authorization

25f2162f · Jasmine Principe · c4e59d22 · 25f2162f · 25f2162f · 25f2162f
Commit 25f2162f authored Jul 19, 2016 by Jasmine Principe
6 changed files
--- a/Halalan/app/controllers/users_controller.rb
+++ b/Halalan/app/controllers/users_controller.rb
+class UsersController < ApplicationController
+  before_filter :authenticate_user!
+  before_filter :admin_only, :except => :show
+
+  def index
+    @users = User.all
+  end
+
+  def show
+    @user = User.find(params[:id])
+    unless current_user.admin?
+      unless @user == current_user
+        redirect_to :back, :alert => "Access denied."
+      end
+    end
+  end
+
+  def update
+    @user = User.find(params[:id])
+    if @user.update_attributes(secure_params)
+      redirect_to users_path, :notice => "User updated."
+    else
+      redirect_to users_path, :alert => "Unable to update user."
+    end
+  end
+
+  def destroy
+    user = User.find(params[:id])
+    user.destroy
+    redirect_to users_path, :notice => "User deleted."
+  end
+
+  private
+
+  def admin_only
+    unless current_user.admin?
+      redirect_to :back, :alert => "Access denied."
+    end
+  end
+
+  def secure_params
+    params.require(:user).permit(:role)
+  end
+
+end
\ No newline at end of file
--- a/Halalan/app/models/user.rb
+++ b/Halalan/app/models/user.rb
@@ -13,4 +13,11 @@ class User < ApplicationRecord
  		"#{self.first_name} #{self.last_name}"
  	end
  	
+    enum role: {voter: 0, admin: 1}
+  after_initialize :set_default_role, :if => :new_record?
+
+  def set_default_role
+    self.role = :voter
+  end
+
 end
--- a/Halalan/app/views/pages/index.html.erb
+++ b/Halalan/app/views/pages/index.html.erb
 <h1>HalalanPH</h1>

+<% if user_signed_in? %>
+  <% case current_user.role %>
+  <% when 'voter' %>
+    <h3>Welcome, Voter</h3>
+  <% when 'admin' %>
+    <h3>Welcome, Administrator</h3>
+  <% end %>
+<% else %>
+  <h3>Welcome</h3>
+<% end %>
+
 <%@positions.each do |p|%>
 	<h4><%=p.name%></h4>
 		<table>

--- a/Halalan/db/migrate/20160719111009_add_roles_to_user.rb
+++ b/Halalan/db/migrate/20160719111009_add_roles_to_user.rb
-class AddRolesToUser < ActiveRecord::Migration[5.0]
-  def change
-  	add_column :users, :role, :string, :default => 'user'
-  end
-end
--- a/Halalan/db/migrate/20160719180641_add_role_to_users.rb
+++ b/Halalan/db/migrate/20160719180641_add_role_to_users.rb
+class AddRoleToUsers < ActiveRecord::Migration[5.0]
+  def change
+  	remove_column :users, :role, :string, :default => 'user'
+    add_column :users, :role, :integer
+  end
+end
--- a/Halalan/db/schema.rb
+++ b/Halalan/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20160719111009) do
+ActiveRecord::Schema.define(version: 20160719180641) do

  create_table "candidates", force: :cascade do |t|
    t.string   "first_name"
@@ -45,7 +45,7 @@ ActiveRecord::Schema.define(version: 20160719111009) do
    t.string   "last_name"
    t.string   "gender"
    t.date     "birthday"
-    t.string   "role",                   default: "user"
+    t.integer  "role"
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
  end