updated authorization

16417474 · Jasmine Principe · 1e447e08 · 16417474 · 16417474 · 16417474
Commit 16417474 authored Jul 20, 2016 by Jasmine Principe
7 changed files
--- a/Halalan/app/controllers/users_controller.rb
+++ b/Halalan/app/controllers/users_controller.rb
@@ -34,7 +34,7 @@ class UsersController < ApplicationController
  def admin_only
    unless current_user.admin?
-      redirect_to :back, :alert => "Access denied."
+      redirect_to root_path, :alert => "Access denied."
    end
  end

--- a/Halalan/app/models/user.rb
+++ b/Halalan/app/models/user.rb
 class User < ApplicationRecord
-	has_many :votes, dependent: :destroy
+  enum role: {voter: 0, admin: 1}
+  after_initialize :set_default_role, :if => :new_record?
+  def set_default_role
+    self.role ||= :voter
+  end
+  has_many :votes, dependent: :destroy
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
@@ -12,12 +20,4 @@ class User < ApplicationRecord
 	def full_name
  		"#{self.first_name} #{self.last_name}"
  	end
-    enum role: {voter: 0, admin: 1}
-  after_initialize :set_default_role, :if => :new_record?
-  def set_default_role
-    self.role = :voter
-  end
 end
--- a/Halalan/app/views/devise/registrations/edit.html.erb
+++ b/Halalan/app/views/devise/registrations/edit.html.erb
-<h2>Edit <%= resource_name.to_s.humanize %></h2>
+<div class="authform">
+  <h2>Edit <%= resource_name.to_s.humanize %></h2>
-<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+  <%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, :role => 'form' }) do |f| %>
-  <%= f.error_notification %>
+    <%= f.error_notification %>
-  <div class="form-inputs">
+    <div class="form-inputs">
-    <%= f.input :first_name, required: true, autofocus: true %>
+      <%= f.input :first_name, required: true, autofocus: true %>
-    <%= f.input :last_name, required: true %>
+      <%= f.input :last_name, required: true %>
-    <%= f.input :birthday, :end_year => Date.today.year - 18, :start_year => 1920, :order => [ :day, :month, :year], required: true %>
+      <%= f.input :birthday, :end_year => Date.today.year - 18, :start_year => 1920, :order => [ :day, :month, :year], required: true %>
-    <%= f.input :gender, as: :select, collection: ["Male", "Female", "Other"], required: true %>
+      <%= f.input :gender, as: :select, collection: ["Male", "Female", "Other"], required: true %>
-    <%= f.input :email, required: true %>
+      <%= f.input :email, required: true %>
-    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+      <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
-      <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
+        <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
-    <% end %>
+      <% end %>
-    <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
+      <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
-    <%= f.input :password_confirmation, required: false %>
+      <%= f.input :password_confirmation, required: false %>
-    <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
+      <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
-  </div>
+    </div>
-  <div class="form-actions">
+    <div class="form-actions">
-    <%= f.button :submit, "Update" %>
+      <%= f.button :submit, "Update" %>
-  </div>
+    </div>
-<% end %>
+  <% end %>
-<h3>Cancel my account</h3>
+  <h3>Cancel my account</h3>
-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
+  <p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
-<%= link_to "Back", :back %>
+  <%= link_to "Back", :back %>
+</div>
\ No newline at end of file
--- a/Halalan/app/views/devise/registrations/new.html.erb
+++ b/Halalan/app/views/devise/registrations/new.html.erb
 <h2>Sign up</h2>
-<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), :html => { :role => 'form'}) do |f| %>
  <%= f.error_notification %>
  <div class="form-inputs">

--- a/Halalan/app/views/users/_user.html.erb
+++ b/Halalan/app/views/users/_user.html.erb
+<td>
+  <%= link_to user.email, user %>
+</td>
+<td>
+  <%= form_for(user) do |f| %>
+    <%= f.select(:role, User.roles.keys.map {|role| [role.titleize,role]}) %>
+    <%= f.submit 'Change Role', :class => 'button-xs' %>
+  <% end %>
+</td>
+<td>
+  <%= link_to("Delete user", user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'button-xs') unless user == current_user %>
+</td>
\ No newline at end of file
--- a/Halalan/app/views/users/index.html.erb
+++ b/Halalan/app/views/users/index.html.erb
+<div class="container">
+  <div class="row">
+    <h3>Users</h3>
+    <div class="column">
+      <table class="table">
+        <tbody>
+          <% @users.each do |user| %>
+            <tr>
+              <%= render user %>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</div>
\ No newline at end of file
--- a/Halalan/app/views/users/show.html.erb
+++ b/Halalan/app/views/users/show.html.erb
+<h3>User</h3>
+<p>Name: <%= @user.name if @user.name %></p>
+<p>Email: <%= @user.email if @user.email %></p>