authorization

Halalan/app/controllers/users_controller.rb

+class UsersController < ApplicationController
+  before_filter :authenticate_user!
+  before_filter :admin_only, :except => :show
+
+  def index
+    @users = User.all
+  end
+
+  def show
+    @user = User.find(params[:id])
+    unless current_user.admin?
+      unless @user == current_user
+        redirect_to :back, :alert => "Access denied."
+      end
+    end
+  end
+
+  def update
+    @user = User.find(params[:id])
+    if @user.update_attributes(secure_params)
+      redirect_to users_path, :notice => "User updated."
+    else
+      redirect_to users_path, :alert => "Unable to update user."
+    end
+  end
+
+  def destroy
+    user = User.find(params[:id])
+    user.destroy
+    redirect_to users_path, :notice => "User deleted."
+  end
+
+  private
+
+  def admin_only
+    unless current_user.admin?
+      redirect_to :back, :alert => "Access denied."
+    end
+  end
+
+  def secure_params
+    params.require(:user).permit(:role)
+  end
+
+end
\ No newline at end of file

Halalan/app/models/user.rb

@@ -13,4 +13,11 @@ class User < ApplicationRecord
   		"#{self.first_name} #{self.last_name}"
   	end
   	
+    enum role: {voter: 0, admin: 1}
+  after_initialize :set_default_role, :if => :new_record?
+
+  def set_default_role
+    self.role = :voter
+  end
+
 end

Halalan/app/views/pages/index.html.erb

 <h1>HalalanPH</h1>
 
+<% if user_signed_in? %>
+  <% case current_user.role %>
+  <% when 'voter' %>
+    <h3>Welcome, Voter</h3>
+  <% when 'admin' %>
+    <h3>Welcome, Administrator</h3>
+  <% end %>
+<% else %>
+  <h3>Welcome</h3>
+<% end %>
+
 <%@positions.each do |p|%>
 	<h4><%=p.name%></h4>
 		<table>

Halalan/db/migrate/20160719111009_add_roles_to_user.rb

-class AddRolesToUser < ActiveRecord::Migration[5.0]
-  def change
-  	add_column :users, :role, :string, :default => 'user'
-  end
-end

Halalan/db/migrate/20160719180641_add_role_to_users.rb

+class AddRoleToUsers < ActiveRecord::Migration[5.0]
+  def change
+  	remove_column :users, :role, :string, :default => 'user'
+    add_column :users, :role, :integer
+  end
+end

Halalan/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160719111009) do
+ActiveRecord::Schema.define(version: 20160719180641) do
 
   create_table "candidates", force: :cascade do |t|
     t.string   "first_name"
@@ -29,23 +29,23 @@ ActiveRecord::Schema.define(version: 20160719111009) do
   end
 
   create_table "users", force: :cascade do |t|
-    t.string   "email",                  default: "",     null: false
-    t.string   "encrypted_password",     default: "",     null: false
+    t.string   "email",                  default: "", null: false
+    t.string   "encrypted_password",     default: "", null: false
     t.string   "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",          default: 0,      null: false
+    t.integer  "sign_in_count",          default: 0,  null: false
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
     t.string   "current_sign_in_ip"
     t.string   "last_sign_in_ip"
-    t.datetime "created_at",                              null: false
-    t.datetime "updated_at",                              null: false
+    t.datetime "created_at",                          null: false
+    t.datetime "updated_at",                          null: false
     t.string   "first_name"
     t.string   "last_name"
     t.string   "gender"
     t.date     "birthday"
-    t.string   "role",                   default: "user"
+    t.integer  "role"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end