Commit 25f2162f authored by Jasmine Principe's avatar Jasmine Principe

authorization

parent c4e59d22
class UsersController < ApplicationController
before_filter :authenticate_user!
before_filter :admin_only, :except => :show
def index
@users = User.all
end
def show
@user = User.find(params[:id])
unless current_user.admin?
unless @user == current_user
redirect_to :back, :alert => "Access denied."
end
end
end
def update
@user = User.find(params[:id])
if @user.update_attributes(secure_params)
redirect_to users_path, :notice => "User updated."
else
redirect_to users_path, :alert => "Unable to update user."
end
end
def destroy
user = User.find(params[:id])
user.destroy
redirect_to users_path, :notice => "User deleted."
end
private
def admin_only
unless current_user.admin?
redirect_to :back, :alert => "Access denied."
end
end
def secure_params
params.require(:user).permit(:role)
end
end
\ No newline at end of file
...@@ -13,4 +13,11 @@ class User < ApplicationRecord ...@@ -13,4 +13,11 @@ class User < ApplicationRecord
"#{self.first_name} #{self.last_name}" "#{self.first_name} #{self.last_name}"
end end
enum role: {voter: 0, admin: 1}
after_initialize :set_default_role, :if => :new_record?
def set_default_role
self.role = :voter
end
end end
<h1>HalalanPH</h1> <h1>HalalanPH</h1>
<% if user_signed_in? %>
<% case current_user.role %>
<% when 'voter' %>
<h3>Welcome, Voter</h3>
<% when 'admin' %>
<h3>Welcome, Administrator</h3>
<% end %>
<% else %>
<h3>Welcome</h3>
<% end %>
<%@positions.each do |p|%> <%@positions.each do |p|%>
<h4><%=p.name%></h4> <h4><%=p.name%></h4>
<table> <table>
......
class AddRolesToUser < ActiveRecord::Migration[5.0]
def change
add_column :users, :role, :string, :default => 'user'
end
end
class AddRoleToUsers < ActiveRecord::Migration[5.0]
def change
remove_column :users, :role, :string, :default => 'user'
add_column :users, :role, :integer
end
end
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160719111009) do ActiveRecord::Schema.define(version: 20160719180641) do
create_table "candidates", force: :cascade do |t| create_table "candidates", force: :cascade do |t|
t.string "first_name" t.string "first_name"
...@@ -45,7 +45,7 @@ ActiveRecord::Schema.define(version: 20160719111009) do ...@@ -45,7 +45,7 @@ ActiveRecord::Schema.define(version: 20160719111009) do
t.string "last_name" t.string "last_name"
t.string "gender" t.string "gender"
t.date "birthday" t.date "birthday"
t.string "role", default: "user" t.integer "role"
t.index ["email"], name: "index_users_on_email", unique: true t.index ["email"], name: "index_users_on_email", unique: true
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment