updated authorization

16417474 · Jasmine Principe · 1e447e08 · 16417474 · 16417474 · 16417474
Commit 16417474 authored Jul 20, 2016 by Jasmine Principe
7 changed files
--- a/Halalan/app/controllers/users_controller.rb
+++ b/Halalan/app/controllers/users_controller.rb
@@ -34,7 +34,7 @@ class UsersController < ApplicationController

  def admin_only
    unless current_user.admin?
-      redirect_to :back, :alert => "Access denied."
+      redirect_to root_path, :alert => "Access denied."
    end
  end


--- a/Halalan/app/models/user.rb
+++ b/Halalan/app/models/user.rb
 class User < ApplicationRecord
+	
+  enum role: {voter: 0, admin: 1}
+  after_initialize :set_default_role, :if => :new_record?
+
+  def set_default_role
+    self.role ||= :voter
+  end
+
  has_many :votes, dependent: :destroy

  devise :database_authenticatable, :registerable,
@@ -12,12 +20,4 @@ class User < ApplicationRecord
 	def full_name
  		"#{self.first_name} #{self.last_name}"
  	end
-  	
-    enum role: {voter: 0, admin: 1}
-  after_initialize :set_default_role, :if => :new_record?
-
-  def set_default_role
-    self.role = :voter
-  end
-
 end
--- a/Halalan/app/views/devise/registrations/edit.html.erb
+++ b/Halalan/app/views/devise/registrations/edit.html.erb
-<h2>Edit <%= resource_name.to_s.humanize %></h2>
+<div class="authform">
+  <h2>Edit <%= resource_name.to_s.humanize %></h2>

-<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+  <%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, :role => 'form' }) do |f| %>
    <%= f.error_notification %>

    <div class="form-inputs">
@@ -22,10 +23,11 @@
    <div class="form-actions">
      <%= f.button :submit, "Update" %>
    </div>
-<% end %>
+  <% end %>

-<h3>Cancel my account</h3>
+  <h3>Cancel my account</h3>

-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
+  <p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>

-<%= link_to "Back", :back %>
+  <%= link_to "Back", :back %>
+</div>
\ No newline at end of file
--- a/Halalan/app/views/devise/registrations/new.html.erb
+++ b/Halalan/app/views/devise/registrations/new.html.erb
 <h2>Sign up</h2>

-<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), :html => { :role => 'form'}) do |f| %>
  <%= f.error_notification %>

  <div class="form-inputs">

--- a/Halalan/app/views/users/_user.html.erb
+++ b/Halalan/app/views/users/_user.html.erb
+<td>
+  <%= link_to user.email, user %>
+</td>
+<td>
+  <%= form_for(user) do |f| %>
+    <%= f.select(:role, User.roles.keys.map {|role| [role.titleize,role]}) %>
+    <%= f.submit 'Change Role', :class => 'button-xs' %>
+  <% end %>
+</td>
+<td>
+  <%= link_to("Delete user", user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'button-xs') unless user == current_user %>
+</td>
\ No newline at end of file
--- a/Halalan/app/views/users/index.html.erb
+++ b/Halalan/app/views/users/index.html.erb
+<div class="container">
+  <div class="row">
+    <h3>Users</h3>
+    <div class="column">
+      <table class="table">
+        <tbody>
+          <% @users.each do |user| %>
+            <tr>
+              <%= render user %>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</div>
\ No newline at end of file
--- a/Halalan/app/views/users/show.html.erb
+++ b/Halalan/app/views/users/show.html.erb
+<h3>User</h3>
+<p>Name: <%= @user.name if @user.name %></p>
+<p>Email: <%= @user.email if @user.email %></p>