." }
        format.json { render :show, status: :ok, location: @user }
      else
        format.html { render :edit }
        format.json { render json: @user.errors,
          status: :unprocessable_entity }
      end
    end
  end
 
  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    @user.destroy
    respond_to do |format|
      format.html { redirect_to users_url,
        notice: '"User #{@user.name} deleted"' }
      format.json { head :no_content }
    end
  end
 
  rescue_from 'User::Error' do |exception|
    redirect_to users_url, notice: exception.message
  end
 
  private
    # Use callbacks to share common setup or constraints between actions.
    def set_user
      @user = User.find(params[:id])
    end
 
    # Never trust parameters from the scary internet, only allow the white list through.
    def user_params
      params.require(:user).permit(:name, :password, :password_confirmation)
    end
end

15.5 Playtime 15.3 Iteration J3: Limiting Access