user acces dingen, toverpoort

2014-11-06 22:53:11 +01:00 · 2014-11-06 22:53:11 +01:00 · c54e13978a
commit c54e13978a
parent 44805c3a5a
5 changed files with 40 additions and 2 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -6,7 +6,7 @@ class SessionsController < ApplicationController
  	user = User.find_by(name: params[:session][:name])
    if user
    	log_in user
-      redirect_to user
+      redirect_back_or user
    else
    	#flash.now[:danger] = 'Invalid username'
    	render 'new'
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,5 +1,10 @@
 class UsersController < ApplicationController
-  before_action :logged_in_user, only: [:edit, :update, :show]
+  before_action :logged_in_user, only: [ :index, :edit, :update, :show]
+  before_action :correct_user,   only: [:edit, :update]
+
+  def index
+    @users = User.all
+  end


  def new
@ -47,9 +52,16 @@ class UsersController < ApplicationController
    # Confirms a logged-in user.
    def logged_in_user
      unless logged_in?
+        store_location
        flash[:danger] = "Please log in."
        redirect_to login_url
      end
    end

+    # Confirms the correct user.
+    def correct_user
+      @user = User.find(params[:id])
+      redirect_to(root_url) unless current_user?(@user)
+    end
+
 end
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@ -16,5 +16,21 @@ module SessionsHelper
    session.delete(:user_id)
    @current_user = nil
  end
+
+  # Redirects to stored location (or to the default).
+  def redirect_back_or(default)
+    redirect_to(session[:forwarding_url] || default)
+    session.delete(:forwarding_url)
+  end
+
+  # Stores the URL trying to be accessed.
+  def store_location
+    session[:forwarding_url] = request.url if request.get?
+  end
+
+
+  def current_user?(user)
+    user == current_user
+  end
  
 end
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@ -9,6 +9,7 @@

        <!-- account -->
        <% if logged_in? %>
+          <li><%= link_to "Users", users_path %></li>
          <li class="dropdown">
            <a href="#" class="dropdown-toggle" data-toggle="dropdown">
              Account <b class="caret"></b>
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@ -0,0 +1,9 @@
+<h1>All users</h1>
+
+<ul class="users">
+  <% @users.each do |user| %>
+    <li>
+      <%= link_to user.name, user %>
+    </li>
+  <% end %>
+</ul>